实验五十九:IP Default-network
实验目标:掌握ip default-network命令的使用环境和配置
实验TOP:
批注:路由器接口默认是关闭的,所以应将对应的接口开启
如上基本配置,下面我们来描述ip default-network命令使用的环境:
观察上面的拓扑,我们假设R1和R2组成一个企业的内部网络,运行在EIGRP进程12中,这时R1作为整个企业的网关与Internet对接,当然对于企业而言,它只希望自己可以上公网就OK了,对于去往公网在R1的路由表中使用的是明细还是汇总路由都是不重要的(就效果而言)。但对于企业而言,它是不希望在自己的路由表中维护公网的路由条目的(只要能够访问公网即可),并且如果要维护,那将是一个惊人的数量,这对于设备本身的要求就会是非常高的;对于Internet的管理人员(比如ISP)而言,他们也不希望将自己的路由泄露给企业,这样会导致很多安全上的问题。所以对于运行EIGRP协议的路由器,可以通过ip default-network命令来精简路由表的条目
具体的配置步骤如下:
(1)先使R1可以访问Internet(以R3环回口3.3.3.3模拟),通过在R1与R3上分别配置默认路由实现。
R3(config)#ip route 0.0.0.0 0.0.0.0 s1/0
R1(config)#ip route 0.0.0.0 0.0.0.0 s2/0
检查连通性
R1#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max= 28/69/112 ms
//R1访问3.3.3.3正常
(2)在R1和R2上运行EIGRP路由协议,R2自动汇总状态对本实验无影响,此例中我们关闭
R1(config)#router eigrp 12
R1(config-router)#network 1.1.1.0 0.0.0.255
R1(config-router)#network 12.1.1.0 0.0.0.255
R2(config)#router eigrp 12
R2(config-router)#no auto-summary
R2(config-router)#network 2.2.2.0 0.0.0.255
R2(config-router)#network 12.1.1.0 0.0.0.255
//此时的配置我们记为标准配置。
(3)R1开启自动汇总,将R1与R3相连网段宣告进eigrp进程。
R1(config-router)#auto-summary
R1(config-router)#network 13.1.1.0 0.0.0.255
查看R2的路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is not set
D 1.0.0.0/8 [90/2297856] via 12.1.1.1,00:05:18, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
D 13.0.0.0/8 [90/2681856] via 12.1.1.1,00:04:35, Serial2/0
//R2此时已经正常学习到R1的LO0和S2/0接口网段的信息,注:都是汇总后的信息
(4)在R1的全局模式下配置ip default-network命令
R1(config)#ipdefault-network 13.0.0.0
这时我们查看R2的路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 12.1.1.1 to network 13.0.0.0
D 1.0.0.0/8 [90/2297856] via 12.1.1.1,00:10:43, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
D* 13.0.0.0/8 [90/2681856] via 12.1.1.1,00:00:36, Serial2/0
//对比上面R2的路由表,我们发现R2学习到的13.0.0.0/8网段信息的表示状态由D变成了D*。在这儿我们先来了解一下路由器的路由查找原则,我们知道路由器的路由查找默认是按照最长匹配原则,D*的意思表示如果R2要去往当前路由表中没有路由的目的网络,那么可以匹配D*路由后的下一跳/逃出接口来将数据发出,也就是说,当前R2的路由表中没有去往公网3.3.3.3的路由,那么会将所有去往3.3.3.3的数据从D*后的逃出接口即R2自身的S2/0接口发送出去
这时,我们来测试一下R2去往3.3.3.3的连通性
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max= 40/40/40 ms
//此时已经可以访问
以上就是ip default-network命令的使用。
探索:
(1)因为R2访问外网是关键,我们一直都在关注R2路由表,现在我们来看看R1路由表。
R1#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
1.0.0.0/8 is variably subnetted,2 subnets, 2 masks
C 1.1.1.0/24 isdirectly connected, Loopback0
D 1.0.0.0/8 is asummary, 00:02:15, Null0
D 2.0.0.0/8 [90/2297856] via 12.1.1.2,00:01:53, Serial1/0
12.0.0.0/8 is variablysubnetted, 2 subnets, 2 masks
C 12.1.1.0/24 isdirectly connected, Serial1/0
D 12.0.0.0/8 is asummary, 00:02:15, Null0
* 13.0.0.0/8 is variably subnetted, 2subnets, 2 masks
C 13.1.1.0/24 isdirectly connected, Serial2/0
D* 13.0.0.0/8 is a summary,00:02:12, Null0
S* 0.0.0.0/0 is directly connected, Serial2/0
我们关注D* 13.0.0.0/8 isa summary, 00:02:12, Null0这一条目,R1会将所有13网段数据丢弃。我们通过在R3上建立新环回口13.2.2.2/24来验证。
R3(config-if)#ip add
R3(config-if)#ip address 13.2.2.2 255.255.255.0
R1上开启debug测试。
R1#debug ip pac
R1#ping 13.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.2.2.2, timeout is 2seconds:
*Mar 1 00:11:50.559: IP: tableid=0, s=13.1.1.1 (local), d=13.2.2.2 (Null0), routed via RIB
*Mar 1 00:11:50.563: IP: s=13.1.1.1 (local),d=13.2.2.2 (Null0), len 100, sending.
