Notes of JNCIP_OSPF

OSPF基本配置的3个问题:
-1)是否需要在loopback接口上启用OSPF?
-2)loopback是否需要passive?
-3)是否需要配置RID?

JNCIP-M考试新变化:
I believe the only thing that maybe you can see different is the fact that beginning junos 8.5 the router-id is not longer advertised as a stub network in

OSPF:
"Historically, JUNOS software automatically advertised a stub route to the interface from which the RID is obtained. This meant that you did not need to run

an IGP instance on the loopback interface to advertise reachability to the RID. Starting with JUNOS Release 8.5, this behavior has changed. Now, whether you

use an explicit or an automatically generated RID that is lo0—based, you need to enable OSPF on the loopback interface to advertise reachability to the

related loopback address, even when it is the source of an automatically selected RID."
Also, there are some slight differences in OSPF authentication between the 5.2 (book version) and the 8.1 version.

 

Troubleshooting Adjacency Problems中无法更改fxp接口mtu,故无法做实验

有趣的现象:
Virtul Links:R3/R5两边分别配置ospf area 3,但是R5上还是收到10.0.4/22路由,但是从R7到R2不通


配置技巧:
重启r4上的路由协议
run restart routing logical-router r4 immediately

ospf配置接口时慎用int all
例如CaseStudy中R1要求10.0.5/24以外部路由宣告,而且R1的相应接口不能再建立邻居

关于JUNOS OSPF配置中的RID
RID是否需要配置?
JUNOS默认以lo0作为RID,无需配置

什么时候需要配置router-id?
不希望lo0路由被宣告出去

手工配置RID会怎么样?
路由器不会为Lo0分配stub route,故这条路由(lo0)将无法传递出去,影响到loopback的连通性
如果此时要求lo0可达,则需要在lo0上启用ospf


关于JUNOS OSPF配置中的loopback接口
-1).lo0上启用ospf会怎么样?
lo0会以network summary route形式对外宣告为stub network
-2).lo0上不启用ospf会怎么样?
lo0会以type 1 LSAs形式对外宣告为stub network


lo0是否需要宣告到ospf中?
JUNOS 5.2或者更低版本:JUNNOS宣告stub路由到RID网段,一般不需要
JUNOS 8.2或者更高版本:必须在lo0上启用OSPF

WHY is passive required?
1.不允许建立adjacency
2.避免产生不必要的hello报文,减轻系统资源消耗
3.路由类型为internal


关于RID选举?


网络类型:
1.multipoint
(1)类型为P2MP,因为不具备broadcast能力,所以需要指明neighbor
(2)实际可以理解为类型是p2p,所以不会选举DR
(3)hello interval默认10秒
(4)配置要点:
HUB:
1.接口上multipoint,ospf中无需指明
2.配置neihgbor
SPOKE?
JUNOS需要配置neighbor,IOS不需要配置neighbor


2.NBMA
(1)实际上还是一种广播,所以要选举DR
(2)但因为是non-broadcast,所以还是需要指明neighbor
(3)hello interval默认30秒
(4)ATM & FR全互联的情况下使用(实际网络架构很少用这种类型,所以NBMA很少用到)
(5)配置要点:
1.在ospf接口中指明NBMA
2.指明neihgbor
3.不参选的priority设置为0

eligible的作用
1.只会对自认为可以做DR的路由器有影响:产生hello
2.对实际DR选举没有任何影响
3.保证hello报文只在DR-eligible中间传播


OSPF的non-preemptive特点
priority为128,配置R4的priority为200,此时R4不会抢占成为DR。
when to kick in?
网络断开
路由进程重启


STUB区域
Network summary LSAs (type 3s) are generated by ABRs to summarize their SPF cost to destinations within their attached areas.
解读:ABR创建到stub区域以外路由的summary路由,例如R3 & R4向AREA 10宣告area 1内的路由10.0.8/24

