OSPF路由过滤测试
本文共 4838 字,大约阅读时间需要 16 分钟。
1.测试拓扑:
参考文档,思科:
参考文档,华三:
2.基本配置:
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 10.1.1.1 255.255.255.0
interface Loopback2
ip address 100.1.1.1 255.255.255.0
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
no shut
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
no shut
interface Ethernet0/2
ip address 25.1.1.2 255.255.255.0
no shut
ip route 1.1.1.0 255.255.255.0 12.1.1.1
ip route 10.1.1.0 255.255.255.0 12.1.1.1
ip route 100.1.1.0 255.255.255.0 12.1.1.1
R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address 23.1.1.3 255.255.255.0
no shut
interface FastEthernet0/1
ip address 34.1.1.3 255.255.255.0
no shut
R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.0
interface Loopback1
ip address 40.1.1.4 255.255.255.0
interface Loopback2
ip address 100.1.1.4 255.255.255.0
interface FastEthernet0/0
ip address 34.1.1.4 255.255.255.0
no shut
R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.0
interface FastEthernet0/0
ip address 25.1.1.5 255.255.255.0
no shut
interface FastEthernet0/1
ip address 56.1.1.5 255.255.255.0
no shut
R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.0
interface Loopback1
ip address 60.1.1.6 255.255.255.0
interface Loopback3
ip address 100.1.1.6 255.255.255.0
interface FastEthernet0/0
ip address 56.1.1.6 255.255.255.0
no shut
3.ospf基本配置:
R2:
router ospf 2
router-id 2.2.2.2
redistribute static subnets
network 23.1.1.0 0.0.0.255 area 1
network 25.1.1.0 0.0.0.255 area 2
R3:
router ospf 3
router-id 3.3.3.3
network 23.1.1.0 0.0.0.255 area 1
network 34.1.1.0 0.0.0.255 area 0
R4:
router ospf 4
router-id 4.4.4.4
redistribute connected subnets
network 34.1.1.0 0.0.0.255 area 0
R5:
router ospf 5
router-id 5.5.5.5
network 25.1.1.0 0.0.0.255 area 2
network 56.1.1.0 0.0.0.255 area 0
R6:
router ospf 6
router-id 6.6.6.6
redistribute connected subnets
network 56.1.1.0 0.0.0.255 area 0
4.ospf路由确认:
A.R2 ospf动态路由确认 :
R2#show ip route ospf
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.1.1.0 [110/20] via 23.1.1.3, 00:05:09, Ethernet0/1
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 23.1.1.3, 00:04:26, Ethernet0/1
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 25.1.1.5, 00:04:26, Ethernet0/2
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.1.1.0 [110/20] via 23.1.1.3, 00:04:26, Ethernet0/1
56.0.0.0/24 is subnetted, 1 subnets
O IA 56.1.1.0 [110/20] via 25.1.1.5, 00:05:09, Ethernet0/2
60.0.0.0/24 is subnetted, 1 subnets
O E2 60.1.1.0 [110/20] via 25.1.1.5, 00:04:26, Ethernet0/2
----希望R2只学习到两条ospf路由:40.0.0.0/24 和 60.0.0.0/24
B.R3 ospf动态路由确认:
R3#show ip route ospf
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 23.1.1.2, 00:15:17, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.1.1.0 [110/20] via 34.1.1.4, 00:05:19, FastEthernet0/1
[110/20] via 23.1.1.2, 00:05:19, FastEthernet0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 34.1.1.4, 00:15:17, FastEthernet0/1
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.1.1.0 [110/20] via 34.1.1.4, 00:15:17, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.1.1.0 [110/20] via 23.1.1.2, 00:15:17, FastEthernet0/0
----希望R3通过R2只学习到一条ospf路由:10.0.0.0/24
C.R5 ospf动态路由确认:
R5#show ip route ospf
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.1.1.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
[110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.1.1.0 [110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
60.0.0.0/24 is subnetted, 1 subnets
O E2 60.1.1.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
----希望R5通过R2只学习到一条ospf路由:10.0.0.0/24
5.ospf路由过滤:
A.R2路由过滤:
①出去的路由
ip access-list standard ospfout
permit 10.1.1.0 0.0.0.255
router ospf 2
distribute-list ospfout out
----因为在ABSR上做的控制,能控制LSA的发送
②进入的路由:
通过如下方式在R2上设置不能生效:
ip prefix-list ospf-R3-in permit 40.1.1.0/24
router ospf 2
area 1 filter-list prefix ospf-R3-in in
----因为R2不是ABR,并且需要过滤的路由不是LSA3产生的。
通过在R2上的如下配置,可以生效:
ip access-list standard ospfin
permit 40.1.1.0 0.0.0.255
permit 60.1.1.0 0.0.0.255
router ospf 2
distribute-list ospfin in
---上面的缺点是如果用OSPF接很多业务系统,并且路由条目会在不同业务系统有重复,而只需到某个特定业务系统的重复路由则无法做到,除非跑多个路由进程,每个路由进程对应一个area。
B.R3路由过滤:
在R3上实施如下策略不能生效:(因为40.1.1.0/24是LSA5,不是LSA3所以不能过滤)
ip prefix-list ospf-R3-in permit 40.1.1.0/24
router ospf 3
area 0 filter-list prefix ospf-R3-in out
---通过上面的配置可以看到34.1.1.0/24会被过滤掉
参考文档,思科:
参考文档,华三:
2.基本配置:
R1:
interface Loopback0
ip address 1.1.1.1 255.255.255.0
interface Loopback1
ip address 10.1.1.1 255.255.255.0
interface Loopback2
ip address 100.1.1.1 255.255.255.0
interface FastEthernet0/0
ip address 12.1.1.1 255.255.255.0
no shut
ip route 0.0.0.0 0.0.0.0 12.1.1.2
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.0
interface Ethernet0/0
ip address 12.1.1.2 255.255.255.0
no shut
interface Ethernet0/1
ip address 23.1.1.2 255.255.255.0
no shut
interface Ethernet0/2
ip address 25.1.1.2 255.255.255.0
no shut
ip route 1.1.1.0 255.255.255.0 12.1.1.1
ip route 10.1.1.0 255.255.255.0 12.1.1.1
ip route 100.1.1.0 255.255.255.0 12.1.1.1
R3:
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
ip address 23.1.1.3 255.255.255.0
no shut
interface FastEthernet0/1
ip address 34.1.1.3 255.255.255.0
no shut
R4:
interface Loopback0
ip address 4.4.4.4 255.255.255.0
interface Loopback1
ip address 40.1.1.4 255.255.255.0
interface Loopback2
ip address 100.1.1.4 255.255.255.0
interface FastEthernet0/0
ip address 34.1.1.4 255.255.255.0
no shut
R5:
interface Loopback0
ip address 5.5.5.5 255.255.255.0
interface FastEthernet0/0
ip address 25.1.1.5 255.255.255.0
no shut
interface FastEthernet0/1
ip address 56.1.1.5 255.255.255.0
no shut
R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.0
interface Loopback1
ip address 60.1.1.6 255.255.255.0
interface Loopback3
ip address 100.1.1.6 255.255.255.0
interface FastEthernet0/0
ip address 56.1.1.6 255.255.255.0
no shut
3.ospf基本配置:
R2:
router ospf 2
router-id 2.2.2.2
redistribute static subnets
network 23.1.1.0 0.0.0.255 area 1
network 25.1.1.0 0.0.0.255 area 2
R3:
router ospf 3
router-id 3.3.3.3
network 23.1.1.0 0.0.0.255 area 1
network 34.1.1.0 0.0.0.255 area 0
R4:
router ospf 4
router-id 4.4.4.4
redistribute connected subnets
network 34.1.1.0 0.0.0.255 area 0
R5:
router ospf 5
router-id 5.5.5.5
network 25.1.1.0 0.0.0.255 area 2
network 56.1.1.0 0.0.0.255 area 0
R6:
router ospf 6
router-id 6.6.6.6
redistribute connected subnets
network 56.1.1.0 0.0.0.255 area 0