*Mar 1 00:11:58.559: IP: s=13.1.1.1 (local),d=13.2.2.2 (Null0), len 100, sending
(省略一部分信息)
可见确实会被丢包,我们可以通过静态路由来弥补这一问题。因为Null0路由为eigrp防环产生,而13网段为公网地址,eigrp域内其它都是私网地址,s1/1对端R3并不与R1运行eigrp协议,可以认为修改此条路由并无环路风险。
R1(config)#iproute 13.0.0.0 255.0.0.0 s1/1
R1上进行测试:
R1(config)#
R1#
*Mar 1 00:16:25.167: %SYS-5-CONFIG_I: Configuredfrom console by console
R1#ping 13.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 13.2.2.2, timeout is 2seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max= 20/75/136 ms
成功,可见自动汇总还是会带来一些问题。
(2)R1要求开启自动汇总,但我们通常习惯于关闭eigrp的自动汇总,我们尝试关闭汇总但仍保持连通。
在R1上关闭自动汇总
R1(config)#router eigrp 12
R1(config-router)#no auto-summary
查看R2路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX - EIGRPexternal, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1subnets
D 1.1.1.0[90/2297856] via 12.1.1.1, 00:00:03, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
13.0.0.0/24 is subnetted, 1 subnets
D 13.1.1.0 [90/2681856]via 12.1.1.1, 00:00:03, Serial2/0
//由于关闭自动汇总,D*汇总路由已经消失。
我们试着通过手动汇总来加入缺失的汇总路由。
R1(config)#int s1/0
R1(config-if)#ipsummary-address eigrp 12 13.0.0.0 255.0.0.0
再查看R2路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 12.1.1.1 to network 13.0.0.0
1.0.0.0/24 is subnetted, 1subnets
D 1.1.1.0[90/2297856] via 12.1.1.1, 00:01:25, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
D* 13.0.0.0/8 [90/2681856] via 12.1.1.1,00:00:13, Serial2/0
//汇总路由出现,而且是D*标识。
测试:
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max= 40/40/40 ms
由上可见,对于ip default-network命令,我们可以关闭自动汇总功能,只要保证D*网段的汇总条目存在且被其它路由器学到即可。
补充:其它实现方法(以下配置都在基本配置上进行改动。连通都成功,省略检测步骤)
(1)汇总0.0.0.0 0.0.0.0条目
我们对R1配置做一些修改
R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#exit
R1(config)#interface serial 1/0
R1(config-if)#ipsummary-address eigrp 12 0.0.0.0 0.0.0.0
//R1关闭自动汇总,在S1/0接口上手工汇总成0.0.0.0 0.0.0.0缺省
查看R2路由表
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 12.1.1.1 to network 0.0.0.0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 isdirectly connected, Serial2/0
D* 0.0.0.0/0 [90/2297856] via 12.1.1.1,00:01:39, Serial2/0
//R2的路由表中出现一条从R1学习到的D*缺省路由
(2)重发布静态默认路由
在R1上进行静态重发布
R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R1(config-router)#redistribute static metric 1000 1000 255 1 1500
查看R2路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 12.1.1.1 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1subnets
D 1.1.1.0[90/2297856] via 12.1.1.1, 00:04:22, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
D*EX0.0.0.0/0 [170/3328000] via 12.1.1.1, 00:03:14,Serial2/0
//R2路由表出现从R1学到的D*EX缺省路由
(3)手工配置静态路由
在R2上手工配置默认静态路由
R1(config)#router eigrp 12
R1(config-router)#no auto-summary
R2(config)#iproute 0.0.0.0 0.0.0.0 s2/0
查看R2路由表:
R2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B- BGP
D - EIGRP, EX -EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSAexternal type 1, N2 - OSPF NSSA external type 2
E1 - OSPF externaltype 1, E2 - OSPF external type 2
i - IS-IS, su -IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS interarea, * - candidate default, U - per-user static route
o - ODR, P -periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
1.0.0.0/24 is subnetted, 1subnets
D 1.1.1.0[90/2297856] via 12.1.1.1, 00:10:02, Serial2/0
2.0.0.0/24 is subnetted, 1subnets
C 2.2.2.0 is directlyconnected, Loopback0
12.0.0.0/24 is subnetted, 1subnets
C 12.1.1.0 isdirectly connected, Serial2/0
S* 0.0.0.0/0 is directly connected, Serial2/0
//R2路由表中为S*静态默认路由
算上ip default-network,前面3种方法都是在eigrp进程中注入一条缺省路由,原理大同小异。只有最后这种方法,每台内网路由器上都要进行手工配置,但可用于不运行eigrp协议的路由器。