OSPF综合实验

一、实验拓扑图

二、实验要求

1、R4为ISP，其上只能配置IP地址；R4与其他所有直连设备间均使用公有IP

2、R3-R5/6/7为MGRE环境，R3为中心站点；

3、整个OSPF环境IP基于172.16.0.0/16划分；

4、所有设备均可访问R4的环回；

5、减少LSA的更新量，加快收敛，保障更新安全；

6、全网可达

三、实验配置

1、各区域IP地址的划分

将172.16.0.0/16大致划分为八个区域，剩余的两个区域作为备用区域

area 0------172.16.0.0/19

172.16.0.0/24------P2P的骨干

172.16.0.0/30

172.16.0.4/30

172.16.0.8/30

......

172.16.0.63/30

172.16.2.0/24------MA的骨干

172.16.1.0/29

172.16.1.8/39

172.16.1.16/29

172.16.2.0/24------用户网段

......

172.16.31.0/24

area 1------172.16.32.0/19

172.16.32.0/24------P2P的骨干

172.16.32.0/30

172.16.32.4/30

172.16.32.8/30

172.16.33.0/24------MA的骨干

172.16.33.0/29

172.16.33.8/29

172.16.33.16/29

172.16.34.0/24

......

172.16.63.0/24

area 2------172.16.64.0/19

area 3------172.16.96.0/19

area 4------172.16.128.0/19

RIP------172.16.160.0/19

备用区域：172.16.192.0/19 172.16.224.0/19

2、各区域IP地址及环回地址的配置

R1

[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 29
[R1-GigabitEthernet0/0/0]int l 0
[R1-LoopBack0]ip address 172.16.34.1 24

R2

[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[R2-GigabitEthernet0/0/0]int l 0
[R2-LoopBack0]ip address 172.16.35.1 24

R3

[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 29
[R3-GigabitEthernet0/0/0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.1 24
[R3-Serial4/0/0]int l 0	
[R3-LoopBack0]ip address 172.16.36.1 24
[R3-LoopBack0]q
[R3]ip route-static 0.0.0.0 0 34.0.0.2    ------    缺省路由

R4

[ISP]int s 4/0/0
[ISP-Serial4/0/0]ip address 34.0.0.2 24
[ISP-Serial4/0/0]int s 4/0/1
[ISP-Serial4/0/1]ip address 54.0.0.2 24
[ISP-Serial4/0/1]int s 3/0/0
[ISP-Serial3/0/0]ip address 64.0.0.2 24
[ISP-Serial3/0/0]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 74.0.0.2 24
[ISP-GigabitEthernet0/0/0]int l 0
[ISP-LoopBack0]ip address 4.4.4.4 24

R5

[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 54.0.0.1 24
[R5-Serial4/0/0]int l 0
[R5-LoopBack0]ip address 172.16.2.1 24
[R5]ip route-static 0.0.0.0 0 54.0.0.2    ------    缺省路由

R6

[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 64.0.0.1 24
[R6-Serial4/0/0]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 29
[R6-GigabitEthernet0/0/0]int l 0	
[R6-LoopBack0]ip address 172.16.3.1 24
[R6]ip route-static 0.0.0.0 0 64.0.0    ------    缺省路由

R7

[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 74.0.0.1 24
[R7-GigabitEthernet0/0/0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 29
[R7-GigabitEthernet0/0/1]int l 0
[R7-LoopBack0]ip address 172.16.4.1 24
[R7]ip route-static 0.0.0.0 0 74.0.0.2    ------    缺省路由

R8

[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 29
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.9 29
[R8-GigabitEthernet0/0/1]int l 0
[R8-LoopBack0]ip address 172.16.98.1 24

R9

[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.10 29
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 29
[R9-GigabitEthernet0/0/1]int l 0
[R9-LoopBack0]ip address 172.16.130.1 24

R10

[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 29
[R10-GigabitEthernet0/0/0]int l 0
[R10-LoopBack0]ip address 172.16.131.1 24

R11

[R11]int g 0/0/0	
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 29
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.9 29
[R11-GigabitEthernet0/0/1]int l 0
[R11-LoopBack0]ip address 172.16.66.1 24

R12

[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.10 29
[R12-GigabitEthernet0/0/0]int l 0
[R12-LoopBack0]ip address 172.16.160.1 20
[R12-LoopBack0]int l 1
[R12-LoopBack1]ip address 172.16.176.1 20

3、R3-R5/6/7为MGRE环境，R3为中心站点

R3

[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip address 172.16.1.1 29
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R3-Tunnel0/0/0]source 34.0.0.1
[R3-Tunnel0/0/0]nhrp network-id 10
[R3-Tunnel0/0/0]nhrp entry multicast dynamic 

