《[信息与通信]3-操纵路由更新.ppt》由会员分享,可在线阅读,更多相关《[信息与通信]3-操纵路由更新.ppt(51页珍藏版)》请在三一文库上搜索。
1、多种路由选择协议,临时的运用 应用特殊的路由选择协议 一种路由选择协议并不适合所有的设备平台 行政边界 公司内部行政的需要 不匹配的配置 不同设备生产商,重分布路由信息,重分布概述,重分布是指连接到不同路由选择域的边界路由器在不同自主系统之间交换和通告路由选择信息的过程。 路由必须位于路由选择表中才能进行重分发,重分发的过程可以解释为复制路由表的过程,种子度量值,首先重分发来的路由并不与路由器直接相连,它们是从其它路由选择协议那里获悉的. 两种协议在重分发时路由器必须转换度量值来使路由选择协议能够理解另外一种路由协议的度量值. 这种度量值被称为种子度量值, default-metric,也可以
2、是重分发时定义的,该度量值将在AS内部正常的递增。,Redistribution with Seed Metric,默认种子度量值,路由回馈 次优路径选择 路由选择信息不兼容 会聚时间不一致的,重分布时的考虑,重分发技术,Manipulating Routing Updates,配置路由重分发,BSCI v2.26-9,重分发支持所有的路由选择协议,RtrA(config-router)# redistribute ? bgp Border Gateway Protocol (BGP) connected Connected egp Exterior Gateway Protocol (EGP
3、) eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) igrp Interior Gateway Routing Protocol (IGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks mobile Mobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) static Static routes,RIP协议
4、的重分发命令,RtrA(config)# router rip RtrA(config-router)# redistribute ospf ? Process ID RtrA(config-router)# redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistributed routes route-map Route map reference ,默认度量值为无穷大,配置到RIP中的重分发,OSPF中的重分发命令,默认度量值 20. 默认外部链路类型为 2. 默认只重分发主类的网
5、络的路由,RtrA(config)# router ospf 1 RtrA(config-router)# redistribute eigrp ? Autonomous system number RtrA(config-router)# redistribute eigrp 100 ? metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference subnets Consider
6、 subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF ,配置到OSPF的重分发,EIGRP协议中的重分发命令,RtrA(config)# router eigrp 100 RtrA(config-router)# redistribute ospf ? Process ID RtrA(config-router)# redistribute ospf 1 ? match Redistribution of OSPF routes metric Metric for redistr
7、ibuted routes route-map Route map reference ,默认度量值为无穷大,Bandwidth in kilobytes = 10000 Delay in 10s of microseconds = 100 Reliability = 255 (maximum) Load = 1 (minimum) MTU = 1500 bytes,配置到EIGRP协议中的重分发,IS-IS协议中的重分发命令,RtrA(config)# router isis RtrA(config-router)# redistribute eigrp 100 ? level-1 IS-I
8、S level-1 routes only level-1-2 IS-IS level-1 and level-2 routes level-2 IS-IS level-2 routes only metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference ,默认情况下,导入到IS-IS中的路由为L2的路由,度量值为0,路由重分发到IS-IS,示例: 重分发之前,示例: 重分发之前
9、,示例: 在B上配置重分发,示例: 重分发后的路由表,示例: 配置重分发和路由汇总,Manipulating Routing Updates,使用分发列表控制路由更新流量,BSCI v2.26-24,passive-interface 命令,此命令用于防止通过路由器接口发送路由选择更新,但是仍然接收路由选择更新,多用于必须在network中指定一个接口,但是又不希望它参与路由选择协议,控制路由选择更新,分发列表的处理,distribute-list accesslist-number | name out interfacename | routingprocess | autonomouss
10、ystem- number,Router(config-router)#,配置分发列表,distribute-list accesslist-number | name in type number,Router(config-router)#,应用ACL来控制路由条目的匹配. ACL可以应用于路由更新的发送 接收 和路由重分发.,出站更新:,入站更新:,The distribute-list out command cannot be used with link-state routing protocols for blocking outbound link-state adverti