Other routers compute their SPF cost to each ABR, and then add (as in distance vector routing!) the metric received in summary LSAs to compute the shortest

path to inter-area destinations.
解读:other routers指的是stub区域内的non-ABR路由器,例如AREA 10内的R1 & R2
1.ABR(R3 & R4)宣告了一条汇总路由10.0.8/24,metric为10
2.non-ABR(R1 & R4)首先计算自己到ABR的最短metric,然后将ABR宣告过来的metric相加,最后得出自己到10.0.8/24的metric

NSSA的本质
STUB不许external LSAs进来,同时也不允许external LSAs从自己到bone
NSSA允许


ASBR metric向NSSA以外区域宣告,例如为R1的静态路由设置metric
ABR metric向NSSA以内区域宣告,例如这里R3 & R4配置的default-metric


Study Guide:
edit protocols ospf area 0.0.0.10]
lab@r4# show
nssa {
  default-lsa {
    default-metric 10;
    metric-type 2;
    type-7;默认路由默认为type 3,现在指定为type-7以满足需求“no type 3 LSA”
  }
这句中的default-metric 10起什么作用?如何进行检验?
为NSSA提供默认路由,可以从r1观察默认路由的属性


NSSA的default-metric
[edit logical-routers r4 protocols ospf area 0.0.0.1]
lab@OLIVE# show
nssa {
    default-lsa {
        default-metric 10;
        metric-type 1;
        type-7;
    }
}
interface fxp1.24;

lab@OLIVE# run show route 0.0.0.0 logical-router r1   

inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 00:00:02, metric 12, tag 0
                    > to 10.0.4.5 via fxp1.12
如果设置metric-type 1,则metri为12

 


[edit logical-routers r4 protocols ospf area 0.0.0.1]
lab@OLIVE# show
nssa {
    default-lsa {
        default-metric 10;
        metric-type 2;
        type-7;
    }
}
interface fxp1.24;

lab@OLIVE# run show route 0.0.0.0 logical-router r1   

inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 00:00:02, metric 10, tag 0
                    > to 10.0.4.5 via fxp1.12
如果设置metric-type 2,则metri为10

STUB的metric
lab@OLIVE# show protocols
ospf {
    area 0.0.0.0 {
        interface fxp2.34;
        interface fxp1.45;
        interface lo0.4;
    }
    area 0.0.0.1 {
        stub default-metric 10;
        interface fxp1.24;
    }
}
注意:stub配置参数里没有type 1/type 2之类的属性,所以r1上看到的默认路由是12=Metric(r1-r4)+Metric default route

 


OSPF中的"潜规则":
在JUNIPER的路由器上被选举成router-id的环回口的IP地址都是自动以类型1的LSA通告的
默认路由在默认情况下是以类型3的形式通告的
ASBR发布的外部路由默认类型是type 2,例如R1发布10.0.5/24时如果不指定type,则10.0.5/24会以type 2类型向ospf传递
ASBR发布外部路由时会分配一个默认的metric,例如R7作为RIP-OSPF之间的路由发布点,可能将RIP路由器上的10.0.5/24重新倒回来,此时R7会给10.0.5/24重新分配一个metric,

study guide显示为2。这个metric可以手工指定,例如r1发布10.0.5/2时指定其类型type 1,而且metric是50
By default, r7 attaches a metric value to the route that is equal to the metric that would have been advertised by RIP, which in this example is 2


OSPF Study Guide中的负载均衡:
-1).R5到10.0.5/24有两个下一跳R3/R4
参看<<Metric and Various other knobs>>"Ensure that r5 can load-balance to area 10 internal destinations by adjusting metrics."
-2).R5到192.168/16有两个下一跳R6/R7
参看<<OSPF Routing Policy>>_RIP Import Policy:修改R6/R7上的rip-in,这样R6/R7可以同时导入192.168/16
-3).RIP路由器到10.0.5/24有两个下一跳R6/R7
参看<<OSPF Routing Policy>>_Global Preference and OSPF Export Policy:修改R7上的rip preference和rip-ospf可以达到要求


