四级网项目案例
用来模拟一个省内的OSPF网络,总部和下连节点采用双路器+双链路实现备份,可靠性高!
IP地址可以见下表,大家可以自己去规划一下:
OSPF多区域基本配置:
RT1:
router ospf 1
router-id 172.16.0.1
network 172.16.0.1 0.0.0.0 area 0
network 172.16.1.0 0.0.0.3 area 0
network 172.16.1.16 0.0.0.3 area 0
network 172.16.1.20 0.0.0.3 area 0
network 172.16.1.32 0.0.0.3 area 0
network 172.16.1.36 0.0.0.3 area 0
network 172.16.17.0 0.0.0.3 area 2
RT2:
router ospf 1
router-id 172.16.0.2
network 172.16.0.2 0.0.0.0 area 0
network 172.16.1.0 0.0.0.3 area 0
network 172.16.1.24 0.0.0.3 area 0
network 172.16.1.28 0.0.0.3 area 0
network 172.16.1.40 0.0.0.3 area 0
network 172.16.1.44 0.0.0.3 area 0
network 172.16.17.4 0.0.0.3 area 2
RT3:
router ospf 1
router-id 172.16.0.3
network 172.16.0.3 0.0.0.0 area 0
network 172.16.1.8 0.0.0.3 area 0
network 172.16.1.16 0.0.0.3 area 0
network 172.16.1.20 0.0.0.3 area 0
network 172.16.33.0 0.0.0.3 area 4
network 172.16.36.0 0.0.0.127 area 4
RT4:
router ospf 1
router-id 172.16.0.4
network 172.16.0.4 0.0.0.0 area 0
network 172.16.1.8 0.0.0.3 area 0
network 172.16.1.24 0.0.0.3 area 0
network 172.16.1.28 0.0.0.3 area 0
network 172.16.33.4 0.0.0.3 area 4
network 172.16.36.128 0.0.0.127 area 4
RT5:
router ospf 1
router-id 172.16.0.5
network 172.16.0.5 0.0.0.0 area 0
network 172.16.1.12 0.0.0.3 area 0
network 172.16.1.32 0.0.0.3 area 0
network 172.16.1.36 0.0.0.3 area 0
network 172.16.41.0 0.0.0.3 area 5
network 172.16.44.0 0.0.0.127 area 5
RT6:
router ospf 1
router-id 172.16.0.6
network 172.16.0.6 0.0.0.0 area 0
network 172.16.1.12 0.0.0.3 area 0
network 172.16.1.40 0.0.0.3 area 0
network 172.16.1.44 0.0.0.3 area 0
network 172.16.41.4 0.0.0.3 area 5
network 172.16.44.128 0.0.0.127 area 5
RT7:
router ospf 1
router-id 172.16.32.1
network 172.16.32.1 0.0.0.0 area 4
network 172.16.33.0 0.0.0.3 area 4
network 172.16.33.4 0.0.0.3 area 4
network 172.16.38.0 0.0.0.63 area 4
RT8:
router ospf 1
router-id 172.16.40.1
network 172.16.40.1 0.0.0.0 area 5
network 172.16.41.0 0.0.0.3 area 5
network 172.16.41.4 0.0.0.3 area 5
network 172.16.46.0 0.0.0.63 area 5
SW10:
router ospf 1
router-id 172.16.16.1
network 172.16.16.1 0.0.0.0 area 2
network 172.16.17.0 0.0.0.3 area 2
network 172.16.17.4 0.0.0.3 area 2
network 172.16.20.0 0.0.0.255 area 2
network 172.16.21.0 0.0.0.255 area 2
区域4完全NSSA区域配置
RT3:
area 4 nssa no-summary // 配置完全NSSA区域
RT4:
area 4 nssa no-summary // 配置完全NSSA区域
RT7:
area 4 nssa // 配置NSSA区域
区域5完全NSSA区域配置:
RT5:
area 5 nssa no-summary // 配置完全NSSA区域
RT6:
area 5 nssa no-summary // 配置完全NSSA区域
RT8:
area 5 nssa // 配置NSSA区域
区域4路由汇总:
RT3:
area 4 range 172.16.32.0 255.255.248.0 // 区域4的路由汇总
RT4:
area 4 range 172.16.32.0 255.255.248.0 // 区域4的路由汇总
区域5路由汇总:
RT5:
area 5 range 172.16.40.0 255.255.248.0 // 区域5的路由汇总
RT6:
area 5 range 172.16.40.0 255.255.248.0 // 区域5的路由汇总
RT1:
area 0 range 172.16.0.0 255.255.240.0 // 区域0的路由汇总
area 2 range 172.16.16.0 255.255.240.0 // 区域1的路由汇总
RT2:
area 0 range 172.16.0.0 255.255.240.0 // 区域0的路由汇总
area 2 range 172.16.16.0 255.255.240.0 // 区域1的路由汇总
RT8上重发布外部路由:
redistribute connected metric 1000 metric-type 1 subnets //重发布直连路由
redistribute static metric 1000 metric-type 1 subnets // 重发布静态路由
ip route 172.16.47.0 255.255.255.240 172.16.42.2 //去外部路由
RT9:
ip route 0.0.0.0 0.0.0.0 172.16.42.1 //缺省路由,去往自治系统内
思考:
1.当NSSA区域存在多个ASBR时,哪个路由器做7类LSA转5类LSA向区域通告?
