R1、R2、R3间运行OSPF,进程号20,规划单区域:区域0;
VSU、R2、R3间运行OSPF,进程号21,规划单区域:区域0;
R1引入路由时进行路由标记,生产网段标记为10,办公网段标记为20,loopback地址标记为30,路由图定义为SET_TAG;
VSU引入路由时进行路由标记,生产网段标记为100,办公网段标记为200,loopback地址标记为300,路由图定义为SET_TAG;
R2、R3要求OSPF双进程重发布,OSPF20进程发布至OSPF21进程时关联路由图定义为OSPF20_TO_OSPF21,OSPF21进程发布至OSPF20进程时关联路由图定义为OSPF21_TO_OSPF20;
R2、R3要求OSPF路由标记过滤规避路由环路与次优路径风险,OSPF20进程内路由过滤关联路由图定义为FILTER_OSPF21_TAG,OSPF21进程内路由过滤关联路由图定义为FILTER_OSPF20_TAG;
路由图中涉及COST值的调整,要求其值必须为5或10;
通过策略部署,使得生产业务的主路径为R1—R2—VSU,办公业务的主路径为R1—R3—VSU,且要求来回路径一致。Loopback接口互访路径与办公业务一致;
主链路或R2、R3故障时可无缝切换到备用链路上
使用 eve-ng 来模拟 一下,画出拓扑,红线和绿线是标记数据包要走的链路线路
是不是感觉有点绕,我们将VSU(用交换机模拟的)拖动下来,再看线路就好理解了吧
配置脚本
===ar 1
en
conf t
host r1
line con 0
exec-t 0 0
exit
int lo 0
ip add 172.16.20.1 255.255.255.0
int lo 1
ip add 192.168.20.1 255.255.255.0
int lo 2
ip add 10.1.1.1 255.255.25.0
int g0/0
no switchport
ip add 12.1.1.1 255.255.255.0
int g0/1
no switchport
ip add 13.1.1.1 255.255.255.0
exit
router ospf 20
net 12.1.1.0 0.0.0.255 area 0
net 13.1.1.0 0.0.0.255 area 0
exit
ip prefix-list tag10 per 172.16.20.0/24
ip prefix-list tag20 per 192.168.20.0/24
ip prefix-list tag30 per 10.1.1.0/24
route-map set_tag permit 10
match ip add prefix-list tag10
set tag 10
exit
route-map set_tag permit 20
match ip add prefix-list tag20
set tag 20
exit
route-map set_tag permit 30
exit
router ospf 20
redis connected metric-type 1 subnets route-map set_tag
===ar 2
en
conf t
host r2
int g0/0
no switchport
ip add 12.1.1.2 255.255.255.0
int g0/1
no switchport
ip add 23.1.1.1 255.255.255.0
int g0/2
no switchport
ip add 24.1.1.2 255.255.255.0
exit
router ospf 20
net 12.1.1.0 0.0.0.255 area 0
net 23.1.1.0 0.0.0.255 area 0
exit
router ospf 21
net 24.1.1.0 0.0.0.255 area 0
exit
!用于ospf 21 重发面ospf20
route-map ospf20_to_ospf21 permit 10
match tag 10
set metric 5
!不能把匹配条件写在一条映射图中,如果写在一条就是数据包满足所有条件才执行相应的set动作
route-map ospf20_to_ospf21 permit 20
match tag 20
set metric 10
route-map ospf20_to_ospf21 permit 30
exit
!策略路由最后有一个隐含的拒绝所有的规则,所以最后要设置一条允许通过的空规则,目的是放行不匹配的数据包,即不匹配的数据就执行策略路由直接根据路由表转发
用于ospf 20 重发面ospf21
route-map ospf21_to_ospf20 permit 10
match tag 100
set metric 5
route-map ospf21_to_ospf20 permit 20
match tag 200
set metric 10
route-map ospf21_to_ospf20 permit 30
exit
router ospf 20
redistribute ospf 21 metric-type 1 sub route-map ospf21_to_ospf20
router ospf 21
redistribute ospf 20 metric-type 1 sub route-map ospf20_to_ospf21
===ar 3
en
conf t
host r3
int g0/0
no switchport
ip add 13.1.1.2 255.255.255.0
int g0/1
no switchport
ip add 23.1.1.2 255.255.255.0
int g0/2
no switchport
ip add 34.1.1.2 255.255.255.0
router ospf 20
net 13.1.1.0 0.0.0.255 area 0
net 23.1.1.0 0.0.0.255 area 0
exit
router ospf 21
net 34.1.1.0 0.0.0.255 area 0
exit
用于ospf 21 重发面ospf20
route-map ospf20_to_ospf21 permit 10 #建立一个策略映射表
match tag 10 #如果匹配tag10,即匹配172.16.10./24网段
set metric 10 #则执行相应的动作,即设置度量值为10
route-map ospf20_to_ospf21 permit 20
match tag 20
set metric 5
route-map ospf20_to_ospf21 permit 30 #最后要设置一个匹配其它流量的情况,全部放行
exit
用于ospf 20 重发面ospf21
route-map ospf21_to_ospf20 permit 10
match tag 100
set metric 10
route-map ospf21_to_ospf20 permit 20
match tag 200
set metric 5
route-map ospf21_to_ospf20 permit 30
exit
router ospf 20
redistribute ospf 21 metric-type 1 sub route-map ospf21_to_ospf20 #重发布时根据策略映射表进行设置
router ospf 21
redistribute ospf 20 metric-type 1 sub route-map ospf20_to_ospf21
===sw
en
conf t
host sw
ip routing
int lo 0
ip add 172.16.10.1 255.255.255.0
int lo 1
ip add 192.168.10.1 255.255.255.0
int lo 2
ip add 10.2.2.1 255.255.255.0
int g0/0
no switchport
ip add 24.1.1.1 255.255.255.0
int g0/1
no switchport
ip add 34.1.1.1 255.255.255.0
exit
router ospf 21
net 24.1.1.0 0.0.0.255 area 0
net 34.1.1.0 0.0.0.255 area 0
exit
ip prefix-list tag100 per 172.16.10.0/24
ip prefix-list tag200 per 192.168.10.0/24
ip prefix-list tag30 permit 10.2.2.0/24
route-map set_tag permit 10
match ip add prefix-list tag100
set tag 100
exit
route-map set_tag permit 20
match ip add prefix-list tag200
set tag 200
route-map set_tag permit 30
exit
router ospf 21
red connected metric-type 1 subnets route-map set_tag
在R2,R3上做重发布,没有策略路由的情况下
r3(config)#router ospf 20
r3(config-router)#redis ospf 21 metric-type 1 sub
r3(config-router)#exit
r3(config)#router ospf 21
r3(config-router)#redis ospf 20 metric-type 1 sub
r3(config-router)#
在R2,R3上抓包会看到相应的网段被打上了设置的标签
查看ospf LSA-TYPE 5,会看到相应网段的数据包已经打上了标签