[Lab 2] OSPF专题

image

[Lab 2] OSPF专题

OSPF(Open Shortest Path First,开放最短链路优先)路由协议是典型的链路状态路

由协议。OSPF 由IETF 在20 世纪80 年代末期开发,OSPF 是SPF 类路由协议中的开放式版本。

最初的OSPF 规范体现在RFC1131 中,被称为OSPF 版本1,但是版本1 很快被进行了重大改

进的版本所代替,这个新版本体现在RFC1247 文档中。RFC1247 被称为OSPF 版本2,是为了

明确指出其在稳定性和功能性方面的实质性改进。这个OSPF 版本有许多更新文档,每一个

更新都是对开放标准的精心改进。接下来的一些规范出现在RFC1583 和2328 中。OSPF 版本

2 的最新版体现在RFC 2328 中。而OSPF 版本3 是关于IPv6 的。OSPF 的内容多而复杂,所

以本书分了多个章节来介绍。本章只讨论单区域的OSPF。

OSPF 作为一种内部网关协议(Interior Gateway Protocol,IGP),用于在同一个自治

系统(AS)中的路由器之间交换路由信息。OSPF 的特性如下:

1. 可适应大规模网络;

2. 收敛速度快;

3. 无路由环路;

4. 支持VLSM 和CIDR;

5. 支持等价路由;

6. 支持区域划分, 构成结构化的网络;

7. 提供路由分级管理;

8. 支持简单口令和MD5 认证;

9. 以组播方式传送协议报文;

10. OSPF 路由协议的管理距离是110;

11. OSPF 路由协议采用cost 作为度量标准;

12. OSPF 维护邻居表、拓扑表和路由表。

另外,OSPF 将网络划分为四种类型:广播多路访问型(BMA)、非广播多路访问型(NBMA)、

点到点型(Point-to-Point)、点到多点型(Point-to-MultiPoint)。不同的二层链路的类

型需要OSPF 不同的网络类型来适应。

下面的几个术语是学习OSPF 要掌握的:

1. 链路:链路就是路由器用来连接网络的接口;

2. 链路状态:用来描述路由器接口及其与邻居路由器的关系。所有链路状态信息构成

链路状态数据库;

3. 区域:有相同的区域标志的一组路由器和网络的集合。在同一个区域内的路由器有

相同的链路状态数据库;

4. 自治系统:采用同一种路由协议交换路由信息的路由器及其网络构成一个自治系统;

5. 链路状态通告(LSA):LSA 用来描述路由器的本地状态,LSA 包括的信息有关于路由

器接口的状态和所形成的邻接状态;

6. 最短路经优先(SPF)算法:是OSPF 路由协议的基础。SPF 算法有时也被称为Dijkstra

算法,这是因为最短路径优先算法(SPF)是Dijkstra 发明的。OSPF 路由器利用 SPF,独立

地计算出到达任意目的地的最佳路由。

1-单区域OSPF

1-1 点到点链路上的OSPF

(loopback 1.1.1.1)R1 (S1/0)---(S1/1)R2(S1/0)---(S1/1)R3(loopback 3.3.3.3)

每台路由器运行ospf在R1上看路由表

1-1-1loopback interface in ospf

R1#sh ip route ospf

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/129] via 12.1.1.2, 00:01:38, Serial1/0

为什么这里是3.0.0.0/32 ?

环回接口OSPF 路由条目的掩码长度都是32 位,这是环回接口的特性,尽管通告了

24 位,解决的办法是在环回接口下修改网络类型为“Point-to-Point”,操作如下:

R23(config)#interface loopback 0

R3(config-if)#ip ospf network point-to-point

这样收到的路由条目的掩码长度和通告的一致。

1-1-2-ospf metric

3.3.3.0/24 度量值 129是怎么得来的?

Metric = 100/8000 + 100/1.544 + 100/1.544 (单位兆bps)思科算法不会四舍五入.

1-1-3-show ip protocol

Routing Protocol is "ospf 110"

//当前路由器的进程号 110

Outgoing update filter list for all interfaces is not set

Incoming update filter list for all interfaces is not set

Router ID 1.1.1.1

//当前路由器ID

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

//本路由器参与的区域号,数量和类型

Maximum path: 4

//支持等价路径最大数目

Routing for Networks:

0.0.0.0 255.255.255.255 area 0

//以上表明OSPF 通告的网络以及这些网络所在的区域

Reference bandwidth unit is 100 mbps

//参考带宽为10^8

//修改命令:

R1(config-router)#auto-cost reference-bandwidth 1000

Routing Information Sources:

Gateway Distance Last Update

3.3.3.3 110 00:06:50

2.2.2.2 110 00:06:50

//路由信息源

Distance: (default is 110)

//ospf AD值

1-1-4-show ip ospf

该命令显示OSPF 进程及区域的细节,如路由器运行SPF 算法的次数等。

R1#sh ip ospf 110

Routing Process "ospf 110" with ID 1.1.1.1

Start time: 00:02:07.160, Time elapsed: 00:19:14.876

Supports only single TOS(TOS0) routes

Supports opaque LSA

Supports Link-local Signaling (LLS)

Supports area transit capability

Router is not originating router-LSAs with maximum metric

Initial SPF schedule delay 5000 msecs

Minimum hold time between two consecutive SPFs 10000 msecs

Maximum wait time between two consecutive SPFs 10000 msecs

Incremental-SPF disabled

Minimum LSA interval 5 secs

Minimum LSA arrival 1000 msecs

LSA group pacing timer 240 secs

Interface flood pacing timer 33 msecs

Retransmission pacing timer 66 msecs

Number of external LSA 0. Checksum Sum 0x000000

Number of opaque AS LSA 0. Checksum Sum 0x000000

Number of DCbitless external and opaque AS LSA 0

Number of DoNotAge external and opaque AS LSA 0

Number of areas in this router is 1. 1 normal 0 stub 0 nssa

Number of areas transit capable is 0

External flood list length 0

IETF NSF helper support enabled

Cisco NSF helper support enabled

Area BACKBONE(0)

