HCNP-路由策略综合实验

于 2024-07-05 15:11:26 发布
阅读量418 收藏 5
点赞数 10
分类专栏: 数通 文章标签: 网络 服务器 运维 网络协议 网络安全 华为
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/m0_63775189/article/details/140185690
版权

概要:

1、配置基本抵制信息和路由协议
2、R2把OSPF引入到rip,把rip引入OSPF
3、R4把RIP引入到OSPF,把ospf引入到rip
4、R5把直连引入到OSPF
5、R3把直连和静态引入RIP,不引入/25路由
6、全部互相引入,避免次优路由和环路

拓扑图:

技术名词:

import-route direct/static/rip/ospf route-policy wu #引入相关策略

display ip route-static protocol ospf/rip/static/direct #查询协议路由

route-policy 名称 permit/deny node 10 #创建路由策略

dis route-policy #查看路由策略情况

技术细节:

1、当两个协议互相引入后,R5引入的5.5.5.5/32网段会出现环路的问题,可以使用filter-policy注入到引入协议阻断环路的路由,也可以使用route-policy标签阻断环路的路由

2、当两个协议互相引入后,在R1和R3可以看到引入的路由会有两个下一条,且会出现次优路由的问题,可以使用route-policy改变相关的开销选择路径方向。

3、R3引入静态路由,不引入172.16.1.0/25网段。

四、AR3静态rip不引入172.1.1.0/25段路由,可以使用前缀列表Ip-prefix过滤此网段路由:
[R3]ip ip-prefix wu permit 172.16.1.0 24 greater-equal 24 less-equal 24
[R3]ip ip-prefix wu permit 172.16.2.0 24
[R3]route-policy wu permit node 10
[R3-route-policy]if-match ip-prefix wu 
[R3]rip
[R3-rip-1] import-route static route-policy wu

在R4使用dis ip route-static protocol rip查看rip引入情况:
[R4]dis ip routing-table protocol rip
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
         Destinations : 6        Routes : 6        

RIP routing table status : <Active>
         Destinations : 4        Routes : 4

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  RIP     100  2           D   11.1.1.2        GigabitEthernet
0/0/1
       12.1.1.0/24  RIP     100  1           D   11.1.1.2        GigabitEthernet
0/0/1
     172.16.1.0/24  RIP     100  1           D   11.1.1.2        GigabitEthernet
0/0/1
     172.16.2.0/24  RIP     100  1           D   11.1.1.2        GigabitEthernet
0/0/1

RIP routing table status : <Inactive>

可以看到172.16.1.0/25已经过滤,没有引入rip协议;

配置如下:

一、基本配置:
sy
sys R5
int s4/0/0
ip add 15.1.1.1 24
int lo 0
ip add 5.5.5.5 32
ospf router-id 5.5.5.5
a 0 
net 15.1.1.1 0.0.0.0

sy
sys R1
int s4/0/0
ip add 15.1.1.2 24
int g0/0/0
ip add 13.1.1.1 24
int g0/0/1
ip add 14.1.1.1 24
ospf router-id 1.1.1.1
a 0 
net 15.1.1.2 0.0.0.0
net 13.1.1.1 0.0.0.0
net 14.1.1.1 0.0.0.0

sy
sys R2
int g0/0/1
ip add 14.1.1.2 24
int g0/0/0
ip add 12.1.1.1 24
ospf router-id 2.2.2.2
a 0
net 14.1.1.2 0.0.0.0
rip
version 2
net 12.0.0.0 

sy
sys R4
int g0/0/1
ip add 11.1.1.1 24
int g0/0/0
ip add 13.1.1.2 24
ospf router-id 4.4.4.4
a 0
net 13.1.1.2 0.0.0.0
rip
version 2
net 11.0.0.0

sy
sys R3
int g0/0/1
ip add 11.1.1.2 24
int g0/0/0
ip add 12.1.1.2 24
int lo 0
ip add 3.3.3.3 32
ip route-static 172.16.1.0 24 null 0
ip route-static 172.16.1.0 25 null 0
ip route-static 172.16.2.0 24 null 0
rip 1
version 2
net 11.0.0.0 
net 12.0.0.0

在R1使用dis ospf peer brief 查看ospf邻居:

[R1]dis ospf peer brief

	 OSPF Process 1 with Router ID 1.1.1.1
		  Peer Statistic Information
 ----------------------------------------------------------------------------
 Area Id          Interface                        Neighbor id      State    
 0.0.0.0          Serial4/0/0                      5.5.5.5          Full        
 0.0.0.0          GigabitEthernet0/0/0             4.4.4.4          Full        
 0.0.0.0          GigabitEthernet0/0/1             2.2.2.2          Full        
 ----------------------------------------------------------------------------
可以看到R1与R2、R4、R5已建立好领居

