H3C OSPF 外部路由引入实验

2024-06-16 21:39| 来源: 网络整理| 查看: 265

H3C OSPF 外部路由引入实验实验拓扑

实验需求按照图示配置 IP 地址R1，R2，R3 运行 OSPF 使内网互通，所有接口（公网接口除外）全部宣告进 Area 0；要求使用环回口作为 Router-id业务网段不允许出现协议报文R4 模拟互联网，内网通过 R2 连接互联网，在 R2 上配置默认路由并引入到 OSPFR2 上配置 EASY IP，只允许业务网段访问互联网要求业务网段访问互联网流量经过 R3，R1，R2 实验步骤设备IP地址配置 R1 IP地址配置 [R1]display ip interface brief *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 10.1.1.1/24 -- -- GE0/1 up up 10.3.3.1/24 -- -- GE0/2 down down -- -- -- GE5/0 down down -- -- -- GE5/1 down down -- -- -- GE6/0 down down -- -- -- GE6/1 down down -- -- -- Loop0 up up(s) 1.1.1.1/32 -- -- Ser1/0 down down -- -- -- Ser2/0 down down -- -- -- Ser3/0 down down -- -- -- Ser4/0 down down -- -- -- R2 IP地址配置 [R2]display ip interface brief *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 10.1.1.2/24 -- -- GE0/1 up up 10.2.2.2/24 -- -- GE0/2 up up 202.1.1.2/24 -- -- GE5/0 down down -- -- -- GE5/1 down down -- -- -- GE6/0 down down -- -- -- GE6/1 down down -- -- -- Loop0 up up(s) 2.2.2.2/32 -- -- Ser1/0 down down -- -- -- Ser2/0 down down -- -- -- Ser3/0 down down -- -- -- Ser4/0 down down -- -- -- R3 IP地址配置 [R3]display ip interface brief *down: administratively down (s): spoofing (l): loopback Interface Physical Protocol IP address/Mask VPN instance Description GE0/0 up up 192.168.1.3/24 -- -- GE0/1 up up 10.3.3.3/24 -- -- GE0/2 up up 10.2.2.3/24 -- -- GE5/0 down down -- -- -- GE5/1 down down -- -- -- GE6/0 down down -- -- -- GE6/1 down down -- -- -- Loop0 up up(s) 3.3.3.3/32 -- -- Ser1/0 down down -- -- -- Ser2/0 down down -- -- -- Ser3/0 down down -- -- -- Ser4/0 down down -- -- -- R4 IP地址配置 [R4]display interface brief Brief information on interfaces in route mode: Link: ADM - administratively down; Stby - standby Protocol: (s) - spoofing Interface Link Protocol Primary IP Description GE0/0 UP UP 202.1.1.4 GE0/1 DOWN DOWN -- GE0/2 DOWN DOWN -- GE5/0 DOWN DOWN -- GE5/1 DOWN DOWN -- GE6/0 DOWN DOWN -- GE6/1 DOWN DOWN -- InLoop0 UP UP(s) -- Loop0 UP UP(s) 100.1.1.1 NULL0 UP UP(s) -- REG0 UP -- -- Ser1/0 DOWN DOWN -- Ser2/0 DOWN DOWN -- Ser3/0 DOWN DOWN -- Ser4/0 DOWN DOWN -- PC1 IP地址配置

OSPF基本配置 R1 OSPF基本配置 # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.1 0.0.0.0 network 10.3.3.1 0.0.0.0 R2 OSPF基本配置 # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.1.2 0.0.0.0 network 10.2.2.2 0.0.0.0 R3 OSPF基本配置 # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.2.2.3 0.0.0.0 network 10.3.3.3 0.0.0.0 network 192.168.1.0 0.0.0.255 业务网段不允许出现协议报文 R3 OSPF配置静默接口 # ospf 1 router-id 3.3.3.3 silent-interface GigabitEthernet0/0 模拟互联网，仅业务网段访问 R2 配置Easy IP # acl basic 2000 rule 0 permit source 192.168.1.0 0.0.0.255 # interface GigabitEthernet0/2 nat outbound 2000 默认路由引入 R2 默认路由引入 # ip route-static 0.0.0.0 0 202.1.1.4 # ospf 1 router-id 2.2.2.2 default-route-advertise

