实验4. 动态路由—OSPF
1 背景知识
OSPF是由IETF的IGP工作组为ip网开发的路由协议。该工作组成立于1998年,
专门设计用于因特网的基于最短路径优先(SPF)算法的IGP。与IGRP类似,OSPF创建的原因是到了八十年代中期,RIP不能服务于大型、异构网络的缺陷愈发明显。 OSPF有两个主要的特性。首先该协议是开放的,即其规范是公开的,公布的OSPF规范是RFC1247。另一个基本的特性是OSPF基于SPF算法,该算法也称为Dijkstra算法,即以创建该算法的人来命名。
2 实验需求:思科路由器C3640三台
3 实验目的
通过本实验可以掌握:
在路由器上启动OSPF 路由进程
启用参与路由协议的接口,并且通告网络及所在的区域 认识DR和BDR选举 OSPF特殊区域配置 OSPF 认证的类型和意义
基于区域的OSPF 简单口令认证和MD5的配置和调试 OSPF路由汇总
验证OSPF 路由协议相关信息
4 实验拓扑
- 1 -
12.1.1.0/30S2/0Lo 0Hlsz-R1S2/0Hlsz-R2Area 0Area 123.1.1.0/30F0/0F0/0Hlsz-R3成都互联神州网络技术培训 www.ciscohuawei.comArea 3Lo 0
5 实验步骤
实验基本配置省略
5.1 OSPF单区域和多区域配置
配置R1路由器
R1(config)#router ospf 1 /开启ospf进程,进程ID本地有效,可一样也可以不一样 R1(config-router)#network 1.1.1.1 0.0.0.0 area 1 /通告网段的时候要注意的area ID R1(config-router)#network 12.1.1.0 0.0.0.3 area 0 /此网段要通告到area 0 R1(config-router)#end
配置R2路由器
R2(config)#router ospf 1
R2(config-router)#network 12.1.1.0 0.0.0.3 area 0 /这里三个网段都是area 0 R2(config-router)#network 2.2.2.2 0.0.0.0 area 0 R2(config-router)#network 23.1.1.0 0.0.0.3 area 0 R2(config-router)#exit
配置R3路由器
R3(config)#router ospf 1
R3(config-router)#network 23.1.1.0 0.0.0.3 area 0 /此网段属于区域0 R3(config-router)#network 3.3.3.3 0.0.0.0 area 3 /此网段属于区域3
查看R1和R3的路由表
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route
- 2 -
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 12.1.1.2, 00:13:15, Serial2/0 /区域内的路由 3.0.0.0/32 is subnetted, 1 subnets
O IA 3.3.3.3 [110/66] via 12.1.1.2, 00:13:15, Serial2/0 /区域间的路由 23.0.0.0/30 is subnetted, 1 subnets
O 23.1.1.0 [110/65] via 12.1.1.2, 00:13:15, Serial2/0 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial2/0
R3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/66] via 23.1.1.1, 00:13:37, FastEthernet0/0 /区域间的路由 2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 23.1.1.1, 00:13:37, FastEthernet0/0 /区域内的路由 3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0 23.0.0.0/30 is subnetted, 1 subnets
C 23.1.1.0 is directly connected, FastEthernet0/0 12.0.0.0/30 is subnetted, 1 subnets
O 12.1.1.0 [110/65] via 23.1.1.1, 00:13:37, FastEthernet0/0
查看R2的ospf的邻居(邻接)关系
R2#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface 3.3.3.3 1 FULL/BDR 00:00:38 23.1.1.2 FastEthernet0/0 1.1.1.1 0 FULL/ - 00:00:31 12.1.1.1 Serial2/0
备注:以太网链路有DR、BDR的选举,WAN链路(点到点)不选择DR、BDR
查看运行了ospf路由协议的接口
R2#sh ip os int f0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 23.1.1.1/30, Area 0 / 此接口地址及这个接口所在的区域
- 3 -
Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1 /网络环境类型 Transmit Delay is 1 sec, State DR, Priority 1 /DR或者是BDR,优先级
Designated Router (ID) 2.2.2.2, Interface address 23.1.1.1 /Router-ID也是DR Backup Designated router (ID) 3.3.3.3, Interface address 23.1.1.2 /BDR
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 /存活时间 oob-resync timeout 40 Hello due in 00:00:09
Supports Link-local Signaling (LLS) Index 3/3, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 0, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1 /邻居个数
Adjacent with neighbor 3.3.3.3 (Backup Designated Router) /邻接个数 Suppress hello for 0 neighbor(s)
R2#sh ip ospf int s2/0 /无DR、BDR 的选举 Serial2/0 is up, line protocol is up Internet Address 12.1.1.2/30, Area 0
Process ID 1, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64 /网络环境 Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:01
Supports Link-local Signaling (LLS) Index 1/1, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 2
