深入理解静态路由(JUNOS)
write by flypig
拓扑如图:
① 直连 ping 通配置:
set logical-systems r1 interfaces em0 unit 12 vlan-id 12
set logical-systems r1 interfaces em0 unit 12 family inet address 12.1.1.1/24
set logical-systems r1 interfaces lo0 unit 1 family inet address 1.1.1.1/32
set logical-systems r1 interfaces em1 unit 13 vlan-id 13
set logical-systems r1 interfaces em1 unit 13 family inet address 13.1.1.1/24
set logical-systems r2 interfaces em0 unit 23 vlan-id 23
set logical-systems r2 interfaces em0 unit 23 family inet address 23.1.1.2/24
set logical-systems r2 interfaces em1 unit 12 vlan-id 12
set logical-systems r2 interfaces em1 unit 12 family inet address 12.1.1.2/24
set logical-systems r2 interfaces lo0 unit 2 family inet address 2.2.2.2/32
set logical-systems r3 interfaces em1 unit 23 vlan-id 23
set logical-systems r3 interfaces em1 unit 23 family inet address 23.1.1.3/24
set logical-systems r3 interfaces lo0 unit 3 family inet address 3.3.3.3/32
set logical-systems r3 interfaces em0 unit 13 vlan-id 13
set logical-systems r3 interfaces em0 unit 13 family inet address 13.1.1.3/24
测试:
[edit]
root# run ping logical-system r1 12.1.1.2 rapid
PING 12.1.1.2 (12.1.1.2): 56 data bytes
!!!!!
--- 12.1.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.242/0.299/0.352/0.036 ms
[edit]
root# run ping logical-system r2 23.1.1.3 rapid
PING 23.1.1.3 (23.1.1.3): 56 data bytes
!!!!!
--- 23.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.246/1.104/2.745/0.922 ms
[edit]
root# run ping logical-system r1 13.1.1.3 rapid
PING 13.1.1.3 (13.1.1.3): 56 data bytes
!!!!!
--- 13.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.280/0.947/2.959/1.014 ms
② R1 ping R2 的回环口( 2.2.2.2 )
写路由:
set logical-systems r1 routing-options static route 2.2.2.2/32 next-hop 12.1.1.2
测试:
[edit]
root# run ping logical-system r1 2.2.2.2 rapid
PING 2.2.2.2 (2.2.2.2): 56 data bytes
!!!!!
--- 2.2.2.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.539/0.801/1.375/0.314 ms
③ R1 拿自己的回环口去 ping R2 的回环口
R2得写到1.1.1.1的路由:
set logical-systems r1 routing-options static route 2.2.2.2/32 next-hop 12.1.1.2
set logical-systems r2 routing-options static route 1.1.1.1/32 next-hop 12.1.1.1
测试:
[edit]
root# run ping logical-system r1 2.2.2.2 source 1.1.1.1 rapid
PING 2.2.2.2 (2.2.2.2): 56 data bytes
!!!!!
--- 2.2.2.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.242/0.697/1.197/0.370 ms
④R1 ping23.1.1.3
有R1去的路由,也得有R3回来到12.1.1.1的路由
set logical-systems r1 routing-options static route 23.1.1.0/24 next-hop 12.1.1.2
set logical-systems r3 routing-options static route 12.1.1.0/24 next-hop 23.1.1.2
测试:
[edit]
root# run ping logical-system r1 23.1.1.3 rapid
PING 23.1.1.3 (23.1.1.3): 56 data bytes
!!!!!
--- 23.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.526/0.619/0.733/0.076 ms
⑤R1 ping 3.3.3.3
因为数据包经过R2所以R2也得有到3.3.3.3/32的路由
set logical-systems r1 routing-options static route 3.3.3.3/32 next-hop 12.1.1.2
set logical-systems r2 routing-options static route 3.3.3.3/32 next-hop 23.1.1.3
测试:
[edit]
root# run ping logical-system r1 3.3.3.3 rapid
PING 3.3.3.3 (3.3.3.3): 56 data bytes
!!!!!
