高级路由管理OSPF路由协议应用配置幻灯片资料

高级路由管理

—OSPF路由协议应用配置提纲OSPF技术要点回顾OSPF的基本配置选项OSPF的附加配置OSPFfloodingReductionOSPFRedistributionandFilteringOSPFSummarizationOSPFDefaultRoutingOSPFAuthenticationOSPFVirtualLinks确认OSPF的运行状态ShowdebugOSPFv3的新特点OSPF技术要点回顾OSPF基本工作过程初始化，通过组播地址发送hello包到所有外连接口。在NBMA和multipoint类型接口则采用单点地址。通过交互，路由维护各自邻居信息。邻居关系独立于物理连接关系，相当于为交流路由信息而在路由之间选择建立的专用虚拟链路。路由器各自向其新加入的neighbour发送LSA信息.路由器将收到的LSA记录下来，并继续转发到其他新加入的neighbour。所有路由器根据收集到的LSA集合，建立Link-statedatabases。当databases构建完成，运用SPF算法计算出从本节点出发到达其他路由节点的loop-free的路径，并组成SPF的tree结构。从SPF的tree结构提取信息，对应加入到路由表中，作为优选的最佳路径。OSPF的Hello协议用于Neighbourdiscovery（Hello包中包含的信息）RouterIDAreaIDOriginatingrouterinterface的addressmaskAuthencationType和AuthencationinformationHelloIntervalHellodeadintervalRouterpriorityDR/BDRSomeflagsRouterIDsoforiginatingrouter’sneighbour邻居关系的确认及维护使用Hellointerval、Deadinterval、areaIDs、authencationtypeandpassword验证邻居关系的建立邻居keeplive算法Deadinterval被设置为4倍的Hellointerval，如果在deadinterval之内未收到hello信息，则邻居关系解除在broadcast和NBMA类型网络中DR/BDRs的选择

RouterID、现有DR/BDR、routerpriority用于新的DR/BDR选择及状态判定OSPF的相邻网络类型Point-to-Pointnetworks不必选举DR/BDRs，但采用组播地址在路由之间传送hello和LSA数据。Broadcastnetworks通过组播/在普通节点和DR/BDRs之间传送数据。NBMAnetworks不能使用组播地址传送数据，邻居关系需要手工指定，DR/BDR选举出后，所有的数据均为单播地址传送。一般而言，DR/BDR应该为与其他路由器均有链路相连的节点。Point-to-multipoint必须被静态指定，被作为多个点对点网络对待VirtualLinks专用于连接Area0的特殊网络在NBMA网络中运行OSPFOSPF的DR/BDRs选举优势减少LSA数据的传送量新加入的节点只需和已选出的DR/BDR建立邻居关系选举过程路由器各自发送及接收hello信息Hello信息中的priority将被检测，最高优先级被选为DR，默认优先级为1，可更改。优先级为0的邻居不参加选举如果DR没有选出或者不响应，则BDR转为DR角色，而后选举新的BDR。如果出现一个以上相同优先级的设备节点，则从RouterID最高的中选出BDR运行过程中有新的更高优先级的设备加入，DR/BDR仍旧保持不变，只在失效时才重起选举进程邻居之间周期性发送hello信息，在deadinterval内没有信息传送，则邻居关系解除OSPF的RIDUniquerouterID可以带来以下优势可以识别出重复的LSA唯一确认virtuallink的端点在DR/BDR竞选中起关键作用RID（routerID）的选择路由设备所有有效接口的IP地址均参与RID的选择，最高值被选为相应链路上该设备的RID如果loopback接口存在，该接口地址被选用，如果有多个loopback接口，最高值的接口地址被选用需要控制RID的值，选择配置loopback接口，定制地址。此地址不需要被外界其他用户所访问OSPFLoopbackAddressForOSPFtofunctiontheremustalwaysbeanactiveinterfacePhysicalinterfacese.g.serial/Ethernetmaynotalwaysbeactive–routingwouldfailConfigurevirtual“loopback”interfaceassolutionSubnetmaskwillalwaysbe55

Router(config)#interfaceloopbacknumberRouter(config-if)#ipaddress

ip-addresssubnet-maskSPF及OSPF链路的评估SPF基于网络拓扑的有权无向图进行计算各个链路的权值主要以来BW计算FDDI,ATM,GigabitEthernetcost=1HSSI45M cost=216-MbpsTokenRing cost=610-MbpsEthernet cost=10T1（1.544Mbps） cost=6456kbps cost=1785各个链路的权值可以人工指定OSPFCost计算CostistheOSPFmetricusedinpathselectionCostisbasedonbandwidthDefaultbandwidthis1.544Mbps–costis64Costis108

