Notes of JNCIP_OSPF
OSPF基本配置的3個問題:
-1)是否須要在loopback接口上啓用OSPF?
-2)loopback是否須要passive?
-3)是否須要配置RID?redis
JNCIP-M考試新變化:
I believe the only thing that maybe you can see different is the fact that beginning junos 8.5 the router-id is not longer advertised as a stub network in算法
OSPF:
"Historically, JUNOS software automatically advertised a stub route to the interface from which the RID is obtained. This meant that you did not need to run網絡
an IGP instance on the loopback interface to advertise reachability to the RID. Starting with JUNOS Release 8.5, this behavior has changed. Now, whether you架構
use an explicit or an automatically generated RID that is lo0—based, you need to enable OSPF on the loopback interface to advertise reachability to theapp
related loopback address, even when it is the source of an automatically selected RID."
Also, there are some slight differences in OSPF authentication between the 5.2 (book version) and the 8.1 version.負載均衡
Troubleshooting Adjacency Problems中沒法更改fxp接口mtu,故沒法作實驗dom
有趣的現象:
Virtul Links:R3/R5兩邊分別配置ospf area 3,可是R5上仍是收到10.0.4/22路由,可是從R7到R2不通ide
配置技巧:
重啓r4上的路由協議
run restart routing logical-router r4 immediatelyoop
ospf配置接口時慎用int all
例如CaseStudy中R1要求10.0.5/24之外部路由宣告,並且R1的相應接口不能再創建鄰居學習
關於JUNOS OSPF配置中的RID
RID是否須要配置?
JUNOS默認以lo0做爲RID,無需配置
何時須要配置router-id?
不但願lo0路由被宣告出去
手工配置RID會怎麼樣?
路由器不會爲Lo0分配stub route,故這條路由(lo0)將沒法傳遞出去,影響到loopback的連通性
若是此時要求lo0可達,則須要在lo0上啓用ospf
關於JUNOS OSPF配置中的loopback接口
-1).lo0上啓用ospf會怎麼樣?
lo0會以network summary route形式對外宣告爲stub network
-2).lo0上不啓用ospf會怎麼樣?
lo0會以type 1 LSAs形式對外宣告爲stub network
lo0是否須要宣告到ospf中?
JUNOS 5.2或者更低版本:JUNNOS宣告stub路由到RID網段,通常不須要
JUNOS 8.2或者更高版本:必須在lo0上啓用OSPF
WHY is passive required?
1.不容許創建adjacency
2.避免產生沒必要要的hello報文,減輕系統資源消耗
3.路由類型爲internal
關於RID選舉?
網絡類型:
1.multipoint
(1)類型爲P2MP,由於不具有broadcast能力,因此須要指明neighbor
(2)實際能夠理解爲類型是p2p,因此不會選舉DR
(3)hello interval默認10秒
(4)配置要點:
HUB:
1.接口上multipoint,ospf中無需指明
2.配置neihgbor
SPOKE?
JUNOS須要配置neighbor,IOS不須要配置neighbor
2.NBMA
(1)實際上仍是一種廣播,因此要選舉DR
(2)但由於是non-broadcast,因此仍是須要指明neighbor
(3)hello interval默認30秒
(4)ATM & FR全互聯的狀況下使用(實際網絡架構不多用這種類型,因此NBMA不多用到)
(5)配置要點:
1.在ospf接口中指明NBMA
2.指明neihgbor
3.不參選的priority設置爲0
eligible的做用
1.只會對自認爲能夠作DR的路由器有影響:產生hello
2.對實際DR選舉沒有任何影響
3.保證hello報文只在DR-eligible中間傳播
OSPF的non-preemptive特色
priority爲128,配置R4的priority爲200,此時R4不會搶佔成爲DR。
when to kick in?
網絡斷開
路由進程重啓
STUB區域
Network summary LSAs (type 3s) are generated by ABRs to summarize their SPF cost to destinations within their attached areas.
解讀:ABR建立到stub區域之外路由的summary路由,例如R3 & R4向AREA 10宣告area 1內的路由10.0.8/24
Other routers compute their SPF cost to each ABR, and then add (as in distance vector routing!) the metric received in summary LSAs to compute the shortest
path to inter-area destinations.