\\该区域为骨干区域

Number of interfaces in this area is 2 (1 loopback)

Area has no authentication

\\没有认证

SPF algorithm last executed 00:13:30.488 ago

SPF algorithm executed 4 times

\\spf算法执行了几次

Area ranges are

Number of LSA 3. Checksum Sum 0x011413

Number of opaque link LSA 0. Checksum Sum 0x000000

Number of DCbitless LSA 0

Number of indication LSA 0

Number of DoNotAge LSA 0

Flood list length 0

1-1-5-show ip ospf interface

R1#sh ip ospf interface s1/0

Serial1/0 is up, line protocol is up

Internet Address 12.1.1.1/24, Area 0

Process ID 110, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64

//进程ID,路由器ID,网络类型,接口Cost 值

Transmit Delay is 1 sec, State POINT_TO_POINT

//接口的延迟和状态

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

//显示几个计时器的值

// wait timer 40s 当是two-way状态下需要等待40s来选择DR/BDR

oob-resync timeout 40

Hello due in 00:00:04

//距离下次发送Hello 包的时间

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

//以上两行表示启用了IETF 和Cisco 的NSF 功能

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 1, Adjacent neighbor count is 1

//邻居的个数以及已建立邻接关系的邻居的个数

Adjacent with neighbor 2.2.2.2

//已经建立邻接关系的邻居路由器ID

Suppress hello for 0 neighbor(s)

//没有hello抑制

1-1-6 sh ip ospf neighbor

R2#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

1.1.1.1(R1 router id) 0 FULL/ - 00:00:37 12.1.1.1 Serial1/1

3.3.3.3(R3 router id) 0 FULL/ - 00:00:39 23.1.1.3 Serial1/0

\\PTOP 网络不选择 DR/BDR

① Pri:邻居路由器接口的优先级;

② State:当前邻居路由器接口的状态;

③ Dead Time:清除邻居关系前等待的最长时间;

④ Address:邻居接口的地址;

⑤ Interface:自己和邻居路由器相连接口;

⑥ “-”: 表示点到点的链路上OSPF 不进行DR 选举。

1-1-7建立邻居要素

OSPF 邻居关系不能建立的常见原因:

① hello 间隔和dead 间隔不同;

② 区域号码不一致;

③ 特殊区域(如stub,nssa等)区域类型不匹配;

④ 认证类型或密码不一致;

⑤ 路由器ID 相同;

⑥ Hello 包被ACL deny;

⑦ 链路上的MTU 不匹配;

⑧ 接口下OSPF网络类型不匹配。

Hello包发送时间表:

广播多路访问 10 40

非广播多路访问 30 120

点到点 10 40

点到多点 30 120

可以用 ip ospf hello-interval”和“ip ospf dead-interval”命令调整

1-1-8 sh ip ospf database

R2#sh ip ospf database

OSPF Router with ID (2.2.2.2) (Process ID 110)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

1.1.1.1 1.1.1.1 263 0x80000003 0x0067F8 3

2.2.2.2 2.2.2.2 257 0x80000003 0x002869 4

3.3.3.3 3.3.3.3 1958 0x80000002 0x007FB4 3

① Link ID:是指Link State ID,代表整个路由器,而不是某个链路;

② ADV Router:是指通告链路状态信息的路由器ID;

③ Age:老化时间;

④ Seq#:序列号;

⑤ Checksum:校验和;

⑥ Link count:通告路由器在本区域内的链路数目。

1-2 广播多路访问链路上的OSPF

R1(f0/0)---switch

R2(f1/0)---switch

R3(f1/0)---switch

在广播多路访问的连路上是要选举DR/BDR (非抢占式)

224.0.0.5 used for all routers

224.0.0.6 only used for DR & BDR

1-2-1 DR选举原则

① 首要因素是时间,最先启动的路由器被选举成DR;

② 如果同时启动,或者重新选举,则看接口优先级(范围为0-255),优先级最高的被选举成DR,默认情况下,多路访问网络的接口优先级为1,点到点网络接口优先级为0,修改接口优先级的命令是“ ip ospf priority”,如果接口的优先级被设置为0,那么该接口将不参与DR 选举;

③ 如果前两者相同,最后看路由器ID,路由器ID 最高的被选举成DR;

在OSPF 邻接关系建立的过程中,接口的状态的变化包括DOWN、init、2Way、EXSTART、

EXCHANGE、Loading 和FULL。

Init状态:是说明我收到了邻居的hello包,且该hello包里没有我的active neighbor

2way状态:是说明我收到了邻居的hello包,且该hello包里有我的active neighbor

clip_image002

2- OSPF 网络类型 [OSPF Over Frame-Relay]

2-1 OSPF over NBMA

通过这个试验必须掌握:

(1)帧中继静态映射及broadcast 参数的含义

(2)NBMA 模式下的DR 选举

(3)手工配置OSPF 邻居

(4)NBMA 模式下OSPF 的配置和调试

clip_image004

<R4>怎么配置,请参考lab3 frame-replay 专题

<R123配置如下:>

===============

R1 :

