ospf的综合实验
目标:
1.r4为ISP,其上面只能配置IP地址;R4与其他所有直连设备间均使用共有的IP
2.R3-R5/6/7为MGRE环境,R3为中心站点
3.整个ospf环境IP基于172.16.0.0/16划分
4.所有设备均可访问R4的环回
5.减少LSA的更新量
6.全网可达
第一步子网划分
area 0:
loopback: 1.1/25, 1.129/25, 2.1/25
tunnel:3.1/2/3/4 29
area 1:
32.0 19
loopback:33.1/25, 33.129/25, 34.1/25
interface:32.0/29
area 3:
64.0 19
lo:65.1/24
interface:{64.1/2 30, 65.1/2 30}
area 4:
96.0 19
lo:97.1/25, 97.129/25
int: 96.1/2 30
area 2:
128.0 18
lo:129.1 24
interface :{128.1/2 30, 130.1/2 30}
rip: 192.0 18
lo:192.1 24, 192.3 24
公网互通
#r3
interface Tunnel0/0/0
ip address 172.16.3.1 255.255.255.248
tunnel-protocol gre p2mp
source 31.1.1.1
ospf network-type broadcast
ospf dr-priority 10
nhrp entry multicast dynamic
#R7/6/5
interface Tunnel0/0/0
ip address 172.16.3.2/3/4 255.255.255.248
tunnel-protocol gre p2mp
source GigabitEthernet0/0/0
ospf network-type broadcast
ospf dr-priority 0
nhrp entry 172.16.3.1 31.1.1.1 register
上述开启然后使用ospf宣告,改为broadcast,让R3当dr,开启伪广播
宣告
network 172.16.3.1 0.0.0.0
network 172.16.1.0 0.0.0.127
network 172.16.3.2 0.0.0.0network 172.16.1.128 0.0.0.127
network 172.16.3.3 0.0.0.0network 172.16.2.0 0.0.0.127
network 172.16.3.4 0.0.0.0
然后area1/2/3重复配IP和ospf宣告
area4:ospf 2 然后和上面一样
然后进入到area3的asbr上面将ospf 2进行重发布
area 3
import-route ospf 2
area 4
import-route ospf 1
同理rip上面也是将导入,area 2,import-route rip
优化
area1里面的所有路由器上面配置stub
然后在abr上面配置stub no-summary
在area 3上面配置nssa,在abr上面配置nssa no-summary
area 2上面同理
汇总,在area上面的abr上面
area 1
abr-summary 172.16.32.0 255.255.224.0
area 3
abr-summary 172.16.64.0 255.255.224.0
area 4
asbr-summary 172.16.96.0 255.255.224.0
area 2
abr-summary 172.16.128.0 255.255.192.0
area2上面的asbr
asbr-summary 172.16.192.0 255.255.192.0
成果:
Area: 0.0.0.1
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 2.2.2.2 2.2.2.2 418 48 8000000D 0
Router 172.16.33.1 172.16.33.1 415 48 8000000D 0
Router 3.3.3.3 3.3.3.3 416 48 8000000B 0
Network 172.16.32.1 172.16.33.1 415 36 80000006 0
Sum-Net 0.0.0.0 3.3.3.3 427 28 80000003 1
OSPF Process 1 with Router ID 9.9.9.9
Link State DatabaseArea: 0.0.0.3
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 7.7.7.7 7.7.7.7 58 36 80000007 1
Router 9.9.9.9 9.9.9.9 33 60 8000000A 1
Router 8.8.8.8 8.8.8.8 35 36 80000006 1
Network 172.16.64.2 9.9.9.9 53 32 80000004 0
Network 172.16.66.1 9.9.9.9 33 32 80000003 0
Sum-Net 0.0.0.0 7.7.7.7 126 28 80000003 1
NSSA 0.0.0.0 7.7.7.7 126 36 80000003 1
NSSA 172.16.96.0 8.8.8.8 76 36 80000003 2OSPF Process 1 with Router ID 11.11.11.11
Link State DatabaseArea: 0.0.0.2
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 6.6.6.6 6.6.6.6 733 36 80000007 1
Router 11.11.11.11 11.11.11.11 708 60 8000000A 1
Router 12.12.12.12 12.12.12.12 706 36 80000007 1
Network 172.16.130.2 12.12.12.12 707 32 80000004 0
Network 172.16.128.2 11.11.11.11 725 32 80000004 0
Sum-Net 0.0.0.0 6.6.6.6 787 28 80000003 1
NSSA 0.0.0.0 6.6.6.6 787 36 80000003 1
NSSA 172.16.192.0 12.12.12.12 752 36 80000003 2
NSSA 172.16.130.0 12.12.12.12 752 36 80000003 1
然后再每一台上面配置nat
acl 2000
rule 5 permit source 172.16.32.0 0.0.31.255
在出接口上面绑定
nat outbound 2000
私网之间
ping 172.16.97.129
PING 172.16.97.129: 56 data bytes, press CTRL_C to break
Reply from 172.16.97.129: bytes=56 Sequence=1 ttl=251 time=120 ms。。。
ping 172.16.130.1
PING 172.16.130.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.130.1: bytes=56 Sequence=1 ttl=253 time=90 ms。。。
ping 172.16.97.1
PING 172.16.97.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.97.1: bytes=56 Sequence=1 ttl=251 time=60 ms。。。
公网
ping 5.5.5.5
PING 5.5.5.5: 56 data bytes, press CTRL_C to break
Reply from 5.5.5.5: bytes=56 Sequence=1 ttl=254 time=50 ms。。。
域外之间
ping 172.16.192.1
PING 172.16.192.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.192.1: bytes=56 Sequence=1 ttl=250 time=70 ms。。。