实验要求:
1、R4为ISP,其上只配置IP地址;R4与其他所直连设备间均使用公有IP;
2、R3-R5、R6、R7为MGRE环境,R3为中心站点;
3、整个OSPF环境IP基于172.16.0.0/16划分;除了R12有两个环回,其他路由器均有一个环回IP
4、所有设备均可访问R4的环回;
5、减少LSA的更新量,加快收敛,保障更新安全;
6、全网可达;
1、 划分IP地址(基于区域划分)
已知OSPF环境基于172.16.0.0/16划分,共5个区域,因此可以给5个大网段,区域下的主机及路由器根据大网段分配IP地址 172.16.00000000.0/16
172.16.00000000.0/24 ----172.16.0.0/24(Area 0)
R3环回:172.16.0.000 00000/27---172.16.0.0/27
R4环回:172.16.0.001 00000/27---172.16.0.32/27
R5环回:172.16.0.010 00000/27---172.16.0.64/27
R6环回:172.16.0.011 00000/27---172.16.0.96/27
R7环回:172.16.0.100 00000/27---172.16.0.128/27
隧道地址:172.16.0.101 00000/27---172.16.0.160/27
172.16.00000001.0/24----172.16.1.0/24(Area 1)
骨干链路:172.16.1.00 000000/26
172.16.1.00000 000/29---172.16.1.0/29
R1环回:172.16.1.01 000000/26---172.16.1.64/26
R2环回:172.16.1.10 000000/26---172.16.1.128/26
172.16.00000010.0/24----172.16.2.0/24(Area 2)
172.16.2.0 0000000/25---172.16.2.0/25
R6-R11骨干:172.16.2.000000 00/30---172.16.2.0/30
R11-R12骨干:172.16.2.000001 00/30 ---172.16.2.4/30
172.16.2.1 0000000/25---172.16.2.128/25
R11环回:172.16.2.1 00 00000/27---172.16.2.128/27
172.16.2.1 01 00000/27---172.16.2.160/27
L0:172.16.2.101 0 0000/28---172.16.2.160/28
L1:172.16.2.101 1 0000/28---172.16.2.176/28
172.16.00000011.0/24----172.16.3.0/24(Area 3)
两骨干+两环回: 172.16.3.0 0000000/25---172.16.3.0/25
172.16.3.00 000000/26---172.16.3.0/26
R7-R8骨干:172.16.3.0/30
172.16.3.01 000000/26---172.16.3.64/26
R8-R9骨干:172.16.3.64/30
172.16.3.1 0000000/25---172.16.3.128/25
R8环回:172.16.3.10 000000---172.16.3.128/26
R9环回:172.16.3.11 000000---172.16.3.192/26
172.16.00000100.0/24----172.16.4.0/24(Area 4)
172.16.4.0 0000000/25---172.16.4.0/25
R9-R10骨干:172.16.4.000000 00/30---172.16.4.0/30
172.16.4.1 000000/25---172.16.4.128/25
172.16.4.10 000000/26---172.16.4.128/26
172.16.4.11 000000/26---172.16.4.192/26
R9环回:172.16.4.128/26
R10环回:172.16.4.192/26
2、 路由器IP地址的配置
R1:
<Huawei>sys
[R1]int g 0/0/0
[R1-GigabitEthernet0/0/0]ip ad 172.16.0.1 29
[R1]int l0
[R1-LoopBack0]ip ad 172.16.0.65 26
R2:
<Huawei>sys
[Huawei]int g 0/0/0
[Huawei-GigabitEthernet0/0/0]ip ad 172.16.0.2 29
[Huawei-GigabitEthernet0/0/0]int l0
[Huawei-LoopBack0]ip ad 172.16.0.129 26
R3:
<Huawei>SYS
[R3]int g 0/0/0
[R3-GigabitEthernet0/0/0]ip ad 172.16.0.3 29
[R3-GigabitEthernet0/0/0]int l0
[R3-LoopBack0]ip ad 172.16.0.1 27
[R3-Serial4/0/0]ip ad 34.0.0.3 24
[R3-Tunnel0/0/0]ip ad 172.16.0.163 27
R4:
<Huawei>sys
[Huawei]sys R4-ISP
[Huawei]int s 4/0/0
[Huawei-Serial4/0/0]ip add 34.0.0.4 24
[Huawei-Serial4/0/0]int s 4/0/1
[Huawei-Serial4/0/1]int s 3/0/0
[Huawei-Serial3/0/0]ip ad 46.0.0.3 24
[Huawei-Serial3/0/0]int s 3/0/1
[Huawei-Serial3/0/1]ip ad 47.0.0.3 24
[Huawei]int l0
[Huawei-LoopBack0]ip ad 172.16.0.33 27
[Huawei-LoopBack0]int t 0/0/0
[Huawei-Tunnel0/0/0]ip ad 172.16.0.164 27
R5:
<Huawei>sys
Huawei]int s 4/0/0
[Huawei-Serial4/0/0]ip ad 45.0.0.5 24
[Huawei-Serial4/0/0]int tunn 0/0/0
[Huawei-Tunnel0/0/0]ip ad 172.16.0.165 27
[Huawei-Tunnel0/0/0]int l0
[Huawei-LoopBack0]ip ad 172.16.0.65 27
R6:
<Huawei>SYS
[Huawei]SYS R6
[R6]int s4/0/0
[R6-Serial4/0/0]ip ad 46.0.0.6 24
[R6-Serial4/0/0]int tu 0/0/0
[R6-Tunnel0/0/0]ip ad 172.16.0.166 27
[R6-Tunnel0/0/0]int l0
[R6-LoopBack0]ip ad 172.16.0.65 27
[R6]INT G 0/0/0
