网络部署
- 某企业网络内有财务部和市场部两张网络
- 企业网络通过OSPF实现内部网络的互联互通
- 骨干网络部署在Area 0,财务部网络客户端部署在Area 1,市场部客户端部署在Area 2
- 边界设备通过静态路由访问各部门服务器,并在OSPF进程内引入静态路由
网络需求
- 只要边界-1路由器及其上联链路正常运行,财务部数据流只会通过边界-1路由器进行数据转发
- 只要核心-1路由器及其上联链路正常运行,财务部数据流只会通过核心-1路由器进行数据转发
- 只要边界-2路由器及其上联链路正常运行,市场部数据流只会通过边界-2路由器进行数据转发
- 只要核心-2路由器及其上联链路正常运行,市场部数据流只会通过核心-2路由器进行数据转发
需求分析
- 控制数据转发的网络出口
- 财务部数据始终向边界-1的方向进行转发
- 市场部的数据始终向边界-2的方向进行转发
- 要保证网络会选择固定的ASBR执行数据转发,要求忽略内部网络变化(不计算内部路由开销)
- 方法:使用OSPF的Type2外部路由
- 控制数据流在内部的精确路径
- 不出现负载分担路径
- 要在网络内部按照规划路径将数据发往特定的ASBR
- 方法:调整内部路径开销
网络拓扑
配置思路
- 配置各个路由器基本功能以及各个接口IP地址
- 配置OSPF路由协议,划分区域以及宣告路由
- 引入外部路由
配置命令
配置各个路由器基本功能以及各个接口IP地址
核心-1路由器
1
2
3
4
5
6
7
8
9
10
11
12sys
sys Core-1
int g0/0/0
ip add 12.1.1.1 30
int g0/0/1
ip add 15.1.1.1 30
int g0/0/2
ip add 13.1.1.1 30
int g3/0/0
ip add 14.1.1.1 30
int g4/0/0
ip add 16.1.1.1 30
核心-2路由器
1
2
3
4
5
6
7
8
9
10
11
12sys
sys Core-2
int g0/0/0
ip add 12.1.1.2 30
int g0/0/1
ip add 26.1.1.1 30
int g0/0/2
ip add 24.1.1.1 30
int g3/0/0
ip add 23.1.1.1 30
int g4/0/0
ip add 25.1.1.2 30
汇聚-1路由器
1
2
3
4
5
6
7
8
9
10sys
sys Convergence-1
int g0/0/0
ip add 56.1.1.1 30
int g0/0/1
ip add 15.1.1.2 30
int g0/0/2
ip add 57.1.1.1 30
int g4/0/0
ip add 25.1.1.2 30
汇聚-2路由器
1
2
3
4
5
6
7
8
9
10sys
sys Convergence-2
int g0/0/0
ip add 56.1.1.2 30
int g0/0/1
ip add 26.1.1.2 30
int g0/0/2
ip add 68.1.1.1 30
int g6/0/0
ip add 16.1.1.2 30
边界-1路由器
1
2
3
4
5
6
7
8
9
10sys
sys Border-1
int g0/0/0
ip add 39.1.1.1 30
int g0/0/1
ip add 30.1.1.1 30
int g0/0/2
ip add 13.1.1.2 30
int g3/0/0
ip add 23.1.1.2 30
边界-2路由器
1
2
3
4
5
6
7
8
9
10sys
sys Border-2
int g0/0/0
ip add 40.1.1.1 30
int g0/0/1
ip add 49.1.1.1 30
int g0/0/2
ip add 24.1.1.2 30
int g3/0/0
ip add 14.1.1.2 30
网关路由器
1
2
3
4
5
6
7
8sys
sys GatewayRouter
int g0/0/0
ip add 39.1.1.2
int g0/0/1
ip add 49.1.1.2
int g0/0/0
ip add 192.168.1.1 30
网关交换机
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19sys
sys GatewaySwitch
vlan batch 30 40 100
vlanif 30
ip add 30.1.1.2 30
vlanif 40
ip add 40.1.1.2 30
vlanif 100
ip add 192.168.100.1 30
int g0/0/1
port link-type access
port default vlan 30
int g0/0/2
port link-type access
port default vlan 40
int g0/0/3
port link-type access
port default vlan 100
配置OSPF路由协议,划分区域以及宣告路由
核心-1配置
1
2
3
4
5
6
7
8sys
ospf 1 router-id 1.1.1.1
area 0
network 12.1.1.0 0.0.0.3
network 13.1.1.0 0.0.0.3
network 14.1.1.0 0.0.0.3
network 15.1.1.0 0.0.0.3
network 16.1.1.0 0.0.0.3
核心-2配置
1
2
3
4
5
6
7
8sys
ospf 1 router-id 2.2.2.2
area 0
network 12.1.1.0 0.0.0.3
network 23.1.1.0 0.0.0.3
