交换路由CCIE之路路由策略.docx
《交换路由CCIE之路路由策略.docx》由会员分享,可在线阅读,更多相关《交换路由CCIE之路路由策略.docx(21页珍藏版)》请在冰点文库上搜索。
交换路由CCIE之路路由策略
实验路由策略
一实验拓扑图1
实验一
实验要求:
原本网络使用EIGRP现在要求用OSPF来发现网络拓扑。
实验分析:
要是网络平滑过渡可先将OSPF配置好,然后理由改变EIGRP的管理距离使OSPF替换EIGRP进路由表,等到全网为OSPF后,去掉EIGRP.
实验操作及结果:
首先全网为EIGRP如下
r1#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
D192.168.23.0[90/2681856]via192.168.12.2,00:
01:
48,Serial0/0
C192.168.1.0/24isdirectlyconnected,Ethernet3/0
D192.168.3.0/24[90/2707456]via192.168.12.2,00:
00:
13,Serial0/0
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
D192.168.1.0/24[90/2195456]via192.168.12.1,00:
02:
56,Serial0/0
D192.168.3.0/24[90/2195456]via192.168.23.2,00:
01:
16,Serial0/2
r3#showiproute
192.168.12.0/30issubnetted,1subnets
D192.168.12.0[90/2681856]via192.168.23.1,00:
01:
21,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/0
D192.168.1.0/24[90/2707456]via192.168.23.1,00:
01:
21,Serial0/0
C192.168.3.0/24isdirectlyconnected,Ethernet3/0
现在在每个路由器都配置OSPF能发现都建立邻居,但没进路由表
r1#showipospfneighbor
NeighborIDPriStateDeadTimeAddressInterface
192.168.23.10FULL/-00:
00:
32192.168.12.2Serial0/0
r2#showipospfneighbor
NeighborIDPriStateDeadTimeAddressInterface
192.168.23.20FULL/-00:
00:
35192.168.23.2Serial0/2
192.168.12.10FULL/-00:
00:
31192.168.12.1Serial0/0
r3#showipospfneighbor
NeighborIDPriStateDeadTimeAddressInterface
192.168.23.10FULL/-00:
00:
32192.168.23.1Serial0/0
r1#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
D192.168.23.0[90/2681856]via192.168.12.2,00:
01:
48,Serial0/0
C192.168.1.0/24isdirectlyconnected,Ethernet3/0
D192.168.3.0/24[90/2707456]via192.168.12.2,00:
00:
13,Serial0/0
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
D192.168.1.0/24[90/2195456]via192.168.12.1,00:
02:
56,Serial0/0
D192.168.3.0/24[90/2195456]via192.168.23.2,00:
01:
16,Serial0/2
r3#showiproute
192.168.12.0/30issubnetted,1subnets
D192.168.12.0[90/2681856]via192.168.23.1,00:
01:
21,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/0
D192.168.1.0/24[90/2707456]via192.168.23.1,00:
01:
21,Serial0/0
C192.168.3.0/24isdirectlyconnected,Ethernet3/0
主要原因是OSPF管理距离比EIGRP大,所以没有进入路由表,这时候将EIGRP的管理距离加大到120,这时候路由表就发生改变了,但EIGRP邻居依然存在
r1(config)#routereigrp10
r1(config-router)#distanceeigrp120170//将eigrp内部管理距离改为120>110
r1(config-router)#exit
r2(config)#routereigrp10
r2(config-router)#distanceeigrp120170
r3(config)#routereigrp10
r3(config-router)#distanceeigrp120170
r3(config-router)#exit
重新查看路由表,发现OSPF进了路由表
r1#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
O192.168.23.0[110/128]via192.168.12.2,00:
03:
18,Serial0/0
C192.168.1.0/24isdirectlyconnected,Ethernet3/0
O192.168.3.0/24[110/138]via192.168.12.2,00:
03:
18,Serial0/0
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