--- 3.3.3.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.516/0.641/0.820/0.122 ms
⑥R1以自己的回环口为源ping 3.3.3.3
配置:
set logical-systems r1 routing-options static route 3.3.3.3/32 next-hop 12.1.1.2
set logical-systems r2 routing-options static route 1.1.1.1/32 next-hop 12.1.1.1
set logical-systems r2 routing-options static route 3.3.3.3/32 next-hop 23.1.1.3
set logical-systems r3 routing-options static route 1.1.1.1/32 next-hop 23.1.1.2
测试:
[edit]
root# run ping logical-system r1 3.3.3.3 source 1.1.1.1 rapid
PING 3.3.3.3 (3.3.3.3): 56 data bytes
!!!!!
--- 3.3.3.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.987/1.301/2.155/0.434 ms
问题:R1需要知道23.1.1.0网段的路由吗,R3需要知道12.1.1.0网段的路由吗?
⑦ 以太网网络环境出接口问题
junos不存在这个问题,所以这里不讨论
⑧ 不同的源地址,回来的路不同
R1到3.3.3.3走R2,R3回来走R1-R3直连
配置
set logical-systems r1 routing-options static route 3.3.3.3/32 next-hop 12.1.1.2
set logical-systems r2 routing-options static route 3.3.3.3/32 next-hop 23.1.1.3
set logical-systems r3 routing-options static route 1.1.1.1/32 next-hop 13.1.1.1
验证:
root> traceroute logical-system r1 3.3.3.3 source 1.1.1.1
traceroute to 3.3.3.3 (3.3.3.3) from 1.1.1.1, 30 hops max, 40 byte packets
1 12.1.1.2 (12.1.1.2) 0.521 ms 0.331 ms 0.355 ms
2 3.3.3.3 (3.3.3.3) 0.458 ms 0.691 ms 0.449 ms
root> traceroute logical-system r3 1.1.1.1 source 3.3.3.3
traceroute to 1.1.1.1 (1.1.1.1) from 3.3.3.3, 30 hops max, 40 byte packets
1 1.1.1.1 (1.1.1.1) 0.641 ms 0.496 ms 0.432 ms
⑨ 浮动静态实验目的:
R1到23.1.1.0/24网段默认走R2,当R1-R2链路down时,走R3
9.1 预配置set logical-systems r1 interfaces em0 unit 12 vlan-id 12
set logical-systems r1 interfaces em0 unit 12 family inet address 12.1.1.1/24
set logical-systems r1 interfaces em1 unit 13 vlan-id 13
set logical-systems r1 interfaces em1 unit 13 family inet address 13.1.1.1/24
set logical-systems r1 interfaces lo0 unit 1 family inet address 1.1.1.1/32
set logical-systems r2 interfaces em0 unit 23 vlan-id 23
set logical-systems r2 interfaces em0 unit 23 family inet address 23.1.1.2/24
set logical-systems r2 interfaces em1 unit 12 vlan-id 12
set logical-systems r2 interfaces em1 unit 12 family inet address 12.1.1.2/24
set logical-systems r2 interfaces lo0 unit 2 family inet address 2.2.2.2/32
set logical-systems r3 interfaces em0 unit 13 vlan-id 13
set logical-systems r3 interfaces em0 unit 13 family inet address 13.1.1.3/24
set logical-systems r3 interfaces em1 unit 23 vlan-id 23
set logical-systems r3 interfaces em1 unit 23 family inet address 23.1.1.3/24
set logical-systems r3 interfaces lo0 unit 3 family inet address 3.3.3.3/32
测试连通性:
[edit]
root# run ping 12.1.1.2 logical-system r1 rapid
PING 12.1.1.2 (12.1.1.2): 56 data bytes
!!!!!
--- 12.1.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.283/0.632/1.614/0.499 ms
[edit]
root# run ping 13.1.1.3 logical-system r1 rapid
PING 13.1.1.3 (13.1.1.3): 56 data bytes
!!!!!
--- 13.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.764/1.565/2.634/0.856 ms
[edit]
root# run ping 23.1.1.3 logical-system r2 rapid
PING 23.1.1.3 (23.1.1.3): 56 data bytes
!!!!!
--- 23.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.297/0.821/2.460/0.824 ms
9.2 写 R2,R3 到 R1 回环口路由R2 R3到R1的回环口路由:
set logical-systems r2 routing-options static route 1.1.1.1/32 next-hop 12.1.1.1
set logical-systems r3 routing-options static route 1.1.1.1/32 next-hop 13.1.1.1
测试:
[edit]
root# run ping 1.1.1.1 logical-system r2 rapid
PING 1.1.1.1 (1.1.1.1): 56 data bytes
!!!!!