在R2和R4分别使用dis ip routing-table protocol rip,可以看到已通过RIP协议学到对方的网段
[R4]dis ip routing-table protocol rip 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
         Destinations : 1        Routes : 1        

RIP routing table status : <Active>
         Destinations : 1        Routes : 1

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       12.1.1.0/24  RIP     100  1           D   11.1.1.2        GigabitEthernet
0/0/1

<R2>dis ip routing-table protocol rip 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
         Destinations : 1        Routes : 1        

RIP routing table status : <Active>
         Destinations : 1        Routes : 1

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       11.1.1.0/24  RIP     100  1           D   12.1.1.2        GigabitEthernet
0/0/0

RIP routing table status : <Inactive>
         Destinations : 0        Routes : 0
二、当两个协议互相引入后,R5引入的5.5.5.5/32网段会出现环路的问题,可以通过阻断5.5.5.5路由破环。
[R5]acl 2000
[R5-acl-basic-2000]
[R5-acl-basic-2000]rule permit source 5.5.5.5 0
[R5-acl-basic-2000]
[R5-acl-basic-2000]route-policy wu permit node 10
Info: New Sequence of this List.
[R5-route-policy]
[R5-route-policy]if-match acl 2000
[R5]ospf
[R5-ospf-1]import-route direct route-policy wu #引入5.5.5.5/32外部路由

[R2]ospf
[R2-ospf-1]import-route rip 1 #引入rip协议
[R2-ospf-1]rip
[R2-rip-1]import-route ospf 1 #引入ospf协议

[R4]ospf
[R4-ospf-1]import-route rip 1
[R4-ospf-1]rip
[R4-rip-1]import-route ospf 1
[R4-rip-1]

在引入协议后,双方的路由都已学到,但在R3tracert 5.5.5.5时发现已经环路了:
[R3]tracert 5.5.5.5

 traceroute to  5.5.5.5(5.5.5.5), max hops: 30 ,packet length: 40,press CTRL_C t
o break 

 1 12.1.1.1 30 ms  20 ms  20 ms 

 2 14.1.1.1 20 ms  10 ms  10 ms 

 3 13.1.1.2 10 ms  20 ms  30 ms 

 4 11.1.1.2 20 ms  10 ms  30 ms 

 5 12.1.1.1 30 ms  30 ms  30 ms 

在R1使用dis ip route-s pro ospf 命令时发现5.5.5.5下一条在R4学到的,而不是在R5学到:
[R1]dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 3        Routes : 5        

OSPF routing table status : <Active>
         Destinations : 3        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0
       11.1.1.0/24  O_ASE   150  1           D   14.1.1.2        GigabitEthernet
0/0/1
                    O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0
       12.1.1.0/24  O_ASE   150  1           D   14.1.1.2        GigabitEthernet
0/0/1
                    O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0

OSPF routing table status : <Inactive>
         Destinations : 0        Routes : 0

针对此情况,在 R4使用filter-policy 或者在R2、R4使用route-policy标签的方式阻断5.5.5.5的路由:
1、使用filter-policy阻断:
[R4]ip ip-prefix wu deny 5.5.5.5 32
[R4]ip ip-prefix wu permit 0.0.0.0 0 less-equal 32
[R4]ospf
[R4-ospf-1]filter-policy ip-prefix wu export 

在R3 tracert 5.5.5.5 发现已破环:
[R3]tracert 5.5.5.5

 traceroute to  5.5.5.5(5.5.5.5), max hops: 30 ,packet length: 40,press CTRL_C t
o break 

 1 12.1.1.1 40 ms  20 ms  10 ms 

 2 14.1.1.1 30 ms  10 ms  10 ms 

 3 15.1.1.1 50 ms  40 ms  30 ms 

2、使用route-policy标签阻断
[R4]ospf
[R4-ospf-1]undo filter-policy ip-prefix wu export #删除filter-policy,恢复环路状态

[R2]acl 2005
[R2-acl-basic-2005]
[R2-acl-basic-2005]rule 2 permit source 5.5.5.5 0
[R2]route-policy ospf-rip permit node 10 #创建route-policy
Info: New Sequence of this List.
[R2-route-policy]if-match acl 2005 #引入acl2005
[R2-route-policy]apply tag 10  #打上标签 10
[R2-route-policy]route-policy ospf-rip permit node 20 #创建rout-policy空语句,允许其他路由通过
Info: New Sequence of this List.
[R2-route-policy]rip
[R2-rip-1]import-route ospf route-policy ospf-rip

[R4]route-policy rip-ospf deny node 10
Info: New Sequence of this List.
[R4-route-policy]apply tag 10
[R4]route-policy rip-ospf permit node 20
Info: New Sequence of this List.
[R4-route-policy]ospf
[R4-ospf-1]import-route rip route-policy rip-ospf