OSPS vs ISIS
OSPF & ISIS如何注入默认路由
1.OSPF在ABR上配置default-metric
2.ISIS无需配置,L1/L2 Router会自动向L1区域注入0/0路由

OSPF & ISIS关于loopback网段的宣告
1.OSPF的loopback地址默认会自动宣告到non-AREA 0区域中去
2.ISIS的loopback地址需要配置ISIS AREA


参考带宽计算
参考带宽/100,000,000bit=cost
例如,设置参考带宽为1G,则cost=1G/100,000,000bit=10

Juniper vs Cisco
1.rip对外宣告metric
场景:r1-r2,r1设置metric-out 1
Juniper:r1-r2之间的直连接口也算一跳,加上1,最后r2看到metric为2
CISCO:r2看到metric为1

2.DUAL-ABR/L1-L2 Router情况下,OSPF & ISIS如何选定默认ABR/L1-L2 Router
OSPF路由选择Router-ID较大的ABR
ISIS


3.area-range汇总路由的metric如何确定?
Juniper:由contributing route中子网最小的metric做为汇总metric
CISCO:由contributing route中子网最大的metric做为汇总metric

4.wide-metric中的contrbuting routes

 


ABR汇总:
1.汇总non-area 0内的物理网段
2.如果题目没有明确要求禁止汇总loopback,area内的loopback地址也要汇总
3.ABR-ABR之间的网段不汇总,而且ABR的loopback不汇总
4.如果physical & loopback地址不连续,可以发送两个aggregates

总结:
AREA 10的汇总做在R3/R4上
AREA 1的汇总做在R5上
RIP的汇总做在R6/R7上,参看大猫猫case study_P9配置


area 1内部网段
8.0 0000 1000.0000 0000
8.4 0000 1000.0000 0100
8.8 0000 1000.0000 1000
9.6 0000 1001.0000 0110
9.7 0000 1001.0000 0111
汇总掩码:8.0/23
3.5 0000 0011.0000 0101 (loopback@r5)

area 10内部网段
4.0 0000 0100.0000 0001
4.4
4.8
4.12
6.1 0000 0110.0000 0001
6.2 0000 0110.0000 0010
汇总掩码:4.0/22

ABR-ABR loopback interfaces
3.3 0000 0011.0000 0011
3.4 0000 0011.0000 0100
2.4 0000 0010.0000 0100


汇总路由掩码计算:
1.contributing routes最小的网段
2.二进制计算汇总掩码
3.run sh route 172.16.4/29 log r6进行验证


问题一:为什么在RIP上以loopback为source可以到达10.0.5.1,而用172.16.40.1却不行?P208
lab@rip# run traceroute 10.0.5.1 source 192.168.0.1可以通
lab@r6# run traceroute 10.0.5.1 source 172.16.40.2不通
按照书上实例,此时通过双向发布路由,RIP有了OSPF区域内的路由(10.0.5.0/24),OSPF也有RIP上的静态路由(192.168.1.0~4.0),只是OSPF区域还没有R6-RIP之间的路由。
192.168.0.1@RIP怎么traceroute到10.0.5.1?
以172.16.40.1为source,报文丢到172.16.40.2,然后经由R6将报文送到10.0.5.1,但是回送报文怎么处理呢?


既然172.16.40.2@R6到不了10.0.5.1,192.168.0.1@RIP怎么能够到达10.0.5.1?凭什么通过RIP-R6可以到达?