Last flood scan time is 0 msec, maximum is 0 msec
Neighbor Count is 1, Adjacent neighbor count is 1 /邻居个数 Adjacent with neighbor 1.1.1.1 /邻接个数 Suppress hello for 0 neighbor(s)
R3#ping 1.1.1.1 /测试与R1的连通性 Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/38/80 ms hlsz-R3#ping 12.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.1.1.1, timeout is 2 seconds: !!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/27/52 ms
5.2 OSPF特殊区域配置
实验拓扑:
- 4 -
Area 1 StubArea 0 R112.1.1.0/30R223.1.1.0/30R3Interface loopback1.1.1.0/242.2.2.0/243.3.3.0/244.4.4.0/24实验步骤
基本配置略,stub区域作用:R1所处的区域1路由器性能不是太好,不需要学习全部的OSPF路由条目,可以把AREA 1设置为特殊区域
配置R2 区域1为stub区域
R2(config)#router ospf 1 R2(config-router)#area 1 stub
配置R1区域1为stub区域
R1(config)#router ospf 1 R1(config-router)#area 1 stub
查看R1路由表
- 5 -
/可以观察在R1路由表多了一条OSPF的默认路由,即拒绝了5类LSA.
5.3 OSPF认证 实验拓扑
AERA 0
5.3.1 基于区域的OSPF 简单口令认证
实验步骤 (接口IP地址、ospf路由启用配置略) (1)配置路由器R1 R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 12.1.1.0 255.255.255.0 area 0 R1(config-router)#network 1.1.1.0 255.255.255.0 area 0
R1(config-router)#area 0 authentication /区域0 启用简单口令认证 R1(config)#interface s2/0
R1(config-if)#ip ospf authentication-key cisco /配置认证密码 (2)配置路由器R2 R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 2.2.2.0 255.255.255.0 area 0 R2(config-router)#network 12.1.1.0 255.255.255.0 area 0 R2(config-router)#area 0 authentication R2(config)#interface s2/1
- 6 -
R2(config-if)#ip ospf authentication-key cisco
实验验证
(1)show ip ospf interface R1#show ip ospf interface s2/0
Serial2/0 is up, line protocol is up Internet Address 12.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:09
Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s)
Simple password authentication enabled /简单口令认证
(2)show ip ospf R1#show ip ospf
Routing Process \"ospf 1\" with ID 1.1.1.1 Supports only single TOS(TOS0) routes ......
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback)
Area has simple password authentication /简单口令认证 SPF algorithm last executed 00:00:01.916 ago SPF algorithm executed 5 times Area ranges are
Number of LSA 2. Checksum Sum 0x010117
Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
通过以上输出信息,可以得知OSPF采用简单口令认证方式。
- 7 -
5.3.2 基于区域的OSPF MD5 认证 (1)配置路由器R1 R1(config)#router ospf 1
R1(config-router)#router-id 1.1.1.1
R1(config-router)#network 12.1.1.0 255.255.255.0 area 0 R1(config-router)#network 1.1.1.0 255.255.255.0 area 0
R1(config-router)#area 0 authentication message-digest /区域0启用MD5 认证 R1(config)#interface s2/0
R1(config-if)#ip ospf message-digest-key 1 md5 cisco /配置认证key ID 及密匙
(2)配置路由器R2 R2(config)#router ospf 1
R2(config-router)#router-id 2.2.2.2
R2(config-router)#network 2.2.2.0 255.255.255.0 area 0 R2(config-router)#network 12.1.1.0 255.255.255.0 area 0 R2(config-router)#area 0 authentication message-digest R2(config)#interface s2/1
R2(config-if)#ip ospf message-digest-key 1 md5 cisco
实验验证
(1)show ip ospf interface R1#show ip ospf interface s2/0
Serial2/0 is up, line protocol is up Internet Address 12.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:09
Supports Link-local Signaling (LLS)
- 8 -
Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1 /MD5认证方式
(2)show ip ospf R1#show ip ospf
Routing Process \"ospf 1\" with ID 1.1.1.1 Supports only single TOS(TOS0) routes ......