O192.168.1.0/24[110/74]via192.168.12.1,00:
02:
00,Serial0/0
O192.168.3.0/24[110/74]via192.168.23.2,00:
02:
00,Serial0/2
r3#showiproute
192.168.12.0/30issubnetted,1subnets
O192.168.12.0[110/128]via192.168.23.1,00:
01:
48,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/0
O192.168.1.0/24[110/138]via192.168.23.1,00:
02:
05,Serial0/0
C192.168.3.0/24isdirectlyconnected,Ethernet3/0
EIGRP邻居依然存在,说明该进程依旧在运行
r1#showipeigrpneighbors
IP-EIGRPneighborsforprocess10
HAddressInterfaceHoldUptimeSRTTRTOQSeq
(sec)(ms)CntNum
0192.168.12.2Se0/01200:
01:
16114684017
r2#showipeigrpneighbors
IP-EIGRPneighborsforprocess10
HAddressInterfaceHoldUptimeSRTTRTOQSeq
(sec)(ms)CntNum
0192.168.23.2Se0/21000:
00:
5915535000010
1192.168.12.1Se0/01200:
01:
1214486408
r3#showipeigrpneighbors
IP-EIGRPneighborsforprocess10
HAddressInterfaceHoldUptimeSRTTRTOQSeq
(sec)(ms)CntNum
0192.168.23.1Se0/01200:
00:
48120720019
这时候实现了路由的平滑过渡,可以删掉EIGRP了。
实验二
实验要求:
将172.16.0.0/16所有网段宣告进OSPF但希望R3学不到172.16.4.0/24这条路由
实验分析:
可利用ACL直接将该路由在R3上拒绝,因为是链路状态协议故只能在本路由器IN方向拒绝,它拒绝的是路由而不是LSA,因此必须这样做。
实验操作及结果:
在没有采取任何措施时,将所有网段全部发布进OSPFR3路由表如下
r3#showiproute
192.168.12.0/30issubnetted,1subnets
O192.168.12.0[110/128]via192.168.23.1,00:
00:
06,Serial0/0
172.16.0.0/32issubnetted,5subnets
O172.16.4.0[110/129]via192.168.23.1,00:
00:
06,Serial0/0
O172.16.5.0[110/129]via192.168.23.1,00:
00:
06,Serial0/0
O172.16.1.0[110/129]via192.168.23.1,00:
00:
06,Serial0/0
O172.16.2.0[110/129]via192.168.23.1,00:
00:
06,Serial0/0
O172.16.3.0[110/129]via192.168.23.1,00:
00:
06,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/0
O192.168.1.0/24[110/138]via192.168.23.1,00:
00:
06,Serial0/0
C192.168.3.0/24isdirectlyconnected,Ethernet3/0
这时候在R3上拒绝4.0网段进路由表,只能在R3进接口上拒绝它,因为所能拒绝的是路由,LSA还是能过来的,R3通过LSA能产生4.0的路由,但因为接口采用了分发列表控制了这条路由的进入,因此它进不了路由表。
结果如下
r3(config)#access-list10denyhost172.16.1.0
r3(config)#access-list10permitany
r3(config)#routerospf1
r3(config-router)#distribute-list10ins0/0//拒绝了的所有的172.16.1.0
这时候查路由表不会有1.0网段了
r3#showiproute
192.168.12.0/30issubnetted,1subnets
O192.168.12.0[110/128]via192.168.23.1,00:
00:
04,Serial0/0
172.16.0.0/32issubnetted,4subnets
O172.16.4.0[110/129]via192.168.23.1,00:
00:
04,Serial0/0
O172.16.5.0[110/129]via192.168.23.1,00:
00:
04,Serial0/0
O172.16.2.0[110/129]via192.168.23.1,00:
00:
04,Serial0/0
O172.16.3.0[110/129]via192.168.23.1,00:
00:
04,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/0
O192.168.1.0/24[110/138]via192.168.23.1,00:
00:
04,Serial0/0
C192.168.3.0/24isdirectlyconnected,Ethernet3/0
实验三
实验要求:
将172.16.0.0/16所有网段宣告为RIP并重发布进来,但172.16.4.0/24不能宣告进OSPF
实验分析:
一可以直接在边界拒绝掉该网段进入,二可以采用route-map进行匹配从而拒绝。
由于重发布汇总会产生一条反馈路由,这时也要拒绝掉。
实验操作及结果:
在ASBR重发布RIP进OSPF时将4.0网段直接拒绝发布,如下
