九、OSPF
基本命令:
R1(config)#router ospf 进程号 //指定使用OSPF协议
R1(config-router)#network 接口IP 0.0.0.0(反掩码) area 区域号
R1(config-router)#router-id ip地址 //手工指定router-id
备注:如果router-id已经产生,要改变router-id则必须手工指定,且必须重启OSPF进程才生效。
重启OSPF进程:R1#clear ip ospf process
反掩码是: 1 和 0 反转的子网掩码,即用255.255.255.255减去原掩码得出反掩码,又称为通配符,0位 表示必须匹配,1位表示不必匹配。例如:
Router(config)# network 2.3.6.0 0.0.0.255 area 0
表示可以是 2.3.6.0 这个网段的任意主机
Router(config)# network 2.2.2.2 0.0.0.0 area 0
表示唯一地址为 2.2.2.2 (常用于设定接口地址****经常使用)
Router(config)# network 0.0.0.0 0.0.0.0 area 0
表示可以是任意网段的任意主机
在存在双链路的网络环境中,可以实现等价负载均衡
通过修改链路成本实现:进入接口模式
r1(config)#interface 接口编号
r1(config-if)#ip ospf cost 成本(1-65535)
配置相关的接口参数:
hello时间:在接口模式下:
r1(config)#interface 接口编号
r1(config-if)#ip ospf hello-interval 时间
**两台路由器相连的接口都要修改,保持时间默认会是hello的时间4倍
保持时间:
hello时间:在接口模式下:
r1(config)#interface 接口编号
r1(config-if)#ip ospf dead-interval 时间
查看OSPF配置命令:
查看OPSF邻居表:
r1#show ip ospf neighbors
查看rouer-id,管理距离:
r1#show ip protocols
查看接口的相关OSPF属性:r1#show ip ospf interface 接口
可以看到hello时间,保持时间,接口类型等等
ospf学习到的路由条目用字母O表示,即同一个区域内所学到的,管理距离值110
设置接口的优先级:
R1(config)# interface s0
R1(config-if)#
ip ospf priority 100
显示接口的优先级信息
R1# show ip ospf interface s0
配置OSPF的网络类型:
R1 (config-if) # ip ospf network {broadcast | point-to-point | point-to-multicast}
OSPF的认证:
为了安全的原因,在相同OSPF区域的路由器上启用身份验证的功能,只有经过身份验证的同一区域的路由器才能互相通告路由信息。
OSPF的纯文本验证:
简单的纯文本验证允许一个区只配置一个密码(Password)同一个区中的路由器要想参与路由,他们必须配置相同的密码。这种方法的缺点是易受攻击。
使用下面的命令启动密码验证:
R1(config-if)
#ip ospf authentication-key mypassword
R1(config-router)#area 0 authentication //”0”是area的ID
OSPF的MD5认证:
MD5(Message Digest Authentication)是采用加密验证,每个路由器上都必须配置密码和密码ID。路由器使用一种算法,基于OSPF报文、密码和密码ID产生一个 “Message Digest”,然后加到OSPF报文中。不像简单密码验证,MD5验证密码不在网络上传输。每个OSPF报文中还包含有一个序列号以保护网络不受攻击。
使用下面的命令来配置MD5验证:
R1(config-if)
#ip ospf message-digest-key <key-id> md5 <key>
R1(config-router)#area 0 authentication message-digest
十、实例:
下面网络拓朴图中配置OSPF协议,并且在R2与R3实现等负载均衡,并且手动修改R2的router-id为10.10.10.10,查看DR和BDR路由是哪个?查看Router ID?通过改变RID来改变DR和BDR。
三个路由器基配置
R1
enable
configure terminal
no ip domain-lookup
line console 0
no exec-timeout
logging syn
password cisco
login
hostname r1
interface l0
ip add 1.1.1.1 255.255.255.0
no sh
interface s0/0
ip address 192.1.1.1 255.255.255.0
no shutdown
router ospf 1
network 192.1.1.1 0.0.0.0 area 0
network 1.1.1.1 0.0.0.0 area 0
R2
enable
configure terminal
no ip domain-lookup
line console 0
no exec-timeout
logging syn
password cisco
login
hostname r2
interface l0
ip add 2.2.2.2 255.255.255.0
no sh
interface s0/0
ip address 192.1.1.2 255.255.255.0
no shutdown
interface s0/1
ip address 193.1.1.2 255.255.255.0
no shutdown
interface f1/0
ip address 194.1.1.2 255.255.255.0
no shutdown
router ospf 1
network 192.1.1.2 0.0.0.0 area 0
network 193.1.1.2 0.0.0.0 area 0
network 194.1.1.2 0.0.0.0 area 0
network 2.2.2.2 0.0.0.0 area 0
R3
enable
configure terminal
no ip domain-lookup
line console 0
no exec-timeout
logging syn
password cisco
login
hostname r3
interface l0
ip add 3.3.3.3 255.255.255.0
no sh
interface s0/1
ip address 193.1.1.1 255.255.255.0
no shutdown
interface f1/0
ip address 194.1.1.1 255.255.255.0
no shutdown
router ospf 1
network 193.1.1.1 0.0.0.0 area 0
network 194.1.1.1 0.0.0.0 area 0
network 3.3.3.3 0.0.0.0 area 0
1、查看DR和BDR路由:
r2#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:32 194.1.1.1 FastEthernet1/0
1.1.1.1 0 FULL/ - 00:00:39 192.1.1.1 Serial0/0
显示R2是DR,R3是BDR
2、查看R2的Router ID
r2#sho ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 2.2.2.2
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
2.2.2.2 0.0.0.0 area 0
192.1.1.2 0.0.0.0 area 0
193.1.1.2 0.0.0.0 area 0
194.1.1.2 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:14:50
1.1.1.1 110 00:14:50
Distance: (default is 110)
