eNSP OSPF优化

一、划分配置IP地址

如图

二、构建R3-5-6-7的MGRE环境

 要求R3为中心则R5、6、7到R3上进行注册

R1

[r3-Tunnel0/0/0]interface Tunnel0/0/0    创建tunnel口
[r3-Tunnel0/0/0]ip address 10.1.1.1 255.255.255.0   配置接口ip地址
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp  先修改接口模式为多点GRE
[r3-Tunnel0/0/0]source 172.16.6.1  再定义公有的源IP地址
[r3-Tunnel0/0/0]nhrp entry multicast dynamic   本地成为NHRP中心，同时可以进行伪广播
[r3-Tunnel0/0/0]nhrp network-id 100   默认为0号，该网段内所有节点tunnel接口必须为相同域

此处列举R5的配置

[r5-Tunnel0/0/0]interface Tunnel0/0/0
[r5-Tunnel0/0/0]ip address 10.1.1.5 255.255.255.0 
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp
[r5-Tunnel0/0/0]source GigabitEthernet0/0/0  假设分支站点ip地址不固定
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]nhrp entry 10.1.1.1 172.16.6.1 register    分支需要到中心站点注册

三、访问ISP环回

则需要区域0内各个ABR都写一条指向ISP的缺省路由，且使用NAT

而R6 R7的acl规则中还需要放行区域4和rip区域的流量

此处列举R3的配置

[r3]ip route-static 0.0.0.0 0 172.16.6.2


[r3]acl 2000                            
[r3-acl-basic-2000]rule permit source 172.16.1.0 0.0.0.255
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]nat outbound 2000

四、启用OSPF

需要注意的是，区域0中启用OSPF是需要宣告Tunnel口

此处列举R7的ospf信息

[r7]ospf 1 
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]dis th
[V200R003C00]
#
 area 0.0.0.0 
  network 10.1.1.7 0.0.0.0 
  network 172.16.10.0 0.0.0.255 
#
return

而区域4为远离了骨干的非骨干区域

要利用多进程双向重发布

在非法ABR处，将不同区域的接口宣告到不同进程中，形成独立的数据库；之后使用重发布技术来实现路由共享，全网可达；不担心选路问题，资源占用问题；

要在R9中同时启用两个进程的OSPF来解决其无法正常学习到路由的情况

[r9]ospf 1 
[r9-ospf-1]import-route ospf  2  导入OSPF 2 
[r9-ospf-1]q
[r9]ospf  2 
[r9-ospf-2]import-route ospf  1   导入OSPF 1


[r9-ospf-1-area-0.0.0.3]dis th
[V200R003C00]
#
 area 0.0.0.3 
  network 172.16.3.0 0.0.0.255 
  nssa no-summary
#
return

[r9-ospf-2-area-0.0.0.4]dis th
[V200R003C00]
#
 area 0.0.0.4 
  abr-summary 172.16.4.0 255.255.255.0
  network 172.16.4.0 0.0.0.255 
#
return

区域2连接了使用不同路由协议的区域

利用重发布（多协议间利用ASBR）

也就是在R12（ASBR）上面进行配置导入RIP的路由

[r12-ospf-1]import-route rip 将rip重发布到OSPF的进程1

五、减少OSPF的LSA更新量

1、汇总

区域1、2、3、4能进行域间路由汇总，汇总3类LSA

此处列举区域1的R1（ABR）的配置

[r3]ospf 1 
[r3-ospf-1]area  1   来源区域（一定是ABR通过该区域的1、2类计算所得路由）
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0

使用RIP的区域需要域外路由汇总

也可以使用RIP的区域需要在更新源路由器上，所有更新发出的接口上配置，进行手工汇总

[r12]ospf 1 
[r12-ospf-1]import-route rip  重发布
[r12-ospf-1]asbr-summary 172.16.5.0 255.255.255.0



[r12]int g0/0/1
[r12-GigabitEthernet0/0/0]rip summary-address 172.16.5.0 255.255.255.0

2、配置特殊区域  

经分析区域1可配置为末梢区域

该区域将拒绝4/5的LSA；由该区域同时连接骨干区域的ABR，向该区域发布一条3类的缺省

拒绝3类的LSA；仅保留一条3类的缺省；

先将该区域配置为末梢区域，然后仅在ABR上进行完全配置即可

该区域所有设备均需配置，否则无法建立邻居关系

此处列举R3（ABR）的配置

[r3]ospf 1 
[r3-ospf-1]area 2 
[r3-ospf-1-area-0.0.0.1]stub 
[r3-ospf-1-area-0.0.0.1]stub no-summary