解讀:other routers指的是stub區域內的non-ABR路由器,例如AREA 10內的R1 & R2
1.ABR(R3 & R4)宣告了一條彙總路由10.0.8/24,metric爲10
2.non-ABR(R1 & R4)首先計算本身到ABR的最短metric,而後將ABR宣告過來的metric相加,最後得出本身到10.0.8/24的metric
NSSA的本質
STUB不準external LSAs進來,同時也不容許external LSAs從本身到bone
NSSA容許
ASBR metric向NSSA之外區域宣告,例如爲R1的靜態路由設置metric
ABR metric向NSSA之內區域宣告,例如這裏R3 & R4配置的default-metric
Study Guide:
edit protocols ospf area 0.0.0.10]
lab@r4# show
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;默認路由默認爲type 3,如今指定爲type-7以知足需求「no type 3 LSA」
}
這句中的default-metric 10起什麼做用?如何進行檢驗?
爲NSSA提供默認路由,能夠從r1觀察默認路由的屬性
NSSA的default-metric
[edit logical-routers r4 protocols ospf area 0.0.0.1]
lab@OLIVE# show
nssa {
default-lsa {
default-metric 10;
metric-type 1;
type-7;
}
}
interface fxp1.24;
lab@OLIVE# run show route 0.0.0.0 logical-router r1
inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:02, metric 12, tag 0
> to 10.0.4.5 via fxp1.12
若是設置metric-type 1,則metri爲12
[edit logical-routers r4 protocols ospf area 0.0.0.1]
lab@OLIVE# show
nssa {
default-lsa {
default-metric 10;
metric-type 2;
type-7;
}
}
interface fxp1.24;
lab@OLIVE# run show route 0.0.0.0 logical-router r1
inet.0: 23 destinations, 24 routes (23 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:00:02, metric 10, tag 0
> to 10.0.4.5 via fxp1.12
若是設置metric-type 2,則metri爲10
STUB的metric
lab@OLIVE# show protocols
ospf {
area 0.0.0.0 {
interface fxp2.34;
interface fxp1.45;
interface lo0.4;
}
area 0.0.0.1 {
stub default-metric 10;
interface fxp1.24;
}
}
注意:stub配置參數裏沒有type 1/type 2之類的屬性,因此r1上看到的默認路由是12=Metric(r1-r4)+Metric default route
OSPF中的"潛規則":
在JUNIPER的路由器上被選舉成router-id的環回口的IP地址都是自動以類型1的LSA通告的
默認路由在默認狀況下是以類型3的形式通告的
ASBR發佈的外部路由默認類型是type 2,例如R1發佈10.0.5/24時若是不指定type,則10.0.5/24會以type 2類型向ospf傳遞
ASBR發佈外部路由時會分配一個默認的metric,例如R7做爲RIP-OSPF之間的路由發佈點,可能將RIP路由器上的10.0.5/24從新倒回來,此時R7會給10.0.5/24從新分配一個metric,
study guide顯示爲2。這個metric能夠手工指定,例如r1發佈10.0.5/2時指定其類型type 1,並且metric是50
By default, r7 attaches a metric value to the route that is equal to the metric that would have been advertised by RIP, which in this example is 2
OSPF Study Guide中的負載均衡:
-1).R5到10.0.5/24有兩個下一跳R3/R4
參看<<Metric and Various other knobs>>"Ensure that r5 can load-balance to area 10 internal destinations by adjusting metrics."