network 24.1.1.0 0.0.0.3
network 25.1.1.0 0.0.0.3
network 26.1.1.0 0.0.0.3
边界-1配置
1
2
3
4
5sys
ospf 1 router-id 3.3.3.3
area 0
network 13.1.1.0 0.0.0.3
network 23.1.1.0 0.0.0.3
边界-2配置
1
2
3
4
5sys
ospf 1 router-id 4.4.4.4
area 0
network 14.1.1.0 0.0.0.3
network 24.1.1.0 0.0.0.3
聚合-1配置
1
2
3
4
5
6
7
8sys
ospf 1 router-id 5.5.5.5
area 0
network 15.1.1.0 0.0.0.3
network 25.1.1.0 0.0.0.3
area 1
network 56.1.1.0 0.0.0.3
network 57.1.1.0 0.0.0.3
聚合-2配置
1
2
3
4
5
6
7
8sys
ospf 1 router-id 6.6.6.6
area 0
network 16.1.1.0 0.0.0.3
network 26.1.1.0 0.0.0.3
area 2
network 56.1.1.0 0.0.0.3
network 68.1.1.0 0.0.0.3
配置路由策略,实现去往财务部服务器的路由从边界-1出,去往市场部的路由从边界-2出
边界-1配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21sys
// 配置静态路由
ip route-static 192.168.1.0 30 39.1.1.2
ip route-static 192.168.100.0 30 30.1.1.2
//配置过滤条件
acl 2000
rule 5 permit source 192.168.1.0 0.0.0.3
quit
acl 2001
rule 5 permit source 192.168.100.0 0.0.0.3
quit
//配置路由策略
route-policy Static2OSPF permit node 10
if-match acl 2000
apply cost 100
route-policy Static2OSPF permit node 11
if-match acl 2001
apply cost 200
route-policy Static2OSPF permit node 20
边界-2配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22sys
//配置静态路由
ip route-static 192.168.1.0 30 49.1.1.2
ip route-static 192.168.100.0 30 40.1.1.2
//配置过滤策略
acl 2000
rule 5 permit source 192.168.1.0 0.0.0.3
quit
acl 2001
rule 5 permit source 192.168.100.0 0.0.0.3
quit
//配置路由策略
route-policy Static2OSPF permit node 10
if-match acl 2000
apply cost 200
route-policy Static2OSPF permit node 11
if-match acl 2001
apply cost 100
route-policy Static2OSPF permit node 20
在边界路由器上引入外部静态路由(只计算外部路由的Cost值)
边界-1配置
1
2
3
4sys
ospf 1
import-route static type 2 route-policy Static2OSPF
//通过配置引入外部路由的类型为Type2,实现只计算外部路由的Cost值
边界-2配置
1
2
3
4sys
ospf 1
import-route static type 2 route-policy Static2OSPF
//通过配置引入外部路由的类型为Type2,实现只计算外部路由的Cost值
设置OSPF的cost值,内部路由选路,实现财务部数据流只从核心-1发送(汇聚到核心)
核心-1配置
1
2
3
4
5sys
int g0/0/1
ospf cost 10
int g4/0/0
ospf cost 50
汇聚-1配置
1
2
3
4
5
6
7sys
int g0/0/1
ospf cost 10
int g0/0/0
ospf cost 10
int g4/0/0
ospf cost 50
设置OSPF的cost值,内部路由选路,实现财务部数据流只从核心-1发送(核心到边界)
核心-1配置
1
2
3
4
5
6
7sys
int g0/0/0
ospf cost 10
int g0/0/2
ospf cost 10
int g3/0/0
ospf cost 50
边界-1配置
1
2
3
4
5sys
int g0/0/2
ospf cost 10
int g3/0/0
ospf cost 50
设置OSPF的cost值,内部路由选路,实现市场部数据流只从核心-2发送(汇聚到核心)
核心-2配置
1
2
3
4
5
6
7sys
int g0/0/0
ospf cost 10
int g0/0/1
ospf cost 10
int g4/0/0
ospf cost 50
汇聚-2配置
1
2
3
4
5
6
7sys
int g0/0/0
ospf cost 50
int g4/0/0
ospf cost 50
int g0/0/1
