双点双向重发布控制
实验需求及应用环境:
1.在R5上执行双向重发布,再在R3上执行双向重发布
2.分析次佳路由产生的原因,及解决方案
3.要求R4去往1.1.1.1能够负载均衡,如何实现?
4.要求R4去往11.11.11.11的下一跳首先R3,R5做备份,如何解决?
实验调试过程:
R1配置:
router rip //配置RIP
version 2
passive-interface default
no passive-interface Ethernet0/0
network 1.0.0.0
network 11.0.0.0
network 192.168.12.0
no auto-summary
R2配置:
router rip //配置RIP
version 2
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Serial1/0
no passive-interface Serial1/1
network 2.0.0.0
network 192.168.12.0
network 192.168.23.0
network 192.168.25.0
no auto-summary
R3配置:
router ospf 1 //配置OSPF
router-id 3.3.3.3
redistribute rip metric 1000 metric-type 1 subnets tag 3 route-map 11
//重发布配置ROUTE-MPA的RIP到OSPF中,并打上标记3
passive-interface default
no passive-interface Serial1/1
network 3.3.3.3 0.0.0.0 area 0
network 192.168.34.0 0.0.0.255 area 0
distance ospf external 170 //配置OSPF外部区域的管理距离为170
router rip //配置RIP
version 2
redistribute ospf 1 metric 5 //重发布OSPF到RIP中
passive-interface default
no passive-interface Serial1/0
network 192.168.23.0
no auto-summary
access-list 10 permit 11.11.11.11 //定义感兴趣流
route-map 11 permit 10 //创建ROUTE-MAP
match ip address 10 //匹配流量
set metric 500 //设定开销为500
route-map 3 deny 10 //过滤匹配流量
match tag 5 //匹配打标记的流量
route-map 3 permit 20 //允许其它所有流量通过
R4配置:
router ospf 1 //配置OSPF
router-id 4.4.4.4
passive-interface default
no passive-interface Serial1/0
no passive-interface Serial1/1
network 4.4.4.4 0.0.0.0 area 0
network 192.168.34.0 0.0.0.255 area 0
network 192.168.45.0 0.0.0.255 area 0
R5配置:
router ospf 1 //配置OSPF
router-id 5.5.5.5
redistribute rip metric 1000 metric-type 1 subnets tag 5
//重发布RIP到OSPF中,并打上标记3
passive-interface default
no passive-interface Serial1/0
network 5.5.5.5 0.0.0.0 area 0
network 192.168.45.0 0.0.0.255 area 0
distance ospf external 170 //配置OSPF外部区域的管理距离为170
router rip //配置RIP
version 2
redistribute ospf 1 metric 5 //重分布OSPF到RIP
passive-interface default
no passive-interface Serial1/1
network 192.168.25.0
no auto-summary
route-map 5 deny 10 //过滤匹配流量
match tag 3 //匹配打标记的流量
route-map 5 permit 20 //允许其它所有流量通过
实验结果分析:
R5的路由表:
R 192.168.12.0/24 [120/1] via 192.168.25.1, 00:00:12, Serial1/1
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/2] via 192.168.25.1, 00:00:12, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/129] via 192.168.45.2, 00:00:28, Serial1/0
C 192.168.45.0/24 is directly connected, Serial1/0
C 192.168.25.0/24 is directly connected, Serial1/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 192.168.45.2, 00:00:28, Serial1/0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