 

ping & tracert的实质
有去有回,去的是ICMP Request,回的是ICMP echo,所以source-destination之间必须是双向路由可达的
RIP可以ping通R1的前提是什么?只要RIP有到R1的路由即可?
NO,P208中RIP有到R1网段的路由,但是仍然不能ping通,输出如下:
lab@rip> traceroute 10.0.5.1
而加上source以后却能ping通,WHY?
lab@rip# run traceroute 10.0.5.1 source 192.168.0.1
通过前边路由发布我们知道,RIP有OSPF区域内的路由(10.0.5.0/24),OSPF也有RIP上的静态路由(192.168.1.0~4.0),即192.168.0.1~10.0.5/24之间有了双向路由,所以此时可以

ping通

 

lab@r6# run traceroute 10.0.5.1 source 172.16.40.2不通,WHY?
因为OSPF内部并不知道如何到达172.16.40.2这个网段,事实上OSPF只知道192.168.0.1~4.0


问题二:/28 & /24没看懂(p210)
为什么用discard?这里172.16.40/28实际上是一个aggregate路由

书中解释1:
because direct routes have a higher global preference than static routes. Because the /28 mask is more specific than the /24 direct route, the static route

will now be considered active
preference:direct>static,精确度:/28>/24,所以/28就一定是active的吗?难道仅仅是因为/28比/24更精确吗?


书中解释2:
This approach was taken because it eliminated the need for export policy route-filter statements that would otherwise have been needed to prevent the

redistribution
of other direct routes (such as the 192.168.x.1/32 lo0 addresses) on the RIP router.
采用这种方式(采用/28掩码),就无需导出route-filter语句,如果不这样做(即不采用 /28掩码,而是采用/24掩码),就需要在RIP路由器上禁止其他直连路由(例如

192.168.x.1/32环回地址)的重新发布
为什么要这样?

P209解释RIP无法到达10.0.5/24曾经做过如下描述:
解法一:Listing r6’s fe-0/1/3 interface as passive under the OSPF process,
解法二:redistributing the 172.16.40.0/24 address from either the RIP router,or r6, will resolve this issue.
StudyGuide中采用的是在RIP上宣告静态路由的方案
[edit routing-options]
lab@rip# set static route 172.16.40/28 discard

学习大猫猫<<OSPF CaseStudy>>P13忽然有所得:
CaseStudy要求“以OSPF内部路由的形式通告172.16.40.x的rip子网路由,并且确定没有邻居可以在这些接口上建立”
解法:在R6 & R7对应RIP网段宣告passive接口,实际上这正是StudyGuide上的解法一,这样做可以使得RIP到达10.0.5/24,但是在product network中网络需要最优化(在可达的基

础上保证精确),因此这里需要做汇总(CaseStudy也暗含此要求),显然汇总得来的掩码是/28,包含RIP内所有的物理网段(172.16.40.1~40.3)。现在回头来看StudyGuide中的静态

路由:用/28一是为了保证路由最精确,另外路由经RIP-R6以后无需再做汇总,最终实现网络最优化


问题三:为什么路由经过abr后metric会加10?P192
这是教材上的截图:
lab@r6> show route 10.0.6.1
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.6.1/32 *[OSPF/10] 00:27:34, metric 3
> to 10.0.8.6 via fe-0/1/0.0
R6到10.0.6.1的metric=3,这个好理解:R6-R5 metric=1,R5-R3 metric=1,R3-R1=1,三段加起来为3

switch在HUB上的奇怪现象:
R6看到的10.0.6.1(R1的loopback) metric为13
R6看到的10.0.3.3(R3的loopback)metric为11,看到R3-R5网段(10.0.2.0/30)metric也是11
R6-R5之间的metric为1(采用HUB连接olive,链路接口都为10^8/100,000,000=1),10.0.2.0/30经过R5后metric加10,故metric=11
问题在于为什么路由经过abr后metric会加10?难道是用了OLIVE的缘故?


