热门标签
热门文章
- 1qemu-system-x86_64(1)-Linux手册页_qemu-system-x86_64手册
- 22001-2021,一文读懂NLP发展简史_回顾 nlp 的主要发展历程
- 3QT5.14 QTextEdit的内容保存到文件的方法_qt中保存文本框内容
- 4【Leetcode刷题篇】- Leetcode092反转链表II_ds单链表反转链表,给定一个链表,以及输入两个整数left和right
- 5Android基础知识(二十):Notification、提醒式通知(横幅)踩坑与通知界面设置跳转_setfullscreenintent会使通知停留?
- 6C/C++生态工具链——gcc/g++编译器使用指南
- 7Mac版2024 CleanMyMac X 4.14.6 核心功能详解以及永久下载和激活入口
- 8批量归一化(Batch normalization)
- 9鸿蒙(HarmonyOS)项目方舟框架(ArkUI)之Stack容器组件
- 10黑苹果 映泰h170gtn+i3 7100+RX460
当前位置: article > 正文
构建互联互通的ip网络——(实验二:OSPF路由协议基础实验)
作者:IT小白 | 2024-03-22 11:52:29
赞
踩
构建互联互通的ip网络——(实验二:OSPF路由协议基础实验)
实验介绍
关于本实验
开放式最短路径优先OSPF(Open Shortest Path First)是IETF组织开发的一个基于链路状态的内部网关协议(Interior Gateway Protocol)。目前针对IPv4协议使用的是OSPF Version 2(RFC2328);OSPF作为基于链路状态的协议,OSPF具有以下优点:
- OSPF采用组播形式收发报文,这样可以减少对其它不运行OSPF路由器的影响。
- OSPF支持无类型域间选路(CIDR)。
- OSPF支持对等价路由进行负载分担。
- OSPF支持报文认证。
由于OSPF具有以上优势,使得OSPF作为优秀的内部网关协议被快速接收并广泛使用
本实验将通过配置单区域OSPF,帮助学员理解OSPF基本配置与原理。
实验目的
- 掌握OSPF的基本配置命令
- 掌握如何查看OSPF的运行状态
- 掌握如何通过Cost控制OSPF的选路
- 掌握OSPF发布默认路由的方法
- 掌握OSPF认证配置方法
实验组网介绍
OSPF路由协议基础实验拓扑
实验背景
R1、R2、R3都是各自网络的网关设备,现在需要通过OSPF动态路由协议,来实现这些网络之间的互联互通
实验任务配置
配置思路
1. 创建设备上的OSPF进程并使能接口上的OSPF功能
2. 配置OSPF认证
3. 通过OSPF发布默认路由
4. 通过修改Cost值控制OSPF选路
配置步骤
步骤一 设备基础配置
# 按照实验一的步骤1、2、3、4完成路由器的命名、物理接口和LoopBack接口的IP地址配置
# 查看设备的路由表,以R1为例
- [R1]display ip routing-table
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------
- Routing Tables: Public
- Destinations : 11 Routes : 11
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
- 10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet0/0/3
- 10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet0/0/1
- 10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此时设备上仅存在直连路由。
步骤二 完成OSPF基本配置
# 创建OSPF进程
[R1]ospf 1
创建OSPF进程是配置与OSPF协议有关参数的首要步骤。OSPF支持多进程,在同一台设备上可以运行多个不同的OSPF进程,它们之间互不影响,彼此独立。不同OSPF进程之间的路由交互相当于不同路由协议之间的路由交互。可以在创建OSPF进程时指定进程号,若不指定,默认进程号为“1”。
# 创建OSPF区域并使能相应的接口
[R1-ospf-1]area 0area命令用来创建OSPF区域,并进入OSPF区域视图
- [R1-ospf-1-area-0.0.0.0]network 10.0.12.1 0.0.0.255
- [R1-ospf-1-area-0.0.0.0]network 10.0.13.1 0.0.0.255
- [R1-ospf-1-area-0.0.0.0]network 10.0.1.1 0.0.0.0
network network-address wildcard-mask用来指定运行OSPF协议的接口。满足下面两个条件,OSPF协议才能在接口上运行:
1. 接口的IP地址掩码长度≥network命令中的掩码长度。OSPF使用反掩码,例如0.0.0.255表示掩码长度24位。
2. 接口的IP地址必须在network命令指定的网段范围之内。
此时三个接口都被使能,同时属于区域0
- [R2]ospf
- [R2-ospf-1]area 0
- [R2-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0
- [R2-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0
- [R2-ospf-1-area-0.0.0.0]network 10.0.1.2 0.0.0.0
当network命令配置的wildcard-mask为全0时,如果接口的IP地址与network-address配置的IP地址相同,则此接口也会运行OSPF协议。
- [R3]ospf
- [R3-ospf-1]area 0
- [R3-ospf-1-area-0.0.0.0]network 10.0.13.3 0.0.0.0
- [R3-ospf-1-area-0.0.0.0]network 10.0.23.3 0.0.0.0
- [R3-ospf-1-area-0.0.0.0]network 10.0.1.3 0.0.0.0
步骤三 查看OSPF状态
# 查看OSPF邻居
- [R1]display ospf peer
-
- OSPF Process 1 with Router ID 10.0.1.1
- Neighbors
-
- Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet0/0/1)'s neighbors
- Router ID: 10.0.1.3 Address: 10.0.13.3