Area BACKBONE(0)
Number of interfaces in this area is 2 (1 loopback) Area has message digest authentication /MD5认证方式 SPF algorithm last executed 00:00:01.916 ago SPF algorithm executed 5 times Area ranges are
Number of LSA 2. Checksum Sum 0x010117
Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
通过以上输出信息,可以得知OSPF采用MD5认证方式。
5.3.3 基于接口的OSPF 简单口令认证 (1)配置R1路由器
R1(config)#interface serial 2/0
R1(config-if)#ip ospf authentication /开启明文认证
R1(config-if)#ip ospf authentication-key 1 ccie /设置明文密码 (2)配置R1路由器
R2(config)#interface serial 2/0
- 9 -
R2(config-if)#ip ospf authentication
R2(config-if)#ip ospf authentication-key 1 ccie
实验验证
R1#show ip ospf interface serial 2/0 Serial2/0 is up, line protocol is up Internet Address 12.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64 Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:09
Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s)
Simple password authentication enabled /简单口令认证 5.3.4 基于接口的OSPF MD5认证 (3)配置R1路由器
R1(config)#interface serial 2/0
R1(config-if)#ip ospf authentication message-digest /开启密文认证 R1(config-if)#ip ospf message-digest-key 1 md5 ccie /设置MD5密码 (4)配置R1路由器
R2(config)#interface serial 2/0
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf message-digest-key 1 md5 ccie
- 10 -
实验验证
R1#show ip ospf interface s2/0
Serial2/0 is up, line protocol is up Internet Address 12.1.1.1/24, Area 0
Process ID 1, Router ID 1.1.1.1, Network Type POINT_TO_POINT, Cost: 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 oob-resync timeout 40 Hello due in 00:00:00
Supports Link-local Signaling (LLS) Index 2/2, flood queue length 0 Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2 Suppress hello for 0 neighbor(s)
Message digest authentication enabled
Youngest key id is 1 /MD5认证方式
5.3.4 MD5认证排错
如果R1和R2上都配置的密文认证,但key ID不一样,会出现的情况;在R1上配置了key id 2 ,在R2上配置了key ID 1,即使密码一样,也不会认证成功
R1#debug ip os adj
OSPF adjacency events debugging is on R1#
01:11:57: OSPF: Send with youngest Key 2
01:11:57: OSPF: Rcv pkt from 12.1.1.2, Serial1 : Mismatch Authentication Key - No message digest key 1 on interface R2#
01:15:14: OSPF: Rcv pkt from 12.1.1.1, Serial1 : Mismatch Authentication Key - No message digest key 2 on interface
01:15:14: OSPF: Send with youngest Key 1
此时在R1上增加一个key ID 1 ,认证会起来,
R1(config-if)#ip ospf message-digest-key 1 md5 cisco
- 11 -
R1#
01:17:36: OSPF: Send with youngest Key 1, /*总是发”最年轻”的key与对方进行比较
5.4 OSPF汇总
5.4.1 非0区域到骨干区域汇总
实验拓扑
实验步骤
(1)R1基本配置
interface Loopback0
ip address 1.1.1.1 255.255.255.255 interface Serial1
ip address 12.1.1.1 255.255.255.252 clockrate 64000 router ospf 1
network 12.1.1.0 0.0.0.3 area 0
(2)R2路由器基本配置 interface Loopback0
ip address 2.2.2.2 255.255.255.255 interface Loopback1
ip address 100.26.26.1 255.255.255.240 interface Loopback2
ip address 100.26.26.17 255.255.255.240 interface Loopback3
ip address 100.26.26.33 255.255.255.240 interface Loopback4
- 12 -
ip address 100.26.26.49 255.255.255.240 interface Serial1
ip address 12.1.1.2 255.255.255.252 router ospf 1
network 12.1.1.0 0.0.0.3 area 0 network 100.26.26.0 0.0.0.63 area 1