[R6-GigabitEthernet0/0/0]ip ad 172.16.2.1 30
R7:
[Huawei]sys R7
[R7]int s 4/0/0
[R7-Serial4/0/0]ip ad 47.0.0.7 24
[R7-Serial4/0/0]int l0
[R7-LoopBack0]ip ad 172.16.0.129 27
[R7-LoopBack0]int g 0/0/0
[R7-GigabitEthernet0/0/0]ip ad 172.16.3.1 30
[R7-GigabitEthernet0/0/0]int tu 0/0/0
[R7-Tunnel0/0/0]ip ad 172.16.0.167 27
R8:
<Huawei>SYS
[Huawei]sys R8
[R8]int g 0/0/0
[R8-GigabitEthernet0/0/0]ip ad 172.16.3.2 30
[R8-GigabitEthernet0/0/0]int g 0/0/1
[R8-GigabitEthernet0/0/1]ip ad 172.16.3.65 30
[R8-GigabitEthernet0/0/1]int l0
[R8-LoopBack0]ip ad 172.16.3.129 26
R9:
<Huawei>sys
[Huawei]sys R9
R9]int g 0/0/0
[R9-GigabitEthernet0/0/0]ip ad 172.16.3.66 30
[R9-GigabitEthernet0/0/0]int l0
[R9-LoopBack0]ip ad 172.16.3.193 26
[R9-LoopBack0]int g 0/0/1
[R9-GigabitEthernet0/0/1]ip ad 172.16.4.1 30
R10:
<Huawei>sys
[Huawei]sys R10
[R10]int g 0/0/0
[R10-GigabitEthernet0/0/0]ip ad 172.16.4.2 30
[R10-GigabitEthernet0/0/0]int l0
[R10-LoopBack0]ip ad 172.16.4.129 25
R11:
<Huawei>sys
[Huawei]sys R11
[R11]int g 0/0/0
[R11-GigabitEthernet0/0/0]ip ad 172.16.2.2 30
[R11]int l0
[R11-LoopBack0]ip ad 172.16.2.129 27
R12:
<Huawei>sys
[Huawei]sys R12
[R12]int g 0/0/0
[R12-GigabitEthernet0/0/0]ip ad 172.16.2.6 30
[R12-GigabitEthernet0/0/0]int l0
[R12-LoopBack0]ip ad 172.16.2.161 28
[R12-LoopBack0]int l1
[R12-LoopBack1]ip ad 172.16.2.177 28
3、 公网互通(静态路由的配置)
[R3]ip route-static 0.0.0.0 0 34.0.0.4
[R5]ip route-static 0.0.0.0 0 45.0.0.4
[R6]ip route-static 0.0.0.0 0 46.0.0.3
[R7]ip route-static 0.0.0.0 0 47.0.0.3
公网通截图:
4、 配置各个区域的OSPF以及RIP
R1:
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.63
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.7
R2:
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]net
[R2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.0.7
[R2-ospf-1-area-0.0.0.1]network 172.16.0.128 0.0.0.63
R3:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]net
[R3-ospf-1-area-0.0.0.1]network 172.16.0.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 172.16.0.10 0.0.0.0
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 172.16.0.160 0.0.0.63
R5:
[R5]ospf 1 rou 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.0.160 0.0.0.63
[R5-ospf-1-area-0.0.0.0]network 172.16.0.64 0.0.0.63
R6:
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.160 0.0.0.63
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]net
[R6-ospf-1-area-0.0.0.2]network 172.16.2.0 0.0.0.3
[R6-ospf-1-area-0.0.0.2]network 172.16.2.96 0.0.0.31
R7:
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 172.16.0.160 0.0.0.63
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.0.128 0.0.0.31
[R7-ospf-1-area-0.0.0.3]network 172.16.0.129 0.0.0.0
[R7-ospf-1-area-0.0.0.3]network 172.16.3.0 0.0.0.3
R8:
[R8]ospf 1 router-id 8.8.8.8
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]net
[R8-ospf-1-area-0.0.0.3]network 172.16.3.0 0.0.0.3
[R8-ospf-1-area-0.0.0.3]network 172.16.3.64 0.0.0.3
[R8-ospf-1-area-0.0.0.3]net
[R8-ospf-1-area-0.0.0.3]network 172.16.3.128 0.0.0.63
R9:
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]net
[R9-ospf-1-area-0.0.0.3]network 172.16.3.64 0.0.0.3
[R9-ospf-1-area-0.0.0.3]network 172.16.4.128 0.0.0.63
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]net
