高級路由管理

—OSPF路由協議應用配置提綱OSPF技術要點回顧OSPF的基本配置選項OSPF的附加配置OSPFfloodingReductionOSPFRedistributionandFilteringOSPFSummarizationOSPFDefaultRoutingOSPFAuthenticationOSPFVirtualLinks確認OSPF的運行狀態ShowdebugOSPFv3的新特點OSPF技術要點回顧OSPF基本工作過程初始化，通過組播地址發送hello包到所有外連接口。在NBMA和multipoint類型接口則采用單點地址。通過交互，路由維護各自鄰居信息。鄰居關系獨立于物理連接關系，相當于為交流路由信息而在路由之間選擇建立的專用虛擬鏈路。路由器各自向其新加入的neighbour發送LSA信息.路由器將收到的LSA記錄下來，并繼續轉發到其他新加入的neighbour。所有路由器根據收集到的LSA集合，建立Link-statedatabases。當databases構建完成，運用SPF算法計算出從本節點出發到達其他路由節點的loop-free的路徑，并組成SPF的tree結構。從SPF的tree結構提取信息，對應加入到路由表中，作為優選的最佳路徑。OSPF的Hello協議用于Neighbourdiscovery（Hello包中包含的信息）RouterIDAreaIDOriginatingrouterinterface的addressmaskAuthencationType和AuthencationinformationHelloIntervalHellodeadintervalRouterpriorityDR/BDRSomeflagsRouterIDsoforiginatingrouter’sneighbour鄰居關系的確認及維護使用Hellointerval、Deadinterval、areaIDs、authencationtypeandpassword驗證鄰居關系的建立鄰居keeplive算法Deadinterval被設置為4倍的Hellointerval，如果在deadinterval之內未收到hello信息，則鄰居關系解除在broadcast和NBMA類型網絡中DR/BDRs的選擇

RouterID、現有DR/BDR、routerpriority用于新的DR/BDR選擇及狀態判定OSPF的相鄰網絡類型Point-to-Pointnetworks不必選舉DR/BDRs，但采用組播地址在路由之間傳送hello和LSA數據。Broadcastnetworks通過組播/在普通節點和DR/BDRs之間傳送數據。NBMAnetworks不能使用組播地址傳送數據，鄰居關系需要手工指定，DR/BDR選舉出后，所有的數據均為單播地址傳送。一般而言，DR/BDR應該為與其他路由器均有鏈路相連的節點。Point-to-multipoint必須被靜態指定，被作為多個點對點網絡對待VirtualLinks專用于連接Area0的特殊網絡在NBMA網絡中運行OSPFOSPF的DR/BDRs選舉優勢減少LSA數據的傳送量新加入的節點只需和已選出的DR/BDR建立鄰居關系選舉過程路由器各自發送及接收hello信息Hello信息中的priority將被檢測，最高優先級被選為DR，默認優先級為1，可更改。優先級為0的鄰居不參加選舉如果DR沒有選出或者不響應，則BDR轉為DR角色，而后選舉新的BDR。如果出現一個以上相同優先級的設備節點，則從RouterID最高的中選出BDR運行過程中有新的更高優先級的設備加入，DR/BDR仍舊保持不變，只在失效時才重起選舉進程鄰居之間周期性發送hello信息，在deadinterval內沒有信息傳送，則鄰居關系解除OSPF的RIDUniquerouterID可以帶來以下優勢可以識別出重復的LSA唯一確認virtuallink的端點在DR/BDR競選中起關鍵作用RID（routerID）的選擇路由設備所有有效接口的IP地址均參與RID的選擇，最高值被選為相應鏈路上該設備的RID如果loopback接口存在，該接口地址被選用，如果有多個loopback接口，最高值的接口地址被選用需要控制RID的值，選擇配置loopback接口，定制地址。此地址不需要被外界其他用戶所訪問OSPFLoopbackAddressForOSPFtofunctiontheremustalwaysbeanactiveinterfacePhysicalinterfacese.g.serial/Ethernetmaynotalwaysbeactive–routingwouldfailConfigurevirtual“loopback”interfaceassolutionSubnetmaskwillalwaysbe55