11、sements (LSAs) on an interface.,This command prevents most routing protocols from placing the filtered routes in their database. When this command is used with OSPF, the routes are placed in the database but not the routing table,网络10.0.0.0对于网络192.168.5.0必须是隐藏的,IP路由过滤配置示例,使用分发列表控制重分发,Access-list 2 d
12、eny 10.8.0.0 0.3.255.255 Access-list 2 deny 10.0.0.8 0.0.0.3 Access-list 2 permit any Access-list 3 permit 10.8.0.0 0.3.255.255 Access-list 3 permit 10.0.0.8 0.0.0.3,Manipulating Routing Updates,使用路由映射表控制路由选择更新,BSCI v2.26-31,路由映射的工作原理,路由映射表是复杂的访问列表,可以对分组或路由执行某些条件测试和设置属性 具有相同路由映射表名称的路由映射表语句集合被称为是一个路由
13、映射表. 从上到下的匹配,有一个匹配即退出 通过行号,可以容易的分别进行编辑 单个匹配语句可以包含多个条件,匹配语句有一个条件为真时, 就表示语句匹配. 与访问列表一样,最后隐含一个拒绝语句,不同的是它有SET语句,可以来设置路由.,路由映射的用途,一些最常见的路由映射表的应用: 在重分布间进行路由过滤: 尽管分发列表可以完成,但是路由映射有SET命令,提供操纵路由度量值的额外优点 基于策略的路由选择: 路由映射表可用于匹配源地址 目的地址 协议类型和最终用户程序,当发生匹配。可以使用SET命令指定将分组发送到接口和下一跳地址 BGP策略:路由映射表是实现BGP策略的主要工具。,route-m
14、ap my_bgp permit 10 match statements match statements set statements set statements route-map my_bgp deny 20 : : : : : : route-map my_bgp permit 30 : : : : : :,Route Map 运作,多个列表组成一个路由映射表. 路由映射表中的语句相当于访问列表中的各行. 语句按从上到下的次序处理,第一个匹配的被执行 序列号用于在路由映射表中的匹配顺序和后来在路由映射表中特定的位置插入和删除映射表语句.,The match statement may
15、 contain multiple references. Multiple match criteria in the same line use a logical OR. At least one reference must permit the route for it to be a candidate for redistribution.,Each vertical match uses a logical AND. All match statements must permit the route for it to remain a candidate for redis
16、tribution. Route map permit or deny determines if the candidate will be redistributed.,Route Map Operation (Cont.),redistribute protocol process id route-map map-tag,router(config-router)#,可以更加详细的控制重分发路由,route-map 命令,route-map map-tag permit | deny sequence-number,router(config)#,定义路由映射表,match condi
17、tions,router(config-route-map)#,配制匹配条件,set actions,router(config-route-map)#,设置执行动作,match,router(config-route-map)#,Match options options : ip address ip-access-list ip route-source ip-access-list ip next-hop ip-address-list interface type number metric metric-value route-type external | internal |
18、level-1 | level-2 |local ,用来设置匹配条件. 和路由映射前的permit和deny是前后对应的.,set,router(config-route-map)#,set options options : metric metric-value metric-type type-1 | type-2 | internal | external level level-1 | level-2 | stub-area | backbone ip next-hop next-hop-address,用来设置匹配条件后执行的动作 用来修改重分布路由的属性,bgp specific
19、 options : origin bgp-origin-code weight bgp-weight local-preference bgp-path-attributes automatic-tag,路由重分发与路由映射的结合应用,Router(config)# router ospf 10 Router(config-router)# redistribute rip route-map redis-rip,Router(config)# route-map redis-rip permit 10 match ip address 23 29 set metric 500 set me