事实上这个和连接OLIVE的设备有关,上边那个用的是SWITCH(TCL傻瓜交换机),下边输出用的是HUB
lab@OLIVE# run show route 10.0.2.0 logical-router r6                          

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.2.0/30        *[OSPF/10] 00:26:20, metric 20
                    > to 10.0.8.6 via fxp2.56

lab@OLIVE# run show route 10.0.3.3 logical-router r6   

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.3.3/32        *[OSPF/10] 00:26:39, metric 20
                    > to 10.0.8.6 via fxp2.56
R5-R6用10M Ethernet,故metric=10;R5-R3也是10M Ethernet,故metric=10。因此R6-R5-R3 metric=10+10=20

lab@OLIVE# run show route 10.0.2.0 logical-router r7   

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.2.0/30        *[OSPF/10] 00:26:24, metric 20
                    > to 10.0.8.9 via fxp2.57

lab@OLIVE# run show route 10.0.3.3 logical-router r7   

inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.3.3/32        *[OSPF/10] 00:26:42, metric 20
                    > to 10.0.8.9 via fxp2.57


P216打破环路
1.next-hop的解决方案
需要在R6 & R7上同时配置
注意:这里用的是next-hop,而非neighbor喔!!!

2.route-filter的解决方案:
如果R6 & r7同时配置此策略,RIP将无法到达10.0.5.1,WHY?
因为此时从R5以后都不知道如何到达r6-RIP-r7之间的网段,虽然此前RIP注入了172.16.40.0/28,但是在R6 & R7上同时被reject了,故采用route-filter只能在R6或者R7上配置
如果R6 & R7设置172.16.40.0/28网段为passive,这样R6 & R7就可以同时配置route-filter了。


方案1 & 2不会产生次有路径问题,是解决环路的最好方案

3.修改rip preference P219
(1):Failing to change the protocol preference will result in only one next hop for 10.0.5/24 on the RIP router
为什么只有一跳?见P214的分析
如果修改RIP preference,RIP到10.0.5/24有两个下一跳(可以负载均衡),WHY?
R7有两条到10.0.5/24的路由,一个OSPF,一个RIP,现在RIP因为preference升高弃之不用,R7收敛,R7-10.0.5/24只有OSPF发布的路由,RIP domain泛洪收敛,此时R7向RIP发布

10.0.5/24路由,最后RIP有两个下一跳


试验:不要修改rip-ospf,不要修改rip preference
(2):Another side effect of this approach is that only one ASBR will be redistributing the RIP routes into OSPF at any given time because the RIP routes will

be inactive on one of the ASBRs, and only active routes can be exported through policy.
解读:RIP preference调高,路由器启用RIP路由,RIP路由变成inactive,导致rip-ospf不成功,例如R6调高RIP preference,此时R6就不会成为RIP路由的发布点,R7变成RIP路

由发布点,所以R6必须经过R7才能到达192.168.1.1,显然这是个次优路径。

这里做个试验,先升高R6的rip preference=160,然后调整R7的rip preference=170,会怎么样呢?
分析:对于R6/R7来讲,谁先修改rip preference,谁的路由选择就发生变化,例如,这里先修改R6的rip preference,此时在R6观察192.168/16路由,发现2条路由:ospf优先,

而RIP次之,然后修改R7的rip preference,在R6 & R7可以看到关于192.168/16的路由没有变化;同样,如果先修改R7上RIP preference,则R7看到OSPF优先,RIP次之
这就是说,同一时刻只有一个ASBR上的RIP在起作用

(3)r6 & r7都要配置以下两个语句,否则在rip到10.0.5/24不会出现两个下一跳(r6 & r7)

[edit protocols rip]
lab@r7# set group rip preference 160

[edit policy-options]
lab@r7# show policy-statement rip-ospf
term 1 {
from {
protocol rip;
route-filter 10.0.5.0/24 orlonger reject;
route-filter 0.0.0.0/0 orlonger;
}


4.修改RIP通告的10.0.5/24的metric为400
在R6看来,从R5看到10.0.5/24的metric为50,而R6-RIP-R7-R6再回来时,RIP为10.0.5/24重新赋予metric=400,这样R6会选取R5为下一跳(因为metric最小)

问题四:为什么需要将R3所在area 10的接口metric,都加1?P223
lab@r5> show ospf database netsummary area 0 detail
OSPF link state database, area 0.0.0.0
Metrics and Various Other Knobs 223
Type ID Adv Rtr Seq Age Opt Cksum Len
Summary 10.0.4.0 10.0.3.3 0x80000083 734 0x2 0x3b82 28
mask 255.255.252.0
TOS 0x0, metric 2
Summary 10.0.4.0 10.0.3.4 0x8000005e 874 0x2 0x8957 28
mask 255.255.252.0
TOS 0x0, metric 3

在olive上做实验发现,只需将metric改成10.0.3.3(R3)宣告的metric即可,这里改成2。
教材说需要将R3所在area 10的接口metric都加1,为什么?这个是怎么得出来的?