Router(config)#interfaceloopbacknumberRouter(config-if)#ipaddress

ip-addresssubnet-maskSPF及OSPF鏈路的評估SPF基于網絡拓撲的有權無向圖進行計算各個鏈路的權值主要以來BW計算FDDI,ATM,GigabitEthernetcost=1HSSI45M cost=216-MbpsTokenRing cost=610-MbpsEthernet cost=10T1（1.544Mbps） cost=6456kbps cost=1785各個鏈路的權值可以人工指定OSPFCost計算CostistheOSPFmetricusedinpathselectionCostisbasedonbandwidthDefaultbandwidthis1.544Mbps–costis64Costis108

÷bandwidthRouter(config)#interfaceserial0/0Router(config-if)#bandwidth64

Router(config-if)#ipospfcost

number

Cost=100,000,000/BandwidthFastEthernet100MbpsCost=100,000,000/100MCost=1SerialLink64kbpsCost=100,000,000/64kCost=1562OSPF的Router、Areas、LSAsTypesAreaTypesBackbonearea（area0/）Nonbackbone,nonstubareaStubareaTotallystubbyareaNot-so-stubbyarea（NSSAs）RouterTypesInternalroutersAreaBorderRouters（ABRs）BackboneroutersAutonomousSystemBoundaryRouters（ASBRs）LSAstypesRouterLSANetworkLSASummaryLSAsforABRsSummaryLSAsforASBRsAutonomoussystemexternalLSAsNSSAexternalLSAOSPF的PATHtype（o）Intra-areapaths/routers（oIA）Interareapaths/routers（oE1）ExternalType1paths/routers（oE2）ExternalType2paths/routers（oN1）OSPFNSSAtype1（oN2）OSPFNSSAtype2OSPF基本配置選項準備參數Area0的設定所有路由器的RID路由器的priority及RID用于DR/BDR選舉在單域內盡量保持地址連續，利于地址聚合收斂選擇合適的stub網絡類型盡量避免virtuallinks的使用STUB區域、路由聚合和虛連接OSPF基本配置步驟將網絡劃分為若干邏輯區域area，明確backbonearea0。在需要選擇DR/BDR的區域，選擇最佳選擇。通過loopbackinterface或者直接設定routerID的方式為每一臺路由指定RID在路由器上啟用OSPF，并配置RID配置路由的各個接口地址參數需要時指定OSPF的鄰居節點需要時設置特殊area類型設置其他OSPF運行參數選項，如hellointerval/deadinterval，routesummarization，authencation等配置OSPF協議——劃分區域劃分區域的基本原則按照自然的地區或者行政單位劃分按照網絡中的高端路由器來劃分按照IP地址的規律一些制約條件區域的規模與骨干區域連通ABR的處理能力啟動OSPF協議的基本配置EnablinganOSPFprocessusingtherouterospf<process-id>command.Assigningareastotheinterfacesusingthenetwork<networkorIPaddress><mask><area-id>command.Process-idcanbeavaluebetween0and65,535WildcardmaskNOTsubnetmaskusedwithnetworkcommand啟動OSPF協議的基本配置配置路由器的RouterID[Quidway]routeridA.B.C.D啟動OSPF協議[Quidway]ospfenable配置OSPF區域[Quidway-Serial0]ospfenableareaarea_idOSPF基本配置樣例一routerospf63network.area1network55area0networkarea1Area0Area1