区域2和区域3存在ASBR，则将他们设置为完全NSSA

拒绝4/5的LSA；主要用于拒绝网络中，该区域以外的区域产生的4/5类LSA，进入该NSSA区域；原属于该区域的5类LSA，以7类的名义发向骨干区域；在进入骨干时由ABR兼职ASBR，进行7转5；

在华为设备中，由该NSSA区域连接骨干的ABR向内发布一条7类的缺省；

在cisco设备中，不发布，需要管理员手工发布；

完全NSSA –在NSSA的基础上，近一步拒绝3类的LSA；再由该区域连接骨干的ABR，向内部发送一条3类的缺省；

先将该区域配置为NSSA区域，然后仅在ABR上配置完全即可；

也是该区域每台设备均需配置，不然无法建立邻居关系

此处列举R7的配置

[r7]ospf 1 
[r7-ospf-1]area  3 
[r7-ospf-1-area-0.0.0.3]nssa no-summary

还需要向各个ABR下放缺省路由,，保障区域通信正常

[R9-ospf-2]default-route-advertise

六、保障更新安全

配置认证

[r3]ospf 1 
[r3-ospf-1]area  1
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
配置完成后，该设备所有属于区域1的接口全部基于该秘钥认证

七、查看LSDB

R5

[r5-ospf-1]dis ospf lsdb

         OSPF Process 1 with Router ID 5.5.5.5
                 Link State Database 

                         Area: 0.0.0.0
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    7.7.7.7         7.7.7.7            494  48    80000006       0
 Router    6.6.6.6         6.6.6.6            448  48    80000005       0
 Router    5.5.5.5         5.5.5.5           1558  48    80000005       0
 Router    3.3.3.3         3.3.3.3           1013  36    8000000B    1562
 Network   10.1.1.1        3.3.3.3           1013  40    80000005       0
 Sum-Net   172.16.3.0      7.7.7.7             77  28    80000007       2
 Sum-Net   172.16.2.0      6.6.6.6            216  28    80000006       2
 Sum-Net   172.16.1.0      3.3.3.3            400  28    80000005       1
 

                 AS External Database
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 External  0.0.0.0         7.7.7.7            494  36    80000001       1
 External  0.0.0.0         6.6.6.6            448  36    80000001       1
 External  172.16.4.0      9.9.9.9            201  36    80000003       2
 External  172.16.4.0      7.7.7.7             76  36    80000001       2
 External  172.16.5.0      12.12.12.12        399  36    80000003       2
 External  172.16.5.0      6.6.6.6            216  36    80000001       2
 External  172.16.2.16     12.12.12.12        428  36    80000002       1
 

R3

[r3-ospf-1-area-0.0.0.1]dis ospf lsdb

         OSPF Process 1 with Router ID 3.3.3.3
                 Link State Database 

                         Area: 0.0.0.0
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    7.7.7.7         7.7.7.7            660  48    80000006       0
 Router    6.6.6.6         6.6.6.6            614  48    80000005       0
 Router    5.5.5.5         5.5.5.5           1726  48    80000005       0
 Router    3.3.3.3         3.3.3.3           1179  36    8000000B    1562
 Network   10.1.1.1        3.3.3.3           1179  40    80000005       0
 Sum-Net   172.16.3.0      7.7.7.7            242  28    80000007       2
 Sum-Net   172.16.2.0      6.6.6.6            382  28    80000006       2
 Sum-Net   172.16.1.0      3.3.3.3            566  28    80000005       1
 
                         Area: 0.0.0.1
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    2.2.2.2         2.2.2.2            516  48    80000005       0
 Router    1.1.1.1         1.1.1.1            516  48    80000005       0
 Router    3.3.3.3         3.3.3.3            518  48    80000006       0
 Network   172.16.1.3      3.3.3.3            519  36    80000002       0
 Sum-Net   0.0.0.0         3.3.3.3            566  28    80000001       1
 

