一、实验拓扑图
二、实验要求
1、R4为ISP,其上只能配置IP地址;R4与其他所有直连设备间均使用公有IP
2、R3-R5/6/7为MGRE环境,R3为中心站点;
3、整个OSPF环境IP基于172.16.0.0/16划分;
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,加快收敛,保障更新安全;
6、全网可达
三、实验配置
1、各区域IP地址的划分
将172.16.0.0/16大致划分为八个区域,剩余的两个区域作为备用区域
area 0------172.16.0.0/19
172.16.0.0/24------P2P的骨干
172.16.0.0/30
172.16.0.4/30
172.16.0.8/30
......
172.16.0.63/30
172.16.2.0/24------MA的骨干
172.16.1.0/29
172.16.1.8/39
172.16.1.16/29
172.16.2.0/24------用户网段
......
172.16.31.0/24
area 1------172.16.32.0/19
172.16.32.0/24------P2P的骨干
172.16.32.0/30
172.16.32.4/30
172.16.32.8/30
172.16.33.0/24------MA的骨干
172.16.33.0/29
172.16.33.8/29
172.16.33.16/29
172.16.34.0/24
......
172.16.63.0/24
area 2------172.16.64.0/19
area 3------172.16.96.0/19
area 4------172.16.128.0/19
RIP------172.16.160.0/19
备用区域:172.16.192.0/19 172.16.224.0/19
2、各区域IP地址及环回地址的配置
R1
bash
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip address 172.16.33.1 29
[R1-GigabitEthernet0/0/0]int l 0
[R1-LoopBack0]ip address 172.16.34.1 24
R2
bash
[R2]int g 0/0/0
[R2-GigabitEthernet0/0/0]ip address 172.16.33.2 29
[R2-GigabitEthernet0/0/0]int l 0
[R2-LoopBack0]ip address 172.16.35.1 24
R3
bash
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip address 172.16.33.3 29
[R3-GigabitEthernet0/0/0]int s 4/0/0
[R3-Serial4/0/0]ip address 34.0.0.1 24
[R3-Serial4/0/0]int l 0
[R3-LoopBack0]ip address 172.16.36.1 24
[R3-LoopBack0]q
[R3]ip route-static 0.0.0.0 0 34.0.0.2 ------ 缺省路由
R4
bash
[ISP]int s 4/0/0
[ISP-Serial4/0/0]ip address 34.0.0.2 24
[ISP-Serial4/0/0]int s 4/0/1
[ISP-Serial4/0/1]ip address 54.0.0.2 24
[ISP-Serial4/0/1]int s 3/0/0
[ISP-Serial3/0/0]ip address 64.0.0.2 24
[ISP-Serial3/0/0]int g 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 74.0.0.2 24
[ISP-GigabitEthernet0/0/0]int l 0
[ISP-LoopBack0]ip address 4.4.4.4 24
R5
bash
[R5]int s 4/0/0
[R5-Serial4/0/0]ip address 54.0.0.1 24
[R5-Serial4/0/0]int l 0
[R5-LoopBack0]ip address 172.16.2.1 24
[R5]ip route-static 0.0.0.0 0 54.0.0.2 ------ 缺省路由
R6
bash
[R6]int s 4/0/0
[R6-Serial4/0/0]ip address 64.0.0.1 24
[R6-Serial4/0/0]int g 0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.65.1 29
[R6-GigabitEthernet0/0/0]int l 0
[R6-LoopBack0]ip address 172.16.3.1 24
[R6]ip route-static 0.0.0.0 0 64.0.0 ------ 缺省路由
R7
bash
[R7]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip address 74.0.0.1 24
[R7-GigabitEthernet0/0/0]int g 0/0/1
[R7-GigabitEthernet0/0/1]ip address 172.16.97.1 29
[R7-GigabitEthernet0/0/1]int l 0
[R7-LoopBack0]ip address 172.16.4.1 24
[R7]ip route-static 0.0.0.0 0 74.0.0.2 ------ 缺省路由
R8
bash
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip address 172.16.97.2 29
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip address 172.16.97.9 29
[R8-GigabitEthernet0/0/1]int l 0
[R8-LoopBack0]ip address 172.16.98.1 24
R9
bash
[R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip address 172.16.97.10 29
[R9-GigabitEthernet0/0/0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip address 172.16.129.1 29
[R9-GigabitEthernet0/0/1]int l 0
[R9-LoopBack0]ip address 172.16.130.1 24
R10
bash
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip address 172.16.129.2 29
[R10-GigabitEthernet0/0/0]int l 0
[R10-LoopBack0]ip address 172.16.131.1 24
R11
bash
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip address 172.16.65.2 29