===============

R1#sh run int s0/0

interface Serial0/0

ip address 192.168.123.1 255.255.255.0

encapsulation frame-relay

ip ospf priority 10 //让HUB成为DR

serial restart-delay 0

no dce-terminal-timing-enable

frame-relay map ip 192.168.123.2 102 broadcast

frame-relay map ip 192.168.123.3 103 broadcast

no frame-relay inverse-arp

frame-relay lmi-type cisco

end

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

network 1.1.1.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0

neighbor 192.168.123.2 \\手动指邻居一般来说双方指,当然单方指也ok

neighbor 192.168.123.3

===============

R2:

===============

R2#sh run int s0/0

interface Serial0/0

ip address 192.168.123.2 255.255.255.0

encapsulation frame-relay

ip ospf priority 0

serial restart-delay 0

no dce-terminal-timing-enable

frame-relay map ip 192.168.123.1 201 broadcast

frame-relay map ip 192.168.123.3 201 \\\\这条命令是为ping 通3.3.3.3 source int s0/0

[R2的路由表: O 3.3.3.3 [110/65] via 192.168.123.3, 00:12:02, Serial0/0]

no frame-relay inverse-arp

frame-relay lmi-type cisco

end

R2#sh run | se router ospf

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

network 2.2.2.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0 \\这里R2并没有指邻居.

===============

R3:

===============

R3#sh run int s0/0

interface Serial0/0

ip address 192.168.123.3 255.255.255.0

encapsulation frame-relay

ip ospf priority 0

serial restart-delay 0

no dce-terminal-timing-enable

frame-relay map ip 192.168.123.1 301 broadcast

frame-relay map ip 192.168.123.2 301 \\这条命令是为ping 通2.2.2.2 source int s0/0

no frame-relay inverse-arp

frame-relay lmi-type cisco

end

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

network 3.3.3.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0

=======================华丽的分割线=============================

R1#sh ip ospf int s0/0

Serial0/0 is up, line protocol is up

Internet Address 192.168.123.1/24, Area 0

Process ID 110, Router ID 0.0.0.1, Network Type NON_BROADCAST, Cost: 64

Transmit Delay is 1 sec, State DR, Priority 10

Designated Router (ID) 0.0.0.1, Interface address 192.168.123.1

No backup designated router on this network

\\由于r2/r3放弃DR/BDR选举

Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5

oob-resync timeout 120

Hello due in 00:00:14

Supports Link-local Signaling (LLS)

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 2, Adjacent neighbor count is 2

Adjacent with neighbor 0.0.0.2

Adjacent with neighbor 0.0.0.3

Suppress hello for 0 neighbor(s)

=============================华丽的分割线=============================

总结: 在NBMA网络中 要选DR/BDR ,且要手工指邻居, H/D timer : 30s /120s

在BMA中, 要选DR/BDR ,不需要 手工指邻居, H/D timer : 10s /40s

2-2 OSPF over FR点到点

实验目的

(1)帧中继子接口下静态映射

(2)点到点模式的特征

(2)点到点模式下OSPF 的配置和调试

clip_image006

===========R1============

interface Serial0/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no dce-terminal-timing-enable

no frame-relay inverse-arp

!

interface Serial0/0.12 point-to-point

ip address 192.168.12.1 255.255.255.0

ip ospf priority 10

frame-relay interface-dlci 102

!

interface Serial0/0.13 point-to-point

ip address 192.168.13.1 255.255.255.0

ip ospf priority 10

frame-relay interface-dlci 103

R1#sh run | se router osp

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

network 1.1.1.0 0.0.0.255 area 0

network 192.168.12.0 0.0.0.255 area 0

network 192.168.13.0 0.0.0.255 area 0

=====================R2===============

interface Loopback0

ip address 2.2.2.2 255.255.255.0

!

interface Serial0/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no dce-terminal-timing-enable

no frame-relay inverse-arp

!

interface Serial0/0.12 point-to-point

ip address 192.168.12.2 255.255.255.0

frame-relay interface-dlci 201

R2#sh run | se router osp

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

network 2.2.2.0 0.0.0.255 area 0

network 192.168.12.0 0.0.0.255 area 0

=================================R3==================================

interface Loopback0

ip address 3.3.3.3 255.255.255.0

!

interface Serial0/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no dce-terminal-timing-enable

no frame-relay inverse-arp

!

interface Serial0/0.13 point-to-point

ip address 192.168.13.3 255.255.255.0

frame-relay interface-dlci 301

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

network 3.3.3.0 0.0.0.255 area 0

network 192.168.13.0 0.0.0.255 area 0

=====================华丽的分割线==========================

R1#sh ip ospf int s0/0.12

Serial0/0.12 is up, line protocol is up

Internet Address 192.168.12.1/24, Area 0

Process ID 110, Router ID 0.0.0.1, Network Type POINT_TO_POINT, Cost: 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:04

Supports Link-local Signaling (LLS)

Index 1/1, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 4 msec, maximum is 4 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 0.0.0.2

Suppress hello for 0 neighbor(s)

=======================华丽的分割线======================

R1#sh ip ospf neighbor detail

Neighbor 0.0.0.3, interface address 192.168.13.3

In the area 0 via interface Serial0/0.13

Neighbor priority is 0, State is FULL, 6 state changes

DR is 0.0.0.0 BDR is 0.0.0.0 \\不选dr/bdr

Options is 0x52

LLS Options is 0x1 (LR)

Dead timer due in 00:00:39

Neighbor is up for 00:07:00

Index 2/2, retransmission queue length 0, number of retransmission 1

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 1, maximum is 1

Last retransmission scan time is 0 msec, maximum is 0 msec

===============================华丽的分割线=============

总结:Point to point 网络中 不选择DR/BDR ,不用手工指邻居, H/D Timer: 10s / 40s

【技术要点】

① 点到点模式的DR 和 BDR 是“0.0.0.0”;

