知识点:Type of Area 区域类型 就是特殊区域的介绍
1、Stub Area 末节区域
目的:减少区域中4、5类LSA的泛洪,优化设备性能
实现的手段:
1.1 区域中的ABR下放三类默认路由给区域中的路由器
1.2区域中出现多个ABR的话,内部路由的选择是通过控制COST值来实现选路的
成为邻接关系的的条件(复习)
1、相同的hello时间和dead时间
2、相同的area号
3、认证方式相同
4、stub标识一定需要相同哦
stub区域的规则:
1.1
从上面的邻接关系建立的条件可以看出,stub标识很重要,不然邻接关系是建立不起来的哦!
区域内的路由器必须都要配置相同的STub标识
1.2
还有有一点哦,就是区域中不能出现ASBR
1.3
区域0不能成为stub区域,因为area 0是传输区域,不能受到限制
1.4
stub区域不能再外接另一个区域了
实验拓扑:
预配:
R4
interface s0/0
ip add 24.1.1.4 255.255.255.0
no shut
interface l0
ip add 4.4.4.4 255.255.255.0
no shut
router ospf 110
router-id 4.4.4.4
network 24.1.1.0 0.0.0.255 area 1
network 4.4.4.0 0.0.0.255 area 1
R2
interface s0/1
ip add 24.1.1.2 255.255.255.0
no shut
interface s0/0
ip add 12.1.1.2 255.255.255.0
no shut
interface l0
ip add 2.2.2.2 255.255.255.0
no shut
router ospf 110
router-id 2.2.2.2
network 24.1.1.0 0.0.0.255 area 1
network 12.1.1.0 0.0.0.255 area 0
network 2.2.2.0 0.0.0.255 area 0
R1
interface s0/1
ip add 12.1.1.1 255.255.255.0
no sut
interface s0/0
ip add 13.1.1.1 255.255.255.0
no shut
interface l0
ip add 1.1.1.1 255.255.255.0
no shut
router ospf 110
router-id 1.1.1.1
network 12.1.1.0 0.0.0.255 area 0
network 13.1.1.0 0.0.0.255 area 2
network 1.1.1.0 0.0.0.255 area 0
R3
interface s0/1
ip add 13.1.1.3 255.255.255.0
no shut
interface s0/0
ip add 35.1.1.3 255.255.255.0
no shut
int l0
ip add 3.3.3.3 255.255.255.0
router ospf 110
router-id 3.3.3.3
network 13.1.1.0 0.0.0.255 area 2
network 3.3.3.0 0.0.0.255 area 2
router rip
version 2
no auto-summary
network 35.0.0.0
R5
interface s0/1
ip add 35.1.1.5 255.255.255.0
no shut
interface l0
ip add 5.5.5.5 255.255.255.0
no shut
router rip
version 2
no auto-summary
network 35.0.0.0
network 5.0.0.0
看上图,哪个区域可以符合规则作为stub区域呢?
