WaitAyaka
1. Redistribution
definition:
Redistribution refers to the ability of border routers linked to different router domains to exchange and advertise routing information between different autonomous systems.
The principle of redistribution: the route must be in the routing table to be redistributed
在重分布时设定种子 metric
协议 seed metric(种子度量)
RIP 无限大 当其他路由注入到RIP的时候,因为RIP最大只有15跳,所有必须手工指定Metric值
EIGRP 无限大 也必须手工指定
OSPF 20
Redistribution is always outward
Redistribute into RIP
Note: The default seed metric value is infinity, you need to manually set the default metric value redistribute ospf 1 metric 3 when redistributed
Redistribute into EIGRP
Note: The default seed metric value is infinity, and you need to manually set the 5 parameters for calculating the metric when redistributed
: bandwidth, delay, reliability, load, MTU
redistrbute rip metric 100000 100 255 1 1500
Redistribute into OSPF
Note: By default, only the main class routes are redistributed. Need to carry subnets
redistribute eigrp 1 subnets
Two kinds of redistribution
1. One-way redistribution
2. Two-way redistribution
2. ACLs
1. Control traffic
2. Match the stream of interest
access-list 1 permit 192.168.1.0 抓路由 抓192.168.1.0/24位的网段
access-list 1 permit 192.168.1.0 0.0.0.255 抓流量
ACL Standards and Extensions
Standard: only match source ip
extension: can match source, destination ip, port number
standard standard
extended extended
ip access-list standard 1 //Enter acl standard edit mode
15 permit 192.168.0.0
how to delete acl
no access-list 1 permit 192.168.1.0 //当使用这条命令后 会将整个access-list给删除掉
ip access-list standard 1
no permit 192.168.2.0
example
1、允许来自172.16.1.0 网段的流量去访问192.168.1.0网段
Access-list 100 permiot 172.16.1.0 0.0.0.255 192.168.1.0 0.0.0.255
2、允许172.16.1.1 telnet 192.168.1.1 通过,其他拒绝
access-list 100 permit tcp host 172.16.1.0 host 192.168.1.1 eq 23
3、允许主机172.16.1.1 访问主机 192.168.1.1 但是只能是tcp流量4000-5000端口
Access-list 100 permit tcp host 172.16.1.0 host 192.168.1.1 range 4000-5000
4、用一条ACl抓出172.16.0.0、172.16.1.0 172.16.2.0、172.16.3.0四个网段
Access-list 1 permit 172.16.0.0 0.0.3.0
5、用一条ACl抓出172.16.0.0-172.16.255.0/24之间所有子网号为奇数的路由
Access-list permit 172.16.1.0 0.0.254.0 // access-list 1 permit 172.16.0.0 0.0.254.0 偶数
6、用一条语句抓出前16位为172.16.0.0、掩码为255.255.255.0的所有路由
Access-list 100 permit ip 172.16.0.0 0.0.255.255 host 255.255.255.0
Eg: Use ACl to capture the mask, but it should be noted that it can only be used in the route-map, and it is invalid in the distribution list.
3. prefix-list: prefix list (limited to accurate capture of target routes)
ip prefix-list name permit/deny xxxx.xxxx/xx
Parameters: Grab a masked range
ge: the minimum prefix length to match//where the prefix length starts
le: the maximum prefix length to match//where the prefix length ends
Example:
ip prefix-list A permit 192.168.1.0/24 //Only capture 192.168. 1.0 This route
ip prefix-list A permit 192.168.1.0/24 le 26 //Catch the network segment of 192.168.1.0 with a subnet mask of 24~26 bits
ip prefix-list A permit 192.168.1.0 /24 ge 26 le 30 //Catch 26~30
ip prefix-list
clear ip ro *
4. Distribution list:
distribute-list prefix A in f0/0
sh ip prefix-list View the prefix list
Example 1:
Do not capture 192.168.1.0/30 and capture all others:
ip prefix-list A deny 192.168.1.0/30
ip prefix-list A permit 0.0.0.0/0 le 32
Example 2:
ip prefix-list CCNP permit 0.0.0.0/0 //只允许默认路由
ip prefix-list CCNP permit 0.0.0.0/0 le 32 //允许所有路由
·Equivalent to permit any in the access list
·This statement matches all networks
Example three,
ip prefix-list CCNP permit 0.0.0.0/0 ge 32 // 只允许主机路由
·ge 32 子网掩码必须为32位
·这个语句只匹配主机路由
Example 4.
