H3C OSPF 外部路由引入实验
实验拓扑
实验需求
- 按照图示配置 IP 地址
- R1,R2,R3 运行 OSPF 使内网互通,所有接口(公网接口除外)全部宣告进 Area 0;要求使用环回口作为 Router-id
- 业务网段不允许出现协议报文
- R4 模拟互联网,内网通过 R2 连接互联网,在 R2 上配置默认路由并引入到 OSPF
- R2 上配置 EASY IP,只允许业务网段访问互联网
- 要求业务网段访问互联网流量经过 R3,R1,R2
实验步骤
设备IP地址配置
R1 IP地址配置
[R1]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 10.1.1.1/24 -- --
GE0/1 up up 10.3.3.1/24 -- --
GE0/2 down down -- -- --
GE5/0 down down -- -- --
GE5/1 down down -- -- --
GE6/0 down down -- -- --
GE6/1 down down -- -- --
Loop0 up up(s) 1.1.1.1/32 -- --
Ser1/0 down down -- -- --
Ser2/0 down down -- -- --
Ser3/0 down down -- -- --
Ser4/0 down down -- -- --
R2 IP地址配置
[R2]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 10.1.1.2/24 -- --
GE0/1 up up 10.2.2.2/24 -- --
GE0/2 up up 202.1.1.2/24 -- --
GE5/0 down down -- -- --
GE5/1 down down -- -- --
GE6/0 down down -- -- --
GE6/1 down down -- -- --
Loop0 up up(s) 2.2.2.2/32 -- --
Ser1/0 down down -- -- --
Ser2/0 down down -- -- --
Ser3/0 down down -- -- --
Ser4/0 down down -- -- --
R3 IP地址配置
[R3]display ip interface brief
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP address/Mask VPN instance Description
GE0/0 up up 192.168.1.3/24 -- --
GE0/1 up up 10.3.3.3/24 -- --
GE0/2 up up 10.2.2.3/24 -- --
GE5/0 down down -- -- --
GE5/1 down down -- -- --
GE6/0 down down -- -- --
GE6/1 down down -- -- --
Loop0 up up(s) 3.3.3.3/32 -- --
Ser1/0 down down -- -- --
Ser2/0 down down -- -- --
Ser3/0 down down -- -- --
Ser4/0 down down -- -- --
R4 IP地址配置
[R4]display interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
GE0/0 UP UP 202.1.1.4
GE0/1 DOWN DOWN --
GE0/2 DOWN DOWN --
GE5/0 DOWN DOWN --
GE5/1 DOWN DOWN --
GE6/0 DOWN DOWN --
GE6/1 DOWN DOWN --
InLoop0 UP UP(s) --
Loop0 UP UP(s) 100.1.1.1
NULL0 UP UP(s) --
REG0 UP -- --
Ser1/0 DOWN DOWN --
Ser2/0 DOWN DOWN --
Ser3/0 DOWN DOWN --
Ser4/0 DOWN DOWN --
PC1 IP地址配置
OSPF基本配置
R1 OSPF基本配置
#
ospf 1 router-id 1.1.1.1area 0.0.0.0network 1.1.1.1 0.0.0.0network 10.1.1.1 0.0.0.0network 10.3.3.1 0.0.0.0
R2 OSPF基本配置
#
ospf 1 router-id 2.2.2.2area 0.0.0.0network 2.2.2.2 0.0.0.0network 10.1.1.2 0.0.0.0network 10.2.2.2 0.0.0.0
R3 OSPF基本配置
#
ospf 1 router-id 3.3.3.3area 0.0.0.0network 3.3.3.3 0.0.0.0network 10.2.2.3 0.0.0.0network 10.3.3.3 0.0.0.0network 192.168.1.0 0.0.0.255
业务网段不允许出现协议报文
R3 OSPF配置静默接口
#
ospf 1 router-id 3.3.3.3silent-interface GigabitEthernet0/0
模拟互联网,仅业务网段访问
R2 配置Easy IP
#
acl basic 2000rule 0 permit source 192.168.1.0 0.0.0.255
#
interface GigabitEthernet0/2nat outbound 2000
默认路由引入
R2 默认路由引入
#ip route-static 0.0.0.0 0 202.1.1.4
#
ospf 1 router-id 2.2.2.2default-route-advertise
将默认路由引入后,R1和R3上会各自收到一条来自R2产生的Type5 LSA的默认路由条目
R1 上查看 OSPF LSDB
[R1]display ospf lsdbOSPF Process 1 with Router ID 1.1.1.1Link State DatabaseArea: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 3.3.3.3 3.3.3.3 154 72 8000000A 0 Router 1.1.1.1 1.1.1.1 151 60 80000008 0 Router 2.2.2.2 2.2.2.2 154 60 80000008 0 Network 10.3.3.3 3.3.3.3 152 32 80000001 0 Network 10.2.2.3 3.3.3.3 154 32 80000001 0 Network 10.1.1.2 2.2.2.2 158 32 80000001 0 AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 0.0.0.0 2.2.2.2 178 36 80000001 1
R3 上查看 OSPF LSDB