首先区域0不能,再其次就是区域2,因为有ASBR,那么只有area 1了
首先需要将RIP重分布进OSPF
R3
router ospf 110
redistribute rip subnets
这样R4就可以收到5类LSA,从而获得5.5.5.0/24和35.1.1.0/24的路由
R4(config-router)#do show ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 110)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 1657 0x80000002 0x0068E3 2
4.4.4.4 4.4.4.4 1665 0x80000003 0x00C15F 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 2.2.2.2 1593 0x80000001 0x00AB44
2.2.2.2 2.2.2.2 1642 0x80000001 0x00FA31
3.3.3.3 2.2.2.2 1565 0x80000001 0x00D1D5
12.1.1.0 2.2.2.2 1652 0x80000001 0x001CCA
13.1.1.0 2.2.2.2 1608 0x80000001 0x009114
Summary ASB Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
3.3.3.3 2.2.2.2 86 0x80000001 0x00B9ED
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
5.5.5.0 3.3.3.3 92 0x80000001 0x00D8AC 0
35.1.1.0 3.3.3.3 97 0x80000001 0x00ADC1 0
看到了一类、三类、四类、五类LSA
现在做个stub区域
R4
router ospf 110
area 1 stub
R2
router ospf 110
area 1 stub
现在查看R4上的变化
R4(config-router)#do show ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/129] via 24.1.1.2, 00:01:00, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/65] via 24.1.1.2, 00:01:00, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/193] via 24.1.1.2, 00:01:00, Serial0/0
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/128] via 24.1.1.2, 00:01:00, Serial0/0
13.0.0.0/24 is subnetted, 1 subnets
O IA 13.1.1.0 [110/192] via 24.1.1.2, 00:01:00, Serial0/0
O*IA 0.0.0.0/0 [110/65] via 24.1.1.2, 00:01:00, Serial0/0
嗯,我们看到E2的两条没有了,也就是5类LSA通告的路由没了,多了一条三类LSA通告的默认路由
R4#show ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 110)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 43 0x80000005 0x0080CA 2
4.4.4.4 4.4.4.4 131 0x80000006 0x00D946 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 2.2.2.2 158 0x80000001 0x0075C0
1.1.1.1 2.2.2.2 43 0x80000003 0x00C52A
2.2.2.2 2.2.2.2 43 0x80000003 0x001517
3.3.3.3 2.2.2.2 43 0x80000003 0x00EBBB
12.1.1.0 2.2.2.2 43 0x80000003 0x0036B0
13.1.1.0 2.2.2.2 43 0x80000003 0x00ABF9
现在OSPF数据库中只有一类和三类LSA了,四类和五类消失了哦,也就是被过滤掉了
红色字体的就是通告的默认路由,通告者就是该区域的ABR R2的RID
总结下:
stub区域会过滤掉4、5类LSA,并会自动下放一条三类LSA通告的默认路由,且seedmetric值是1
O*IA 0.0.0.0/0 [110/65] via 24.1.1.2, 00:06:31, Serial0/0
看到了没有65=64+1(R2通告的默认路由的seed metric值)
那怎么修改默认的seed metric值呢?
R2
router ospf 110
area 1 default-cost 2
R4#show ip route | incl 0.0.0.0
Gateway of last resort is 24.1.1.2 to network 0.0.0.0
O*IA 0.0.0.0/0 [110/66] via 24.1.1.2, 00:01:19, Serial0/0
呵呵,65变成66了
记住一点哦,该STUB区域中的所有路由器必须都配置哦!
2、Totally stub 完全末节区域
目的:过滤掉3、4、5类LSA,并自动下放一条三类LSA默认路由
注意该命令是用在区域中ABR上的的
R2
router ospf 110
area 1 stub no-summary
R4#show ip ospf database
OSPF Router with ID (4.4.4.4) (Process ID 110)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
2.2.2.2 2.2.2.2 781 0x80000005 0x0080CA 2
4.4.4.4 4.4.4.4 870 0x80000006 0x00D946 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 2.2.2.2 36 0x80000003 0x007BB7
注意到了吧,三类LSA只有一个默认路由了,其他都被过滤掉了
这是思科的私有功能属性
3、not-so-stubby area NSSA区域
目的:在stub基础上,打破了stub的规则,区域中可以出现ASBR,过滤掉4、5类LSA
但在该区域会出现7类LSA(其实就是5类LSA,因在NSSA区域,换了个叫法)
并且该区域的ABR负责5类到7类的转换作用
NSSA负责过滤掉远端5类LSA,而近端的5类LSA实现5to7的转换,并传送给其他区域
并由该区域的ABR手工下放一条默认人路由
实现拓扑有点改动:
配置
R2
router ospf 110
no area 1 stub no-summary
no area 1 stub
R4
router ospf 110
no area 1 stub
redistribute rip subnets
router rip
version 2
no auto-summary
network 100.0.0.0
interface l100
ip add 100.1.1.4 255.255.255.0
no shut
现在选择下在哪个区域做NSSA区域呢?