E1T0

E0

E2OSPF基本配置樣例二Router5#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router5(config)#routerospf87Router5(config-router)#network55area0Router5(config-router)#exitRouter5(config)#endRouter5#OSPF基本配置樣例三Router9#configureterminalEnterconfigurationcommands,oneperline.EndwithCNTL/Z.Router9(config)#routerospf87Router9(config-router)#exitRouter9(config)#interfaceFastEthernet0/0Router9(config-if)#ipaddressRouter9(config-if)#ipospf87area10Router9(config-if)#exitRouter9(config)#endRouter9#OSPF的附加配置OSPFfloodingReduction/TuningOSPFRouter(config-if)#ipospfflood-reduction默認LSAflooding每3600秒（1小時）進行一次，此命令可禁止floodingRouter(config-if)#ospfdatabase-filterallout禁止在指定接口向外傳送LSARouter(config-router)#neighbourip_addressdatabase-filterallout禁止向特定的neighbour傳送LSARouter(config-if)#ipospfhello-intervalinteral_in_secondsRouter(config-if)#ipospfdead-intervaldead_interval_in_secondsRouter(config-if)#ipospfretransmit-intervalAllowsrouting-informationexchangebetweenOSPFandotherroutingprotocolsOSPFRouteRedistributionOSPFRIPIGRPEnhancedIGRPIS-ISBGPEGPRouter(config-router)#redistributeprotocol[process-id][metricvalue]

[metric-typevalue][subnets]OSPFRedistributionCommandRedistributesroutesfromOSPFintootherroutingprotocols(andviceversa)OSPFRedistributionExample1RedistributionbetweenRIPandOSPFRIPOSPFArea0S0S1R1OSPFRedistributionExample1routerospf109network55area0network55area0redistributeripsubnetsmetric-type1metric20routerripnetworkpassive-interfaceserial0passive-interfaceserial1default-metric10redistributeospf109matchinternalexternal1external2OSPFRedistributionExample2"Backdoor"creates

potentialloopRIPRIPOSPFArea0RIPAvoidingLoopsR2R3R2R1RedistributionExample2controuterospf109network55area0network55area0redistributeripsubnetsmetric-type1metric20distribute-list11outripaccess-list11permit55

MinimizesroutingtableentriesLocalizesimpactofatopologychangeOSPFRouteSummarizationArea0BackboneABRsArea1SummarizationxxO

O

O

O

O

O

O

RoutingTableforBRoutingTableforCIAInter-area(IA)summarylinkcarriesmaskOneentrycanrepresentseveralsubnetsRouteSummarization(cont.)Area1Area0ABRSummarizationBACSummaryRouteMask=240

Address=12ExistingSubnetMask=252

Address=121111 11 00

0000 11 001111 0000

0000 1100Valid

3rdSubnetInvalidSubnet

ZeroSomeaddressesmayneedreallocatingRouteSummarizationIssueRouter(config-router)#areaarea-idrangeaddressmaskRouteSummarizationCommandsConsolidatesIAroutesonanABRRouter(config-router)#summary-addressaddressmaskConsolidatesexternalroutesonanASBRRouteSummarizationExampleR2R2#routerospf100

network 55area2

network 55area0area0range

area2rangeR1#routerospf100

network 55area1

network 55area0area0range

area1range-

Area2-

-

Area1InterfaceAddresses

(mask)InterfaceAddresses

(mask)R1R2Area0DefaultroutetoroutersoutsidetheareaAddadefaultroutetotheOSPFrouterconnectedtotheoutsidenetwork.Thisroutecanberedistributedtoeachrouterin

theAreathroughnormalOSPFupdates

Router(config)#iproute[interface|next-hopaddress]ThefollowingconfigurationstatementwillpropagatethisroutetoalltheroutersinanormalOSPFarea:Router(config-router)#

default-informationoriginateAllroutersintheOSPFareawilllearnadefaultrouteprovidedthattheinterfaceoftheborderroutertothedefaultgatewayisactive.OSPFrouteauthencationEnableareaauthencationonallroutersinthatareaRouter(config-router)#areaarea_idauthencationRouter(config-router)#ipospfauthencation-keypasswordMD5cyrptographicauthencationRouter(config-router)#areaarea_idauthencationmessage-digestRouter(config-router)#ipospfmessage-digest-keykey_valuemd5passwordOSPFvirtuallinksIt’sthelastoption,andthebetterchoiceistoavoidvirtuallinkRouter(config-router)#areatransit_area_idvirtual-linkrouter_id_of_remoteRouter#showipospfvirtual-links確認OSPF配置及運行狀態VerifiesinterfacesareincorrectareasRouter#showipospfinterfacee0