4.ospf路由确认:
A.R2 ospf动态路由确认 :
R2#show ip route ospf
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.1.1.0 [110/20] via 23.1.1.3, 00:05:09, Ethernet0/1
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 23.1.1.3, 00:04:26, Ethernet0/1
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 25.1.1.5, 00:04:26, Ethernet0/2
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.1.1.0 [110/20] via 23.1.1.3, 00:04:26, Ethernet0/1
56.0.0.0/24 is subnetted, 1 subnets
O IA 56.1.1.0 [110/20] via 25.1.1.5, 00:05:09, Ethernet0/2
60.0.0.0/24 is subnetted, 1 subnets
O E2 60.1.1.0 [110/20] via 25.1.1.5, 00:04:26, Ethernet0/2
----希望R2只学习到两条ospf路由:40.0.0.0/24 和 60.0.0.0/24
B.R3 ospf动态路由确认:
R3#show ip route ospf
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 23.1.1.2, 00:15:17, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.1.1.0 [110/20] via 34.1.1.4, 00:05:19, FastEthernet0/1
[110/20] via 23.1.1.2, 00:05:19, FastEthernet0/0
4.0.0.0/24 is subnetted, 1 subnets
O E2 4.4.4.0 [110/20] via 34.1.1.4, 00:15:17, FastEthernet0/1
40.0.0.0/24 is subnetted, 1 subnets
O E2 40.1.1.0 [110/20] via 34.1.1.4, 00:15:17, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.1.1.0 [110/20] via 23.1.1.2, 00:15:17, FastEthernet0/0
----希望R3通过R2只学习到一条ospf路由:10.0.0.0/24
C.R5 ospf动态路由确认:
R5#show ip route ospf
1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
100.0.0.0/24 is subnetted, 1 subnets
O E2 100.1.1.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
[110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
6.0.0.0/24 is subnetted, 1 subnets
O E2 6.6.6.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.1.1.0 [110/20] via 25.1.1.2, 00:08:58, FastEthernet0/0
60.0.0.0/24 is subnetted, 1 subnets
O E2 60.1.1.0 [110/20] via 56.1.1.6, 00:08:58, FastEthernet0/1
----希望R5通过R2只学习到一条ospf路由:10.0.0.0/24
5.ospf路由过滤:
A.R2路由过滤:
①出去的路由
ip access-list standard ospfout
permit 10.1.1.0 0.0.0.255
router ospf 2
distribute-list ospfout out
----因为在ABSR上做的控制,能控制LSA的发送
②进入的路由:
通过如下方式在R2上设置不能生效:
ip prefix-list ospf-R3-in permit 40.1.1.0/24
router ospf 2
area 1 filter-list prefix ospf-R3-in in
----因为R2不是ABR,并且需要过滤的路由不是LSA3产生的。
通过在R2上的如下配置,可以生效:
ip access-list standard ospfin
permit 40.1.1.0 0.0.0.255
permit 60.1.1.0 0.0.0.255
router ospf 2
distribute-list ospfin in
---上面的缺点是如果用OSPF接很多业务系统,并且路由条目会在不同业务系统有重复,而只需到某个特定业务系统的重复路由则无法做到,除非跑多个路由进程,每个路由进程对应一个area。
B.R3路由过滤:
在R3上实施如下策略不能生效:(因为40.1.1.0/24是LSA5,不是LSA3所以不能过滤)
ip prefix-list ospf-R3-in permit 40.1.1.0/24
router ospf 3
area 0 filter-list prefix ospf-R3-in out
---通过上面的配置可以看到34.1.1.0/24会被过滤掉
----如果R2需要学到的路由不是重分布进入的建议用这种方式过滤,因为这样可以过滤LSA3.
本文转自 碧云天 51CTO博客,原文链接:http://blog.51cto.com/333234/1070661,如需转载请自行联系原作者
你可能感兴趣的文章
新手搭建 eclipse+winDDK驱动开发平台
查看>>
二叉树面试题
查看>>
Max Sum 贪心
查看>>
算法小题之数组重排
查看>>
Session 跨页面传数组
查看>>
Java并发(基础知识)——显示锁和同步工具类
查看>>
二叉树(2)二叉树创建的3种方法,二叉树的递归遍历,二叉树的销毁
查看>>
Hierarchyviewer定位Android图片资源的研究
查看>>
查看硬盘故障的命令
查看>>
浅析微信支付:查询订单和关闭订单
查看>>
java实现 数组中两个元素相加等于指定数的所有组合
查看>>
SQL-34 对于表actor批量插入如下数据
查看>>
字符统计2
查看>>
翻转吧,字符串
查看>>
每日诗词 2013.09.06
查看>>
测试drawable animation
查看>>
【分块】bzoj1901 Zju2112 Dynamic Rankings
查看>>
tornado+jsonrpc
查看>>
[转载]为什么不推荐使用stop和suspend这两个方法?
查看>>
EL表达式调用函数
查看>>