[R11-GigabitEthernet0/0/0]int g 0/0/1
[R11-GigabitEthernet0/0/1]ip address 172.16.65.9 29
[R11-GigabitEthernet0/0/1]int l 0
[R11-LoopBack0]ip address 172.16.66.1 24
R12
bash
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip address 172.16.65.10 29
[R12-GigabitEthernet0/0/0]int l 0
[R12-LoopBack0]ip address 172.16.160.1 20
[R12-LoopBack0]int l 1
[R12-LoopBack1]ip address 172.16.176.1 20
3、R3-R5/6/7为MGRE环境,R3为中心站点
R3
bash
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ip address 172.16.1.1 29
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source 34.0.0.1
[R3-Tunnel0/0/0]nhrp network-id 10
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
R5
bash
[R5]int t 0/0/0
[R5-Tunnel0/0/0]ip address 172.16.1.2 29
[R5-Tunnel0/0/0]tunnel-protocol gre p2mp
[R5-Tunnel0/0/0]source 54.0.0.1
[R5-Tunnel0/0/0]nhrp network-id 10
[R5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
R6
bash
[R6]int t 0/0/0
[R6-Tunnel0/0/0]ip address 172.16.1.3 29
[R6-Tunnel0/0/0]tunnel-protocol gre p2mp
[R6-Tunnel0/0/0]source 64.0.0.1
[R6-Tunnel0/0/0]nhrp network-id 10
[R6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
R7
bash
[R7]int t 0/0/0
[R7-Tunnel0/0/0]ip address 172.16.1.4 29
[R7-Tunnel0/0/0]tunnel-protocol gre p2mp
[R7-Tunnel0/0/0]source 74.0.0.1
[R7-Tunnel0/0/0]nhrp network-id 10
[R7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
查看MGRE环境
4、启动OSPF协议和RIP协议
R1
bash
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
R2
bash
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255
R3
bash
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 172.16.33.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 172.16.36.1 0.0.0.0
[R3-ospf-1-area-0.0.0.1]area 0
[R3-ospf-1-area-0.0.0.0]network 34.0.0.1 0.0.0.0
[R3]int t 0/0/0 ------ 更改接口类型
[R3-Tunnel0/0/0]ospf network-type p2mp
R5
bash
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[R5]int t 0/0/0 ------ 更改接口类型
[R5-Tunnel0/0/0]ospf network-type p2mp
R6
bash
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.3.255
[R6-ospf-1-area-0.0.0.0]area 2
[R6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[R6]int t 0/0/0 ------ 更改接口类型
[R6-Tunnel0/0/0]ospf network-type p2mp
R7
bash
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 74.0.0.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.4.1 0.0.0.0
[R7-ospf-1-area-0.0.0.0]network 172.16.1.4 0.0.0.0
[R7-ospf-1-area-0.0.0.0]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
[R7]int t 0/0/0 ------ 更改接口类型
[R7-Tunnel0/0/0]ospf network-type p2mp
R8
bash
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.97.2 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.97.9 0.0.0.0
[R8-ospf-1-area-0.0.0.3]network 172.16.98.1 0.0.0.0
R9
bash
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[R9-ospf-1-area-0.0.0.3]area 4
[R9-ospf-1-area-0.0.0.4]network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]network 172.16.130.1 0.0.0.0
R10
bash
[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.129.2 0.0.0.0
[R10-ospf-1-area-0.0.0.4]network 172.16.131.1 0.0.0.0
R11
bash
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.65.2 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
[R11-ospf-1-area-0.0.0.2]network 172.16.65.9 0.0.0.0
R12
bash
OSPF
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]net