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.738/1.244/1.631/0.384 ms
[edit]
root# run ping 1.1.1.1 logical-system r3 rapid
PING 1.1.1.1 (1.1.1.1): 56 data bytes
!!!!!
--- 1.1.1.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.306/1.046/2.887/0.984 ms
③写R1到23.1.1/24网段路由
set logical-systems r1 routing-options static route 23.1.1.0/24 qualified-next-hop 12.1.1.2 preference 100
set logical-systems r1 routing-options static route 23.1.1.0/24 qualified-next-hop 13.1.1.3 preference 200
查看R1路由表
[edit]
root# run show route logical-system r1
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:40:44
> via lo0.1
12.1.1.0/24 *[Direct/0] 00:00:06
> via em0.12
12.1.1.1/32 *[Local/0] 00:00:06
Local via em0.12
13.1.1.0/24 *[Direct/0] 00:00:05
> via em1.13
13.1.1.1/32 *[Local/0] 00:00:05
Local via em1.13
23.1.1.0/24 *[Static/100] 00:00:06
> to 12.1.1.2 via em0.12
[Static/200] 00:00:05
> to 13.1.1.3 via em1.13
带*的是最优的路由,我们可以看到R1到23.1.1/24默认是以12.1.1.2为下一条的
测试:
[edit]
root# run traceroute 23.1.1.3 source 1.1.1.1 logical-system r1
traceroute to 23.1.1.3 (23.1.1.3) from 1.1.1.1, 30 hops max, 40 byte packets
1 12.1.1.2 (12.1.1.2) 8.860 ms 2.046 ms 1.667 ms
2 23.1.1.3 (23.1.1.3) 1.732 ms 1.394 ms 2.628 ms
这时我们把R1-R2链路断掉,再次查看路由和traceroute
[edit]
root# set logical-systems r1 interfaces em0.12 disable
[edit]
root# run show route logical-system r1
inet.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1.1.1.1/32 *[Direct/0] 00:45:16
> via lo0.1
12.1.1.1/32 *[Local/0] 00:00:23
Reject
13.1.1.0/24 *[Direct/0] 00:00:22
> via em1.13
13.1.1.1/32 *[Local/0] 00:00:22
Local via em1.13
23.1.1.0/24 *[Static/200] 00:00:22
> to 13.1.1.3 via em1.13
看到了吧,23.1.1/24现在走的是R3
我们来trace一下:
[edit]
root# run traceroute 23.1.1.2 source 1.1.1.1 logical-system r1
traceroute to 23.1.1.2 (23.1.1.2) from 1.1.1.1, 30 hops max, 40 byte packets
1 13.1.1.3 (13.1.1.3) 3.422 ms 0.586 ms 0.665 ms
2 * * *
为什么没有回来的包呢?
哈哈,因为disable命令不会让对端down啊
由于以太网基于Carrier侦测缘故,R2上的接口em1.12并不会因此而进入down的状态。指向1.1.1.1的静态路由依然存在于R2的路由表中,这将造成发送到1.1.1.1数据包丢失。
我们来看一下:
root# run show route logical-system r2
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
…………………………
1.1.1.1/32 *[Static/5] 00:05:36
> to 12.1.1.1 via em1.12
…………………………
是吧,不过即使我们把R2的em1.12 disable了,也仍然是ping不同的,why?怎么才能通?