② 点到点模式下,每个子接口需要配置不同的网络;

③ 点到点模式下,Hello 周期为10 秒。

2-3 OSPF over FR 点到多点

===================R1==================

interface Serial0/0

no ip address

encapsulation frame-relay

serial restart-delay 0

no dce-terminal-timing-enable

no frame-relay inverse-arp

!

interface Serial0/0.2 multipoint

ip address 192.168.123.1 255.255.255.0

ip ospf priority 10

frame-relay map ip 192.168.123.2 102 broadcast

frame-relay map ip 192.168.123.3 103 broadcast

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

network 1.1.1.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0

neighbor 192.168.123.2

neighbor 192.168.123.3

==============================R2==========================

interface Serial0/0

ip ospf network point-to-multipoint

ip address 192.168.123.2 255.255.255.0

encapsulation frame-relay

ip ospf priority 5

serial restart-delay 0

no dce-terminal-timing-enable

frame-relay map ip 192.168.123.1 201 broadcast

no frame-relay inverse-arp

frame-relay lmi-type cisco

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

network 2.2.2.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0

!======================R3=========================

interface Serial0/0

ip ospf network point-to-multipoint

ip address 192.168.123.3 255.255.255.0

encapsulation frame-relay

ip ospf priority 5

serial restart-delay 0

no dce-terminal-timing-enable

frame-relay map ip 192.168.123.1 301 broadcast

no frame-relay inverse-arp

frame-relay lmi-type cisco

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

network 3.3.3.0 0.0.0.255 area 0

network 192.168.123.0 0.0.0.255 area 0

clip_image008 clip_image010

以上输出表明在点到多点模式中,在路由表中会产生该网段其他各个接口的主机路由,

因此在做帧中继映射的时候,只做到中心点的就可以了。

===================华丽的分解线================

总结:在点到多点的网络环境,不选DR/BDR ,不需要手工配置邻居 H/D Timer : 30s /120s

【技术要点】

(1)点到多点广播模式可以被看成多个点到点接口的集合,然而和点到点不同的是帧

中继接口是在同一子网上;

(2)在点到多点模式中,不需要选举DR/BDR;

(3)Hello 包每30 秒发送一次,无需手工配置邻居。

3-OSPF认证

3-1基于区域的认证

拓扑图:

(lo 0)R1(s0/0)---(s0/1)R2(lo 0)

基于 Simple password 的区域认证

Router(config-router)#area 0 authentication \\路由模式下

Router(config-if)#ip ospf authentication-key cisco

clip_image012

基于MD5的区域认证

Router(config-router)#area 0 authentication message-digest

Router(config-if)#ip ospf message-digest-key 1 md5 cisco1

3-2基于链路的认证

拓扑图:

(lo 0)R1(s0/0)---(s0/1)R2(lo 0)

基于明文的ospf链路认证是基于接口模式

R1(config-if)#ip ospf authentication

R1(config-if)#ip ospf authentication-key test

基于md5的ospf链路认证

R1(config-if)#ip ospf authentication message-digest

R1(config-if)#ip ospf message-digest-key 1 md5 cisco

4-多区域OSPF

在一个大型OSPF 网络中,SPF 算法的反复计算,庞大的路由表和拓扑表的维护以及LSA

的泛洪等都会占用路由器的资源,因而会降低路由器的运行效率。OSPF 协议可以利用区域

的概念来减小这些不利的影响。因为在一个区域内的路由器将不需要了解它们所在区域外的

拓扑细节。OSPF 多区域的拓扑结构有如下的优势:

1. 降低SPF 计算频率

2. 减小路由表

3. 降低了通告LSA 的开销

4. 将不稳定限制在特定的区域

Router分类:

内部路由器:OSPF 路由器上所有直连的链路都处于同一个区域;

主干路由器:具有连接区域0 接口的路由器;

区域边界路由器(ABR):路由器与多个区域相连;

自治系统边界路由器(ASBR):与AS 外部的路由器相连并互相交换路由信息;

4-1 OSPF LSA类型

clip_image014

配置时采用环回接口尽量靠近区域0 的原则

R1:

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

network 1.1.1.0 0.0.0.255 area 1

network 12.1.1.0 0.0.0.255 area 1

R2:

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

network 2.2.2.0 0.0.0.255 area 0

network 12.1.1.0 0.0.0.255 area 1

network 23.1.1.0 0.0.0.255 area 0

R3:

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

network 3.3.3.0 0.0.0.255 area 0

network 23.1.1.0 0.0.0.255 area 0

network 34.1.1.0 0.0.0.255 area 2

R4:

router ospf 110

router-id 0.0.0.4

log-adjacency-changes

redistribute connected subnets

network 34.1.1.0 0.0.0.255 area 2

=================查看R2的路由表-=============================

R2#sh ip route ospf

34.0.0.0/24 is subnetted, 1 subnets

O IA 34.1.1.0 [110/128] via 23.1.1.3, 00:11:46, Serial0/1

1.0.0.0/32 is subnetted, 1 subnets

O 1.1.1.1 [110/65] via 12.1.1.1, 00:11:56, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/65] via 23.1.1.3, 00:11:46, Serial0/1

4.0.0.0/24 is subnetted, 1 subnets

O E2 4.4.4.0 [110/20] via 23.1.1.3, 00:05:51, Serial0/1

OSPF 的外部路由分为:类型1(在路由表中用代码“E1”表示)和类型2(在路由表中

用代码“E2”表示)。它们计算外部路由度量值的方式不同:

① 类型1(E1):外部路径成本+数据包在OSPF 网络所经过各链路成本;