area 1 和 area 2 都可以,那就area 2
R3(config-router)#do show ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O IA 2.2.2.2 [110/129] via 13.1.1.1, 00:00:36, Serial0/1
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/193] via 13.1.1.1, 00:00:36, Serial0/1
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.1.1.0 [110/192] via 13.1.1.1, 00:00:36, Serial0/1
12.0.0.0/24 is subnetted, 1 subnets
O IA 12.1.1.0 [110/128] via 13.1.1.1, 00:00:36, Serial0/1
O*N2 0.0.0.0/0 [110/1] via 13.1.1.1, 00:00:36, Serial0/1
N2就是七类LSA通告的默认路由,去往远端RIP区域的路由
R3#show ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 110)
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 191 0x80000004 0x00E084 2
3.3.3.3 3.3.3.3 194 0x80000005 0x00D26B 3
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
2.2.2.2 1.1.1.1 196 0x80000002 0x003FA9
4.4.4.4 1.1.1.1 196 0x80000002 0x00653B
12.1.1.0 1.1.1.1 196 0x80000002 0x00DD06
24.1.1.0 1.1.1.1 196 0x80000002 0x00C3D3
Type-7 AS External Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 196 0x80000001 0x00EEBE 0
5.5.5.0 3.3.3.3 212 0x80000001 0x00DA94 0
35.1.1.0 3.3.3.3 212 0x80000001 0x00AFA9 0
红色字体就是R1通告的7类LSA
蓝色字体就是R3通告的7类LSA,由五类转换而来
查看R1上的数据库信息
R1(config-router)#do show ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 110)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 109 0x80000004 0x006EED 3
2.2.2.2 2.2.2.2 536 0x80000003 0x00084E 3
Summary Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
3.3.3.3 1.1.1.1 94 0x80000001 0x006D7E
4.4.4.4 2.2.2.2 812 0x80000001 0x0021C2
13.1.1.0 1.1.1.1 513 0x80000001 0x002DBC
24.1.1.0 2.2.2.2 812 0x80000001 0x007F5B
Summary ASB Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
4.4.4.4 2.2.2.2 260 0x80000001 0x0009DA
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 104 0x80000004 0x00E084 2
3.3.3.3 3.3.3.3 238 0x80000005 0x00D26B 3
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 239 0x80000002 0x00EA42
2.2.2.2 1.1.1.1 239 0x80000002 0x003FA9
4.4.4.4 1.1.1.1 239 0x80000002 0x00653B
12.1.1.0 1.1.1.1 239 0x80000002 0x00DD06
24.1.1.0 1.1.1.1 239 0x80000002 0x00C3D3
Type-7 AS External Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 239 0x80000001 0x00EEBE 0
5.5.5.0 3.3.3.3 262 0x80000001 0x00DA94 0
35.1.1.0 3.3.3.3 262 0x80000001 0x00AFA9 0
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
5.5.5.0 1.1.1.1 218 0x80000001 0x00ABD5 0
35.1.1.0 1.1.1.1 221 0x80000001 0x0080EA 0
100.1.1.0 4.4.4.4 398 0x80000001 0x003FEA 0
看到了吗?在R1中有五类和七类LSA,不过这里面还是有区别的
个人认为,7类中的5.5.5.0/24和35.1.1.0/24是由R3通告进来的七类LSA
而五类中5.5.5.0/24和35.1.1.0/24是通告给邻接的路由器的
所以R1既可以充当ABR也可以充当ASBR
show ip ospf border-routers查看
所以ASBR的定义,只要产生5类LSA的路由器就是ASBR
4、Totally NSSA
目的:在NSSA基础上,过滤掉3、4、5类LSA
该配置需要在ABR上配置,也就是R1上
R1
router ospf 110
area 2 nssa no-summary
R3(config-router)#do show ip ospf database