                 AS External Database
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 External  0.0.0.0         7.7.7.7            660  36    80000001       1
 External  0.0.0.0         6.6.6.6            614  36    80000001       1
 External  172.16.4.0      9.9.9.9            367  36    80000003       2
 External  172.16.4.0      7.7.7.7            241  36    80000001       2
 External  172.16.5.0      12.12.12.12        565  36    80000003       2
 External  172.16.5.0      6.6.6.6            382  36    80000001       2
 External  172.16.2.16     12.12.12.12        594  36    80000002       1
 

R6

[r6-ospf-1-area-0.0.0.2]dis ospf lsdb

         OSPF Process 1 with Router ID 6.6.6.6
                 Link State Database 

                         Area: 0.0.0.0
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    7.7.7.7         7.7.7.7            691  48    80000006       0
 Router    6.6.6.6         6.6.6.6            644  48    80000005       0
 Router    5.5.5.5         5.5.5.5           1757  48    80000005       0
 Router    3.3.3.3         3.3.3.3           1210  36    8000000B    1562
 Network   10.1.1.1        3.3.3.3           1210  40    80000005       0
 Sum-Net   172.16.3.0      7.7.7.7            274  28    80000007       2
 Sum-Net   172.16.2.0      6.6.6.6            411  28    80000006       2
 Sum-Net   172.16.1.0      3.3.3.3            598  28    80000005       1
 
                         Area: 0.0.0.2
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    6.6.6.6         6.6.6.6            411  36    80000005       1
 Router    11.11.11.11     11.11.11.11        409  60    80000006       0
 Router    12.12.12.12     12.12.12.12        416  36    80000004       1
 Network   172.16.2.18     11.11.11.11        414  32    80000002       0
 Network   172.16.2.1      11.11.11.11        411  32    80000002       0
 Sum-Net   0.0.0.0         6.6.6.6            462  28    80000001       1
 NSSA      0.0.0.0         6.6.6.6            462  36    80000001       1
 NSSA      172.16.5.0      12.12.12.12        434  36    80000001       2
 NSSA      172.16.2.16     12.12.12.12        434  36    80000001       1
 

                 AS External Database
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 External  0.0.0.0         6.6.6.6            644  36    80000001       1
 External  172.16.5.0      6.6.6.6            411  36    80000001       2
 External  0.0.0.0         7.7.7.7            691  36    80000001       1
 External  172.16.4.0      9.9.9.9            398  36    80000003       2
 External  172.16.4.0      7.7.7.7            273  36    80000001       2
 External  172.16.5.0      12.12.12.12        595  36    80000003       2
 External  172.16.2.16     12.12.12.12        624  36    80000002       1

R7

[r7-ospf-1-area-0.0.0.3]dis ospf lsdb 

         OSPF Process 1 with Router ID 7.7.7.7
                 Link State Database 

                         Area: 0.0.0.0
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    7.7.7.7         7.7.7.7            722  48    80000006       0
 Router    6.6.6.6         6.6.6.6            678  48    80000005       0
 Router    5.5.5.5         5.5.5.5           1790  48    80000005       0
 Router    3.3.3.3         3.3.3.3           1243  36    8000000B    1562
 Network   10.1.1.1        3.3.3.3           1243  40    80000005       0
 Sum-Net   172.16.3.0      7.7.7.7            304  28    80000007       2
 Sum-Net   172.16.2.0      6.6.6.6            446  28    80000006       2
 Sum-Net   172.16.1.0      3.3.3.3            630  28    80000005       1
 
                         Area: 0.0.0.3
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 Router    7.7.7.7         7.7.7.7            353  36    80000005       1
 Router    9.9.9.9         9.9.9.9            304  36    80000005       1
 Router    8.8.8.8         8.8.8.8            306  60    80000007       0
 Network   172.16.3.17     9.9.9.9            305  32    80000002       0
 Network   172.16.3.2      7.7.7.7            353  32    80000002       0
 Sum-Net   0.0.0.0         7.7.7.7            401  28    80000001       1
 NSSA      0.0.0.0         7.7.7.7            401  36    80000001       1
 NSSA      172.16.4.0      9.9.9.9            344  36    80000001       2
 

                 AS External Database
 Type      LinkState ID    AdvRouter          Age  Len   Sequence   Metric
 External  0.0.0.0         7.7.7.7            722  36    80000001       1
 External  172.16.4.0      7.7.7.7            303  36    80000001       2
 External  0.0.0.0         6.6.6.6            678  36    80000001       1
 External  172.16.4.0      9.9.9.9            429  36    80000003       2
 External  172.16.5.0      12.12.12.12        629  36    80000003       2
 External  172.16.5.0      6.6.6.6            446  36    80000001       2
 External  172.16.2.16     12.12.12.12        658  36    80000002       1
 