② 类型2(E2):外部路径成本,即ASBR 上的缺省设置。

在重分布的时候可以通过“metric-type”参数设置是类型1 或2,也可以通过“metric”

参数设置外部路径成本,默认为20

如果敲入以下命令:

R4(config-router)#redistribute connected subnets metric-type 1

====R2 (4.4.4.0) 路由条目如下====

O E1 4.4.4.0 [110/148] via 23.1.1.3, 00:00:55, Serial0/1

该条目Cost计算方法:

148 = 100/1.544 + 100/1.544 + 20

R1#sh ip ospf database

OSPF Router with ID (0.0.0.1) (Process ID 110)

Router Link States (Area 1) \\区域1类型1的LSA

Link ID ADV Router (各个RID) Age Seq# Checksum Link count

0.0.0.1 0.0.0.1 1425 0x80000002 0x00422B 3

0.0.0.2 0.0.0.2 1425 0x80000002 0x00F886 2

Summary Net Link States (Area 1) \\区域1类型3的LSA

Link ID ADV Router (ABR通告) Age Seq# Checksum

2.2.2.2 0.0.0.2 1429 0x80000001 0x002B07

3.3.3.3 0.0.0.2 1410 0x80000001 0x007F6E

23.1.1.0 0.0.0.2 1429 0x80000001 0x00BC25

34.1.1.0 0.0.0.2 1410 0x80000001 0x00AFE6

\\在路由表中显示的是O IA的路由信息 (只要不是R1通告)

Summary ASB Link States (Area 1) \\区域1类型4的LSA

Link ID ADV Router Age Seq# Checksum

0.0.0.4 0.0.0.2(ABR通告,ASBR是谁) 1060 0x80000001 0x004C69

Type-5 AS External Link States \\5类LSA

Link ID ADV Router Age Seq# Checksum Tag

4.4.4.0 0.0.0.4 (ASBA通告) 500 0x80000002 0x00B956 0

\\在路由表中显示的是O E1 OR O E2的路由信息

R1# sh ip route ospf

34.0.0.0/24 is subnetted, 1 subnets

O IA 34.1.1.0 [110/192] via 12.1.1.2, 00:30:22, Serial0/0

2.0.0.0/32 is subnetted, 1 subnets

O IA 2.2.2.2 [110/65] via 12.1.1.2, 00:30:33, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O IA 3.3.3.3 [110/129] via 12.1.1.2, 00:30:22, Serial0/0

4.0.0.0/24 is subnetted, 1 subnets

O E1 4.4.4.0 [110/212] via 12.1.1.2, 00:15:10, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

O IA 23.1.1.0 [110/128] via 12.1.1.2, 00:30:33, Serial0/0

=======================华丽分割线=================================

R2#sh ip ospf database

OSPF Router with ID (0.0.0.2) (Process ID 110)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.2 0.0.0.2 223 0x80000003 0x001934 3

0.0.0.3 0.0.0.3 214 0x80000003 0x008FB7 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

1.1.1.1 0.0.0.2 222 0x80000002 0x00D91B

12.1.1.0 0.0.0.2 223 0x80000002 0x004AA1

34.1.1.0 0.0.0.3 214 0x80000002 0x0025AF

\\这条会写入OIA的路由表

Summary ASB Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

0.0.0.4 0.0.0.3 1884 0x80000001 0x00C331

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.1 0.0.0.1 235 0x80000003 0x00402C 3

0.0.0.2 0.0.0.2 224 0x80000003 0x00F687 2

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

2.2.2.2 0.0.0.2 224 0x80000002 0x002908

3.3.3.3 0.0.0.2 224 0x80000002 0x007D6F

23.1.1.0 0.0.0.2 224 0x80000002 0x00BA26

34.1.1.0 0.0.0.2 224 0x80000002 0x00ADE7

Summary ASB Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

0.0.0.4 0.0.0.2 1884 0x80000001 0x004C69

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

4.4.4.0 0.0.0.4 1325 0x80000002 0x00B956 0

R2#sh ip route os

34.0.0.0/24 is subnetted, 1 subnets

O IA 34.1.1.0 [110/128] via 23.1.1.3, 00:48:06, Serial0/1

1.0.0.0/32 is subnetted, 1 subnets

O 1.1.1.1 [110/65] via 12.1.1.1, 00:48:16, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/65] via 23.1.1.3, 00:48:06, Serial0/1

4.0.0.0/24 is subnetted, 1 subnets

O E1 4.4.4.0 [110/148] via 23.1.1.3, 00:32:54, Serial0/1

从上看到路由器R1 和R2 的区域1的链路状态数据库完全相同。

一般来说 相同区域内的路由器具有相同的链路状态数据库,只是在虚链路的时候略有不同;命令“show ip ospf database”所显示的内容并不是数据库中存储的关于每条LSA的全部信息,而仅仅是LSA 的头部信息。要看LSA 的全部信息,该命令后面还有跟详细的参数,如“show ip ospf database router”

另外一条命令查看谁是ASBR

R4#sh ip ospf 110

Routing Process "ospf 110" with ID 0.0.0.4

Supports only single TOS(TOS0) routes

Supports opaque LSA

Supports Link-local Signaling (LLS)

Supports area transit capability

It is an autonomous system boundary router \\显示ASBR

LSA总结:

1 路由器LSA

(O)

所有的OSPF 路由器都会产生这种数据包,用于描述路由器上连接到

某一个区域的链路或是某一接口的状态信息。该LSA 只会在某一个特

定的区域内扩散,而不会扩散至其它的区域。

2 网络LSA

(O)

由DR 产生,只会在包含DR 所处的广播网络的区域中扩散,不会扩散

至其它的OSPF 区域。

3 网络汇总LSA

(O IA)