那能不能让它们动态感知路由的变化呢,这就是动态路由的好处了, 我们下回分解~
⑩递归路由
实验目的:
通过实验了解递归路由及其作用。
R4身后有数个不连续网络,R1要访问这些网络,默认以123.1.1.3作为下一跳,如果要改为以123.1.1.2作为所有静态路由的下一跳地址,那么需要删除6条路由,再重新写入6条新的路由,而如果使用递归路由,只需要增删一条路由即可达到目的。
拓扑如图:
10.1 基础配置set logical-systems r1 interfaces em0 unit 123 vlan-id 123
set logical-systems r1 interfaces em0 unit 123 family inet address 123.1.1.1/24
set logical-systems r2 interfaces em1 unit 123 vlan-id 123
set logical-systems r2 interfaces em1 unit 123 family inet address 123.1.1.2/24
set logical-systems r2 interfaces em1 unit 234 vlan-id 234
set logical-systems r2 interfaces em1 unit 234 family inet address 23.1.1.2/24
set logical-systems r3 interfaces em2 unit 123 vlan-id 123
set logical-systems r3 interfaces em2 unit 123 family inet address 123.1.1.3/24
set logical-systems r3 interfaces em2 unit 234 vlan-id 234
set logical-systems r3 interfaces em2 unit 234 family inet address 23.1.1.3/24
set logical-systems r4 interfaces em0 unit 234 vlan-id 234
set logical-systems r4 interfaces em0 unit 234 family inet address 23.1.1.4/24
set logical-systems r4 routing-options static route 192.168.200.0/32 receive
set logical-systems r4 routing-options static route 192.168.150.0/32 receive
set logical-systems r4 routing-options static route 10.20.30.0/24 receive
set logical-systems r4 routing-options static route 172.17.30.0/24 receive
set logical-systems r4 routing-options static route 10.45.2.0/24 receive
set logical-systems r4 routing-options static route 10.18.186.0/24 receive
测试:
[edit]
root# run ping 123.1.1.3 logical-system r1 rapid
PING 123.1.1.3 (123.1.1.3): 56 data bytes
!!!!!
--- 123.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.325/0.671/1.895/0.613 ms
[edit]
root# run ping 123.1.1.2 logical-system r1 rapid
PING 123.1.1.2 (123.1.1.2): 56 data bytes
!!!!!
--- 123.1.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.308/0.708/1.969/0.633 ms
[edit]
root# run ping 23.1.1.4 logical-system r2 rapid
PING 23.1.1.4 (23.1.1.4): 56 data bytes
!!!!!
--- 23.1.1.4 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.314/0.539/1.196/0.336 ms
[edit]
root# run ping 23.1.1.3 logical-system r2 rapid
PING 23.1.1.3 (23.1.1.3): 56 data bytes
!!!!!
--- 23.1.1.3 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.307/0.741/1.841/0.578 ms
10.2配置R1上的静态路由(注意下一跳地址)--默认配置R1---R3---R4
set logical-systems r1 routing-options static route 192.168.200.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 192.168.150.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 10.20.30.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 172.17.30.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 10.45.2.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 10.18.186.0/24 next-hop 23.1.1.4 resolve
set logical-systems r1 routing-options static route 23.1.1.4/32 next-hop 123.1.1.3
R2 R3上也得有路由:
set logical-systems r2 routing-options static route 192.168.200.0/24 next-hop 23.1.1.4
set logical-systems r2 routing-options static route 192.168.150.0/24 next-hop 23.1.1.4
set logical-systems r2 routing-options static route 10.20.30.0/24 next-hop 23.1.1.4
set logical-systems r2 routing-options static route 172.17.30.0/24 next-hop 23.1.1.4
set logical-systems r2 routing-options static route 10.45.2.0/24 next-hop 23.1.1.4
set logical-systems r2 routing-options static route 10.18.186.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 192.168.200.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 192.168.150.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 10.20.30.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 172.17.30.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 10.45.2.0/24 next-hop 23.1.1.4