显示Router ID为:2.2.2.2
3、改变其Router ID:
r2(config)#router ospf 1
r2(config-router)#router-id 10.10.10.10
Reload or use "clear ip ospf process" command, for this to take effect
r2(config-router)#end
r2#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
r2#sh ip protocols
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 10.10.10.10
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
2.2.2.2 0.0.0.0 area 0
192.1.1.2 0.0.0.0 area 0
193.1.1.2 0.0.0.0 area 0
194.1.1.2 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
3.3.3.3 110 00:19:38
1.1.1.1 110 00:00:12
Distance: (default is 110)
4、查看R2路由器的DR和BDR路由信息:
r2#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/DR 00:00:32 194.1.1.1 FastEthernet1/0
1.1.1.1 0 FULL/ - 00:00:39 192.1.1.1 Serial0/0
显示R2变成BDR,R3变成DR
5、再到R3重启OSPF协议
r3#clear ip ospf pr
r3#clear ip ospf process
Reset ALL OSPF processes? [no]: yes
再查看R2信息,又变回来了。
r2#sh ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:34 194.1.1.1 FastEthernet1/0
1.1.1.1 0 FULL/ - 00:00:33 192.1.1.1 Serial0/0
1、 通过改变路由器接口的Cost来实现R2与R3负载均衡
R2和R3有两条连接一个s0/1和f1/0,成本cost分别为64和1,所以在R2上到3.3.3.3路由表是194.1.1.1。
r2#sh ip ospf interface s0/1
Serial0/1 is up, line protocol is up
Internet Address 193.1.1.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT,
Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:06
Supports Link-local Signaling (LLS)
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3
Suppress hello for 0 neighbor(s)
r2#sh ip ospf interface f1/0
FastEthernet1/0 is up, line protocol is up
Internet Address 194.1.1.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST,
Cost: 1
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 2.2.2.2, Interface address 194.1.1.2
Backup Designated router (ID) 3.3.3.3, Interface address 194.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:03
Supports Link-local Signaling (LLS)
Index 3/3, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3 (Backup Designated Router)
Suppress hello for 0 neighbor(s)
r2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 192.1.1.1, 00:03:18, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 194.1.1.1, 00:03:18, FastEthernet1/0
C 193.1.1.0/24 is directly connected, Serial0/1
C 192.1.1.0/24 is directly connected, Serial0/0
C 194.1.1.0/24 is directly connected, FastEthernet1/0
改变R2
的s0/1
接口cost
为1
r2(config)#interface s0/1
r2(config-if)#ip ospf cost 1
r2#sh ip ospf interface s0/1
Serial0/1 is up, line protocol is up
Internet Address 193.1.1.2/24, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 3.3.3.3
Suppress hello for 0 neighbor(s)
修改成功,再查看R2的路由表,到达3.3.3.3有两条路由条目了。
r2#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/65] via 192.1.1.1, 00:00:00, Serial0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 194.1.1.1, 00:00:00, FastEthernet1/0
[110/2] via 193.1.1.1, 00:00:00, Serial0/1
C 193.1.1.0/24 is directly connected, Serial0/1
C 192.1.1.0/24 is directly connected, Serial0/0
C 194.1.1.0/24 is directly connected, FastEthernet1/0
十一、处理OSPF故障常用命令
OSPF是链路状态协议,维护3个数据库:相邻数据库、拓扑结构数据库、路由表。
OSPF相关的show命令:
Show running-config
Show ip route
Show ip route ospf ;仅显示OSPF路由
Show ip ospf process-id ;显示与特定进程ID相关的信息
Show ip ospf ;显示OSPF相关信息
Show ip ospf border-routers ;显示边界路由器
Show ip ospf database ;显示OSPF的归纳数据库
Show ip ospf interface ;显示指定接口上的OSPF信息
Show ip ospf neighbor ;显示OSPF相邻信息
Show ip ospf request-list ;显示链路状态请求列表
Show ip ospf summary-address ;显示归纳路由的再发布信息
Show ip ospf virtual-links ;显示虚拟链路信息
Show ip interface ;显示接口的IP设置
OSPF相关的debug命令:
Debug ip ospf adj ;
Debug ip ospf events
Debug ip ospf flood
Debug ip ospf lsa-generation
Debug ip ospf packet
Debug ip ospf retransmission
Debug ip ospf spf
Debug ip ospf tree
常见的OSPF故障:OSPF的每个area不超过100台路由器,整个网络不超过700台路由器;通配符掩码配置不当;