由ABR 产生,描述ABR 和某个本地区域的内部路由器之间的链路信息。

这些条目通过主干区域被扩散到其它的ABR。

4 ASBR 汇总LSA

(O IA)

由ABR 产生,描述到ASBR 的可达性,由主干区域发送到其它ABR。

5 外部LSA

(O E1 或E2)

由ASBR 产生,含有关于自治系统外的链路信息。

7 NSSA 外部LSA

(O N1 或N2)

由ASBR 产生的关于NSSA 的信息,可以在NSSA 区域内扩散,ABR 可以

将类型7 的LSA 转换为类型5 的LSA

4-2 OSPF(完全)末节区域

末节和完全末节区域需要满足如下的条件:

(1)区域只有一个出口

(2)区域不需要作为虚链路的过渡区

(3)区域内没有ASBR

(4)区域不是主干区域

“no-summary”阻止区域间的路由进入末节区域,所以叫完全末节区域。只需在ABR

上启用本参数即可。

clip_image016

R1:

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

area 1 stub

network 1.1.1.0 0.0.0.255 area 1

network 12.1.1.0 0.0.0.255 area 1

R2:

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

area 1 stub

redistribute connected subnets

network 12.1.1.0 0.0.0.255 area 1

network 23.1.1.0 0.0.0.255 area 0

R3:

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

area 2 stub no-summary \\完全末节区域

network 3.3.3.0 0.0.0.255 area 0

network 23.1.1.0 0.0.0.255 area 0

network 34.1.1.0 0.0.0.255 area 2

R4:

router ospf 110

router-id 0.0.0.4

log-adjacency-changes

area 2 stub

network 4.4.4.0 0.0.0.255 area 2

network 34.1.1.0 0.0.0.255 area 2

R1#sh ip route osp

34.0.0.0/24 is subnetted, 1 subnets

O IA 34.1.1.0 [110/192] via 12.1.1.2, 00:18:54, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O IA 3.3.3.3 [110/129] via 12.1.1.2, 00:18:54, Serial0/0

4.0.0.0/32 is subnetted, 1 subnets

O IA 4.4.4.4 [110/193] via 12.1.1.2, 00:18:54, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

O IA 23.1.1.0 [110/128] via 12.1.1.2, 00:20:26, Serial0/0

O*IA 0.0.0.0/0 [110/65] via 12.1.1.2, 00:20:26, Serial0/0

以上的输出表明R2 重分布进来的环回接口的路由并没有在R1 的路由表中出现,说明末

节区域不接收类型5 的LSA,也就是外部路由;同时末节区域1的ABR R2 自动向该区域内

传播0.0.0.0/0 的默认路由;末节区域可以接收区域间路由。

R4#sh ip route

Gateway of last resort is 34.1.1.3 to network 0.0.0.0

34.0.0.0/24 is subnetted, 1 subnets

C 34.1.1.0 is directly connected, Serial0/0

4.0.0.0/24 is subnetted, 1 subnets

C 4.4.4.0 is directly connected, Loopback0

O*IA 0.0.0.0/0 [110/65] via 34.1.1.3, 00:44:52, Serial0/0

以上输出表明在完全末节区域2 中,R4 的路由表中除了直连和区域内路由,全部被默

认路由代替,证明完全末节区域不接收外部路由和区域间路由,只有区域内的路由和一条由

ABR 向该区域注入的默认路由。

4-3 OSPF NSSA 区域

clip_image018

R1:

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

area 1 nssa

redistribute connected subnets

network 12.1.1.0 0.0.0.255 area 1

R2:

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

area 1 nssa

network 2.2.2.0 0.0.0.255 area 0

network 12.1.1.0 0.0.0.255 area 1

network 23.1.1.0 0.0.0.255 area 0

R3:

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

redistribute rip subnets

network 3.3.3.0 0.0.0.255 area 0

network 23.1.1.0 0.0.0.255 area 0

router rip

version 2

redistribute ospf 110 metric 2

network 34.0.0.0

no auto-summary

R4:

router rip

version 2

network 4.0.0.0

network 34.0.0.0

no auto-summary

R1#sh ip route ospf

2.0.0.0/32 is subnetted, 1 subnets

O IA 2.2.2.2 [110/65] via 12.1.1.2, 00:06:08, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O IA 3.3.3.3 [110/129] via 12.1.1.2, 00:06:08, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

O IA 23.1.1.0 [110/128] via 12.1.1.2, 00:06:08, Serial0/0

以上的输出表明区域间的路由是可以进入到NSSA 区域的;但是在R1 的路由表中并没有

出现在R3 上把RIP 重分布进来的路由,因此说明LSA 类型为5 的外部路由不能在NSSA 区域

中传播,ABR 也没有能力把类型5 的LSA 转成类型7 的LSA。

如果不想在NSSA 区域中出现区域间的路由,则在ABR 的路由器上配置NSSA 区域时加上

“no-summary”参数即可。这时ABR 也会自动向NSSA 区域注入一条“O IA”的默认路由 (* O IA),配置如下:

R2(config-router)#area 1 nssa no-summary

为了让R1 可以ping 通 R3重分布进来的路由,我们需要在R2 上做个配置:

R2(config-router)#area 1 nssa default-information-originate

那么在R1上会出现一条O*N2的路由

O*N2 0.0.0.0/0 [110/1] via 12.1.1.2, 00:00:12, Serial0/0

如果我们在R2上输入:R2(config-router)#area 1 nssa default-information-originate no-summary

R1#sh ip route ospf

O*IA 0.0.0.0/0 [110/65] via 12.1.1.2, 00:00:04, Serial0/0

\\表明“O IA”的路由优于“O N2”的路由

在R2上看路由表:

R2#sh ip route ospf

34.0.0.0/24 is subnetted, 1 subnets

O E2 34.1.1.0 [110/20] via 23.1.1.3, 00:01:13, Serial0/1

1.0.0.0/24 is subnetted, 1 subnets

O N2 1.1.1.0 [110/20] via 12.1.1.1, 00:01:13, Serial0/0

3.0.0.0/32 is subnetted, 1 subnets

O 3.3.3.3 [110/65] via 23.1.1.3, 00:01:13, Serial0/1

4.0.0.0/24 is subnetted, 1 subnets

O E2 4.4.4.0 [110/20] via 23.1.1.3, 00:01:13, Serial0/1

\\NSSA 区域的路由代码为“O N2”或”O N1”

R2#sh ip ospf database

OSPF Router with ID (0.0.0.2) (Process ID 110)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.2 0.0.0.2 1063 0x80000005 0x001B2E 3

0.0.0.3 0.0.0.3 1019 0x80000005 0x008EB5 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

12.1.1.0 0.0.0.2 1509 0x80000002 0x004AA1

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.1 0.0.0.1 1054 0x80000006 0x00A5D0 2

0.0.0.2 0.0.0.2 1054 0x80000006 0x009CD6 2

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

0.0.0.0 0.0.0.2 346 0x80000001 0x002D07

Type-7 AS External Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Tag

0.0.0.0 0.0.0.2 524 0x80000001 0x00BAE4 0

1.1.1.0 0.0.0.1 1076 0x80000001 0x00D4AE 0

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag

1.1.1.0 0.0.0.2 1044 0x80000001 0x006329 0

4.4.4.0 0.0.0.3 1019 0x80000001 0x00454C 0

34.1.1.0 0.0.0.3 1019 0x80000001 0x000376 0

从输出结果中表明,路由器R2 将类型7 的LSA 转换成类型5 的LSA,并且继续在网络

上扩散到路由器R3。

4-4 OSPF stub 区域总结

1-stub: 过滤 4/5类LSA, 下放一条O*IA的默认路由

2-totally stub: 过滤3/4/5LSA ,下放一条O*IA的默认路由

3-NSSA: 过滤4/5 LSA,但允许本区域产生外部路由(ON2, 7类LSA),没有下放默认路由,同时Router-id大的router(ABR)会做7转5LSA (可以用 area 1 nssa default-information-origniate 产生一条 O*N2)

4-Totally NSSA: 过滤3/4/5 LSA, 但允许本区域产生外部路由(ON2, 7类LSA),有下放默认路由(O* IA默认路由),同时Router-id大的router(ABR)会做7转5LSA

5-OSPF手工汇总

clip_image020

R1:

interface Loopback0

ip address 1.1.4.1 255.255.255.0

ip ospf 110 area 1

!

interface Loopback1

ip address 1.1.5.1 255.255.255.0

ip ospf 110 area 1

!

interface Loopback2

ip address 1.1.6.1 255.255.255.0

ip ospf 110 area 1

!

interface Loopback3

ip address 1.1.7.1 255.255.255.0

ip ospf 110 area 1

!

interface Serial0/0

ip address 12.1.1.1 255.255.255.0

ip ospf 110 area 1

router ospf 110

router-id 0.0.0.1

log-adjacency-changes

R2:

router ospf 110

router-id 0.0.0.2

log-adjacency-changes

area 1 range 1.1.4.0 255.255.252.0

\\在ABR上作区域间汇总

interface Serial0/0

ip address 23.1.1.2 255.255.255.0

ip ospf 110 area 0

serial restart-delay 0

no dce-terminal-timing-enable

!

interface Serial0/1

ip address 12.1.1.2 255.255.255.0

ip ospf 110 area 1

serial restart-delay 0

no dce-terminal-timing-enable

!

R3:

interface Serial0/0

ip address 34.1.1.3 255.255.255.0

serial restart-delay 0

no dce-terminal-timing-enable

!

interface Serial0/1

ip address 23.1.1.3 255.255.255.0

ip ospf 110 area 0

serial restart-delay 0

no dce-terminal-timing-enable

router ospf 110

router-id 0.0.0.3

log-adjacency-changes

summary-address 4.4.0.0 255.255.252.0

\\在ASBR上做外部路由汇总

redistribute eigrp 90 subnets

router eigrp 90

redistribute ospf 110 metric 1000 10 255 1 1500

network 34.1.1.0 0.0.0.255

no auto-summary

看R2的路由表

R2#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

34.0.0.0/24 is subnetted, 1 subnets

O E2 34.1.1.0 [110/20] via 23.1.1.3, 00:11:54, Serial0/0

1.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 1.1.5.1/32 [110/65] via 12.1.1.1, 00:11:54, Serial0/1

O 1.1.4.0/22 is a summary, 00:11:54, Null0 \\防环

O 1.1.4.1/32 [110/65] via 12.1.1.1, 00:11:54, Serial0/1

O 1.1.7.1/32 [110/65] via 12.1.1.1, 00:11:54, Serial0/1

O 1.1.6.1/32 [110/65] via 12.1.1.1, 00:11:54, Serial0/1

4.0.0.0/22 is subnetted, 1 subnets

O E2 4.4.0.0 [110/20] via 23.1.1.3, 00:07:57, Serial0/0

\\从外部学来的路由打 OE2

23.0.0.0/24 is subnetted, 1 subnets

C 23.1.1.0 is directly connected, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/1