ospf cost 10
设置OSPF的cost值,内部路由选路,实现市场部数据流只从核心-2发送(核心到边界)
核心-2配置
1
2
3
4
5
6
7sys
int g0/0/0
ospf cost 10
int g0/0/2
ospf cost 10
int g3/0/0
ospf cost 50
边界-2配置
1
2
3
4
5sys
int g0/0/2
ospf cost 10
int g3/0/0
ospf cost 50
查看结果
查看核心-1到财务部服务器和市场部服务器的路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18tracert 192.168.1.2
<Core-1>tracert 192.168.1.2
tracert 192.168.1.2
traceroute to 192.168.1.2(192.168.1.2), max hops: 30 ,packet length: 40,press CTRL_C to break
1 13.1.1.2 60 ms 20 ms 10 ms
2 * 39.1.1.2 100 ms 20 ms //边界-1的下一跳地址
3 * 192.168.1.2 30 ms 20 ms
tracert 192.168.100.2
<Core-1>tracert 192.168.100.2
tracert 192.168.100.2
traceroute to 192.168.100.2(192.168.100.2), max hops: 30 ,packet length: 40,press CTRL_C to break
1 12.1.1.2 60 ms 20 ms 20 ms
2 24.1.1.2 20 ms 20 ms 20 ms
3 40.1.1.2 40 ms 40 ms 20 ms //边界-2的下一跳地址
4 192.168.100.2 20 ms 30 ms 30 ms
查看核心-2到财务部和市场部服务器的路由
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16tracert 192.168.1.2
<Core-2>tracert 192.168.1.2
tracert 192.168.1.2
traceroute to 192.168.1.2(192.168.1.2), max hops: 30 ,packet length: 40,press CTRL_C to break
1 12.1.1.1 40 ms 20 ms 20 ms
2 13.1.1.2 40 ms 30 ms 30 ms
3 39.1.1.2 40 ms 30 ms 20 ms //边界-1的下一跳地址
4 192.168.1.2 40 ms 30 ms 30 ms
<Core-2>tracert 192.168.100.2
tracert 192.168.100.2
traceroute to 192.168.100.2(192.168.100.2), max hops: 30 ,packet length: 40,press CTRL_C to break
1 24.1.1.2 20 ms 10 ms 10 ms
2 40.1.1.2 30 ms 20 ms 20 ms //边界-2的下一跳地址
3 192.168.100.2 20 ms 50 ms 30 ms
查看从财务部客户端到财务部服务器和市场部服务器的路由走向
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26// 到财务部服务器路由
tracert 192.168.1.2
PC>tracert 192.168.1.2
traceroute to 192.168.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 57.1.1.1 16 ms 15 ms 16 ms //汇聚-1
2 15.1.1.1 31 ms 31 ms 16 ms //核心-1
3 13.1.1.2 31 ms 31 ms 16 ms //边界-1
4 *39.1.1.2 125 ms 16 ms
5 *192.168.1.2 31 ms 31 ms
// 到市场部服务器路由
tracert 192.168.100.2
PC>tracert 192.168.100.2
traceroute to 192.168.100.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 57.1.1.1 16 ms <1 ms 15 ms //汇聚-1
2 15.1.1.1 16 ms 16 ms 15 ms //核心-1
3 12.1.1.2 47 ms 16 ms 15 ms //核心-2
4 24.1.1.2 32 ms 31 ms 16 ms //边界-2
5 *40.1.1.2 62 ms 47 ms
6 192.168.100.2 31 ms 47 ms 47 ms
查看从市场部客户端到财务部服务器和市场部服务器的路由走向
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27// 到财务部服务器的路由走向
tracert 192.168.1.2
PC>tracert 192.168.1.2
traceroute to 192.168.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 68.1.1.1 16 ms 16 ms 15 ms // 汇聚-2
2 26.1.1.1 16 ms 31 ms 16 ms //核心-2