O E1 192.168.23.0/24 [110/1128] via 192.168.45.2, 00:00:28, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
R 11.11.11.11 [120/2] via 192.168.25.1, 00:00:12, Serial1/1
O 192.168.34.0/24 [110/128] via 192.168.45.2, 00:00:29, Serial1/0
R3的路由表:
O E1 192.168.12.0/24 [110/1128] via 192.168.34.2, 00:01:53, Serial1/1
1.0.0.0/32 is subnetted, 1 subnets
O E1 1.1.1.1 [110/1128] via 192.168.34.2, 00:01:53, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
O 192.168.45.0/24 [110/128] via 192.168.34.2, 00:01:53, Serial1/1
O E1 192.168.25.0/24 [110/1128] via 192.168.34.2, 00:01:53, Serial1/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 192.168.34.2, 00:01:53, Serial1/1
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/129] via 192.168.34.2, 00:01:53, Serial1/1
C 192.168.23.0/24 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O E1 11.11.11.11 [110/1128] via 192.168.34.2, 00:01:53, Serial1/1
C 192.168.34.0/24 is directly connected, Serial1/1
在上面的路由表中,R5、R3的部分路由出现了次佳路由,R3去往外部的非直连路由都将下一跳交给了R4,显然不是最佳路由,为什么会出现次佳路由及解决方法,我们一起来分析一下:
路由表中出现的O E1路由显然是通过OSPF学习到的,我们查看一下OSPF LSDB
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.1 5.5.5.5 499 0x80000001 0x000B26 0
11.11.11.11 5.5.5.5 499 0x80000001 0x003DCB 0
192.168.12.0 5.5.5.5 499 0x80000003 0x00FEBE 0
192.168.23.0 3.3.3.3 484 0x80000001 0x00C5F6 0
192.168.25.0 5.5.5.5 499 0x80000003 0x006F41 0
显然都是R5通告过来的路由
我们看一下R4的路由表和LSDB:
O E1 192.168.12.0/24 [110/1064] via 192.168.45.1, 00:10:11, Serial1/1
1.0.0.0/32 is subnetted, 1 subnets
O E1 1.1.1.1 [110/1064] via 192.168.45.1, 00:10:11, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/65] via 192.168.34.1, 00:10:11, Serial1/0
O E1 192.168.25.0/24 [110/1064] via 192.168.45.1, 00:10:11, Serial1/1
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/65] via 192.168.45.1, 00:10:11, Serial1/1
O E1 192.168.23.0/24 [110/1064] via 192.168.34.1, 00:10:11, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
O E1 11.11.11.11 [110/1064] via 192.168.45.1, 00:10:11, Serial1/1
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.1 5.5.5.5 711 0x80000001 0x000B26 0
11.11.11.11 5.5.5.5 711 0x80000001 0x003DCB 0
192.168.12.0 5.5.5.5 711 0x80000003 0x00FEBE 0
192.168.23.0 3.3.3.3 698 0x80000001 0x00C5F6 0
192.168.25.0 5.5.5.5 711 0x80000003 0x006F41 0
从路由表和LSDB中我们可以看出,R4学习到外部路由除(R3直连外)都是R5通告的,为什么没有收到R3的通告呢?显然是R3没有通告其它5类LSA。
从R3上的路由表没有RIP路由我们可以得知,由于OSPF的管理距离为110而RIP的为120,所以OSPF的路由优于RIP,所以全局路由表中只有OSPF的5类路由,形成了次佳路由,由于全局路由表中没有RIP路由,所以它不能发出那些外部路由的5类LSA,所以在R4也不能形成负载均衡。至于只有R3产生次佳路由,原因是R5先重发布而发出5类LSA,被R3学习到导致R3的RIP不能进全局路由表,也就不会有那些路由的5类LSA通告(只有直连外部路由通告),所以生成R3、R5上的部分次佳路由。
解决方法:1.在RT3和RT5上过滤掉外部路由
2.修改OSPF外部路由的管理距离,使之低于RIP
思考哪个方法更优?