Ethernet0isup,lineprotocolisup

InternetAddress,Area

ProcessID10,RouterID1,NetworkTypeBROADCAST,

Cost:10

TransmitDelayis1sec,StateBDR,Priority1

DesignatedRouter(ID),Interfaceaddress

BackupDesignatedrouter(ID)1,Interfaceaddress

Timerintervalsconfigured,Hello10,Dead40,Wait40,Retransmit5

Helloduein0:00:02

NeighborCountis3,Adjacentneighborcountis3

Adjacentwithneighbor(DesignatedRouter)

Loopback0isup,lineprotocolisup

InternetAddress155,Area1

ProcessID10,RouterID1,NetworkTypeLOOPBACK,Cost:1

LoopbackinterfaceistreatedasastubHost

showipospfinterfaceCommandShowIPospfinterfaceInthisexample,weuseloopbackinterfaceinsteadofEthernetinterfaceDisplaysgeneralinformationaboutthe

OSPFroutingprocessRouter#showipospf

RoutingProcess"ospf1"withID

SupportsonlysingleTOS(TOS0)routes

SPFscheduledelay5secs,HoldtimebetweentwoSPFs10secs

Numberofareasinthisrouteris1

Area23

Numberofinterfacesinthisareais3

Areahasnoauthentication

SPFalgorithmexecuted19times

Arearangesare

LinkStateUpdateIntervalis0:30:00andduein0:04:55

LinkStateAgeIntervalis0:20:00andduein0:04:55

showipospfCommandRouter#showipospfdatabaseOSPFRouterwithID()(ProcessID1)RouterLinkStates(Area23)LinkIDADV

RouterAgeSeq#780x8000003216910x8000002B116930x80000030Checksum0x80B60xE11C0xE35ELink

count5516960x800000260x80A11NetLinkStates(Area23)LinkIDADVRouterAgeSeq#Checksum16910x800000300x2FCE16930x800000240xFB29showipospfdatabaseCommandRouter>showipprotocolRoutingProtocolis“ospf300”Sendingupdatesevery0secondsInvalidafter0seconds,holddown0,flushedafter0OutgoingupdatefilterlistforallinterfacesisnotsetIncomingupdatefilterlistforallinterfacesisnotsetRedistributing:ospf300RoutingforNetworks:/55/55RoutingInformationSources:GatewayDistanceLastUpdate1106d2121100:17:32921100:17:33941100:17:331106d211100:17:331100:17:33301106d19281100:17:331100:17:331100:17:33Distance:(defaultis110)--More--showipprotocolCommandRouter#showipospfvirtual-linksOtherOSPFshowCommandsDisplaysparametersaboutOSPFvirtuallinks