大猫猫<<OSPF CaseStudy>>P16:
因为juniper的路由器的实现区域汇总,在选择metric的时候是选择一条汇总下面的子网最小的metric为这条汇总的metric,显然最小子网是R3-R2之间的10.0.4.0/30,所以需要调

整这里的metric,为什么加1呢?因为在JUNOS中,R3宣告这条汇总路由时也算一跳,调整R3-R2之间的metric=2,这样从R3宣告出去的汇总路由metric=2+1=3,此时(R3 & R4)-R5宣

告的汇总路由相同了
注意:cisco是选择最大metric的发出去的

注意:教材上更改了R3在area 10中的两个接口,还有R2-R3中间的互联端口

关于路由选项
discard,---router说丢就丢了吧,我也不管你了,那么你有可能看到的就是icmp timeout,沉默的杀手哦
reject---router说我有良心一点,丢了你的包,我还告诉你一声,给你一个icmp unreachable吧,杀了人,一声大吼,看过投名状吧,想想最后一段
receive---这个太坏了,明明没有,明明是不可达的,明明包已经被丢掉咧,可以router还是给你一个echo reply,让你感觉是!!!!!,呵呵,有点意思,有点意思
那么你想一想,从某种意义上来说,reject和receive是一样的
包,最起码是没有发出去的,只是router产生的icmp message不一样而已
就像你给女孩子写情书,要通过女孩子的父母转交,
最好的结果,父母转交了--你小子运气不错---这就是next-hop
另外的结果
父母把信丢了,还不告诉你,你就傻等着吧,这就是discard
父母把信丢了,告诉你,你小子不要对我家丫头耍流氓,这就是reject
父母把信丢了,还告诉你,小子,信送到了哦,这就是receive


P214
r7 is using a 10.0.5/24 route learned through RIP from r6, which explains why r7 was not listed as a next hop on the RIP router—split horizon is preventing

r7 from advertising
the 10.0.5/24 prefix back out the interface it was learned on.
分析:R7收到RIP发过来的路由(10.0.5/24),这个路由是从RIP-R7之间的接口学习到的,根据水平分割,R7不会将这条路由再发给RIP,这样在RIP看来到10.0.5/24的路由只有从R6

P214
10.0.5/24由R5传递到R6 & R7以后,R6也向R7泛洪这条LSA,R7也可能在OSPF中将R6作为达到10.0.5/24,但是根据OSPF算法是不会的,另外到达外部10.0.5/24路由肯定应该从ABR

走的。
所以R6将10.0.5/24注入RIP路由以后,R7只有一条经R5走的OSPF路由到达10.0.5/24的路由
R7开始引入RIP路由,R7多了一条经R6走的RIP路由,由于RIP的管理距离较小,R7装入这条RIP发布过来的路由,下一跳指向R6。
R7有了更新10.0.5/24条目,开始向OSPF area 1泛洪,R5 & R6收到这条新的LSA,而此时10.0.5/24从RIP发布过来以后metric已经变成2,而原来R5 & R6上关于此条路由metric=50

,因此R5 & R6装入这个新的LSA,R6将10.0.5/24指向R7

 