- State: Full Mode:Nbr is Master Priority: 1
- DR: 10.0.13.3 BDR: 10.0.13.1 MTU: 0
- Dead timer due in 36 sec
- Retrans timer interval: 0
- Neighbor is up for 00:00:30
- Authentication Sequence: [ 0 ]
- Neighbors
- Area 0.0.0.0 interface 10.0.12.1(GigabitEthernet0/0/3)'s neighbors
- Router ID: 10.0.1.2 Address: 10.0.12.2
- State: Full Mode:Nbr is Master Priority: 1
- DR: 10.0.12.2 BDR: 10.0.12.1 MTU: 0
- Dead timer due in 39 sec
- Retrans timer interval: 4
- Neighbor is up for 00:00:28
- Authentication Sequence: [ 0 ]
display ospf peer命令用来显示OSPF中各区域邻居的信息。包括邻居所属的区域、邻居Router ID、邻居状态、DR和BDR路由器等信息。
# 查看IP路由表中由OSPF学习到的路由
- [R1]display ip routing-table protocol ospf
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------
- Public routing table : OSPF
- Destinations : 3 Routes : 4
-
- OSPF routing table status : <Active>
- Destinations : 3 Routes : 4
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 10.0.1.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet0/0/3
- 10.0.1.3/32 OSPF 10 1 D 10.0.13.3 GigabitEthernet0/0/1
- 10.0.23.0/24 OSPF 10 2 D 10.0.13.3 GigabitEthernet0/0/1
- OSPF 10 2 D 10.0.12.2 GigabitEthernet0/0/3
-
- OSPF routing table status : <Inactive>
- Destinations : 0 Routes : 0
步骤四 配置OSPF认证
# 在R1上配置接口认证
- # 在R1上配置接口认证
- [R1]interface GigabitEthernet0/0/1
- [R1- GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher HCIA-Datacom
- [R1]interface GigabitEthernet0/0/3
- [R1- GigabitEthernet0/0/3]ospf authentication-mode md5 1 cipher HCIA-Datacom
- [R1- GigabitEthernet0/0/3]display this
- #
- interface GigabitEthernet0/0/3
- ip address 10.0.12.1 255.255.255.0
- ospf authentication-mode md5 1 cipher foCQTYsq-4.A\^38y!DVwQ0#
- #
由于cipher是密文口令类型,所以查看配置时以密文方式显示口令
# 查看当前的邻居状态
- [R1]display ospf peer brief
-
- OSPF Process 1 with Router ID 10.0.1.1
- Peer Statistic Information
- ------------------------------------------------------------------------------------------------------------------------------------
- Area Id Interface Neighbor id State
- ------------------------------------------------------------------------------------------------------------------------------------
- Total Peer(s): 0
由于其他路由器还未配置认证,所以认证不通过,无邻居。
# 配置R2上的接口认证
- [R2]interface GigabitEthernet0/0/3
- [R2- GigabitEthernet0/0/3]ospf authentication-mode md5 1 cipher HCIA-Datacom
- [R2]interface GigabitEthernet0/0/4
- [R2- GigabitEthernet0/0/4]ospf authentication-mode md5 1 cipher HCIA-Datacom
# 查看R2的邻居状态
- [R2]display ospf peer brief
-
- OSPF Process 1 with Router ID 10.0.1.2
- Peer Statistic Information
- ------------------------------------------------------------------------------------------------------------------------------------
- Area Id Interface Neighbor id State
- 0.0.0.0 GigabitEthernet0/0/3 10.0.1.1 Full
- ------------------------------------------------------------------------------------------------------------------------------------
- Total Peer(s): 1
此时R2已经可以和R1建立起正常的邻居关系。
# 在R3上配置区域认证
- [R3]ospf