Router#showipospfneighbordetailDisplaysneighborinformationperinterfaceRouter#showipospfborder-routersDisplaysroutestotheABRandASBROSPF的debug命令Debugipospfadj查看OSPF的hello協議Debugipospfevents查看OSPF的LSA信息傳送將hello協議的運做記入日志Router(config)#routerospf7Router(config-router)#log-adjacency-changesRouter#showlogOSPFv3的新特點OSPFv3特點OSPFforIPv6BasedonOSPFv2,withenhancementsDistributesIPv6prefixesRunsdirectlyoverIPv6Ships-in-the-nightwithOSPFv2OSPFv3/OSPFv2相似性BasicpackettypesHello,DBD,LSR,LSU,LSAMechanismsforneighbordiscoveryandadjacencyformationInterfacetypesP2P,P2MP,Broadcast,NBMA,VirtualLSAfloodingandagingNearlyidenticalLSAtypesOSPFv3/OSPFv2不同點OSPFv3runsoveralink,ratherthanasubnetMultipleinstancesperlinkOSPFv2topologynotIPv6-specificRouterIDLinkIDStandardauthenticationmechanismsUseslink-localaddressesGeneralizedfloodingscopeTwonewLSAtypesConfiguringOSPFv3inCiscoIOS?SoftwareSimilartoOSPFv2PrefixingexistingInterfaceandExecmodecommandswith“ipv6”InterfacesconfigureddirectlyReplacesnetworkcommand“Native”IPv6routermodeNotasub-modeofrouterospfConfigurationModesinOSPFv3

Enteringroutermode[no]ipv6routerospf<processID>

Entering

interfacemode[no]ipv6ospf<processID>area<areaID>

Execmode[no]showipv6ospf[<processID>]clearipv6ospf[<processID>]CiscoIOSOSPFv3SpecificAttributesConfiguringarearange[no]area<areaID>range<prefix>/<prefixlength>ShowingnewLSAshowipv6ospf[<processID>]databaselinkshowipv6ospf[<processID>]databaseprefixOSPFv3DebugCommandsAdjacencyisnotappearing [no]debugipv6ospfadj [no]debugipv6ospfhelloSPFisrunningconstantly [no]debugipv6ospfspf [no]debugipv6ospfflooding [no]debugipv6ospfevents [no]debugipv6ospflsa-generation [no]debugipv6ospfdatabase-timerGeneralpurpose [no]debugipv6ospfpackets [no]debugipv6ospfretransmission [no]debugipv6ospftreeOSPFv3configurationexampleLAN1:2001:1:1:1::/64LAN2:2001:2:2:2::/64Eth0Eth1Router1Router1#interfaceEthernet0ipv6address2001:1:1:1::1/64ipv6ospf1area0interfaceEthernet1ipv6address2001:2:2:2::2/64ipv6ospf1area1

ipv6routerospf1router-idarea1range2001:2:2::/48

Area0Area1Router2CiscoIOSOSPFv3DisplayRouter2#showipv6routeospfIPv6RoutingTable-9entriesCodes:C-Connected,L-Local,S-Static,R-RIP,B-BGPU-Per-userStaticrouteI1-ISISL1,I2-ISISL2,IA-ISISinterareaO-OSPFintra,OI-OSPFinter,OE1-OSPFext1,OE2-OSPFext2O2001:1:1:2::1/128[110/1]viaFE80::205:5FFF:FEAF:2C38,Ethernet0OI2001:2:2::/48[110/2]viaFE80::205:5FFF:FEAF:2C38,Ethernet0Area0Area1Router2CiscoIOSOSPFv3DatabaseDisplayRouter2#showipv6ospfdatabase

OSPFRouterwithID()(ProcessID1)RouterLinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumLinkcount020090x8000000A0x2DB1105010x800000070xF3E61NetLinkStates(Area0)LinkIDADVRouterAgeSeq#Checksum74800x800000060x3BADInterAreaPrefixLinkStates(Area0)ADVRouterAgeSeq#Prefix17610x800000052001:2:2:2::/649820x800000052001:2:2:4::2/128Link(Type-8)LinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumInterface112450x800000060xF3DCLo072360x800000080x68FFa2/075010x800000080xE7BCFa2/0IntraAreaPrefixLinkStates(Area0)LinkIDADVRouterAgeSeq#ChecksumReflstype04800x800000080xD6700x20011072360x800000080xC05F0x200202450x800000060x3FF70x2001CiscoIOSOSPFv3DetailedLSADisplayshowipv6os