OSPF Router with ID (3.3.3.3) (Process ID 110)
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 216 0x80000005 0x00DE85 2
3.3.3.3 3.3.3.3 106 0x80000006 0x00D06C 3
Summary Net Link States (Area 2)
Link ID ADV Router Age Seq# Checksum
0.0.0.0 1.1.1.1 87 0x80000001 0x001B17
Type-7 AS External Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 1.1.1.1 216 0x80000002 0x00ECBF 0
5.5.5.0 3.3.3.3 106 0x80000002 0x00D895 0
35.1.1.0 3.3.3.3 106 0x80000002 0x00ADAA 0
这里我们看到了两个生成的默认路由,我们show 下路由表看看
R3#show ip route ospf
O*IA 0.0.0.0/0 [110/65] via 13.1.1.1, 00:04:22, Serial0/1
3类的LSA的优先级比7类LSA要高
所以为了优化,去掉default-information-originate 参数,所以完整命令是
R1
router ospf 110
area 2 nssa no summary 就行了
而no-redistribution 就是不要将重分布进来的路由通告,也就是过滤掉这个5类LSA
拓扑图变更为:
R1
interface l10
ip add 10.1.1.1 255.255.255.0
no shut
router rip
version 2
no auto-summary
network 10.0.0.0
router ospf 110
redistribute rip subnets
R3#show ip route ospf
10.0.0.0/24 is subnetted, 1 subnets
O N2 10.1.1.0 [110/20] via 13.1.1.1, 00:00:06, Serial0/1
O*IA 0.0.0.0/0 [110/65] via 13.1.1.1, 00:00:06, Serial0/1
10.1.1.0/24路由就有点多余,因为下一跳都一样,走默认路由就可以了
所以需要no-redistribution参数,但该参数必须配合no-summary 或default-information-originate
这里是no-summary
完整的命令就是
R1
router ospf 110
area 2 nssa no-redistribution no-summary就可以了
R3#show ip route ospf
O*IA 0.0.0.0/0 [110/65] via 13.1.1.1, 00:00:16, Serial0/1
就剩一条了吧
知识点:不规则区域
有两种类型的不规则区域
1、远离area 0的区域
2、分隔的area 0
解决方案:
1、OSPF多进程双向重分布
实验拓扑
配置
R4
interface s0/0
ip add 24.1.1.4 255.255.255.0
no shut
interface l0
ip add 4.4.4.4 255.255.255.0
no shut
router ospf 110
router-id 4.4.4.4
network 24.1.1.0 0.0.0.255 area 2
network 4.4.4.0 0.0.0.255 area 2
R2
interface s0/1
ip add 24.1.1.2 255.255.255.0
no shut
interface s0/0
ip add 12.1.1.2 255.255.255.0
no shut
interface l0
ip add 2.2.2.2 255.255.255.0
no shut
router ospf 110
router-id 2.2.2.2
network 24.1.1.0 0.0.0.255 area 2
network 12.1.1.0 0.0.0.255 area 1
network 2.2.2.0 0.0.0.255 area 1
R1
interface s0/1
ip add 12.1.1.1 255.255.255.0
no shut
interface s0/0
ip add 13.1.1.1 255.255.255.0
no shut
interface l0
ip add 1.1.1.1 255.255.255.0
no shut
router ospf 110
router-id 1.1.1.1
network 12.1.1.0 0.0.0.255 area 1
network 13.1.1.0 0.0.0.255 area 0
network 1.1.1.0 0.0.0.255 area 0
R3
interface s0/1
ip add 13.1.1.3 255.255.255.0
no shut
interface l0
ip add 3.3.3.3 255.255.255.0
no shut
router ospf 110
router-id 3.3.3.3
network 13.1.1.0 0.0.0.255 area 0
network 3.3.3.0 0.0.0.255 area 0
有些路由器获得不到R4上的LSA所通告的路由
R2
router ospf 110
no network 24.1.1.0 0.0.0.255 area 2
router ospf 100
router-id 22.2.2.2
network 24.1.1.0 0.0.0.255 area 2
做完这个查看下数据库
R2(config-router)#do show ip ospf database
OSPF Router with ID (22.2.2.2) (Process ID 100)
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
4.4.4.4 4.4.4.4 64 0x80000006 0x0039D0 3
22.2.2.2 22.2.2.2 63 0x80000001 0x00AD78 2