÷bandwidthRouter(config)#interfaceserial0/0Router(config-if)#bandwidth64

Router(config-if)#ipospfcost

number

Cost=100,000,000/BandwidthFastEthernet100MbpsCost=100,000,000/100MCost=1SerialLink64kbpsCost=100,000,000/64kCost=1562OSPF的Router、Areas、LSAsTypesAreaTypesBackbonearea（area0/）Nonbackbone,nonstubareaStubareaTotallystubbyareaNot-so-stubbyarea（NSSAs）RouterTypesInternalroutersAreaBorderRouters（ABRs）BackboneroutersAutonomousSystemBoundaryRouters（ASBRs）LSAstypesRouterLSANetworkLSASummaryLSAsforABRsSummaryLSAsforASBRsAutonomoussystemexternalLSAsNSSAexternalLSAOSPF的PATHtype（o）Intra-areapaths/routers（oIA）Interareapaths/routers（oE1）ExternalType1paths/routers（oE2）ExternalType2paths/routers（oN1）OSPFNSSAtype1（oN2）OSPFNSSAtype2OSPF基本配置选项准备参数Area0的设定所有路由器的RID路由器的priority及RID用于DR/BDR选举在单域内尽量保持地址连续，利于地址聚合收敛选择合适的stub网络类型尽量避免virtuallinks的使用STUB区域、路由聚合和虚连接OSPF基本配置步骤将网络划分为若干逻辑区域area，明确backbonearea0。在需要选择DR/BDR的区域，选择最佳选择。通过loopbackinterface或者直接设定routerID的方式为每一台路由指定RID在路由器上启用OSPF，并配置RID配置路由的各个接口地址参数需要时指定OSPF的邻居节点需要时设置特殊area类型设置其他OSPF运行参数选项，如hellointerval/deadinterval，routesummarization，authencation等配置OSPF协议——划分区域划分区域的基本原则按照自然的地区或者行政单位划分按照网络中的高端路由器来划分按照IP地址的规律一些制约条件区域的规模与骨干区域连通ABR的处理能力启动OSPF协议的基本配置EnablinganOSPFprocessusingtherouterospf<process-id>command.Assigningareastotheinterfacesusingthenetwork<networkorIPaddress><mask><area-id>command.Process-idcanbeavaluebetween0and65,535WildcardmaskNOTsubnetmaskusedwithnetworkcommand启动OSPF协议的基本配置配置路由器的RouterID[Quidway]routeridA.B.C.D启动OSPF协议[Quidway]ospfenable配置OSPF区域[Quidway-Serial0]ospfenableareaarea_idOSPF基本配置样例一routerospf63network.area1network55area0networkarea1Area0Area1

E1T0

E0

E2OSPF基本配置样例二Router5#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router5(config)#routerospf87Router5(config-router)#network55area0Router5(config-router)#exitRouter5(config)#endRouter5#OSPF基本配置样例三Router9#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router9(config)#routerospf87Router9(config-router)#exitRouter9(config)#interfaceFastEthernet0/0Router9(config-if)#ipaddressRouter9(config-if)#ipospf87area10Router9(config-if)#exitRouter9(config)#endRouter9#OSPF的附加配置OSPFfloodingReduction/TuningOSPFRouter(config-if)#ipospfflood-reduction默认LSAflooding每3600秒（1小时）进行一次，此命令可禁止floodingRouter(config-if)#ospfdatabase-filterallout禁止在指定接口向外传送LSARouter(config-router)#neighbourip_addressdatabase-filterallout禁止向特定的neighbour传送LSARouter(config-if)#ipospfhello-intervalinteral_in_secondsRouter(config-if)#ipospfdead-intervaldead_interval_in_secondsRouter(config-if)#ipospfretransmit-intervalAllowsrouting-informationexchangebetweenOSPFandotherroutingprotocolsOSPFRouteRedistributionOSPFRIPIGRPEnhancedIGRPIS-ISBGPEGPRouter(config-router)#redistributeprotocol[process-id][metricvalue]

[metric-typevalue][subnets]OSPFRedistributionCommandRedistributesroutesfromOSPFintootherroutingprotocols(andviceversa)OSPFRedistributionExample1RedistributionbetweenRIPandOSPFRIPOSPFArea0S0S1R1OSPFRedistributionExample1routerospf109network55area0network55area0redistributeripsubnetsmetric-type1metric20routerripnetworkpassive-interfaceserial0passive-interfaceserial1default-metric10redistributeospf109matchinternalexternal1external2OSPFRedistributionExample2"Backdoor"creates

potentialloopRIPRIPOSPFArea0RIPAvoidingLoopsR2R3R2R1RedistributionExample2controuterospf109network55area0network55area0redistributeripsubnetsmetric-type1metric20distribute-list11outripaccess-list11permit55