问题五:为什么在R1上配置NSSA看到0/0属性是OSPF/150呢?做stub看到0/0属性是OSPF/10?
如果配置NSSA,ABR会做7-to-5转换,对内对外都一样
[edit]
lab@OLIVE# run show route protocol ospf 0/0 logical-router r1   

inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 00:15:49, metric 10, tag 0
                    > to 10.0.4.13 via fxp1.13
10.0.4.0/30        *[OSPF/10] 00:15:49, metric 20
                    > to 10.0.4.5 via fxp1.12
                      to 10.0.4.13 via fxp1.13
10.0.4.8/30        *[OSPF/10] 00:16:07, metric 20
                    > to 10.0.4.5 via fxp1.12
10.0.6.2/32        *[OSPF/10] 00:16:07, metric 10
                    > to 10.0.4.5 via fxp1.12
224.0.0.5/32       *[OSPF/10] 00:51:02, metric 1
                      MultiRecv

 


问题七:解决172.16.40/29段可达性问题的时候,可以在r6上注入该网段,这个policy怎么写?
[edit logical-routers r6 policy-options policy-statement rip-ospf]
lab@OLIVE# show
term 1 {
    from {
        protocol rip;
        route-filter 172.16.40.0/29 longer;
        route-filter 192.168.0.0/16 longer;
    }
    then accept;
}
term 2 {
    then reject;
}
分析:
1.rip默认为v1,不支持172.16.40/29这样的变长网段
2.router-filter和protocol rip之间是AND关系,172.16.40/29匹配失败
3.修改rip-ospf
lab@OLIVE# show
term 1 {
    from {
        route-filter 172.16.40.0/29 longer;
        route-filter 192.168.0.0/16 longer;
    }
    then accept;
}
term 2 {
    then reject;
}

 

ISIS case study却可以这样写?
[edit logical-routers r7 policy-options policy-statement adv-ospf]
lunsui@lab# show
term 1 {
    from {
        protocol ospf;
        route-filter 192.168.0.0/16 orlonger;
        route-filter 172.16.40.0/29 longer;
    }
    then accept;
}
1.OSPF支持变长子网
2.172.16.40/29可以和protocol ospf成功匹配


问题八:R3 & R4其中一方配置为ABR且限制3/8,则R5还是可以学到3/8路由,必须两个同时配置?


问题九:R1上同时引入2个policy时注意,不能像下面这样写,因为10.0.5/24到policy static匹配到term 2会被reject,从而跳出policy chain,最终无法将路由宣告出去,这里

要么删除policy static的term 2,要么删除policy static
lab@FSJ# show protocols
ospf {
    export [ static DIRECT ];
    area 0.0.0.10 {
        nssa;
        interface fxp2.12;
        interface fxp2.23;
        interface fxp2.24;
    }
}


lab@FSJ# show policy-options
policy-statement static {
    term 1 {
        from {
            protocol static;
            route-filter 3.0.0.0/8 exact;
        }
        then {
            metric 10;
            external {
                type 1;
            }
            accept;
        }
    }
    term 2 {
        then reject;
    }
}
policy-statement DIRECT {
    term 1 {
        from {
            protocol direct;
            route-filter 10.0.5.0/24 exact;
        }
        then {
            metric 50;
            tag 420;
            accept;
        }
    }              
    term 2 {
        then reject;
    }
}


问题十:
There is no mechanism in JUNOS software to summarize or filter type 5 LSAs using area-range statements. Options for the control of type 5 LSAs include the

configuration of external route aggregates at the source ASBR, or the ,deployment of stub areas, which automatically filter external routes.
举例:现在需要汇总192.168/16,因为它们是extern路由,所以不能用aggregate命令进行汇总,只能在R6上创建aggregate路由并且用policy导入,注意这个汇总是做在source

ASBR上的。具体可以参看大猫猫case study_P9的配置

 