将默认路由引入后，R1和R3上会各自收到一条来自R2产生的Type5 LSA的默认路由条目

R1 上查看 OSPF LSDB [R1]display ospf lsdb OSPF Process 1 with Router ID 1.1.1.1 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Router 3.3.3.3 3.3.3.3 154 72 8000000A 0 Router 1.1.1.1 1.1.1.1 151 60 80000008 0 Router 2.2.2.2 2.2.2.2 154 60 80000008 0 Network 10.3.3.3 3.3.3.3 152 32 80000001 0 Network 10.2.2.3 3.3.3.3 154 32 80000001 0 Network 10.1.1.2 2.2.2.2 158 32 80000001 0 AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric External 0.0.0.0 2.2.2.2 178 36 80000001 1 R3 上查看 OSPF LSDB [R3]display ospf lsdb OSPF Process 1 with Router ID 3.3.3.3 Link State Database Area: 0.0.0.0 Type LinkState ID AdvRouter Age Len Sequence Metric Router 3.3.3.3 3.3.3.3 191 72 8000000A 0 Router 1.1.1.1 1.1.1.1 192 60 80000008 0 Router 2.2.2.2 2.2.2.2 193 60 80000008 0 Network 10.3.3.3 3.3.3.3 191 32 80000001 0 Network 10.2.2.3 3.3.3.3 192 32 80000001 0 Network 10.1.1.2 2.2.2.2 198 32 80000001 0 AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric External 0.0.0.0 2.2.2.2 218 36 80000001 1 重选业务网段访问互联网路径依据OSPF的选路原则，cost值小的优先；所以但业务网段访问互联网时，所经过的线路，R3-R2 cost值总和要大于R3-R1-R2总和，且为了保证来回路径一致，R3与R2之间所连接的端口Cost值都需要修改。 R2 G0/1 Cost值增大 # interface GigabitEthernet0/1 ospf cost 1000 R3 G0/2 Cost值增大 # interface GigabitEthernet0/2 ospf cost 1000 实验验证业务网段访问互联网流量经过 R3，R1，R2 查看R3路由表

业务网段访问互联网，走默认路由，下一跳R1

[R3]display ip routing-table Destinations : 21 Routes : 21 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.3.3.1 GE0/1 查看R1路由表

当流量到达R1，业务访问互联网，走默认路由，下一跳R2

[R1]dis ip routing-table Destinations : 19 Routes : 20 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 O_ASE2 150 1 10.1.1.2 GE0/0 192.168.1.0/24 O_INTRA 10 2 10.3.3.3 GE0/1 查看R2路由表和NAT转换表

当流量到达R2，业务访问互联网，走默认路由访问，将业务网段IP转换为出接口IP访问互联网，且回程路由下一跳是去往R1

由此证明业务网段访问互联网经过R3，R1，R2，并且来回路径一致。

[R2]display ip routing-table Destinations : 22 Routes : 22 Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/0 Static 60 0 202.1.1.4 GE0/2 192.168.1.0/24 O_INTRA 10 3 10.1.1.1 GE0/0 [R2]display nat session Slot 0: Initiator: Source IP/port: 192.168.1.1/168 Destination IP/port: 100.1.1.1/2048 DS-Lite tunnel peer: - VPN instance/VLAN ID/Inline ID: -/-/- Protocol: ICMP(1) Inbound interface: GigabitEthernet0/0 Total sessions found: 1 在PC1上tracert 100.1.1.1，路径符合实验需求 tracert 100.1.1.1 traceroute to 100.1.1.1 (100.1.1.1), 30 hops at most, 40 bytes each packet, press CTRL_C to break 1 192.168.1.3 (192.168.1.3) 0.574 ms 0.249 ms 0.251 ms 2 10.3.3.1 (10.3.3.1) 0.446 ms 0.495 ms 0.463 ms 3 10.1.1.2 (10.1.1.2) 0.959 ms 1.224 ms 1.004 ms 4 202.1.1.4 (202.1.1.4) 1.833 ms 1.243 ms 1.670 ms 是否只允许业务网段访问互联网在R3上使用非业务网段访问互联网

非业务网段无法访问互联网

[R3]ping -a 3.3.3.3 100.1.1.1 Ping 100.1.1.1 (100.1.1.1) from 3.3.3.3: 56 data bytes, press CTRL+C to break Request time out Request time out Request time out Request time out Request time out --- Ping statistics for 100.1.1.1 --- 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss [R3]%Feb 27 11:31:15:510 2024 R3 PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss. 在R3上使用业务网段访问互联网

仅业务网段可访问互联网

[R3]ping -a 192.168.1.3 100.1.1.1 Ping 100.1.1.1 (100.1.1.1) from 192.168.1.3: 56 data bytes, press CTRL+C to break 56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=0.989 ms 56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=1.087 ms 56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=0.971 ms 56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=0.795 ms 56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=0.881 ms --- Ping statistics for 100.1.1.1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.795/0.945/1.087/0.099 ms [R3]%Feb 27 11:31:29:508 2024 R3 PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.795/0.945/1.087/0.099 ms. 业务网段是否出现OSPF报文

抓包R3 G0/0接口，在未开启静默接口配置时，OSPF Hello包每隔10发送1次

开启静默接口配置（silent-interface GigabitEthernet0/0）后，后续抓包可看到业务侧无OSPF报文

实验附件

OSPF缺省路由引入实验.zip

‍

【本文地址】

公司简介

联系我们