MinimizesroutingtableentriesLocalizesimpactofatopologychangeOSPFRouteSummarizationArea0BackboneABRsArea1SummarizationxxO

O

O

O

O

O

O

RoutingTableforBRoutingTableforCIAInter-area(IA)summarylinkcarriesmaskOneentrycanrepresentseveralsubnetsRouteSummarization(cont.)Area1Area0ABRSummarizationBACSummaryRouteMask=240

Address=12ExistingSubnetMask=252

Address=121111 11 00

0000 11 001111 0000

0000 1100Valid

3rdSubnetInvalidSubnet

ZeroSomeaddressesmayneedreallocatingRouteSummarizationIssueRouter(config-router)#areaarea-idrangeaddressmaskRouteSummarizationCommandsConsolidatesIAroutesonanABRRouter(config-router)#summary-addressaddressmaskConsolidatesexternalroutesonanASBRRouteSummarizationExampleR2R2#routerospf100

network 55area2

network 55area0area0range

area2rangeR1#routerospf100

network 55area1

network 55area0area0range

area1range-

Area2-

-

Area1InterfaceAddresses

(mask)InterfaceAddresses

(mask)R1R2Area0DefaultroutetoroutersoutsidetheareaAddadefaultroutetotheOSPFrouterconnectedtotheoutsidenetwork.Thisroutecanberedistributedtoeachrouterin

theAreathroughnormalOSPFupdates

Router(config)#iproute[interface|next-hopaddress]ThefollowingconfigurationstatementwillpropagatethisroutetoalltheroutersinanormalOSPFarea:Router(config-router)#

default-informationoriginateAllroutersintheOSPFareawilllearnadefaultrouteprovidedthattheinterfaceoftheborderroutertothedefaultgatewayisactive.OSPFrouteauthencationEnableareaauthencationonallroutersinthatareaRouter(config-router)#areaarea_idauthencationRouter(config-router)#ipospfauthencation-keypasswordMD5cyrptographicauthencationRouter(config-router)#areaarea_idauthencationmessage-digestRouter(config-router)#ipospfmessage-digest-keykey_valuemd5passwordOSPFvirtuallinksIt’sthelastoption,andthebetterchoiceistoavoidvirtuallinkRouter(config-router)#areatransit_area_idvirtual-linkrouter_id_of_remoteRouter#showipospfvirtual-links确认OSPF配置及运行状态VerifiesinterfacesareincorrectareasRouter#showipospfinterfacee0

Ethernet0isup,lineprotocolisup

InternetAddress,Area

ProcessID10,RouterID1,NetworkTypeBROADCAST,

Cost:10

TransmitDelayis1sec,StateBDR,Priority1

DesignatedRouter(ID),Interfaceaddress

BackupDesignatedrouter(ID)1,Interfaceaddress

Timerintervalsconfigured,Hello10,Dead40,Wait40,Retransmit5

Helloduein0:00:02

NeighborCountis3,Adjacentneighborcountis3

Adjacentwithneighbor(DesignatedRouter)

Loopback0isup,lineprotocolisup

InternetAddress155,Area1

ProcessID10,RouterID1,NetworkTypeLOOPBACK,Cost:1

LoopbackinterfaceistreatedasastubHost

showipospfinterfaceCommandShowIPospfinterfaceInthisexample,weuseloopbackinterfaceinsteadofEthernetinterfaceDisplaysgeneralinformationaboutthe

OSPFroutingprocessRouter#showipospf

RoutingProcess"ospf1"withID

SupportsonlysingleTOS(TOS0)routes

SPFscheduledelay5secs,HoldtimebetweentwoSPFs10secs

Numberofareasinthisrouteris1

Area23

Numberofinterfacesinthisareais3

Areahasnoauthentication

SPFalgorithmexecuted19times

Arearangesare

LinkStateUpdateIntervalis0:30:00andduein0:04:55

LinkStateAgeIntervalis0:20:00andduein0:04:55

showipospfCommandRouter#showipospfdatabaseOSPFRouterwithID()(ProcessID1)RouterLinkStates(Area23)LinkIDADV

RouterAgeSeq#780x8000003216910x8000002B116930x80000030Checksum0x80B60xE11C0xE35ELink

count5516960x800000260x80A11NetLinkStates(Area23)LinkIDADVRouterAgeSeq#Checksum16910x800000300x2FCE16930x800000240xFB29showipospfdatabaseCommandRouter>showipprotocolRoutingProtocolis“ospf300”Sendingupdatesevery0secondsInvalidafter0seconds,holddown0,flushedafter0OutgoingupdatefilterlistforallinterfacesisnotsetIncomingupdatefilterlistforallinterfacesisnotsetRedistributing:ospf300RoutingforNetworks:/55/55RoutingInformationSources:GatewayDistanceLastUpdate1106d2121100:17:32921100:17:33941100:17:331106d211100:17:331100:17:33301106d19281100:17:331100:17:331100:17:33Distance:(defaultis110)--More--showipprotocolCommandRouter#showipospfvirtual-linksOtherOSPFshowCommandsDisplaysparametersaboutOSPFvirtuallinks