-2).R5到192.168/16有兩個下一跳R6/R7
參看<<OSPF Routing Policy>>_RIP Import Policy:修改R6/R7上的rip-in,這樣R6/R7能夠同時導入192.168/16
-3).RIP路由器到10.0.5/24有兩個下一跳R6/R7
參看<<OSPF Routing Policy>>_Global Preference and OSPF Export Policy:修改R7上的rip preference和rip-ospf能夠達到要求
OSPS vs ISIS
OSPF & ISIS如何注入默認路由
1.OSPF在ABR上配置default-metric
2.ISIS無需配置,L1/L2 Router會自動向L1區域注入0/0路由
OSPF & ISIS關於loopback網段的宣告
1.OSPF的loopback地址默認會自動宣告到non-AREA 0區域中去
2.ISIS的loopback地址須要配置ISIS AREA
參考帶寬計算
參考帶寬/100,000,000bit=cost
例如,設置參考帶寬爲1G,則cost=1G/100,000,000bit=10
Juniper vs Cisco
1.rip對外宣告metric
場景:r1-r2,r1設置metric-out 1
Juniper:r1-r2之間的直鏈接口也算一跳,加上1,最後r2看到metric爲2
CISCO:r2看到metric爲1
2.DUAL-ABR/L1-L2 Router狀況下,OSPF & ISIS如何選定默認ABR/L1-L2 Router
OSPF路由選擇Router-ID較大的ABR
ISIS
3.area-range彙總路由的metric如何肯定?
Juniper:由contributing route中子網最小的metric作爲彙總metric
CISCO:由contributing route中子網最大的metric作爲彙總metric
4.wide-metric中的contrbuting routes
ABR彙總:
1.彙總non-area 0內的物理網段
2.若是題目沒有明確要求禁止彙總loopback,area內的loopback地址也要彙總
3.ABR-ABR之間的網段不彙總,並且ABR的loopback不彙總
4.若是physical & loopback地址不連續,能夠發送兩個aggregates
總結:
AREA 10的彙總作在R3/R4上
AREA 1的彙總作在R5上
RIP的彙總作在R6/R7上,參看大貓貓case study_P9配置
area 1內部網段
8.0 0000 1000.0000 0000
8.4 0000 1000.0000 0100
8.8 0000 1000.0000 1000
9.6 0000 1001.0000 0110
9.7 0000 1001.0000 0111
彙總掩碼:8.0/23
3.5 0000 0011.0000 0101 (loopback@r5)
area 10內部網段
4.0 0000 0100.0000 0001
4.4
4.8
4.12
6.1 0000 0110.0000 0001
6.2 0000 0110.0000 0010
彙總掩碼:4.0/22
ABR-ABR loopback interfaces
3.3 0000 0011.0000 0011
3.4 0000 0011.0000 0100
2.4 0000 0010.0000 0100
彙總路由掩碼計算:
1.contributing routes最小的網段
2.二進制計算彙總掩碼
3.run sh route 172.16.4/29 log r6進行驗證
問題一:爲何在RIP上以loopback爲source能夠到達10.0.5.1,而用172.16.40.1卻不行?P208
lab@rip# run traceroute 10.0.5.1 source 192.168.0.1能夠通
lab@r6# run traceroute 10.0.5.1 source 172.16.40.2不通
按照書上實例,此時經過雙向發佈路由,RIP有了OSPF區域內的路由(10.0.5.0/24),OSPF也有RIP上的靜態路由(192.168.1.0~4.0),只是OSPF區域尚未R6-RIP之間的路由。
192.168.0.1@RIP怎麼traceroute到10.0.5.1?
以172.16.40.1爲source,報文丟到172.16.40.2,而後經由R6將報文送到10.0.5.1,可是回送報文怎麼處理呢?
既然172.16.40.2@R6到不了10.0.5.1,192.168.0.1@RIP怎麼可以到達10.0.5.1?憑什麼經過RIP-R6能夠到達?
ping & tracert的實質
有去有回,去的是ICMP Request,回的是ICMP echo,因此source-destination之間必須是雙向路由可達的
RIP能夠ping通R1的前提是什麼?只要RIP有到R1的路由便可?
NO,P208中RIP有到R1網段的路由,可是仍然不能ping通,輸出以下:
lab@rip> traceroute 10.0.5.1
而加上source之後卻能ping通,WHY?
lab@rip# run traceroute 10.0.5.1 source 192.168.0.1
經過前邊路由發佈咱們知道,RIP有OSPF區域內的路由(10.0.5.0/24),OSPF也有RIP上的靜態路由(192.168.1.0~4.0),即192.168.0.1~10.0.5/24之間有了雙向路由,因此此時能夠
ping通
lab@r6# run traceroute 10.0.5.1 source 172.16.40.2不通,WHY?