OSPF Router with ID (2.2.2.2) (Process ID 110)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 120 0x80000005 0x00F27F 2
2.2.2.2 2.2.2.2 105 0x80000002 0x000D49 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 1306 0x80000001 0x0047EC
3.3.3.3 1.1.1.1 1265 0x80000001 0x006D7E
13.1.1.0 1.1.1.1 1296 0x80000001 0x002DBC
R2
router ospf 110
redistribute ospf 100 subnets //讲OSPF100重分布进OSPF 110中
查看数据库
R2(config-router)#do show ip ospf database
OSPF Router with ID (22.2.2.2) (Process ID 100)
Router Link States (Area 2)
Link ID ADV Router Age Seq# Checksum Link count
4.4.4.4 4.4.4.4 142 0x80000006 0x0039D0 3
22.2.2.2 22.2.2.2 141 0x80000001 0x00AD78 2
OSPF Router with ID (2.2.2.2) (Process ID 110)
Router Link States (Area 1)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 198 0x80000005 0x00F27F 2
2.2.2.2 2.2.2.2 183 0x80000002 0x000D49 3
Summary Net Link States (Area 1)
Link ID ADV Router Age Seq# Checksum
1.1.1.1 1.1.1.1 1384 0x80000001 0x0047EC
3.3.3.3 1.1.1.1 1343 0x80000001 0x006D7E
13.1.1.0 1.1.1.1 1374 0x80000001 0x002DBC
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
4.4.4.4 2.2.2.2 90 0x80000001 0x00B6A4 0
24.1.1.0 2.2.2.2 93 0x80000001 0x00153D 0
多了这个命令后,多了五类的LSA
这样就可以获取完整的路由表了
总结:
首先要确保同一区域,基于每个进程;然后进行重分布
2、Tunnel
应用上面的拓扑图
R1
interface tunnel 1
tunnel source 12.1.1.1
tunnel destination 12.1.1.2
ip add 172.16.1.1 255.255.255.0
no shut
router ospf 110
network 172.16.1.0 0.0.0.255 area 0
R2
interface tunnel 2
tunnel source 12.1.1.2
tunnel destination 12.1.1.1
ip add 172.16.1.2 255.255.255.0
no shut
router ospf 110
network 172.16.1.0 0.0.0.255 area 0
这样就可以得到完整的路由表了,原理就是把area 1当做了一个属于area 0的链路了
以上两个方法太繁琐了,有简单的方法
3、虚拟链路
R1
router ospf 110
area 1 virtual-link 2.2.2.2 //指向邻居的RID,不需路由可达,只要数据库可达就行
R2
router ospf 110
area 1 virtual-link 1.1.1.1
R1#show ip ospf virtual-links
Virtual Link OSPF_VL0 to router 2.2.2.2 is up
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial0/1, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 2/3, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
说明virtual-link起来了,红色字体说明hello包在这种接口里被抑制了
知识点
OSPF认证
第一种分类:明文认证 、 密文认证
第二种分类:接口认证 、 区域认证 、 虚链路认证
1、接口级认证:
interface s0/0
ip ospf authentication-key cisco //明文密钥
ip ospf authentication //明文认证
ip ospf message-digest-key 1(key-id) md5 cisco //密文密钥
ip ospf authentication message-digest //密文认证
2、区域认证
密钥同上,都是在接口下
area 1 authentication //明文认证
area 1 authentication message-digest //密文认证
3、虚链路认证
area 2 virtual-link 3.3.3.3 atuhentication-key cisco //明文密钥
area 2 virtual-link 3.3.3.3 authentication //明文认证
area 2 virtual-link 3.3.3.3 message-digest-key 1(key-id) md5 cisco//密文密钥
area 2 virtual-link 3.3.3.3 authentication message-digest //密文认证
实验:上图拓扑,做区域0的认证
该实验暂停,后续操作!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
知识点
负载均衡
被动接口 不收发hello包,但可以通告路由