- [R3-ospf-1]area 0
- [R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher HCIA-Datacom
# 查看R3上的邻居状态
- [R3]display ospf peer brief
-
- OSPF Process 1 with Router ID 10.0.1.3
- Peer Statistic Information
- ------------------------------------------------------------------------------------------------------------------------------------
- Area Id Interface Neighbor id State
- 0.0.0.0 GigabitEthernet0/0/1 10.0.1.1 Full
- 0.0.0.0 GigabitEthernet0/0/3 10.0.1.2 Full
- ------------------------------------------------------------------------------------------------------------------------------------
- Total Peer(s): 2
此时R3已经和R1与R2建立邻接关系。说明OSPF接口认证与区域认证产生的效果都是在设备的OSPF接口上实现OSPF报文认证。
步骤五 假设R1为所有网络的出口,所以在R1上向OSPF宣告默认路由
# 在R1上宣告默认路由
- [R1]ospf
- [R1-ospf-1]default-route-advertise always
default-route-advertise命令用来将默认路由通告到普通OSPF区域,如果没有配置always参数,本机路由表中必须有激活的非本OSPF默认路由时才向其他路由器发布默认路由。本例中,本地路由表中没有默认路由,所以需要增加always参数。
# 查看R2与R3上的IP路由表
- [R2]display ip routing-table
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------------------------------------------------
- Routing Tables: Public
- Destinations : 15 Routes : 16
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 0.0.0.0/0 O_ASE 150 1 D 10.0.12.1 GigabitEthernet0/0/3
- 10.0.1.1/32 OSPF 10 1 D 10.0.12.1 GigabitEthernet0/0/3
- 10.0.1.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
- 10.0.1.3/32 OSPF 10 1 D 10.0.23.3 GigabitEthernet0/0/4
- 10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet0/0/3
- 10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.13.0/24 OSPF 10 2 D 10.0.12.1 GigabitEthernet0/0/3
- OSPF 10 2 D 10.0.23.3 GigabitEthernet0/0/4
- 10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet0/0/4
- 10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/4
- 10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/4
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
-
- [R3]display ip routing-table
- Route Flags: R - relay, D - download to fib
- ------------------------------------------------------------------------------------------------------------------------
- Routing Tables: Public
- Destinations : 15 Routes : 16
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 0.0.0.0/0 O_ASE 150 1 D 10.0.13.1 GigabitEthernet0/0/1
- 10.0.1.1/32 OSPF 10 1 D 10.0.13.1 GigabitEthernet0/0/1
- 10.0.1.2/32 OSPF 10 1 D 10.0.23.2 GigabitEthernet0/0/3
- 10.0.1.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
- 10.0.12.0/24 OSPF 10 2 D 10.0.23.2 GigabitEthernet0/0/3
- OSPF 10 2 D 10.0.13.1 GigabitEthernet0/0/1
- 10.0.13.0/24 Direct 0 0 D 10.0.13.3 GigabitEthernet0/0/1
- 10.0.13.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 10.0.23.0/24 Direct 0 0 D 10.0.23.3 GigabitEthernet0/0/3
- 10.0.23.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
R2与R3上已经学习到相应的默认路由。
步骤六 通过修改R1相应接口的Cost值,使得R1的LoopBack0接口通过R1->R3->R2的路径访问R2的LoopBack0接口
# 从R1的路由表可知,R1通过R1->R2的路径访问R2的LoopBack0接口的路由开销为1,从R1->R3->R2的路由开销为2,故只要使R1->R2的路由开销大于2即可。
- [R1]interface GigabitEthernet0/0/3