八、调整

因为nssa会向内发布一条缺省路由

则需要在区域0的各个ABR上配置空接口防止环路产生

此处列举R3

[r3]ip route-static 172.16.1.0 24 NULL 0

八、测试

R5路由表

[r5-ospf-1]dis ip ro pro ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 8        Routes : 9        

OSPF routing table status : 
         Destinations : 7        Routes : 7

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

     172.16.1.0/24  OSPF    10   1563        D   10.1.1.1        Tunnel0/0/0
     172.16.2.0/24  OSPF    10   1564        D   10.1.1.6        Tunnel0/0/0
     172.16.3.0/24  OSPF    10   1564        D   10.1.1.7        Tunnel0/0/0
     172.16.4.0/24  O_ASE   150  2           D   10.1.1.7        Tunnel0/0/0
     172.16.5.0/24  O_ASE   150  2           D   10.1.1.6        Tunnel0/0/0
   172.16.10.17/32  OSPF    10   1562        D   10.1.1.6        Tunnel0/0/0
   172.16.10.33/32  OSPF    10   1562        D   10.1.1.7        Tunnel0/0/0

R1 访问 ISP

[r1]PING 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=254 time=80 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=254 time=50 ms

  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/54/80 ms

R1访问R12环回

[r1]ping 172.16.5.1
  PING 172.16.5.1: 56  data bytes, press CTRL_C to break
    Reply from 172.16.5.1: bytes=56 Sequence=1 ttl=252 time=80 ms
    Reply from 172.16.5.1: bytes=56 Sequence=2 ttl=252 time=60 ms
    Reply from 172.16.5.1: bytes=56 Sequence=3 ttl=252 time=80 ms
    Reply from 172.16.5.1: bytes=56 Sequence=4 ttl=252 time=80 ms
    Reply from 172.16.5.1: bytes=56 Sequence=5 ttl=252 time=60 ms

  --- 172.16.5.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 60/72/80 ms

R1访问tunnle

[r1]ping 10.1.1.5
  PING 10.1.1.5: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.5: bytes=56 Sequence=1 ttl=254 time=60 ms
    Reply from 10.1.1.5: bytes=56 Sequence=2 ttl=254 time=50 ms
    Reply from 10.1.1.5: bytes=56 Sequence=3 ttl=254 time=50 ms
    Reply from 10.1.1.5: bytes=56 Sequence=4 ttl=254 time=60 ms
    Reply from 10.1.1.5: bytes=56 Sequence=5 ttl=254 time=60 ms

  --- 10.1.1.5 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 50/56/60 ms

R1访问R10环回

[r3-ospf-1-area-0.0.0.1]ping 172.16.4.33
  PING 172.16.4.33: 56  data bytes, press CTRL_C to break
    Reply from 172.16.4.33: bytes=56 Sequence=1 ttl=252 time=40 ms
    Reply from 172.16.4.33: bytes=56 Sequence=2 ttl=252 time=40 ms
    Reply from 172.16.4.33: bytes=56 Sequence=3 ttl=252 time=40 ms
    Reply from 172.16.4.33: bytes=56 Sequence=4 ttl=252 time=60 ms
    Reply from 172.16.4.33: bytes=56 Sequence=5 ttl=252 time=40 ms

  --- 172.16.4.33 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 40/44/60 ms

R12环回访问ISP

[r12-ospf-1-area-0.0.0.2]PING -A 172.16.5.1 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=253 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=253 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=253 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=253 time=20 ms

  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 20/32/40 ms

R10环回访问ISP

[r10-ospf-2-area-0.0.0.4]ping -a 172.16.4.33 4.4.4.4
  PING 4.4.4.4: 56  data bytes, press CTRL_C to break
    Reply from 4.4.4.4: bytes=56 Sequence=1 ttl=252 time=30 ms
    Reply from 4.4.4.4: bytes=56 Sequence=2 ttl=252 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=3 ttl=252 time=40 ms
    Reply from 4.4.4.4: bytes=56 Sequence=4 ttl=252 time=50 ms
    Reply from 4.4.4.4: bytes=56 Sequence=5 ttl=252 time=40 ms

  --- 4.4.4.4 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 30/42/50 ms