(3)查看路由表 R1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 100.0.0.0/32 is subnetted, 4 subnets
O IA 100.26.26.33 [110/65] via 12.1.1.2, 00:18:32, Serial1 O IA 100.26.26.49 [110/65] via 12.1.1.2, 00:18:32, Serial1 O IA 100.26.26.1 [110/65] via 12.1.1.2, 00:18:32, Serial1 O IA 100.26.26.17 [110/65] via 12.1.1.2, 00:18:32, Serial1 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1
(4)R2进行路由汇总(ABR) R2(config)#router ospf 1
R2(config-router)#area 1 range 100.26.26.0 255.255.255.192 /注意区分掩码和区域
(5)查看汇总后的路由表
R1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 100.0.0.0/26 is subnetted, 1 subnets
O IA 100.26.26.0 [110/65] via 12.1.1.2, 00:00:25, Serial1 /汇总后的路由表 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1
5.4.1 骨干区域到非0区域汇总
实验拓扑
- 13 -
实验步骤
(1)配置R1路由器 nterface Loopback0
ip address 1.1.1.1 255.255.255.255 interface Serial1
ip address 12.1.1.1 255.255.255.252 clockrate 64000
router ospf 1
network 12.1.1.0 0.0.0.3 area 1
(2)配置R2路由器
interface Loopback0
ip address 2.2.2.2 255.255.255.255 interface Loopback1
ip address 100.26.26.1 255.255.255.240 interface Loopback2
ip address 100.26.26.17 255.255.255.240 interface Loopback3
ip address 100.26.26.33 255.255.255.240 interface Loopback4
ip address 100.26.26.49 255.255.255.240 interface Serial1
ip address 12.1.1.2 255.255.255.252 router ospf 1
network 12.1.1.0 0.0.0.3 area 1 network 100.26.26.0 0.0.0.63 area 0 (3)查看路由表 R1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 100.0.0.0/32 is subnetted, 4 subnets
O IA 100.26.26.33 [110/65] via 12.1.1.2, 00:04:16, Serial1 O IA 100.26.26.49 [110/65] via 12.1.1.2, 00:04:16, Serial1 O IA 100.26.26.1 [110/65] via 12.1.1.2, 00:04:16, Serial1 O IA 100.26.26.17 [110/65] via 12.1.1.2, 00:04:16, Serial1 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1
- 14 -
(4) 在R2进行路由汇总(ABR)
R2(config)#router ospf 1
R2(config-router)#area 0 range 100.26.26.0 255.255.255.192 /注意区分掩码和区域
(5)查看汇总后的路由表
R1#show ip route
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0 100.0.0.0/26 is subnetted, 1 subnets
O IA 100.26.26.0 [110/65] via 12.1.1.2, 00:00:07, Serial1 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1
R2#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
100.0.0.0/8 is variably subnetted, 5 subnets, 2 masks C 100.26.26.32/28 is directly connected, Loopback3 C 100.26.26.48/28 is directly connected, Loopback4
O 100.26.26.0/26 is a summary, 00:02:03, Null0 /汇聚后会产生一个26位的条目指向NULL0 防止回环
C 100.26.26.0/28 is directly connected, Loopback1 C 100.26.26.16/28 is directly connected, Loopback2 12.0.0.0/30 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1
手动添加:
R2(config)#ip route 100.26.26.0 255.255.255.192 null 0
- 15 -
6 OSPF命令汇总
命令 作用 show ip route 查看路由表
show ip ospf neighbor 查看OSPF 邻居的基本信息 show ip ospf database show ip ospf interface show ip ospf debug ip ospf adj debug ip ospf events debug ip ospf packet router ospf router-id network ip ospf network ip ospf priority
查看OSPF 拓扑结构数据库 查看OSPF 路由器接口的信息 查看OSPF 进程及其细节
显示OSPF 邻接关系创建或中断的过程 显示OSPF 发生的事件
显示路由器收到的所有的OSPF 数据包 启动OSPF 路由进程 配置路由器ID
通告网络及网络所在的区域 配置接口网络类型 配置接口优先级 - 16 -
因篇幅问题不能全部显示,请点此查看更多更全内容