在R3 tra 5.5.5.5 可以看到通过标签已破环:

[R3]tracert 5.5.5.5

 traceroute to  5.5.5.5(5.5.5.5), max hops: 30 ,packet length: 40,press CTRL_C t
o break 

 1 12.1.1.1 20 ms  20 ms  20 ms 

 2 14.1.1.1 30 ms  30 ms  30 ms 

 3 15.1.1.1 40 ms  30 ms  20 ms 



三、在R1和R3使用dis ip route-s 发现,11.1.1.0/24、12.1.1.0/24、13.1.1.0/24、14.1.1.0/24网段有两个下一跳,且出现次优路由等情况,针对这个情况我们可以通过改开销方法来选择最优路径:
[R1]dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 3        Routes : 5        

OSPF routing table status : <Active>
         Destinations : 3        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  O_ASE   150  1           D   15.1.1.1        Serial4/0/0
       11.1.1.0/24  O_ASE   150  1           D   14.1.1.2        GigabitEthernet
0/0/1
                    O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0
       12.1.1.0/24  O_ASE   150  1           D   14.1.1.2        GigabitEthernet
0/0/1
                    O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0

R3]dis ip routing-table protocol rip 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
         Destinations : 4        Routes : 7        

RIP routing table status : <Active>
         Destinations : 4        Routes : 7

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
       13.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
                    RIP     100  1           D   11.1.1.1        GigabitEthernet
0/0/1
       14.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
                    RIP     100  1           D   11.1.1.1        GigabitEthernet
0/0/1
       15.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
                    RIP     100  1           D   11.1.1.1        GigabitEthernet
0/0/1


由于这个是之前配好的,我们直接在R2、R4使用display route-policy查看相关配置:

[R4]acl 2002
[R4-acl-basic-2002]rule 1 permit source 13.1.1.0 0.0.0.255 
[R4]route-policy cost permit node 10
[R4-route-policy]if-match acl 2002 
[R4]route-policy cost permit node 20
[R4-route-policy]apply cost 5 #更改路径开销
[R4]route-policy cost permit node 30
[R4]rip
[R4-rip-1]import-route ospf 1 route-policy cost
[R4]acl 2003
[R4-acl-basic-2003]rule 5 permit source 11.1.1.0 0.0.0.255 
[R4]route-policy cost2 permit node  10
[R4-route-policy] if-match acl 2003
[R4]route-policy cost2 permit node  20
[R4-route-policy]apply cost 5
[R4]route-policy cost permit node 30
[R4]ospf
[R4-ospf-1]import-route rip 1 route-policy cost2

[R2]acl 2002
[R2-acl-basic-2002]rule 1 permit source 13.1.1.0 0.0.0.255
[R2]acl 2003
[R2-acl-basic-2003]rule 5 permit source 11.1.1.0 0.0.0.255 
[R2]route-policy cost permit node 10
[R2-route-policy]if-match acl 2002 
[R2-route-policy]apply cost 5 
[R2]route-policy cost permit node 20
[R2]route-policy cost2 permit node 10
[R2-route-policy]if-match acl 2003 
[R2-route-policy]apply cost 5 
[R2]route-policy cost2 permit node 20
[R2]rip
[R2-rip-1] import-route ospf 1 route-policy cost
[R2]ospf
[R2-ospf-1]import-route rip 1 route-policy cost2

配置完毕,可以在R1、R3再次查看路由情况:可以看到已经没有次优路由了
<R1>dis ip routing-table protocol ospf 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
         Destinations : 3        Routes : 3        

OSPF routing table status : <Active>
         Destinations : 3        Routes : 3

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  O_ASE   150  1           D   15.1.1.1        Serial4/0/0
       11.1.1.0/24  O_ASE   150  1           D   13.1.1.2        GigabitEthernet
0/0/0
       12.1.1.0/24  O_ASE   150  1           D   14.1.1.2        GigabitEthernet
0/0/1

OSPF routing table status : <Inactive>
         Destinations : 0        Routes : 0


[R3]dis ip routing-table protocol rip 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : RIP
         Destinations : 4        Routes : 4        

RIP routing table status : <Active>
         Destinations : 4        Routes : 4

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

        5.5.5.5/32  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
       13.1.1.0/24  RIP     100  1           D   11.1.1.1        GigabitEthernet
0/0/1
       14.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0
       15.1.1.0/24  RIP     100  1           D   12.1.1.1        GigabitEthernet
0/0/0

RIP routing table status : <Inactive>

总结

路由策略可以使用在很多场景,既可以在动态路由做路由路径的选择,也可以根据前缀列表过滤子网划分的网段。

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值