由於OSPF內部並不知道如何到達172.16.40.2這個網段,事實上OSPF只知道192.168.0.1~4.0
問題二:/28 & /24沒看懂(p210)
爲何用discard?這裏172.16.40/28其實是一個aggregate路由
書中解釋1:
because direct routes have a higher global preference than static routes. Because the /28 mask is more specific than the /24 direct route, the static route
will now be considered active
preference:direct>static,精確度:/28>/24,因此/28就必定是active的嗎?難道僅僅是由於/28比/24更精確嗎?
書中解釋2:
This approach was taken because it eliminated the need for export policy route-filter statements that would otherwise have been needed to prevent the
redistribution
of other direct routes (such as the 192.168.x.1/32 lo0 addresses) on the RIP router.
採用這種方式(採用/28掩碼),就無需導出route-filter語句,若是不這樣作(即不採用 /28掩碼,而是採用/24掩碼),就須要在RIP路由器上禁止其餘直連路由(例如
192.168.x.1/32環回地址)的從新發布
爲何要這樣?
P209解釋RIP沒法到達10.0.5/24曾經作過以下描述:
解法一:Listing r6’s fe-0/1/3 interface as passive under the OSPF process,
解法二:redistributing the 172.16.40.0/24 address from either the RIP router,or r6, will resolve this issue.
StudyGuide中採用的是在RIP上宣告靜態路由的方案
[edit routing-options]
lab@rip# set static route 172.16.40/28 discard
學習大貓貓<<OSPF CaseStudy>>P13突然有所得:
CaseStudy要求「以OSPF內部路由的形式通告172.16.40.x的rip子網路由,而且肯定沒有鄰居能夠在這些接口上創建」
解法:在R6 & R7對應RIP網段宣告passive接口,實際上這正是StudyGuide上的解法一,這樣作可使得RIP到達10.0.5/24,可是在product network中網絡須要最優化(在可達的基
礎上保證精確),所以這裏須要作彙總(CaseStudy也暗含此要求),顯然彙總得來的掩碼是/28,包含RIP內全部的物理網段(172.16.40.1~40.3)。如今回頭來看StudyGuide中的靜態
路由:用/28一是爲了保證路由最精確,另外路由經RIP-R6之後無需再作彙總,最終實現網絡最優化
問題三:爲何路由通過abr後metric會加10?P192
這是教材上的截圖:
lab@r6> show route 10.0.6.1
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.6.1/32 *[OSPF/10] 00:27:34, metric 3
> to 10.0.8.6 via fe-0/1/0.0
R6到10.0.6.1的metric=3,這個好理解:R6-R5 metric=1,R5-R3 metric=1,R3-R1=1,三段加起來爲3
switch在HUB上的奇怪現象:
R6看到的10.0.6.1(R1的loopback) metric爲13
R6看到的10.0.3.3(R3的loopback)metric爲11,看到R3-R5網段(10.0.2.0/30)metric也是11
R6-R5之間的metric爲1(採用HUB鏈接olive,鏈路接口都爲10^8/100,000,000=1),10.0.2.0/30通過R5後metric加10,故metric=11
問題在於爲何路由通過abr後metric會加10?難道是用了OLIVE的緣故?
事實上這個和鏈接OLIVE的設備有關,上邊那個用的是SWITCH(TCL傻瓜交換機),下邊輸出用的是HUB
lab@OLIVE# run show route 10.0.2.0 logical-router r6
inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.2.0/30 *[OSPF/10] 00:26:20, metric 20
> to 10.0.8.6 via fxp2.56
lab@OLIVE# run show route 10.0.3.3 logical-router r6
inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.3.3/32 *[OSPF/10] 00:26:39, metric 20
> to 10.0.8.6 via fxp2.56
R5-R6用10M Ethernet,故metric=10;R5-R3也是10M Ethernet,故metric=10。所以R6-R5-R3 metric=10+10=20
lab@OLIVE# run show route 10.0.2.0 logical-router r7
inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.2.0/30 *[OSPF/10] 00:26:24, metric 20
> to 10.0.8.9 via fxp2.57
lab@OLIVE# run show route 10.0.3.3 logical-router r7
inet.0: 24 destinations, 25 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.3.3/32 *[OSPF/10] 00:26:42, metric 20
> to 10.0.8.9 via fxp2.57
P216打破環路
1.next-hop的解決方案
須要在R6 & R7上同時配置
注意:這裏用的是next-hop,而非neighbor喔!!!