20、tric-type type-1 route-map redis-rip deny 20 match ip address 37 route-map redis-rip permit 30 set metric 5000 set metric-type type-2,Routes matching either access list 23 or 29 are redistributed with an OSPF cost of 500, external type 1. Routes permitted by access list 37 are not redistributed. All
21、 other routes are redistributed with an OSPF cost metric of 5000, external type 2.,Router(config)# access-list 23 permit 10.1.0.0 0.0.255.255 access-list 29 permit 172.16.1.0 0.0.0.255 access-list 37 permit 10.0.0.0 0.255.255.255,示例,Manipulating Routing Updates,使用管理距离影响路由选择过程,BSCI v2.26-41,实验1 (rout
22、e-map),10.1.1.1/30,S1,S1,S0,S0,London,Denver,172.16.1.1/24 172.16.2.1/24 172.16.3.1/24 172.16.4.1/24 172.16.5.1/24 172.16.6.1/24 172.16.7.1/24 172.16.8.1/24,Loopback0-7,Loopback0-7,10.1.1.2/30,10.1.1.6/30,10.1.1.5/30,ISIS Area 1,OSPF Area 0,Florence,192.168.1.1/24 192.168.2.1/24 192.168.3.1/24 192.1
23、68.4.1/24 192.168.5.1/24 192.168.6.1/24 192.168.7.1/24 192.168.8.1/24,London想看到 192.168.1.0、192.168.3.0、192.168.5.0、192.168.7.0 Denver不想看到 172.16.2.0、172.16.4.0、172.16.6.0、172.16.8.0,实验1 配置示例,router ospf 9 redistribute isis level-1 subnets route-map isis-ospf ! router isis redistribute ospf 9 route-
24、map ospf-isis ! access-list 1 permit 192.168.1.0 0.0.0.255 access-list 1 permit 192.168.3.0 0.0.0.255 access-list 1 permit 192.168.5.0 0.0.0.255 access-list 1 permit 192.168.7.0 0.0.0.255 ! access-list 2 permit 172.16.2.0 0.0.0.255 access-list 2 permit 172.16.4.0 0.0.0.255 access-list 2 permit 172.1
25、6.6.0 0.0.0.255 access-list 2 permit 172.16.8.0 0.0.0.255 ! route-map isis-ospf permit 10 match ip address 1 ! route-map ospf-isis deny 10 match ip address 2 route-map ospf-isis permit 20,实验2 (distribute-list),10.1.1.1/30,S1,S1,S0,S0,London,Denver,172.16.1.1/24 172.16.2.1/24 172.16.3.1/24 172.16.4.1
26、/24 172.16.5.1/24 172.16.6.1/24 172.16.7.1/24 172.16.8.1/24,Loopback0-7,Loopback0-7,10.1.1.2/30,10.1.1.6/30,10.1.1.5/30,EIGRP 50,OSPF Area 0,Florence,192.168.1.1/24 192.168.2.1/24 192.168.3.1/24 192.168.4.1/24 192.168.5.1/24 192.168.6.1/24 192.168.7.1/24 192.168.8.1/24,London想看到 192.168.1.0、192.168.
27、3.0、192.168.5.0、192.168.7.0 Denver不想看到 172.16.2.0、172.16.4.0、172.16.6.0、172.16.8.0,实验2 配置示例,router eigrp 50 redistribute ospf 9 metric 10000 100 1 255 1500 distribute-list 12 out ospf 9 ! router ospf 9 redistribute eigrp 50 subnets distribute-list 11 out eigrp 50 ! access-list 11 permit 192.168.1.0
28、0.0.0.255 access-list 11 permit 192.168.3.0 0.0.0.255 access-list 11 permit 192.168.5.0 0.0.0.255 access-list 11 permit 192.168.7.0 0.0.0.255 ! access-list 12 deny 172.16.2.0 0.0.0.255 access-list 12 deny 172.16.4.0 0.0.0.255 access-list 12 deny 172.16.6.0 0.0.0.255 access-list 12 deny 172.16.8.0 0.
