ospf的路由聚合 这个拓扑中AR1上3个loopback在area1中宣告,AR4上的2个loopback模拟lsa5(lsa7)重分布进ospf中,现在分别在ABR(AR2)和ASBR(AR4)上做内部路由聚合以及外部路由聚合,当area2区域被配置成NSSA时,那么在AR4上聚合的路由就是lsa7型,普通区域则聚合lsa5型。 ospf内部路由聚合配置实例如下,AR1上配置 ospf 1 router-id 1.1.1.1 area 0.0.0.1 abr-summary 1.1.1.0 255.255.255.0 聚合路由将3条32位主机路由聚合成一条24位网路路由(由AR2)发布出去,聚合那个区域的路由就进入那个区域进行配置 network 1.1.1.1 0.0.0.0 network 1.1.1.2 0.0.0.0 network 1.1.1.3 0.0.0.0 network 12.1.1.1 0.0.0.0 # 聚合后在AR4上查看lsdb和路由 <AR4>display ospf lsdb OSPF Process 1 with Router ID 4.4.4.4 Link State Database Area: 0.0.0.2 Type LinkState ID AdvRouter Age Len Sequence Metric Router 4.4.4.4 4.4.4.4 1144 36 80000005 1 Router 3.3.3.3 3.3.3.3 1145 36 80000004 1 Network 34.1.1.4 4.4.4.4 1144 32 80000001 0 Sum-Net 12.1.1.0 3.3.3.3 1186 28 80000001 2 Sum-Net 23.1.1.0 3.3.3.3 1186 28 80000001 1 Sum-Net 1.1.1.0 3.3.3.3 665 28 80000001 2 AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric External 4.4.4.4 4.4.4.4 1019 36 80000008 1 External 34.1.1.0 4.4.4.4 1019 36 80000008 1 <AR4> <AR4>display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.0/24 OSPF 10 3 D 34.1.1.3 GigabitEthernet0/0/0 12.1.1.0/24 OSPF 10 3 D 34.1.1.3 GigabitEthernet0/0/0 23.1.1.0/24 OSPF 10 2 D 34.1.1.3 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 <AR4> ospf外部路由聚合配置实例如下,AR4上配置 ospf 1 router-id 4.4.4.4 asbr-summary 4.4.4.0 255.255.255.0 聚合lsa5类外部路由,这里不在ospf任何区域内不用进入区域中配置 import-route direct area 0.0.0.2 network 34.1.1.4 0.0.0.0 # 在AR1上查看聚合的外部路由 [Huawei]display ospf 1 lsdb OSPF Process 1 with Router ID 1.1.1.1 Link State Database Area: 0.0.0.1 Type LinkState ID AdvRouter Age Len Sequence Metric Router 2.2.2.2 2.2.2.2 1223 36 8000000D 1 Router 1.1.1.1 1.1.1.1 479 72 80000011 1 Network 12.1.1.1 1.1.1.1 1220 32 8000000B 0 Sum-Net 23.1.1.0 2.2.2.2 1217 28 8000000A 1 Sum-Net 34.1.1.0 2.2.2.2 1645 28 80000010 2 Sum-Asbr 4.4.4.4 2.2.2.2 158 28 80000001 2这条lsa3是告知r-id为4.4.4.4这个asbr怎么去的,从2.2.2.2这个abr走 AS External Database Type LinkState ID AdvRouter Age Len Sequence Metric External 4.4.4.0 4.4.4.4 160 36 80000001 2 External 34.1.1.0 4.4.4.4 160 36 80000001 1 [Huawei] [Huawei]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 3 Routes : 3 OSPF routing table status : <Active> Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 4.4.4.0/24 O_ASE 150 2 D 12.1.1.2 GigabitEthernet0/0/0 23.1.1.0/24 OSPF 10 2 D 12.1.1.2 GigabitEthernet0/0/0 34.1.1.0/24 OSPF 10 3 D 12.1.1.2 GigabitEthernet0/0/0 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 [Huawei] ospf的负均衡和路由选择 ospf的路由选择是通过路由的cost来决定的,cost越小越优先。当目的路由的cost一样时,就会形成负载均衡。