2.route-filter的解決方案:
若是R6 & r7同時配置此策略,RIP將沒法到達10.0.5.1,WHY?
由於此時從R5之後都不知道如何到達r6-RIP-r7之間的網段,雖然此前RIP注入了172.16.40.0/28,可是在R6 & R7上同時被reject了,故採用route-filter只能在R6或者R7上配置
若是R6 & R7設置172.16.40.0/28網段爲passive,這樣R6 & R7就能夠同時配置route-filter了。
方案1 & 2不會產生次有路徑問題,是解決環路的最好方案
3.修改rip preference P219
(1):Failing to change the protocol preference will result in only one next hop for 10.0.5/24 on the RIP router
爲何只有一跳?見P214的分析
若是修改RIP preference,RIP到10.0.5/24有兩個下一跳(能夠負載均衡),WHY?
R7有兩條到10.0.5/24的路由,一個OSPF,一個RIP,如今RIP由於preference升高棄之不用,R7收斂,R7-10.0.5/24只有OSPF發佈的路由,RIP domain泛洪收斂,此時R7向RIP發佈
10.0.5/24路由,最後RIP有兩個下一跳
試驗:不要修改rip-ospf,不要修改rip preference
(2):Another side effect of this approach is that only one ASBR will be redistributing the RIP routes into OSPF at any given time because the RIP routes will
be inactive on one of the ASBRs, and only active routes can be exported through policy.
解讀:RIP preference調高,路由器啓用RIP路由,RIP路由變成inactive,致使rip-ospf不成功,例如R6調高RIP preference,此時R6就不會成爲RIP路由的發佈點,R7變成RIP路
由發佈點,因此R6必須通過R7才能到達192.168.1.1,顯然這是個次優路徑。
這裏作個試驗,先升高R6的rip preference=160,而後調整R7的rip preference=170,會怎麼樣呢?
分析:對於R6/R7來說,誰先修改rip preference,誰的路由選擇就發生變化,例如,這裏先修改R6的rip preference,此時在R6觀察192.168/16路由,發現2條路由:ospf優先,
而RIP次之,而後修改R7的rip preference,在R6 & R7能夠看到關於192.168/16的路由沒有變化;一樣,若是先修改R7上RIP preference,則R7看到OSPF優先,RIP次之
這就是說,同一時刻只有一個ASBR上的RIP在起做用
(3)r6 & r7都要配置如下兩個語句,不然在rip到10.0.5/24不會出現兩個下一跳(r6 & r7)
[edit protocols rip]
lab@r7# set group rip preference 160
[edit policy-options]
lab@r7# show policy-statement rip-ospf
term 1 {
from {
protocol rip;
route-filter 10.0.5.0/24 orlonger reject;
route-filter 0.0.0.0/0 orlonger;
}
4.修改RIP通告的10.0.5/24的metric爲400
在R6看來,從R5看到10.0.5/24的metric爲50,而R6-RIP-R7-R6再回來時,RIP爲10.0.5/24從新賦予metric=400,這樣R6會選取R5爲下一跳(由於metric最小)
問題四:爲何須要將R3所在area 10的接口metric,都加1?P223
lab@r5> show ospf database netsummary area 0 detail
OSPF link state database, area 0.0.0.0
Metrics and Various Other Knobs 223
Type ID Adv Rtr Seq Age Opt Cksum Len
Summary 10.0.4.0 10.0.3.3 0x80000083 734 0x2 0x3b82 28
mask 255.255.252.0
TOS 0x0, metric 2
Summary 10.0.4.0 10.0.3.4 0x8000005e 874 0x2 0x8957 28
mask 255.255.252.0
TOS 0x0, metric 3
在olive上作實驗發現,只需將metric改爲10.0.3.3(R3)宣告的metric便可,這裏改爲2。
教材說須要將R3所在area 10的接口metric都加1,爲何?這個是怎麼得出來的?