[R12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
RIP
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]network 172.16.0.0
进行重发布,将RIP协议导入到OSPF协议中,让两个不同的网络进行通信
因为路由缺少area 4区域和RIP区域路由,可以使用重发布导入
bash
[R12]ospf 1
[R12-ospf-1]import-route rip 1
删除区域4,重新创建OSPF2区域
bash
[R9]ospf 1
[R9-ospf-1]area 4
[R9-ospf-1-area-0.0.0.4]undo network 172.16.129.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]undo network 172.16.130.1 0.0.0.0
[R9-ospf-1-area-0.0.0.4]q
[R9-ospf-1]undo area 4
[R9]ospf 2 router-id 19.19.19.19
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]network 172.16.130.1 0.0.0.0
[R9-ospf-2-area-0.0.0.4]network 172.16.129.1 0.0.0.0
重发布OSPF2
bash
[R9]ospf 1
[R9-ospf-1]import-route ospf 2
5、减少LSA的更新量(进行汇总和做特殊区域)
汇总可以减少骨干区域收到的路由信息
为了避免线路环回,我们可以配置空接口路由
域间路由汇总
R3------骨干区域发送路由信息时,将LSA汇总成一条3类LSA
bash
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[R3]ip route-static 172.16.32.0 19 NULL 0 ------ 空接口防环
R6
bash
[R6]ospf 1
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[R6]ip route-static 172.16.64.0 19 NULL 0
R7
bash
[R7]ospf 1
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[R7]ip route-static 172.16.96.0 19 NULL 0
R9
bash
[R9]ospf 1
[R9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[R9]ip route-static 172.16.128.0 19 NULL 0
R12
bash
[R12]ospf 1
[R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
[R12]ip route-static 172.16.160.0 19 NULL 0
区域1配置完全末梢区域
bash
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]stub
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]stub
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]stub no-summary
区域2
bash
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]nssa no-summary
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]nssa
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]nssa
区域3
bash
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]nssa no-summary
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]nssa
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]nssa
因为R10没有任何路由信息,所以我们可以在R9上配置一条缺省路由,由此可以全网可达
bash
[R9]ospf 2
[r9-ospf-2]default-route-adbertise
6、加快收敛(可以修改hello时间,死亡时间随hello时间变化而变化)
[R3]int t 0/0/0
[R3-Tunnel0/0/0]ospf timer hello 10
[R5]int t 0/0/0
[R5-Tunnel0/0/0]ospf timer hello 10
[R6]int t 0/0/0
[R6-Tunnel0/0/0]ospf timer hello 10
[R7]int t 0/0/0
[R7-Tunnel0/0/0]ospf timer hello 10
7、配置NET环境,完成所有设备访问R4环回
因为R4周围只有R3、R6、R7三台设备,所以只需要在这三个设备上做NAT端口映射即可,源地址为R4的网段
[R3]acl 2000
[R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R3-acl-basic-2000]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000
[R6]acl 2000
[R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R6-acl-basic-2000]int s 4/0/0
[R6-Serial4/0/0]nat outbound 2000
[R7]acl 2000
[R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[R7-acl-basic-2000]int g 0/0/0
[R7-GigabitEthernet0/0/0]nat outbound 2000
8、保证更新安全,全网可达
bash
[R1]ospf 1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]authen
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci
[R1-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]authen
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci
[R2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]authen
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 ci
[R3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 123456