Router#showipospfneighbordetailDisplaysneighborinformationperinterfaceRouter#showipospfborder-routersDisplaysroutestotheABRandASBROSPF的debug命令Debugipospfadj查看OSPF的hello协议Debugipospfevents查看OSPF的LSA信息传送将hello协议的运做记入日志Router(config)#routerospf7Router(config-router)#log-adjacency-changesRouter#showlogOSPFv3的新特点OSPFv3特点OSPFforIPv6BasedonOSPFv2,withenhancementsDistributesIPv6prefixesRunsdirectlyoverIPv6Ships-in-the-nightwithOSPFv2OSPFv3/OSPFv2相似性BasicpackettypesHello,DBD,LSR,LSU,LSAMechanismsforneighbordiscoveryandadjacencyformationInterfacetypesP2P,P2MP,Broadcast,NBMA,VirtualLSAfloodingandagingNearlyidenticalLSAtypesOSPFv3/OSPFv2不同点OSPFv3runsoveralink,ratherthanasubnetMultipleinstancesperlinkOSPFv2topologynotIPv6-specificRouterIDLinkIDStandardauthenticationmechanismsUseslink-localaddressesGeneralizedfloodingscopeTwonewLSAtypesConfiguringOSPFv3inCiscoIOS®SoftwareSimilartoOSPFv2PrefixingexistingInterfaceandExecmodecommandswith“ipv6”InterfacesconfigureddirectlyReplacesnetworkcommand“Native”IPv6routermodeNotasub-modeofrouterospfConfigurationModesinOSPFv3

Enteringroutermode[no]ipv6routerospf<processID>

Entering

interfacemode[no]ipv6ospf<processID>area<areaID>

Execmode[no]showipv6ospf[<processID>]clearipv6ospf[<processID>]CiscoIOSOSPFv3SpecificAttributesConfiguringarearange[no]area<areaID>range<prefix>/<prefixlength>ShowingnewLSAshowipv6ospf[<processID>]databaselinkshowipv6ospf[<processID>]databaseprefixOSPFv3DebugCommandsAdjacencyisnotappearing [no]debugipv6ospfadj [no]debugipv6ospfhelloSPFisrunningconstantly [no]debugipv6ospfspf [no]debugipv6ospfflooding [no]debugipv6ospfevents [no]debugipv6ospflsa-generation [no]debugipv6ospfdatabase-timerGeneralpurpose [no]debugipv6ospfpackets [no]debugipv6ospfretransmission [no]debugipv6ospftreeOSPFv3configurationexampleLAN1:2001:1:1:1::/64LAN2:2001:2:2:2::/64Eth0Eth1Router1Router1#interfaceEthernet0ipv6address2001:1:1:1::1/64ipv6ospf1area0interfaceEthernet1ipv6address2001:2:2:2::2/64ipv6ospf1area1

ipv6routerospf1router-idarea1range2001:2:2::/48

Area0Area1Router2CiscoIOSOSPFv3DisplayRouter2#showipv6routeospfIPv6RoutingTable-9entriesCodes:C-Connected,L-Local,S-Static,R-RIP,B-BGPU-Per-userStaticrouteI1-ISISL1,I2-ISISL2,IA-ISISinterareaO-OSPFintra,OI-OSPFinter,OE1-OSPFext1,OE2-OSPFext2O2001:1:1:2::1/128[110/1]viaFE80::205:5FFF:FEAF:2C38,Ethernet0OI2001:2:2::/48[110/2]viaFE80::205:5FFF:FEAF:2C38,Ethernet0Area0Area1Router2CiscoIOSOSPFv3DatabaseDisplayRouter2#showipv6ospfdatabase

OSPFRouterwithID()(ProcessID1)RouterLinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumLinkcount020090x8000000A0x2DB1105010x800000070xF3E61NetLinkStates(Area0)LinkIDADVRouterAgeSeq#Checksum74800x800000060x3BADInterAreaPrefixLinkStates(Area0)ADVRouterAgeSeq#Prefix17610x800000052001:2:2:2::/649820x800000052001:2:2:4::2/128Link(Type-8)LinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumInterface112450x800000060xF3DCLo072360x800000080x68FFa2/075010x800000080xE7BCFa2/0IntraAreaPrefixLinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumReflstype04800x800000080xD6700x20011072360x800000080xC05F0x200202450x800000060x3FF70x2001CiscoIOSOSPFv3DetailedLSADisplayshowipv6os