大貓貓<<OSPF CaseStudy>>P16:
由於juniper的路由器的實現區域彙總,在選擇metric的時候是選擇一條彙總下面的子網最小的metric爲這條彙總的metric,顯然最小子網是R3-R2之間的10.0.4.0/30,因此須要調
整這裏的metric,爲何加1呢?由於在JUNOS中,R3宣告這條彙總路由時也算一跳,調整R3-R2之間的metric=2,這樣從R3宣告出去的彙總路由metric=2+1=3,此時(R3 & R4)-R5宣
告的彙總路由相同了
注意:cisco是選擇最大metric的發出去的
注意:教材上更改了R3在area 10中的兩個接口,還有R2-R3中間的互聯端口
關於路由選項
discard,---router說丟就丟了吧,我也無論你了,那麼你有可能看到的就是icmp timeout,沉默的殺手哦
reject---router說我有良心一點,丟了你的包,我還告訴你一聲,給你一個icmp unreachable吧,殺了人,一聲大吼,看過投名狀吧,想一想最後一段
receive---這個太壞了,明明沒有,明明是不可達的,明明包已經被丟掉咧,能夠router仍是給你一個echo reply,讓你感受是!!!!!,呵呵,有點意思,有點意思
那麼你想想,從某種意義上來講,reject和receive是同樣的
包,最起碼是沒有發出去的,只是router產生的icmp message不同而已
就像你給女孩子寫情書,要經過女孩子的父母轉交,
最好的結果,父母轉交了--你小子運氣不錯---這就是next-hop
另外的結果
父母把信丟了,還不告訴你,你就傻等着吧,這就是discard
父母把信丟了,告訴你,你小子不要對我家丫頭耍流氓,這就是reject
父母把信丟了,還告訴你,小子,信送到了哦,這就是receive
P214
r7 is using a 10.0.5/24 route learned through RIP from r6, which explains why r7 was not listed as a next hop on the RIP router—split horizon is preventing
r7 from advertising
the 10.0.5/24 prefix back out the interface it was learned on.
分析:R7收到RIP發過來的路由(10.0.5/24),這個路由是從RIP-R7之間的接口學習到的,根據水平分割,R7不會將這條路由再發給RIP,這樣在RIP看來到10.0.5/24的路由只有從R6
走
P214
10.0.5/24由R5傳遞到R6 & R7之後,R6也向R7泛洪這條LSA,R7也可能在OSPF中將R6做爲達到10.0.5/24,可是根據OSPF算法是不會的,另外到達外部10.0.5/24路由確定應該從ABR
走的。
因此R6將10.0.5/24注入RIP路由之後,R7只有一條經R5走的OSPF路由到達10.0.5/24的路由
R7開始引入RIP路由,R7多了一條經R6走的RIP路由,因爲RIP的管理距離較小,R7裝入這條RIP發佈過來的路由,下一跳指向R6。
R7有了更新10.0.5/24條目,開始向OSPF area 1泛洪,R5 & R6收到這條新的LSA,而此時10.0.5/24從RIP發佈過來之後metric已經變成2,而原來R5 & R6上關於此條路由metric=50
,所以R5 & R6裝入這個新的LSA,R6將10.0.5/24指向R7
問題五:爲何在R1上配置NSSA看到0/0屬性是OSPF/150呢?作stub看到0/0屬性是OSPF/10?
若是配置NSSA,ABR會作7-to-5轉換,對內對外都同樣
[edit]
lab@OLIVE# run show route protocol ospf 0/0 logical-router r1
inet.0: 13 destinations, 13 routes (13 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[OSPF/150] 00:15:49, metric 10, tag 0
> to 10.0.4.13 via fxp1.13
10.0.4.0/30 *[OSPF/10] 00:15:49, metric 20
> to 10.0.4.5 via fxp1.12
to 10.0.4.13 via fxp1.13
10.0.4.8/30 *[OSPF/10] 00:16:07, metric 20
> to 10.0.4.5 via fxp1.12
10.0.6.2/32 *[OSPF/10] 00:16:07, metric 10
> to 10.0.4.5 via fxp1.12
224.0.0.5/32 *[OSPF/10] 00:51:02, metric 1
MultiRecv
問題七:解決172.16.40/29段可達性問題的時候,能夠在r6上注入該網段,這個policy怎麼寫?