set logical-systems r3 routing-options static route 10.18.186.0/24 next-hop 23.1.1.4
这么多,知道静态路由的缺点了吧……
注意还得有回来的路由
set logical-systems r4 routing-options static route 123.1.1.0/24 next-hop 23.1.1.2
测试
root> traceroute 192.168.150.1 logical-system r1
traceroute to 192.168.150.1 (192.168.150.1), 30 hops max, 40 byte packets
1 123.1.1.3 (123.1.1.3) 0.864 ms 1.010 ms 0.369 ms
10.3现在更改路径为R1---R2---R4
delete logical-systems r1 routing-options static route 23.1.1.4 next-hop 123.1.1.3
set logical-systems r1 routing-options static route 23.1.1.4/32 next-hop 123.1.1.2
测试
root> traceroute 192.168.150.1 logical-system r1
traceroute to 192.168.150.1 (192.168.150.1), 30 hops max, 40 byte packets
1 123.1.1.2 (123.1.1.2) 0.864 ms 1.010 ms 0.369 ms
…………
结果跟预期的一样
? 路由汇总
汇总路由的优点:减少CPU、内存资源
汇总路由的缺点:可能会带来次优路径、路由黑洞、路由环路等问题
拓扑如图:
R1为公司内网路由器,R2为公司出口路由器(或者是防火墙)。
公司内网有10.1.0.0/24,10.1.1.0/24,10.1.2.0/24,10.1.3.0/24四个网段
我们一般的策略是在R1上写一条默认路由到R2,R2不需要写所有的明细路由指向R1,只需写内网的汇总路由就可以了。
11.1 基础配置set logical-systems r1 interfaces em0 unit 12 vlan-id 12
set logical-systems r1 interfaces em0 unit 12 family inet address 12.1.1.1/24
set logical-systems r1 interfaces lo0 unit 1 family inet
set logical-systems r1 routing-options static route 10.1.0.0/24 receive
set logical-systems r1 routing-options static route 10.1.1.0/24 receive
set logical-systems r1 routing-options static route 10.1.2.0/24 receive
set logical-systems r1 routing-options static route 10.1.3.0/24 receive
set logical-systems r2 interfaces em1 unit 12 vlan-id 12
set logical-systems r2 interfaces em1 unit 12 family inet address 12.1.1.2/24
测试:
root# run ping logical-system r1 12.1.1.2 rapid
PING 12.1.1.2 (12.1.1.2): 56 data bytes
!!!!!
--- 12.1.1.2 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.300/1.017/3.540/1.264 ms
11.2 默认和汇总路由set logical-systems r1 routing-options static route 0.0.0.0/0 next-hop 12.1.1.2
set logical-systems r2 routing-options static route 10.1.0.0/22 next-hop 12.1.1.1
测试:
root> ping logical-system r2 10.1.1.254 rapid
PING 10.1.1.254 (10.1.1.254): 56 data bytes
!!!!!
--- 10.1.1.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.269/0.494/1.002/0.266 ms
root> ping logical-system r2 10.1.2.254 rapid
PING 10.1.2.254 (10.1.2.254): 56 data bytes
!!!!!
--- 10.1.2.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.265/0.514/1.181/0.336 ms
root> ping logical-system r2 10.1.3.254 rapid
PING 10.1.3.254 (10.1.3.254): 56 data bytes
!!!!!
--- 10.1.3.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.279/0.462/0.954/0.253 ms
11.3情况1
现在我们考虑一种情况,R1上一条明细路由消失了会发生什么情况?
比如10.1.0.0/24这个网段由于故障消失了,或者人员迁移删掉了,那结果将是十分严重的
原因在于如果R1收到一个目的地址是10.1.0.0/24网段的数据包,由于他本地没有了明细路由,根据最长匹配的原则,最终它会选择匹配它的那条默认路由,把数据包发给R2。R2收到这个包后,将会匹配它的汇总路由,又将数据包发给R1,从而造成这个数据包在R1-R2链路上来回转发,直到TTL超时。
那有没有解决办法呢?当然有啦,这里还得用到汇总路由,我们在R1上写一条指向空接口的汇总路由就可以了。我们再看上边的情况,如果明细丢了,R1收到目的地是10.1.0.0/24的数据包,最终将匹配那条汇总路由,直接丢弃。
配置:
set logical-systems r1 routing-options static route 10.1.0.0/22 discard
11.4情况2
假设当初由于设计上的原因,内网的网段比较分散,不是10.1.0.0/24到10.1.3.0/24,导致防火墙上写了一条比较大的汇总路由下来:
set logical-system r2 routing-option static route 10.0.0.0/8 next-hop 12.1.1.1
此时,如果R1路由器收到一个目标ip是10.1.1.1的数据包,由于本地找不到明细路由,将会匹配到默认路由,把数据包从上连接口发出去,R2收到包,路由查找,匹配汇总路由,又发回给R1,路由环路产生了。
那解决办法是什么呢?方案跟情况1一样,也在R1上一条指向空接口的汇总路由就可以了。
set logical-systems r1 routing-options static route 10.00.0/8 discard
因此我们可以总结,对于汇总路由的使用一定要慎之又慎,要充分考虑可能出现的次优以及环路问题。