29、0.0.255 access-list 12 permit any,实验 (route-summary / route-map / distribute-list),Cisco,London,Denver,S1,E0,E0,S0,S0,S1,192.168.3.33/27,192.168.3.34/27,192.168.3.129/27,192.168.3.130/27,192.168.3.97/27 192.168.3.65/27 192.168.1.1/24,192.168.3.161/27,192.168.3.193/27,192.168.2.1/24,172.16.4.1/24,172
30、.16.4.2/24,172.16.5.1/24 172.16.6.1/24 172.16.7.1/24,OSPF Area 0,EIGRP 20,EIGRP 10,Juniper,实验 答案(Summary: Juniper部分配置),router ospf 1 summary-address 192.168.3.128 255.255.255.128 summary-address 172.16.4.0 255.255.252.0 ! interface Ethernet 0 ip summary-address eigrp 10 172.16.4.0 255.255.252.0 ip s
31、ummary-address eigrp 10 192.168.3.0 255.255.255.128 ! interface serial 0 ip summary-address eigrp 20 192.168.0.0 255.255.252.0,实验 答案(route-map: Juniper部分配置),access-l 1 per 192.168.3.128 0.0.0.127 access-l 1 per 192.168.2.0 0.0.0.255 access-l 2 per 172.16.4.0 0.0.3.255 access-l 3 per 192.168.1.0 0.0.
32、0.255 access-l 3 per 192.168.3.0 0.0.0.127 ! route-map eigrp10 permit 10 match ip address 1 ! route-map eigrp20 permit 10 match ip address 2 ! route-map ospf1 permit 10 match ip address 3 ! router ospf 1 redistribute eigrp 10 subnets route-map eigrp10 redistribute eigrp 20 subnets route-map eigrp20
33、! router eigrp 10 redistribute eigrp 20 route-map eigrp20 redistribute ospf 1 metric 1000 100 255 1 1500 route-map ospf1 ! router eigrp 20 redistribute eigrp 10 route-map eigrp10 redistribite ospf 1 metric 1000 100 255 1 1500 route-map ospf1,实验 答案(Distribute-list: Juniper部分配置),access-l 1 per 192.168
34、.3.128 0.0.0.127 access-l 1 per 192.168.2.0 0.0.0.255 access-l 2 per 172.16.4.0 0.0.3.255 access-l 3 per 192.168.1.0 0.0.0.255 access-l 3 per 192.168.3.0 0.0.0.127 ! router eigrp 10 distribute-list 2 out eigrp 20 distribute-list 3 out ospf 1 ! router eigrp 20 distribute-list 1 out eigrp 10 distribut
35、e-list 3 out ospf 1 ! router ospf 1 distribute-list 1 out eigrp 10 distribute-list 2 out eigrp 20,去掉route-map部分所有配置,用distribute-list实现,实验2 路由标记,10.1.1.1/30,S1,S1,S0,S0,London,Denver,Loopback0-3,10.1.1.2/30,10.1.1.6/30,10.1.1.5/30,Florence,131. 8.1.1/24 131. 8.2.1/24 131. 8.3.1/24 131. 8.4.1/24,Junip
36、er,10.1.1.9/30,10.1.1.10/30,S0,S1,OSPF Area 0,RIP version 2,EIGRP 50,131.8.1.1/24 tag 1 131.8.2.1/24 tag 1 131.8.3.1/24 tag 2 131.8.4.1/24 tag 2,实验2 路由标记 答案,juniper(config)# access-l 1 permit 131.8.1.0 0.0.0.255 juniper(config)# access-l 1 permit 131.8.2.0 0.0.0.255 juniper(config)# access-l 2 permi
37、t 131.8.3.0 0.0.0.255 juniper(config)# access-l 2 permit 131.8.4.0 0.0.0.255 juniper(config)# route-map set-tag permit 10 juniper(config-route-map)# match ip address 1 juniper(config-route-map)# set tag 1 juniper(config-route-map)# exit juniper(config)# route-map set-tag permit 20 juniper(config-rou
38、te-map)# match ip address 2 juniper(config-route-map)# set tag 2 juniper(config-route-map)# exit juniper(config)# route-map set-tag permit 30 juniper(config-route-map)# exit juniper(config)# router ospf 1 juniper(config-router)# redistribute eigrp 50 subnets route-map set-tag Florence(config)# route-map match-tag permit 10 Florence(config-route-map)# match tag 1 Florence(config-route-map)# exit Florence(config)# router rip Florence(config-router)# redistribute ospf 1 metric 5 route-map match-tag,