- [R1- GigabitEthernet0/0/3]ospf cost 10
# 查看R1的路由表
- [R1]display ip routing-table
- Route Flags: R - relay, D - download to fib
- ----------------------------------------------------------------------------------------------------------------------------------
- Routing Tables: Public
- Destinations : 14 Routes : 14
-
- Destination/Mask Proto Pre Cost Flags NextHop Interface
-
- 10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
- 10.0.1.2/32 OSPF 10 2 D 10.0.13.3 GigabitEthernet0/0/1
- 10.0.1.3/32 OSPF 10 1 D 10.0.13.3 GigabitEthernet0/0/1
- 10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet0/0/3
- 10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/3
- 10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet0/0/1
- 10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
- 10.0.23.0/24 OSPF 10 2 D 10.0.13.3 GigabitEthernet0/0/1
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此时R1访问R2的LoopBack0接口的下一跳为R3的GigabitEthernet0/0/1接口
# 通过Tracert命令验证
- [R1]tracert –a 10.0.1.1 10.0.1.2
-
- traceroute to 10.0.1.2(10.0.1.2), max hops: 30 ,packet length: 40,press CTRL_C to break
-
- 1 10.0.13.3 40 ms 50 ms 50 ms
-
- 2 10.0.23.2 60 ms 110 ms 70 ms
结果验证
1. 通过ping功能检查设备各接口之间的联通性。
2. 通过关闭接口模拟链路故障,查看路由表的变化。
配置参考
R1的配置
- #
- sysname R1
- #
- interface GigabitEthernet0/0/1
- ip address 10.0.13.1 255.255.255.0
- ospf authentication-mode md5 1 cipher %^%#`f*R'6q/RMq(+5*g(sP~SB8oQ49;%7WE:07P7X:W%^%#
- #
- interface GigabitEthernet0/0/3
- ip address 10.0.12.1 255.255.255.0
- ospf cost 10
- ospf authentication-mode md5 1 cipher %^%#]e)pBf~7B0.FM~U;bRAVgE$U>%X;>T\M\tLlYRj2%^%#
- #
- interface LoopBack0
- ip address 10.0.1.1 255.255.255.255
- #
- ospf 1
- default-route-advertise always
- area 0.0.0.0
- network 10.0.1.1 0.0.0.0
- network 10.0.12.0 0.0.0.255
- network 10.0.13.0 0.0.0.255
- #
- return
R2的配置
- #
- sysname R2
- #
- interface GigabitEthernet0/0/3
- ip address 10.0.12.2 255.255.255.0
- ospf authentication-mode md5 1 cipher %^%#z+72ZaTk2+v/g7E~AmR"NFYAKC>LZ8~Y`[**Gh=&%^%#
- #
- interface GigabitEthernet0/0/4
- ip address 10.0.23.2 255.255.255.0
- ospf authentication-mode md5 1 cipher %^%#=@2jEBu!{&UYoB*(RDVLc5t~<1B_a-PwC$WH%jQ3%^%#
- #
- interface LoopBack0
- ip address 10.0.1.2 255.255.255.255
- #
- ospf 1
- area 0.0.0.0
- network 10.0.1.2 0.0.0.0
- network 10.0.12.2 0.0.0.0
- network 10.0.23.2 0.0.0.0
- #
- return
R3的配置
- #
- sysname R3
- #
- interface GigabitEthernet0/0/1
- ip address 10.0.13.3 255.255.255.0
- #
- interface GigabitEthernet0/0/3
- ip address 10.0.23.3 255.255.255.0
- #
- interface LoopBack0
- ip address 10.0.1.3 255.255.255.255
- #
- ospf 1
- area 0.0.0.0
- authentication-mode md5 1 cipher %^%#Rl<:SVln1M>[Gk"v/OeSEW|:0:4*h;b|-d:N"s{>%^%#
- network 10.0.1.3 0.0.0.0
- network 10.0.13.3 0.0.0.0
- network 10.0.23.3 0.0.0.0
- #
- return
思考题
1. 步骤6中,R2回复R1的ICMP报文的路径是什么样的?试着解释一下原因。
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/IT小白/article/detail/287970
推荐阅读
相关标签