看R3的路由表

R3#sh ip route ospf

1.0.0.0/22 is subnetted, 1 subnets

O IA 1.1.4.0 [110/129] via 23.1.1.2, 00:13:55, Serial0/1

\\学到了 区域1 汇总过来的ospf 域间路由

4.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

O 4.4.0.0/22 is a summary, 00:09:56, Null0 \\防环

12.0.0.0/24 is subnetted, 1 subnets

O IA 12.1.1.0 [110/128] via 23.1.1.2, 00:17:15, Serial0/1

6-OSPF默认路由

我们使用上图的拓扑

clip_image022

主要的变化在R3上

R3上取消掉重分布,取消的外部路由汇总

R3(config)#ip route 0.0.0.0 0.0.0.0 s0/0

R3(config-router)#default-information originate [always] always用于没有指定 ip router 0.0.0.0 0.0.0.0 就下放默认路由

在R1和R2上路由表中可以看到一条O*E2的默认路由

7-OSPF虚链路

在实际网络中,可能会存在主干区域不连续或者某一个区域与主干区域物理不相连的情

况,在这两种情况下(分割区域0和远离区域0),可以通过虚链路来解决。

clip_image024

其实配置比较简单

R2: R2(config-router)#area 1 virtual-link 0.0.0.3

R3: R3(config-router)#area 1 virtual-link 0.0.0.2

R2#sh ip ospf virtual-links

Virtual Link OSPF_VL0 to router 0.0.0.3 is up

Run as demand circuit

DoNotAge LSA allowed.

Transit area 1, via interface Serial0/0, Cost of using 64

Transmit Delay is 1 sec, State POINT_TO_POINT,

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

Hello due in 00:00:03

Adjacency State FULL (Hello suppressed)

Index 2/3, retransmission queue length 0, number of retransmission 1

First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

Last retransmission scan length is 1, maximum is 1

Last retransmission scan time is 0 msec, maximum is 0 msec

R2#sh ip ospF database

OSPF Router with ID (0.0.0.2) (Process ID 110)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.1 0.0.0.1 1458 0x80000003 0x00402C 3

0.0.0.2 0.0.0.2 964 0x80000004 0x00D03D 3

0.0.0.3 0.0.0.3 5 (DNA) 0x80000003 0x00CB11 3

0.0.0.4 0.0.0.4 118 (DNA) 0x80000003 0x006EBB 3

Summary Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum

23.1.1.0 0.0.0.2 1454 0x80000001 0x00BC25

23.1.1.0 0.0.0.3 398 (DNA) 0x80000001 0x00B62A

Router Link States (Area 1)

Link ID ADV Router Age Seq# Checksum Link count

0.0.0.2 0.0.0.2 964 0x80000003 0x0062FF 2

0.0.0.3 0.0.0.3 965 0x80000003 0x00560A 2

Summary Net Link States (Area 1)

Link ID ADV Router Age Seq# Checksum

1.1.1.1 0.0.0.2 1444 0x80000001 0x00DB1A

4.4.4.4 0.0.0.3 1080 0x80000001 0x004B9D

12.1.1.0 0.0.0.2 1460 0x80000001 0x004CA0

34.1.1.0 0.0.0.3 1361 0x80000001 0x0027AE

R2#sh ip route

34.0.0.0/24 is subnetted, 1 subnets

O 34.1.1.0 [110/128] via 23.1.1.3, 00:16:25, Serial0/0

1.0.0.0/32 is subnetted, 1 subnets

O 1.1.1.1 [110/65] via 12.1.1.1, 00:16:25, Serial0/1

2.0.0.0/24 is subnetted, 1 subnets

C 2.2.2.0 is directly connected, Loopback0

4.0.0.0/32 is subnetted, 1 subnets

O 4.4.4.4 [110/129] via 23.1.1.3, 00:16:25, Serial0/0

23.0.0.0/24 is subnetted, 1 subnets

C 23.1.1.0 is directly connected, Serial0/0

12.0.0.0/24 is subnetted, 1 subnets

C 12.1.1.0 is directly connected, Serial0/1

clip_image026

配置同上

注意:

虚链路属于区域0,所以在进行区域0 认证的时候,不要忘记虚链路的认证,例如如果

区域0 采用MD5 认证,则在虚链路上配置如下:

R3(config-router)#area 1 virtual-link 2.2.2.2 message-digest-key 1 md5 cisco

且虚链路的认证是通过物力借口去认证的

8-OSPF命令汇总

show ip route 查看路由表

show ip ospf neighbor 查看OSPF 邻居的基本信息

show ip ospf database 查看OSPF 拓扑结构数据库

show ip ospf interface 查看OSPF 路由器接口的信息

show ip ospf 查看OSPF 进程及其细节

debug ip ospf adj 显示OSPF 邻接关系创建或中断的过程

debug ip ospf events 显示OSPF 发生的事件

debug ip ospf packet 显示路由器收到的所有的OSPF 数据包

router ospf 启动OSPF 路由进程

router-id 配置路由器ID

network 通告网络及网络所在的区域

ip ospf network 配置接口网络类型

ip ospf cost 配置接口cost 值

ip ospf hello-interval 配置hello 间隔

ip ospf dead-interval 配置OSPF 邻居的死亡时间

ip ospf priority 配置接口优先级

auto-cost reference-bandwidth 配置参考带宽

clear ip ospf process 清除OSPF 进程

area area-id authentication 启动区域简单口令认证

ip ospf authentication-key cisco 配置认证密码

area area-id authentication message-digest 启动区域MD5 认证

ip ospf message-digest-key key-id md5 key 配置key ID 及密匙

ip ospf authentication 启用链路简单口令认证

ip ospf authentication message-digest 启用链路MD5 认证

default-information originate [always] 向OSPF 区域注入默认路由

本文出自 “Erick WAY” 博客,谢绝转载!

你可能感兴趣的:(OSPF专题)