场景复现:r1上灌入3条静态路由并且导入ospf are 10,r1/r2/r3/r4去掉stub或者nssa
r1手工创建3条静态路由,然后导入ospf area 10
[edit logical-routers r1]
lab@OLIVE# show
interfaces {
    fxp1 {
        unit 12 {
            vlan-id 12;
            family inet {
                address 10.0.4.6/30;
            }
            family iso;
        }
        unit 13 {
            vlan-id 13;
            family inet {
                address 10.0.4.14/30;
            }
            family iso;
        }
        unit 55 {
            vlan-id 55;
            family inet {
                address 10.0.5.1/24;
            }
        }
    }
    lo0 {
        unit 1 {
            family inet {
                address 10.0.6.1/32;
            }
            family iso {
                address 49.0002.1111.1111.1111.00;
            }
        }
    }
}
protocols {
    ospf {
        export [ STAT DIRECT ];
        area 0.0.0.10 {
            interface fxp1.13;
            interface fxp1.12;
        }
    }
}
policy-options {
    policy-statement STAT {
        term 1 {
            from protocol static;
            then accept;
        }
    }
    policy-statement DIRECT {
        term 1 {
            from {
                protocol direct;
                route-filter 10.0.5.0/24 exact;
            }
            then {
                metric 50;
                tag 420;
                accept;
            }
        }
    }
}
routing-options {
    static {
        route 3.0.2.0/24 reject;
        route 3.0.1.0/24 reject;
        route 3.0.3.0/24 reject;
    }
}

然后r1/r2/r3/r4去掉stub或者nssa配置


r5上验证汇总:
-1).area 10内部路由汇总
没做汇总的输出:
lab@OLIVE# run show route 10.0.4/22 logical-router r5

inet.0: 33 destinations, 33 routes (33 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.4.0/30        *[OSPF/10] 00:00:46, metric 3
                    > to 10.0.2.2 via fxp2.35
                      to 10.0.2.10 via fxp2.45
10.0.4.4/30        *[OSPF/10] 00:00:46, metric 3
                    > to 10.0.2.2 via fxp2.35
                      to 10.0.2.10 via fxp2.45
10.0.4.8/30        *[OSPF/10] 00:00:46, metric 2
                    > to 10.0.2.10 via fxp2.45
10.0.4.12/30       *[OSPF/10] 00:00:46, metric 2
                    > to 10.0.2.2 via fxp2.35
10.0.5.0/24        *[OSPF/150] 00:00:46, metric 50, tag 420
                    > to 10.0.2.2 via fxp2.35
                      to 10.0.2.10 via fxp2.45
10.0.6.1/32        *[OSPF/10] 00:00:46, metric 2
                    > to 10.0.2.2 via fxp2.35
10.0.6.2/32        *[OSPF/10] 00:00:46, metric 2
                    > to 10.0.2.10 via fxp2.45
-2).在r3/r4上做内部汇总
[edit logical-routers r3]
lab@OLIVE# set protocols ospf area 10 area-range 10.0.4/22

lab@OLIVE# run show route 10.0.4/22 logical-router r5        

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.4.0/22        *[OSPF/10] 00:00:03, metric 4
                      to 10.0.2.2 via fxp2.35
                    > to 10.0.2.10 via fxp2.45
10.0.5.0/24        *[OSPF/150] 00:00:04, metric 50, tag 420
                    > to 10.0.2.2 via fxp2.35
                      to 10.0.2.10 via fxp2.45

-3).尝试在r3/r4上对r1引入的静态路由进行汇总:
[edit logical-routers r3]
lab@OLIVE# show protocols
ospf {
    area 0.0.0.10 {
        area-range 3.0.0.0/8;
        interface fxp2.13;
        interface fxp1.23 {
            metric 2;
        }
    }

可以看到area-range 3.0.0.0/8无法对extern路由进行汇总
lab@OLIVE# run show route 3/8 logical-router r5

inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

3.0.1.0/24         *[OSPF/150] 00:03:13, metric 0, tag 0
                    > to 10.0.2.2 via fxp2.35
3.0.2.0/24         *[OSPF/150] 00:03:13, metric 0, tag 0
                    > to 10.0.2.2 via fxp2.35
3.0.3.0/24         *[OSPF/150] 00:03:13, metric 0, tag 0
                    > to 10.0.2.2 via fxp2.35
 

你可能感兴趣的:(职场,休闲,ospf,JNCIP)