R5

[R5]int t 0/0/0
[R5-Tunnel0/0/0]ip address 172.16.1.2 29
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R5-Tunnel0/0/0]source 54.0.0.1
[R5-Tunnel0/0/0]nhrp network-id 10
[R5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register

R6

[R6]int t 0/0/0
[R6-Tunnel0/0/0]ip address 172.16.1.3 29
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R6-Tunnel0/0/0]source 64.0.0.1
[R6-Tunnel0/0/0]nhrp network-id 10
[R6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

R7

[R7]int t 0/0/0
[R7-Tunnel0/0/0]ip address 172.16.1.4 29
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[R7-Tunnel0/0/0]source 74.0.0.1
[R7-Tunnel0/0/0]nhrp network-id 10
[R7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register 

查看MGRE环境

4、启动OSPF协议和RIP协议

R1

[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

R2

[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255

R3

[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 172.16.33.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]area 0
[R3-ospf-1-area-0.0.0.0]network 34.0.0.1 0.0.0.0

[R3]int t 0/0/0    ------    更改接口类型
[R3-Tunnel0/0/0]ospf network-type p2mp

R5

[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[R5]int t 0/0/0    ------    更改接口类型
[R5-Tunnel0/0/0]ospf network-type p2mp

R6

[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[R6-ospf-1-area-0.0.0.0]area 2
[R6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0

[R6]int t 0/0/0    ------    更改接口类型
[R6-Tunnel0/0/0]ospf network-type p2mp

R7

[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 74.0.0.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
[R7-ospf-1-area-0.0.0.0]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0

[R7]int t 0/0/0    ------    更改接口类型
[R7-Tunnel0/0/0]ospf network-type p2mp

R8

[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.97.9 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.98.1 0.0.0.0

R9

[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[R9-ospf-1-area-0.0.0.3]area 4
[R9-ospf-1-area-0.0.0.4]network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]network 172.16.130.1 0.0.0.0

R10

[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.129.2 0.0.0.0
[R10-ospf-1-area-0.0.0.4]network 172.16.131.1 0.0.0.0

R11

[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.9 0.0.0.0

R12

OSPF
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net	
[R12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0

RIP
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]network 172.16.0.0

进行重发布，将RIP协议导入到OSPF协议中，让两个不同的网络进行通信

因为路由缺少area 4区域和RIP区域路由，可以使用重发布导入

[R12]ospf 1
[R12-ospf-1]import-route rip 1

删除区域4，重新创建OSPF2区域

[R9]ospf 1
[R9-ospf-1]area 4
[R9-ospf-1-area-0.0.0.4]undo network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]undo network 172.16.130.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]q
[R9-ospf-1]undo area 4

[R9]ospf 2 router-id 19.19.19.19
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]network 172.16.130.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]network 172.16.129.1 0.0.0.0

重发布OSPF2

[R9]ospf 1
[R9-ospf-1]import-route ospf 2

5、减少LSA的更新量（进行汇总和做特殊区域）

汇总可以减少骨干区域收到的路由信息

为了避免线路环回，我们可以配置空接口路由

域间路由汇总

R3------骨干区域发送路由信息时，将LSA汇总成一条3类LSA

[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0

[R3]ip route-static 172.16.32.0 19 NULL 0    ------    空接口防环

R6

[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0

[R6]ip route-static 172.16.64.0 19 NULL 0

R7

[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0

[R7]ip route-static 172.16.96.0 19 NULL 0

R9

[R9]ospf 1
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0

[R9]ip route-static 172.16.128.0 19 NULL 0

R12

[R12]ospf 1
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0

[R12]ip route-static 172.16.160.0 19 NULL 0

区域1配置完全末梢区域

[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]stub

[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub

[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary

区域2

[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary

[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]nssa

[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]nssa

区域3

[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary

[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]nssa

[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]nssa

因为R10没有任何路由信息，所以我们可以在R9上配置一条缺省路由，由此可以全网可达

[R9]ospf 2
[r9-ospf-2]default-route-adbertise

6、加快收敛（可以修改hello时间，死亡时间随hello时间变化而变化）

[R3]int t 0/0/0
[R3-Tunnel0/0/0]ospf timer hello 10

[R5]int t 0/0/0
[R5-Tunnel0/0/0]ospf timer hello 10

[R6]int t 0/0/0
[R6-Tunnel0/0/0]ospf timer hello 10

[R7]int t 0/0/0
[R7-Tunnel0/0/0]ospf timer hello 10

7、配置NET环境，完成所有设备访问R4环回

因为R4周围只有R3、R6、R7三台设备，所以只需要在这三个设备上做NAT端口映射即可，源地址为R4的网段

[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000

[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s 4/0/0
[R6-Serial4/0/0]nat outbound 2000

[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g 0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000

8、保证更新安全，全网可达

[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authen	
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]authen	
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456

[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]authen	
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci	
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456