3 12.1.1.1 15 ms 16 ms 31 ms //核心-1
4 13.1.1.2 16 ms 31 ms 16 ms //边界-1
5 39.1.1.2 31 ms 31 ms 16 ms
6 192.168.1.2 31 ms 47 ms 16 ms
//到市场部服务器的路由走向
tracert 192.168.100.2
PC>tracert 192.168.100.2
traceroute to 192.168.100.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 68.1.1.1 <1 ms 15 ms 16 ms //汇聚-2
2 26.1.1.1 16 ms 15 ms 31 ms //核心-2
3 24.1.1.2 16 ms 16 ms 15 ms //边界-2
4 40.1.1.2 47 ms 16 ms 31 ms
5 192.168.100.2 16 ms 15 ms 32 ms
当核心-1的G0/0/1口故障后,去往财务部服务器的路由走向
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36[Core-1]int g0/0/1
int g0/0/1
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]shutdown
shutdown
Jun 2 2022 09:18:23-08:00 Core-1 %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEthernet0/0/1 has turned into DOWN state.
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]
Jun 2 2022 09:18:23-08:00 Core-1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the DOWN state.
[Core-1-GigabitEthernet0/0/1]
Jun 2 2022 09:18:23-08:00 Core-1 %%01OSPF/3/NBR_CHG_DOWN(l)[2]:Neighbor event:neighbor state changed to Down. (ProcessId=256, NeighborAddress=5.5.5.5, NeighborEvent=KillNbr, NeighborPreviousState=Full, NeighborCurrentState=Down)
[Core-1]int g0/0/1
int g0/0/1
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]shutdown
shutdown
Jun 2 2022 09:18:23-08:00 Core-1 %%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEthernet0/0/1 has turned into DOWN state.
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]
[Core-1-GigabitEthernet0/0/1]
Jun 2 2022 09:18:23-08:00 Core-1 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the DOWN state.
[Core-1-GigabitEthernet0/0/1]
Jun 2 2022 09:18:23-08:00 Core-1 %%01OSPF/3/NBR_CHG_DOWN(l)[2]:Neighbor event:neighbor state changed to Down. (ProcessId=256, NeighborAddress=5.5.5.5, NeighborEvent=KillNbr, NeighborPreviousState=Full, NeighborCurrentState=Down)
PC>tracert 192.168.1.2
traceroute to 192.168.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 57.1.1.1 15 ms 16 ms <1 ms //汇聚-1
2 25.1.1.1 15 ms 16 ms 16 ms //核心-2
3 12.1.1.1 47 ms 15 ms 16 ms //核心-1
4 13.1.1.2 31 ms 16 ms 31 ms //边界-1
5 39.1.1.2 31 ms 31 ms 32 ms
6 192.168.1.2 31 ms 31 ms 16 ms
当核心-1的设备down掉,去往财务部服务器的路由走向
1
2
3
4
5
6
7
8
9
10
11tracert 192.168.1.2
PC>tracert 192.168.1.2
traceroute to 192.168.1.2, 8 hops max
(ICMP), press Ctrl+C to stop
1 57.1.1.1 <1 ms 15 ms 16 ms //汇聚-1
2 25.1.1.1 16 ms 15 ms <1 ms //核心-2
3 23.1.1.2 32 ms 15 ms 16 ms //边界-1
4 39.1.1.2 47 ms 31 ms 31 ms
5 192.168.1.2 16 ms 31 ms 31 ms