[R9-ospf-2-area-0.0.0.4]network 172.16.4.0 0.0.0.3
R10:
[R10]ospf 2 rou
[R10]ospf 2 router-id 10.10.10.10
[R10-ospf-2]area 4
[R10-ospf-2-area-0.0.0.4]net
[R10-ospf-2-area-0.0.0.4]network 172.16.4.0 0.0.0.3
[R10-ospf-2-area-0.0.0.4]network 172.16.4.192 0.0.0.63
R11:
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]net
[R11-ospf-1-area-0.0.0.2]network 172.16.2.0 0.0.0.3
[R11-ospf-1-area-0.0.0.2]network 172.16.2.4 0.0.0.3
[R11-ospf-1-area-0.0.0.2]net
[R11-ospf-1-area-0.0.0.2]network 172.16.2.128 0.0.0.31
R12:
[R12]rip
[R12-rip-1]version 2
[R12-rip-1]undo summary
[R12-rip-1]network 172.16.0.0
[R12-rip-1]q
[R12]ospf 2 router-id 12.12.12.12
[R12-ospf-2]area 2
[R12-ospf-2-area-0.0.0.2]net
[R12-ospf-2-area-0.0.0.2]network 172.16.2.4 0.0.0.3
5、 配置MGRE
R3:
[R3]int t 0/0/0
[R3-Tunnel0/0/0]tunnel-protocol gre p2mp
[R3-Tunnel0/0/0]source 34.0.0.3
[R3-Tunnel0/0/0]nhrp entry multicast dynamic
[R3-Tunnel0/0/0]nhrp network-id 100
[R3-Tunnel0/0/0]undo rip split-horizon
[R3-Tunnel0/0/0]ospf network-type broadcast
6、 全网通
7、 全网可访问R4环回(acl)
R3:
[R3]acl 2000
[R3-acl-basic-2000] rule permit source 172.16.1.0 0.0.0.255
[R3]int s 4/0/0
[R3-Serial4/0/0]nat outbound 2000
R6:
[R6]acl 2000
[R6-acl-basic-2000] rule permit source 172.16.2.0 0.0.0.255
[R6]int s 4/0/0
[R6-Serial4/0/0]nat outbound 2000
R7:
[R7]acl 2000
[R7-acl-basic-2000] rule permit source 172.16.3.0 0.0.0.255
[R7]int s 4/0/0
[R7-Serial4/0/0]nat outbound 2000
Ping通测试:
8、 减少LSA的更新量(区域汇总)
R3:
[R3-ospf-1-area-0.0.0.1]abr-summary 172.16.1.0 255.255.255.0
R6:
[R6-ospf-1-area-0.0.0.2]abr-summary 172.16.2.0 255.255.255.0
R7:
[R7-ospf-1-area-0.0.0.]abr-summary 172.16.3.0 255.255.255.0
R9:
[R9-ospf-2] asbr-summary 172.16.4.0 255.255.255.0
R12:
[R12-ospf-1]asbr-summary 172.16.2.160 255.255.255.224
9、 减少路由表路由(特殊区域的划分)
Area1:
[R1-ospf-1-area-0.0.0.1] stub no-summary
[R2-ospf-1-area-0.0.0.1] stub no-summary
[R3-ospf-1-area-0.0.0.1] stub no-summary
Area2:
[R6-ospf-1-area-0.0.0.2]nssa no-summary
[R11-ospf-1-area-0.0.0.2]nssa no-summary
[R12-ospf-1-area-0.0.0.2]nssa no-summary
Area3:
[R7-ospf-1-area-0.0.0.3]nssa no-summary
[R8-ospf-1-area-0.0.0.3]nssa no-summary
[R9-ospf-1-area-0.0.0.3]nssa no-summary
由于Area4是域外路由,因此不给划分特殊区域,因其他三区域划分了特殊区域,导致其他区域主机访问Area4的主机时不会收到回包,因此给Area4下发一条缺省:
[R9-ospf-2]default-route-advertise always
路由表只剩下LSA1和LSA2以及缺省,精简后:
10、 加快路由条目的收敛(修改Hello报文的更新时间为5s)
Area1:
[R1-GigabitEthernet0/0/0]ospf timer hello 5
[R2-GigabitEthernet0/0/0]ospf timer hello 5
[R3-GigabitEthernet0/0/0]ospf timer hello 5
Area2:
[R6-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/0]ospf timer hello 5
[R11-GigabitEthernet0/0/1]ospf timer hello 5
[R12-GigabitEthernet0/0/0]ospf timer hello 5
Area3:
[R7-GigabitEthernet0/0/0]ospf timer hello 5
[R8-GigabitEthernet0/0/0]ospf timer hello 5
[R8-GigabitEthernet0/0/1]ospf timer hello 5
[R9-GigabitEthernet0/0/0]ospf timer hello 5
Area4:
[R9-GigabitEthernet0/0/1]ospf timer hello 5
[R10-GigabitEthernet0/0/0]ospf timer hello 5
11、 保障更新安全(接口认证—md5)
Area1(MD5):
[R1-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123
[R2-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123
[R3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123