2.用什么方法过滤5类LSA,使RT1和RT2不通过5类LSA学到外部路由,通过3类学习到。
配置:
在RT5和RT6上过滤5类LSA,使用3类LSA通告出去:
RT5:
summary-address 0.0.0.0 0.0.0.0
not-advertise //
汇总所有外部路由不通告出去(
过滤外部路由
)
area 5 range 172.16.40.0 255.255.248.0 //用3类的LSA替代5类LSA(发须有这个网段的1类LSA触发才行)
RT6:
summary-address 0.0.0.0 0.0.0.0
not-advertise //
汇总所有外部路由不通告出去(
过滤外部路由
)
area 5 range 172.16.40.0 255.255.248.0 //用3类的LSA替代5类LSA(发须有这个网段的1类LSA触发才行)
分析:
当区域5为完全NSSA区域时,RT5和RT6都为NSSA区域的ASBR,由Router-id大的RT6做7类LSA转5类LSA向外通告,当RT6失效后,RT5做7类LSA转5类LSA向外通告。
正常情况下,RT1收到的5类LSA是由RT6通告的,如172.16.42.0/30:
Routing Bit Set on this LSA
LS age: 314
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 172.16.42.0 (External Network Number )
Advertising Router: 172.16.0.6 //通告路由器为RT6
LS Seq Number: 80000001
Checksum: 0x79C2
Length: 36
Network Mask: /30
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 1000
Forward Address: 172.16.40.1
External Route Tag: 0
当RT6失效后,由RT5做7类转5类:
Routing Bit Set on this LSA
LS age: 27
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 172.16.42.0 (External Network Number )
Advertising Router: 172.16.0.5 //通告路由器为RT5
LS Seq Number: 80000001
Checksum: 0x7FBD
Length: 36
Network Mask: /30
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 1000
Forward Address: 172.16.40.1
External Route Tag: 0
当改变RT5的Router-id,RT5大于RT6时,由RT5做7类转5类
RT5(config-router)#do show ip ospf
Routing Process "ospf 1" with ID 200.200.200.200 //Router-id 200.200.200.200
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
RT收到的5类LSA是由RT5通告的:
Routing Bit Set on this LSA
LS age: 44
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 172.16.42.0 (External Network Number )
Advertising Router: 200.200.200.200 //通告路由器为RT5
LS Seq Number: 80000001
Checksum: 0xA833
Length: 36
Network Mask: /30
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 1000
Forward Address: 172.16.40.1
External Route Tag: 0
在NSSA区域的ASBR(RT5 RT6),可以过滤5类LSA,让3类LSA通告5类LSA
在RT1的路由表中只形成一条3类LSA形成的汇总路由,没有外部路由:
O IA 172.16.40.0/21 [110/75] via 172.16.1.38, 00:05:45, Serial0/3
Routing Bit Set on this LSA
LS age: 422
Options: (No TOS-capability, DC, Upward)
LS Type: Summary Links(Network)
Link State ID: 172.16.40.0 (summary Network Number)
Advertising Router: 172.16.0.6 //由RT6通告3类LSA,5类被过滤
LS Seq Number: 80000001
Checksum: 0xD4BD
Length: 28
Network Mask: /21
TOS: 0 Metric: 10
3类LSA能够被通告出去必须有一条该网段内的1类LSA:
Link ID ADV Router Age Seq# Checksum Link count
172.16.0.5 172.16.0.5 339 0x80000003 0x00EAF7 3
172.16.0.6 172.16.0.6 588 0x80000009 0x00C48D 3
172.16.40.1 172.16.40.1 358 0x80000011 0x00D76B 6
属于172.16.40.0/21网段内的1类LSA