[edit logical-routers r6 policy-options policy-statement rip-ospf]
lab@OLIVE# show
term 1 {
from {
protocol rip;
route-filter 172.16.40.0/29 longer;
route-filter 192.168.0.0/16 longer;
}
then accept;
}
term 2 {
then reject;
}
分析:
1.rip默認爲v1,不支持172.16.40/29這樣的變長網段
2.router-filter和protocol rip之間是AND關係,172.16.40/29匹配失敗
3.修改rip-ospf
lab@OLIVE# show
term 1 {
from {
route-filter 172.16.40.0/29 longer;
route-filter 192.168.0.0/16 longer;
}
then accept;
}
term 2 {
then reject;
}
ISIS case study卻能夠這樣寫?
[edit logical-routers r7 policy-options policy-statement adv-ospf]
lunsui@lab# show
term 1 {
from {
protocol ospf;
route-filter 192.168.0.0/16 orlonger;
route-filter 172.16.40.0/29 longer;
}
then accept;
}
1.OSPF支持變長子網
2.172.16.40/29能夠和protocol ospf成功匹配
問題八:R3 & R4其中一方配置爲ABR且限制3/8,則R5仍是能夠學到3/8路由,必須兩個同時配置?
問題九:R1上同時引入2個policy時注意,不能像下面這樣寫,由於10.0.5/24到policy static匹配到term 2會被reject,從而跳出policy chain,最終沒法將路由宣告出去,這裏
要麼刪除policy static的term 2,要麼刪除policy static
lab@FSJ# show protocols
ospf {
export [ static DIRECT ];
area 0.0.0.10 {
nssa;
interface fxp2.12;
interface fxp2.23;
interface fxp2.24;
}
}
lab@FSJ# show policy-options
policy-statement static {
term 1 {
from {
protocol static;
route-filter 3.0.0.0/8 exact;
}
then {
metric 10;
external {
type 1;
}
accept;
}
}
term 2 {
then reject;
}
}
policy-statement DIRECT {
term 1 {
from {
protocol direct;
route-filter 10.0.5.0/24 exact;
}
then {
metric 50;
tag 420;
accept;
}
}
term 2 {
then reject;
}
}
問題十:
There is no mechanism in JUNOS software to summarize or filter type 5 LSAs using area-range statements. Options for the control of type 5 LSAs include the
configuration of external route aggregates at the source ASBR, or the ,deployment of stub areas, which automatically filter external routes.
舉例:如今須要彙總192.168/16,由於它們是extern路由,因此不能用aggregate命令進行彙總,只能在R6上建立aggregate路由而且用policy導入,注意這個匯老是作在source
ASBR上的。具體能夠參看大貓貓case study_P9的配置
場景復現:r1上灌入3條靜態路由而且導入ospf are 10,r1/r2/r3/r4去掉stub或者nssa
r1手工建立3條靜態路由,而後導入ospf area 10
[edit logical-routers r1]
lab@OLIVE# show
interfaces {
fxp1 {
unit 12 {
vlan-id 12;
family inet {
address 10.0.4.6/30;
}
family iso;
}
unit 13 {
vlan-id 13;
family inet {
address 10.0.4.14/30;
}
family iso;
}
unit 55 {
vlan-id 55;
family inet {
address 10.0.5.1/24;
}
}
}
lo0 {
unit 1 {
family inet {
address 10.0.6.1/32;
}
family iso {
address 49.0002.1111.1111.1111.00;
}
}
}
}
protocols {
ospf {
export [ STAT DIRECT ];
area 0.0.0.10 {
interface fxp1.13;
interface fxp1.12;
}
}
}
policy-options {
policy-statement STAT {
term 1 {
from protocol static;
then accept;
}
}
policy-statement DIRECT {
term 1 {
from {
protocol direct;
route-filter 10.0.5.0/24 exact;
}
then {
metric 50;
tag 420;
accept;
}
}
}
}