ip prefix-list CCNP permit 10.0.0.0/8 ge 24 le 24 //The first eight digits of the match are 10, and the mask must be 24 digits
5. Various lists
1.Offset-list:
Offset list (in the distance vector protocol, the metric value of the route is increased)
Access-list 1 permit 1.1.1.0 //Catch the route of 1.1.1.0
Offset-list 1 in 2 f0/0 //Increase the Metric value by 2 when receiving the route in Acl1 from port f0/0
2.Distribute-list :
The distribution list (filtering route) is only due to the distance vector protocol. The
route is filtered through the ACL, which can be filtered in a single routing area, or can be filtered when redistribution between protocols.
In the distance vector routing protocol, whether it is in or out, it is equally valid and will affect it.
In the link state routing protocol, only the in direction is valid and will not affect downstream devices. Out cannot be used
The role of the distribution list: from the topology table to the middle of the routing table
3. filter-list: filter list
(Filter three types of LSA on OSPF ABR) Used in OSPF
- (config-router)#area x filter-list prefix XX in/out
in Filter networks sent to this area (filter networks sent to this area)
out Filter networks sent from this area (filter networks sent from this area)
example:
In the routing table of R2, it is desired to reject the route of 1.0.0.0 and accept all other routes. How to configure it?
By distributing a prefix list
首先利用prefix-list 抓取出1.1.1.0的路由 拒绝掉1.0.0.0并且接受其他所有路由
Router(config)#ip prefix-list deny1.0 deny 1.1.1.0/24
Router(config)#ip prefix-list deny1.0 permit 0.0.0.0/0 le 32
然后在进到rip中 利用分发列表发出deny1.0
Router(config)#router rip
Router(config-router)#distribute-list prefix deny1.0 in e0/0
Router(config-router)#do clear ip ro * //清除路由表
Example 2:
In the R1 routing table, how to configure the route that wants to reject 1.0.0.0 and accept all other routes
In Example 1, we used prefix-list, so we try to use ACl for this question
通过调用ACL
首先利用Acl抓出1.0.0.0
Router(config)#access-list 1 deny 1.1.1.0
Router(config)#access-list 1 permit any
Router(config-router)#distribute-list 1 out e0/0
Router(config-router)#do clear ip ro * //清除路由表
在R2上也要清除路由列表
Router(config-router)#do clear ip ro *
You can see that 1.1.1.0 has been rejected on R2
Route-map: routing strategy
Match: Match the target that needs to be operated
Match ip add xyz
experiment:
The network segment in the experiment configures a loopback port for the serial numbers R1 and R3 of the two routers, and the ip address of the loopback port is the serial number of the router.