[R3]display ospf lsdbOSPF Process 1 with Router ID 3.3.3.3Link State DatabaseArea: 0.0.0.0Type LinkState ID AdvRouter Age Len Sequence MetricRouter 3.3.3.3 3.3.3.3 191 72 8000000A 0 Router 1.1.1.1 1.1.1.1 192 60 80000008 0 Router 2.2.2.2 2.2.2.2 193 60 80000008 0 Network 10.3.3.3 3.3.3.3 191 32 80000001 0 Network 10.2.2.3 3.3.3.3 192 32 80000001 0 Network 10.1.1.2 2.2.2.2 198 32 80000001 0 AS External DatabaseType LinkState ID AdvRouter Age Len Sequence MetricExternal 0.0.0.0 2.2.2.2 218 36 80000001 1
重选业务网段访问互联网路径
依据OSPF的选路原则,cost值小的优先;所以但业务网段访问互联网时,所经过的线路,R3-R2 cost值总和要大于R3-R1-R2总和,且为了保证来回路径一致,R3与R2之间所连接的端口Cost值都需要修改。
R2 G0/1 Cost值增大
#
interface GigabitEthernet0/1ospf cost 1000
R3 G0/2 Cost值增大
#
interface GigabitEthernet0/2ospf cost 1000
实验验证
业务网段访问互联网流量经过 R3,R1,R2
查看R3路由表
业务网段访问互联网,走默认路由,下一跳R1
[R3]display ip routing-tableDestinations : 21 Routes : 21Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.3.3.1 GE0/1
查看R1路由表
当流量到达R1,业务访问互联网,走默认路由,下一跳R2
[R1]dis ip routing-table Destinations : 19 Routes : 20Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 O_ASE2 150 1 10.1.1.2 GE0/0
192.168.1.0/24 O_INTRA 10 2 10.3.3.3 GE0/1
查看R2路由表和NAT转换表
当流量到达R2,业务访问互联网,走默认路由访问,将业务网段IP转换为出接口IP访问互联网,且回程路由下一跳是去往R1
由此证明业务网段访问互联网经过R3,R1,R2,并且来回路径一致。
[R2]display ip routing-table Destinations : 22 Routes : 22Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 202.1.1.4 GE0/2
192.168.1.0/24 O_INTRA 10 3 10.1.1.1 GE0/0[R2]display nat session
Slot 0:
Initiator:Source IP/port: 192.168.1.1/168Destination IP/port: 100.1.1.1/2048DS-Lite tunnel peer: -VPN instance/VLAN ID/Inline ID: -/-/-Protocol: ICMP(1)Inbound interface: GigabitEthernet0/0Total sessions found: 1
在PC1上tracert 100.1.1.1,路径符合实验需求
<H3C>tracert 100.1.1.1
traceroute to 100.1.1.1 (100.1.1.1), 30 hops at most, 40 bytes each packet, press CTRL_C to break1 192.168.1.3 (192.168.1.3) 0.574 ms 0.249 ms 0.251 ms2 10.3.3.1 (10.3.3.1) 0.446 ms 0.495 ms 0.463 ms3 10.1.1.2 (10.1.1.2) 0.959 ms 1.224 ms 1.004 ms4 202.1.1.4 (202.1.1.4) 1.833 ms 1.243 ms 1.670 ms
是否只允许业务网段访问互联网
在R3上使用非业务网段访问互联网
非业务网段无法访问互联网
[R3]ping -a 3.3.3.3 100.1.1.1
Ping 100.1.1.1 (100.1.1.1) from 3.3.3.3: 56 data bytes, press CTRL+C to break
Request time out
Request time out
Request time out
Request time out
Request time out--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
[R3]%Feb 27 11:31:15:510 2024 R3 PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss.
在R3上使用业务网段访问互联网
仅业务网段可访问互联网
[R3]ping -a 192.168.1.3 100.1.1.1
Ping 100.1.1.1 (100.1.1.1) from 192.168.1.3: 56 data bytes, press CTRL+C to break
56 bytes from 100.1.1.1: icmp_seq=0 ttl=253 time=0.989 ms
56 bytes from 100.1.1.1: icmp_seq=1 ttl=253 time=1.087 ms
56 bytes from 100.1.1.1: icmp_seq=2 ttl=253 time=0.971 ms
56 bytes from 100.1.1.1: icmp_seq=3 ttl=253 time=0.795 ms
56 bytes from 100.1.1.1: icmp_seq=4 ttl=253 time=0.881 ms--- Ping statistics for 100.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.795/0.945/1.087/0.099 ms
[R3]%Feb 27 11:31:29:508 2024 R3 PING/6/PING_STATISTICS: Ping statistics for 100.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.795/0.945/1.087/0.099 ms.
业务网段是否出现OSPF报文
抓包R3 G0/0接口,在未开启静默接口配置时,OSPF Hello包 每隔10发送1次
开启静默接口配置(silent-interface GigabitEthernet0/0)后,后续抓包可看到业务侧无OSPF报文
实验附件
OSPF缺省路由引入实验.zip