方法1:
R5:
redistribute rip metric 1000 metric-type 1 subnets tag 5 //在R5上重分布进来的RIP路由打一标记5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
1.1.1.1 5.5.5.5 97 0x80000003 0x0061C8 5
11.11.11.11 5.5.5.5 97 0x80000003 0x00936E 5
192.168.12.0 5.5.5.5 97 0x80000005 0x005561 5
192.168.23.0 3.3.3.3 314 0x80000002 0x00C3F7 0
192.168.25.0 5.5.5.5 97 0x80000005 0x00C5E3 5
R3收到Tag标记的5类LSA
R3:
route-map 5 deny 10 //建立router-map 5 过滤匹配的路由
match tag 5 //匹配带5标记的路由
route-map 5 permit 20 //允许其它的路由通过
router ospf 1
distribute-list route-map 5 in //在OSPF进程中过滤带标记的路由安装到全局路由表
现在R3的路由表中没有次佳路由了
R 192.168.12.0/24 [120/1] via 192.168.23.1, 00:00:00, Serial1/0
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/2] via 192.168.23.1, 00:00:00, Serial1/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
O 192.168.45.0/24 [110/128] via 192.168.34.2, 00:00:08, Serial1/1
R 192.168.25.0/24 [120/1] via 192.168.23.1, 00:00:00, Serial1/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/65] via 192.168.34.2, 00:00:08, Serial1/1
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/129] via 192.168.34.2, 00:00:08, Serial1/1
C 192.168.23.0/24 is directly connected, Serial1/0
11.0.0.0/32 is subnetted, 1 subnets
R 11.11.11.11 [120/2] via 192.168.23.1, 00:00:01, Serial1/0
C 192.168.34.0/24 is directly connected, Serial1/1
同样在R5是做以上配置,解决次佳路由:
R3:
redistribute rip metric 1000 metric-type 1 subnets tag 3 //在R3上重分布进来的RIP路由打一标记3
R5:
route-map 3 deny 10 //建立router-map 3 过滤匹配的路由
match tag 3 //匹配带3标记的路由
route-map 3 permit 20 //允许其它的路由通过
router ospf 1
distribute-list route-map 3 in //用分发列表在OSPF进程中过滤带标记的路由安装到全局路由表
现在R5的路由表中没有次佳路由了:
R 192.168.12.0/24 [120/1] via 192.168.25.1, 00:00:14, Serial1/1
1.0.0.0/32 is subnetted, 1 subnets
R 1.1.1.1 [120/2] via 192.168.25.1, 00:00:14, Serial1/1
3.0.0.0/32 is subnetted, 1 subnets
R 3.3.3.3 [120/6] via 192.168.25.1, 00:00:14, Serial1/1
C 192.168.45.0/24 is directly connected, Serial1/0
C 192.168.25.0/24 is directly connected, Serial1/1
4.0.0.0/32 is subnetted, 1 subnets
R 4.4.4.4 [120/6] via 192.168.25.1, 00:00:14, Serial1/1
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
R 192.168.23.0/24 [120/1] via 192.168.25.1, 00:00:14, Serial1/1
11.0.0.0/32 is subnetted, 1 subnets
R 11.11.11.11 [120/2] via 192.168.25.1, 00:00:14, Serial1/1
R 192.168.34.0/24 [120/6] via 192.168.25.1, 00:00:15, Serial1/1
现在R4能收到R3和R5外部路由通告了,可以走负载均衡了:
O E1 1.1.1.1 [110/1064] via 192.168.45.1, 00:02:48, Serial1/1
[110/1064] via 192.168.34.1, 00:02:48, Serial1/0
O E1 11.11.11.11 [110/1064] via 192.168.45.1, 00:02:48, Serial1/1
[110/1064] via 192.168.34.1, 00:02:48, Serial1/0
方法二:
R3:
router ospf 1
distance ospf external 170 //定义OSPF外部路由管理距离为170
R5:
router ospf 1
distance ospf external 170 //定义OSPF外部路由管理距离为170
现在R3和R5没有次佳路由了吧,R4能走负载均衡了吧
O E1 1.1.1.1 [110/1064] via 192.168.45.1, 00:00:43, Serial1/1
[110/1064] via 192.168.34.1, 00:00:43, Serial1/0
以上两种方法哪种好了?当然是方法2了,配置命令这么少;如采用方案一的话,当R3到R2(R5到R2)的链路断了,它还能去往1.1.1.1吗?当然不能了,因为OSPF的路由被过滤了,如果是方法二就还有一条OSPF的外部路由,还是可以通的。
要求R4去往11.11.11.11的下一跳首先R3,R5做备份,如何解决?
当然用来策略路由也能实现,但一般不用,我们可以使用路由策略,修改开销来实现。
配置如下:
R3:
access-list 10 permit 11.11.11.11 //建立访问控制列表,定义感兴趣流量
route-map 11 permit 10 //建立一个route-map
match ip address 10 //要匹配的流量
set metric 500 //为匹配的流量设置开销500
router ospf 1
redistribute rip metric 1000 metric-type 1 subnets tag 3 route-map 11
这条命令有点长,就是为匹配route-map的路由设定开销为500,不匹配的还是1000,同样重发布出去的打个标记3
看到没R4上的路由,首先走R3(开销为500+S1/0=500+64=564):
O E1 11.11.11.11 [110/564] via 192.168.34.1, 00:00:08, Serial1/0
现断开S1/0,它走R5,主备切换(开销为1000+S1/1=1000+64=1064):
O E1 192.168.23.0/24 [110/1064] via 192.168.45.1, 00:05:58, Serial1/1