- 项目拓扑与项目需求
项目需求
某企业网络使用ospf和isis作为IGP协议实现内部网络的互联互通,区域规划和IP规划如图所示,现在要求实现如下需求:
- LSW1和AR1使用vlan10互联,与AR2使用vlan20互联,LSW1与LSW2、3、4之间使用三层互联,LSW1与LSW2使用vlan30互联,与LSW3使用vlan40互联,与LSW4使用vlan50互联,IP地址如图所示。
- LSW2作为vlan100的网关设备,LSW3作为vlan101的网关设备,LSW4作为vlan102的网关设备。
- 配置ospf 多区域,实现企业内部网络互联互通。
- 企业拥有两个出口分别是AR1和AR2,并且租用的双链路实现网络冗余,要求在AR1、AR2上配置浮动静态路由和NAT实现内部设备访问外部网络的时候通过AR1和AR2实现负载分担,流量到出口设备,优选电信链路,电信链路故障则选择联通的链路。
- 实验步骤
步骤1:设备重命名以及IP地址的配置
AR1的配置
[AR1]interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.0.12.1 255.255.255.0
[AR1]interface GigabitEthernet0/0/1
[AR1-GigabitEthernet0/0/1]ip address 10.0.14.1 255.255.255.0
[AR1]interface LoopBack0
[AR1-LoopBack-0]ip address 1.1.1.1 255.255.255.255
其他设备同理不做赘述
步骤2:配置OSPF区域网络互联互通
AR1的配置
[AR1]ospf 1
[AR1-ospf-1]area 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[AR1-ospf-1-area-0.0.0.0]network 10.0.14.0 0.0.0.255
AR2的配置
[AR2]ospf 1
[AR2-ospf-1]area 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[AR2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255
[AR2-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
AR3的配置
[AR3]ospf 1
[AR3-ospf-1]area 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[AR3-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
[AR3-ospf-1]area 0.0.0.1
[AR3-ospf-1-area-0.0.0.1]network 10.0.35.0 0.0.0.255
AR4的配置
[AR4]ospf 1
[AR4-ospf-1]area 0.0.0.0
[AR4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[AR4-ospf-1-area-0.0.0.0]network 10.0.14.0 0.0.0.255
[AR4-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
AR5的配置
[AR5]ospf 1
[AR5-ospf-1]area 0.0.0.1
[AR5-ospf-1-area-0.0.0.1]network 5.5.5.5 0.0.0.0
[AR5-ospf-1-area-0.0.0.1]network 10.0.35.0 0.0.0.255
查看AR5路由表:
[AR5-ospf-1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 19 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 3 D 10.0.35.3 GigabitEthernet
0/0/0
2.2.2.2/32 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 1 D 10.0.35.3 GigabitEthernet
0/0/0
4.4.4.4/32 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
5.5.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 3 D 10.0.35.3 GigabitEthernet
0/0/0
10.0.14.0/24 OSPF 10 3 D 10.0.35.3 GigabitEthernet
0/0/0
10.0.23.0/24 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
10.0.34.0/24 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
10.0.35.0/24 Direct 0 0 D 10.0.35.5 GigabitEthernet
0/0/0
10.0.35.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.35.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.56.0/24 Direct 0 0 D 10.0.56.5 GigabitEthernet
0/0/1
10.0.56.5/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.56.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可知OSPF运行成功,学习到相关路由
步骤3:写路由策略,过滤非环回路由
AR3的配置:
[AR3]ip ip-prefix host permit 0.0.0.0 0 greater-equal 32 less-equal 32 //匹配所有路由中子网掩码为32位的
[AR3-ospf-1-area-0.0.0.0]filter ip-prefix host export
查看OSPF路由表:
<AR5>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 4 Routes : 4
OSPF routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 3 D 10.0.35.3 GigabitEthernet
0/0/0
2.2.2.2/32 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 1 D 10.0.35.3 GigabitEthernet
0/0/0
4.4.4.4/32 OSPF 10 2 D 10.0.35.3 GigabitEthernet
0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
可知过滤成功
AR3的配置
[AR3-ospf-1-area-0.0.0.0]filter ip-prefix host import
<AR1>dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 6 Routes : 8
OSPF routing table status : <Active>
Destinations : 6 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 2 D 10.0.14.4 GigabitEthernet
0/0/1
4.4.4.4/32 OSPF 10 1 D 10.0.14.4 GigabitEthernet
0/0/1
5.5.5.5/32 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 3 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 OSPF 10 2 D 10.0.14.4 GigabitEthernet
由表可知过滤成功
步骤4:运行isis
AR5的配置:
[AR5]isis 1
[AR5-isis-1]is-level level-2
[AR5-isis-1]cost-style wide
[AR5-isis-1]network-entity 49.0001.0000.0000.0005.00
[AR5-GigabitEthernet0/0/1]isis enable
AR6的配置:
[AR6]isis 1
[AR6-isis-1]cost-style wide
[AR6-isis-1]network-entity 49.0002.0000.0006.00
[AR6-GigabitEthernet0/0/0]isis enable
[AR6-GigabitEthernet0/0/1]isis enable
[AR6-LoopBack0]isis enable
AR7的配置:
[AR7]isis 1
[AR7-isis-1]is-level level-1
[AR7-isis-1]cost-style wide
[AR7-isis-1]network-entity 49.0002.0000.0000.0007.00
查看AR7的路由表:
[AR7]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.67.6 GigabitEthernet
0/0/0
6.6.6.6/32 ISIS-L1 15 10 D 10.0.67.6 GigabitEthernet
0/0/0
7.7.7.7/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.56.0/24 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
10.0.67.0/24 Direct 0 0 D 10.0.67.7 GigabitEthernet
0/0/0
10.0.67.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.67.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在AR5上做路由引入:
[AR5]ospf
[AR5-ospf-1]import-route isis
[AR5-ospf-1]quit
[AR5]isis
[AR5-isis-1]import-route ospf
[AR5-isis-1]
查看AR1路由表:
<AR1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 21 Routes : 27
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 2 D 10.0.14.4 GigabitEthernet
0/0/1
4.4.4.4/32 OSPF 10 1 D 10.0.14.4 GigabitEthernet
0/0/1
5.5.5.5/32 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 3 D 10.0.14.4 GigabitEthernet
0/0/1
6.6.6.6/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
7.7.7.7/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 OSPF 10 2 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.56.0/24 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.67.0/24 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
步骤6:做路由策略,过滤对应路由
AR5的配置:
[AR5]route-policy host permit node 10
[AR5-route-policy]if-match ip-prefix host
调用策略
[AR5]isis
[AR5-isis-1]import-route ospf route-policy host
[AR5-isis-1]quit
[AR5]ospf
[AR5-ospf-1]import-route isis route-policy host
再次查看AR1路由表:
<AR1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 19 Routes : 23
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 2 D 10.0.14.4 GigabitEthernet
0/0/1
4.4.4.4/32 OSPF 10 1 D 10.0.14.4 GigabitEthernet
0/0/1
5.5.5.5/32 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF 10 3 D 10.0.14.4 GigabitEthernet
0/0/1
6.6.6.6/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
7.7.7.7/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
O_ASE 150 1 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 OSPF 10 2 D 10.0.14.4 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可知过滤成功
做路由渗透,使得level 1区域也能够学习环回口的明细路由
[AR6-isis-1]import-route isis level-2 into level-1
查看路由表:
<AR7>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.67.6 GigabitEthernet
0/0/0
1.1.1.1/32 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
2.2.2.2/32 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
3.3.3.3/32 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
4.4.4.4/32 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
5.5.5.5/32 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
6.6.6.6/32 ISIS-L1 15 10 D 10.0.67.6 GigabitEthernet
0/0/0
7.7.7.7/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.56.0/24 ISIS-L1 15 20 D 10.0.67.6 GigabitEthernet
0/0/0
10.0.67.0/24 Direct 0 0 D 10.0.67.7 GigabitEthernet
0/0/0
10.0.67.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.67.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
步骤6:开启BFD
[AR1]bfd
[AR1-bfd]quit
[AR1]ospf
[AR1-ospf-1]bfd all-interfaces enable
AR2、AR3、AR4同理,不做赘述
查看BFD会话建立情况:
[AR1]display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 10.0.12.2 Up D_IP_IF GigabitEthernet0/0/0
8193 8193 10.0.14.4 Up D_IP_IF GigabitEthernet0/0/1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0
可知建立成功
步骤7:将AR1访问AR3的主链路设置为AR1-AR2-AR3,并开启FRR
- 修改开销,实现AR1访问AR3的主链路设置为AR1-AR2-AR3
[AR1-GigabitEthernet0/0/1]ospf cost 100
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 8 Routes : 8
OSPF routing table status : <Active>
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet
0/0/0
3.3.3.3/32 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
4.4.4.4/32 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
5.5.5.5/32 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
6.6.6.6/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
7.7.7.7/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 OSPF 10 3 D 10.0.12.2 GigabitEthernet
0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
由表可知去往3.3.3.3只有一条路由
- 开启FRR
[AR1]ospf
[AR1-ospf-1]frr
[AR1-ospf-1-frr]loop-free-alternate
查看去往3.3.3.3的明细路由:
[AR1]display ospf routing 3.3.3.3
OSPF Process 1 with Router ID 10.0.12.1
Destination : 3.3.3.3/32
AdverRouter : 10.0.23.3 Area : 0.0.0.0
Cost : 2 Type : Stub
NextHop : 10.0.12.2 Interface : GigabitEthernet0/0/0
Priority : Medium Age : 00h01m15s
Backup Nexthop : 10.0.14.4 Backup Interface: GigabitEthernet0/0/1
Backup Type : LFA LINK-NODE
[AR1]
主链路和备份链路计算完成
步骤8:运行BGP,将AR3设置为路由反射器,并配置BGP认证
(1)路由反射器配置
AR3的配置:
[AR3]bgp 100
[AR3-bgp]group huawei internal
[AR3-bgp]peer 1.1.1.1 group huawei
[AR3-bgp]peer 2.2.2.2 group huawei
[AR3-bgp]peer 4.4.4.4 group huawei
[AR3-bgp]peer 5.5.5.5 group huawei
[AR3-bgp]peer 6.6.6.6 group huawei
[AR3-bgp]peer 7.7.7.7 group huawei
配置AR3反射器
[AR3]bgp 100
[AR3-bgp]peer huawei connect-interface LoopBack 0//一条相当于7条
[AR3-bgp]peer huawei reflect-client
AR1的配置
[AR1]bgp 100
[AR1-bgp]peer 3.3.3.3 as-number 100
[AR1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
AR2、3、4、5、6、7同理不做赘述
(2)认证配置
[AR3-bgp]peer huawei password cipher huawei123
[AR1-bgp]peer 3.3.3.3 password cipher huawei123//其他设备配置相同
)