r1(config)#access-list10deny172.16.4.0
r1(config)#access-list10permitany
r1(config)#routerospf1
r1(config-router)#distribute-list10outrip//拒绝4.0从RIP出来
r1(config-router)#redistributeripsubnets
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
172.16.0.0/32issubnetted,4subnets
OE2172.16.5.0[110/20]via192.168.12.1,00:
00:
03,Serial0/0
OE2172.16.1.0[110/20]via192.168.12.1,00:
00:
03,Serial0/0
OE2172.16.2.0[110/20]via192.168.12.1,00:
00:
03,Serial0/0
OE2172.16.3.0[110/20]via192.168.12.1,00:
00:
03,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
O192.168.1.0/24[110/74]via192.168.12.1,00:
00:
03,Serial0/0
O192.168.3.0/24[110/74]via192.168.23.2,00:
00:
03,Serial0/2
第二种方法在重发布中用route-map进行匹配发布也能得到想要的结果
r1(config)#access-list10deny172.16.4.0//此处deny为‘不匹配’
r1(config)#access-list10permitany
r1(config)#route-mapfuckjiugepermit10
r1(config-route-map)#matchipad10
r1(config-route-map)#exit
r1(config)#routerospf1
r1(config-router)#redistributeripsubnetsroute-mapfuckjiuge//匹配相应的route-map信息
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
172.16.0.0/32issubnetted,4subnets
OE2172.16.5.0[110/20]via192.168.12.1,00:
06:
35,Serial0/0
OE2172.16.1.0[110/20]via192.168.12.1,00:
06:
35,Serial0/0
OE2172.16.2.0[110/20]via192.168.12.1,00:
06:
35,Serial0/0
OE2172.16.3.0[110/20]via192.168.12.1,00:
06:
35,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
O192.168.1.0/24[110/74]via192.168.12.1,00:
06:
35,Serial0/0
O192.168.3.0/24[110/74]via192.168.23.2,00:
06:
35,Serial0/2
关于反馈路由问题
r2(config)#routerospf1
r2(config-router)#summary-address172.16.0.0255.255.0.0//在边界将网段进行汇总
这时候ASBR会产生一条汇总信息
r2#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
172.16.0.0/16isvariablysubnetted,3subnets,2masks
O172.16.0.0/16isasummary,00:
00:
14,Null0
R172.16.1.0/24[120/1]via192.168.12.1,00:
00:
17,Serial0/0
R172.16.2.0/24[120/1]via192.168.12.1,00:
00:
17,Serial0/0
192.168.23.0/30issubnetted,1subnets
C192.168.23.0isdirectlyconnected,Serial0/2
在将OSPF重发布进RIP时,汇总信息会重发布进来,从而形成了反馈路由
r1#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
172.16.0.0/16isvariablysubnetted,3subnets,2masks
R172.16.0.0/16[120/5]via192.168.12.2,00:
00:
20,Serial0/0//反馈路由
C172.16.1.0/24isdirectlyconnected,Ethernet3/0
C172.16.2.0/24isdirectlyconnected,Ethernet3/1
192.168.23.0/30issubnetted,1subnets
R192.168.23.0[120/5]via192.168.12.2,00:
00:
24,Serial0/0
为了避免反馈路由,可以拒绝汇总的重发布出去
r2(config)#access-list10denyhost172.16.0.0
r2(config)#access-list10permitany
r2(config)#routerrip
r2(config-router)#distribute-list10outospf1
r1#showiproute
192.168.12.0/30issubnetted,1subnets
C192.168.12.0isdirectlyconnected,Serial0/0
172.16.0.0/24issubnetted,2subnets
C172.16.1.0isdirectlyconnected,Ethernet3/0
C172.16.2.0isdirectlyconnected,E
升级会员 