routing-options {
static {
route 3.0.2.0/24 reject;
route 3.0.1.0/24 reject;
route 3.0.3.0/24 reject;
}
}
而後r1/r2/r3/r4去掉stub或者nssa配置
r5上驗證彙總:
-1).area 10內部路由彙總
沒作彙總的輸出:
lab@OLIVE# run show route 10.0.4/22 logical-router r5
inet.0: 33 destinations, 33 routes (33 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.4.0/30 *[OSPF/10] 00:00:46, metric 3
> to 10.0.2.2 via fxp2.35
to 10.0.2.10 via fxp2.45
10.0.4.4/30 *[OSPF/10] 00:00:46, metric 3
> to 10.0.2.2 via fxp2.35
to 10.0.2.10 via fxp2.45
10.0.4.8/30 *[OSPF/10] 00:00:46, metric 2
> to 10.0.2.10 via fxp2.45
10.0.4.12/30 *[OSPF/10] 00:00:46, metric 2
> to 10.0.2.2 via fxp2.35
10.0.5.0/24 *[OSPF/150] 00:00:46, metric 50, tag 420
> to 10.0.2.2 via fxp2.35
to 10.0.2.10 via fxp2.45
10.0.6.1/32 *[OSPF/10] 00:00:46, metric 2
> to 10.0.2.2 via fxp2.35
10.0.6.2/32 *[OSPF/10] 00:00:46, metric 2
> to 10.0.2.10 via fxp2.45
-2).在r3/r4上作內部彙總
[edit logical-routers r3]
lab@OLIVE# set protocols ospf area 10 area-range 10.0.4/22
lab@OLIVE# run show route 10.0.4/22 logical-router r5
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
10.0.4.0/22 *[OSPF/10] 00:00:03, metric 4
to 10.0.2.2 via fxp2.35
> to 10.0.2.10 via fxp2.45
10.0.5.0/24 *[OSPF/150] 00:00:04, metric 50, tag 420
> to 10.0.2.2 via fxp2.35
to 10.0.2.10 via fxp2.45
-3).嘗試在r3/r4上對r1引入的靜態路由進行彙總:
[edit logical-routers r3]
lab@OLIVE# show protocols
ospf {
area 0.0.0.10 {
area-range 3.0.0.0/8;
interface fxp2.13;
interface fxp1.23 {
metric 2;
}
}
能夠看到area-range 3.0.0.0/8沒法對extern路由進行彙總
lab@OLIVE# run show route 3/8 logical-router r5
inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
3.0.1.0/24 *[OSPF/150] 00:03:13, metric 0, tag 0 > to 10.0.2.2 via fxp2.35 3.0.2.0/24 *[OSPF/150] 00:03:13, metric 0, tag 0 > to 10.0.2.2 via fxp2.35 3.0.3.0/24 *[OSPF/150] 00:03:13, metric 0, tag 0 > to 10.0.2.2 via fxp2.35
- 1. Notes of fwt
- 2. Notes of Machine Learning
- 3. notes of inforsec2019
- 4. Notes of 20181230
- 5. Paper Notes of CVPR-0085
- 6. Paper Notes of CVPR-0313
- 7. Secrets of Mobile Network Performance Reading Notes
- 8. Essence of linear algebra (reading notes)
- 9. Reading notes of Rufail's dissertation(Part II)
- 10. Reading notes of Rufail's dissertation(Part I)
- 更多相關文章...
- • XSLT
- • XSLT
- • JDK13 GA發佈:5大特性解讀
- • 使用Rxjava計算圓周率
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Notes of fwt
- 2. Notes of Machine Learning
- 3. notes of inforsec2019
- 4. Notes of 20181230
- 5. Paper Notes of CVPR-0085
- 6. Paper Notes of CVPR-0313
- 7. Secrets of Mobile Network Performance Reading Notes
- 8. Essence of linear algebra (reading notes)
- 9. Reading notes of Rufail's dissertation(Part II)
- 10. Reading notes of Rufail's dissertation(Part I)