The network segment of PC5 is 192.168.1.0/24 192.168.1.254
The network segment of PC6 is 192.168.2.0/24 192.168.2.254
R1 and R3 run EIGRP R4 and R3 run OSPF Configure two-way redistribution to make full Netcom
- Routing entry 1.1.1.0 on R4 Change the type of 1.0 to OE1 Change the meric value of 13.1.1.0 to 30
First configure the ip here, let’s talk about redistribution without configuring it here
Redistribution:
router ospf 1
redistribute eigrp 1 subnets
router eigrp 1
network 13.0.0.0
redistribute ospf 1 metric 100000 1000 255 1 1500
The redistribution setting is complete Now check the routing table of R4
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 34.1.1.3, 00:00:05, Ethernet0/0
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 4.4.4.0/24 is directly connected, Loopback0
L 4.4.4.4/32 is directly connected, Loopback0
13.0.0.0/24 is subnetted, 1 subnets
O E2 13.1.1.0 [110/20] via 34.1.1.3, 00:00:05, Ethernet0/0
24.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 24.1.1.0/24 is directly connected, Serial1/0
L 24.1.1.4/32 is directly connected, Serial1/0
34.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 34.1.1.0/24 is directly connected, Ethernet0/0
L 34.1.1.4/32 is directly connected, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.254/32 is directly connected, Ethernet0/1
Use route-map (routing map) to complete the modification
First, we first grab 1.1.1.0
R3(config)#access-list 1 per 1.1.1.0
R3(config)#ip prefix-list per11 permit 13.1.1.0/24
R3(config)#route-map RED permit 10
R3(config-route-map)#match ip add 1
R3(config-route-map)#set metric-type type-1
R3(config-route-map)#exi
R3(config)#route-map RED permit 20
R3(config-route-map)#match ip address prefix-list per11
R3(config-route-map)#set metric 30 //修改metric值为30
Even if the Router-map is written here, enter ospf to call it
R3(config)#router ospf 1
R3(config-router)#redistribut eigrp 1 subnets route-map RED (用什么学习到的就重分布进什么 这里的1.1.1.0是从eigrp 1学习到的)
R3(config-router)#do clear ip ro *
Check the routing information of R4 to see if the setting is successful
1.0.0.0/24 is subnetted, 1 subnets
O E1 1.1.1.0 [110/30] via 34.1.1.3, 00:00:05, Ethernet0/0
4.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 4.4.4.0/24 is directly connected, Loopback0
L 4.4.4.4/32 is directly connected, Loopback0
13.0.0.0/24 is subnetted, 1 subnets
O E2 13.1.1.0 [110/30] via 34.1.1.3, 00:00:05, Ethernet0/0
24.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 24.1.1.0/24 is directly connected, Serial1/0do
L 24.1.1.4/32 is directly connected, Serial1/0
34.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 34.1.1.0/24 is directly connected, Ethernet0/0
L 34.1.1.4/32 is directly connected, Ethernet0/0
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.254/32 is directly connected, Ethernet0/1
 policy routing
PRB is to use the route-map tool to implement some policies on the incoming data flow of a certain interface, and route the qualified ones according to the corresponding policies, and forward the unqualified ones according to the normal situation.
experiment:
- The network segment is the serial number of each network segment AB.1.1.X AB is the serial number of the two routers X is the serial number of this router The
network segments between R2 and R5 are 13.1.1.2 and 13.1.1.3 Add a loop on R1 1.1.1.1/24
and 11.11.11.11/24 are used for routing and forwarding the entire experimental topology. Enable the EIGRP protocol to achieve network-wide communication.
1. R5 is required to go to 1.1.1.1 of R1 first to go to 12.1.1.2, and to go to 11.11.11.11 to go to 21.1 first. 1.2
detailed steps:
After configuring all the basic steps, we can see that R5 already has the routing information of all routes. This is the path we use traceroute to trace the route.
R3#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 13.1.1.2 1 msec 0 msec 1 msec
2 12.1.1.1 2 msec 7 msec *
R3#traceroute 11.11.11.11
It can be seen that the default direction is opposite to the title requirement. At this time, we can use PBR to specify the direction of the route.
This is also the role of PBR.
Extended ACL is used here because R5 has only one port
R2(config)#access-list 100 permit ip host 13.1.1.3 host 1.1.1.1
R2(config)#access-list 101 permit ip host 13.1.1.3 host 11.11.11.11 //抓取目的路由
R2(config)#route-map toto permit 10
R2(config-route-map)#match ip add 100 //对ACL100进行修改
R2(config-route-map)#set interface e0/1 //指定ACL100去往目的的路径为E0/1口
R2(config)#route-map toto permit 20
R2(config-route-map)#match ip add 101 // 对ACL101进行修改
R2(config-route-map)#set interface e0/0 //指定ACL101去往目的地的路径为E0/0口
R2(config)#int e0/2
R2(config-if)#ip policy route-map toto //将策略路由 toto 映射到e0/2接口