在ospf中cost是以接口带宽计算的100M=10、1G=1 1、普通配置让路由形成负载均衡 AR1 ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 12.1.1.1 0.0.0.0 network 13.1.1.1 0.0.0.0 # AR2 ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 12.1.1.2 0.0.0.0 network 100.1.1.1 0.0.0.0 # AR3 ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 13.1.1.3 0.0.0.0 network 100.1.1.1 0.0.0.0 # 在AR1上查看负载均衡路由 [AR1]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 1 Routes : 2 OSPF routing table status : <Active> Destinations : 1 Routes : 2 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.1/32 OSPF 10 1 D 12.1.1.2 GigabitEthernet0/0/0 OSPF 10 1 D 13.1.1.3 GigabitEthernet0/0/1 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 [AR1] 查看路由选择,选择了从AR2去往100.1.1.1/32 [AR1]tracert 100.1.1.1 traceroute to 100.1.1.1(100.1.1.1), max hops: 30 ,packet length: 40,press CTRL _C to break 1 12.1.1.2 20 ms 13.1.1.3 10 ms 20 ms [AR1] 如果想让数据包从AR3去往100.1.1.1/32只需要修改负载分担的优先级就可以,让AR3到100.1.1.1/32的权重大于AR2就可以了(值越小越优先) [AR1]ospf 1 [AR1-ospf-1]nexthop 13.1.1.3 weight 100 修改负载分担路由AR3的权重为100(默认254),优于AR2即可 [AR1-ospf-1]quit [AR1] [AR1]tracert 100.1.1.1 traceroute to 100.1.1.1(100.1.1.1), max hops: 30 ,packet length: 40,press CTRL _C to break 1 13.1.1.3 20 ms 20 ms 20 ms [AR1] 2、修改ospf接口的cost值进行路由选路,让流量重新走AR2 [AR1]interface g0/0/1 [AR1-GigabitEthernet0/0/1]ospf cost 2 1G接口cost默认为1最高优先,所以只需将g/0/1的cost改的比g/0/0的cost大那么ospf就会选择cost小的路由走 [AR1-GigabitEthernet0/0/1]quit [AR1] [AR1]display ip routing-table protocol ospf Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Public routing table : OSPF Destinations : 1 Routes : 1 OSPF routing table status : <Active> Destinations : 1 Routes : 1 Destination/Mask Proto Pre Cost Flags NextHop Interface 100.1.1.1/32 OSPF 10 1 D 12.1.1.2 GigabitEthernet0/0/0 将cost更优的路由放入路由表中 OSPF routing table status : <Inactive> Destinations : 0 Routes : 0 [AR1] [AR1]tracert 100.1.1.1 traceroute to 100.1.1.1(100.1.1.1), max hops: 30 ,packet length: 40,press CTRL _C to break 1 12.1.1.2 30 ms 30 ms 10 ms 从cost小的路由走 [AR1] 3、外部重分布等价路由的优先级,type1>type2 type1:会有一个真实的cost,路由的优先级与其他路由一样cost内外之和,小的优先。当100.1.1.1/32路由以type1类型重分布进ospf中时,路由的metric计算的是 AR1---AR2/AR3---100.1.1.1/32的cost的总和,也就是内部cost和外部重分布的cost总和。 type2:没有真实的cost固定为1,路由的优先级只受内部cost的影响,小的优先。当100.1.1.1/32路由以type2类型重分布进ospf中时,路由的metric只计算AR-AR2/AR3的ccost,而不计算外部cost(固定为1,修改无效) 修改cost方法:内部在AR1接口上ospf cost 10,外部在重分布的时候可以跟cost 10参数对type1类型的路由cost修改,type2类型无效。 ospf的路由过滤 1、抑制ospf的报文,禁止接收和发送ospf报文 [AR1]ospf 1 [AR1-ospf-1]silent-interface g0/0/0 在接口g/0/0/0抑制ospf报文 [AR1-ospf-1]quit [AR1] 2、ospf接收和发布路由的过滤 [AR1]ospf 1 [AR1-ospf-1] filter-policy 2999 import 过滤acl2999中定义的进入的路由 [AR1-ospf-1] quit [AR1] acl number 2999 rule 1 deny source 100.1.1.1 0 rule 2 permit [AR1]ospf 1 [AR1-ospf-1] filter-policy 2999 import 过滤acl2999中定义的发送出的路由 [AR1-ospf-1] quit [AR1] 3、ospf过滤发送lsa [AR1-GigabitEthernet0/0/0]ospf filter-lsa-out all 在出接口过滤lsa,可选lsa3、5、7和all ospf的认证 1、ospf区域认证,区域内每个路由器都需要配置 [AR1]ospf 1 [AR1-ospf-1]area 0 [AR1-ospf-1-area-0.0.0.0]authentication-mode md5 1 cipher 123 启用认证加密为MD5方式id=1,密码123以密文方式存 [AR1-ospf-1-area-0.0.0.0]quit 2、ospf接口认证,只需要在两端接口配置,优先级大于区域认证 [AR1]interface g0/0/1 [AR1-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123 [AR1-GigabitEthernet0/0/1]quit 4、ospf的虚链路认证 [AR1]ospf 1 [AR1-ospf-1]area 1 [AR1-ospf-1-area-0.0.0.1]vlink-peer 12.12.1.2 md5 1 cipher 123 [AR1-ospf-1-area-0.0.0.1]quit 欢迎关注的我的头条号,私信交流,学习更多的网络技术!