JNCIP案例分析 – Juniper/Cisco OSPF互操作 Part5

4. JUNOS与IOS OSPF域间及域外地址汇总

kangaroo

  1. 汇总所有的非骨干区域路由进入骨干区域,包括内部路由以及外部路由;
  2. 汇总来自RIP路由器的192.168.x/24路由,但你不能修改RIP路由器上的配置;

到目前为止,我们需要汇总进入OSPF骨干区域的内部路由包括区域1与区域20内的网段,而外部路由仅包括从R1/R2重分布进OSPF的直连网段10.0.5/24网段路由。来自NSSA的外部路由仅有10.0.5/24一条,因此对于这条路由我们不需要对该网段进行汇总。我们可以将汇总的焦点放在两边非骨干区的OSPF内部地址汇总上,在之前的OSPF地址汇总实验中我们已经计算出两边网段的汇总地址分别是10.0.4/22及10.0.8/23;我们在3台ABR上分别应用汇总配置。值得借鉴的是,我们可以在JUNOS上通过应用area-range命令的restrict参数批量过滤OSPF域间路由,相应的在IOS上同样可以在该命令后应用not-advertise达到相同的效果。而在IOS中,对于域间汇总路由的Metric计算直接采用ABR所在汇总区域接口的开销值,另外我们也能通过cost参数进行定义。

[edit logical-routers]
nigel@itaa7.2# show r5 protocols ospf area 20
area-range 10.0.8.0/23;

[edit logical-routers]
nigel@itaa7.2# show r3 protocols ospf area 1
nssa {
    default-lsa {
        default-metric 1;
        type-7;
    }
    no-summaries;
}
area-range 10.0.4.0/22;
r4#conf t
Enter configuration commands, one per line.
End with CNTL/Z.
r4(config-router)#area 1 range 10.0.4.0 255.255.252.0
r4(config-router)#area 1 range 10.0.4.0 255.255.252.0 ?
  advertise        Advertise this range (default)
  cost             User specified metric for this range
  not-advertise    DoNotAdvertise this range
  <cr>

同样,可以在骨干区域路由器上查看两边非骨干区域的明细网段是否仅匹配路由表内的汇总路由,从而确认地址汇总被成功配置。我们将查询两边区域内的直连网段路由及各路由器的环回接口网段:在R4上分别查询10.0.8.0与10.0.9.0两个网段,均匹配10.0.8/23路由;另一方面,我们在R5上分别查询10.0.4.0及10.0.6.0两个网段,均匹配10.0.4/22路由。

r4#show ip route 10.0.8.0
Routing entry for 10.0.8.0/23
  Known via "ospf 64", distance 110, metric 12,
  type inter area
  Last update from 10.0.2.9 on FastEthernet0/0.45,
  00:27:09 ago
  Routing Descriptor Blocks:
  * 10.0.2.9, from 10.0.3.5, 00:27:09 ago,
  via FastEthernet0/0.45
      Route metric is 12, traffic share count is 1

r4#show ip route 10.0.9.0
Routing entry for 10.0.8.0/23
  Known via "ospf 64", distance 110, metric 12,
  type inter area
  Last update from 10.0.2.9 on FastEthernet0/0.45,
  00:27:16 ago
  Routing Descriptor Blocks:
  * 10.0.2.9, from 10.0.3.5, 00:27:16 ago,
  via FastEthernet0/0.45
      Route metric is 12, traffic share count is 1
nigel@itaa7.2# run show route logical-router r5 10.0.6.0    

inet.0: 19 destinations, 19 routes (19 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.4.0/22        *[OSPF/10] 00:17:42, metric 3
                    > to 10.0.2.2 via fxp2.35

nigel@itaa7.2# run show route logical-router r5 10.0.4.0    

inet.0: 19 destinations, 19 routes (19 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.4.0/22        *[OSPF/10] 00:17:44, metric 3
                    > to 10.0.2.2 via fxp2.35

需要注意的是尽管对于区域1的地址汇总,尽管10.0.4/22包含10.0.5/24网段,然而由于10.0.5/24网段采用域外路由的形式注入OSPF,作为域间路由汇总的area-range并不会将域外及域间路由混合在同一条汇总路由内通告,因此在R5上我们仍然能够接收到10.0.5/24网段路由,而且其依然保留域外路由的Preference。

nigel@itaa7.2# run show route logical-router r5 10.0.5.0    

inet.0: 19 destinations, 19 routes (19 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.0.5.0/24        *[OSPF/150] 00:19:40, metric 13,
                    tag 420
                    > to 10.0.2.2 via fxp2.35

下一步我们开始对来自RIP的192.168.x/24域外路由进行汇总,在实验目标中明确提出不允许通过修改RIP路由器的配置来实现路由汇总,我们需要在R6与R7上通过RIP接收全部明细路由后再汇总重分布进入OSPF域内。先在JUNOS路由器R6和IOS路由器R7上完成RIP的基本配置,并确认两者RIP路由表同步。

[edit logical-routers r6]
nigel@itaa7.2# show protocols rip
group rip {
    neighbor fxp1.60;
}
r7#wr t
!
router rip
 version 2
 network 172.16.0.0
!
nigel@itaa7.2# run show route logical-router r6 protocol
rip 

inet.0: 24 destinations, 24 routes (24 active,
0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.0.0/24     *[RIP/100] 00:22:22, metric 2, tag 0
                    > to 172.16.40.1 via fxp1.60
192.168.1.0/24     *[RIP/100] 00:22:22, metric 2, tag 0
                    > to 172.16.40.1 via fxp1.60
192.168.2.0/24     *[RIP/100] 00:22:22, metric 2, tag 0
                    > to 172.16.40.1 via fxp1.60
192.168.3.0/24     *[RIP/100] 00:22:22, metric 2, tag 0
                    > to 172.16.40.1 via fxp1.60
192.168.4.0/24     *[RIP/100] 00:22:22, metric 2, tag 0
                    > to 172.16.40.1 via fxp1.60
224.0.0.9/32       *[RIP/100] 00:22:32, metric 1
                      MultiRecv

r7# show ip route rip
R    192.168.4.0/24 [120/1] via 172.16.40.5,0:34,Fa0/0.70
R    192.168.0.0/24 [120/1] via 172.16.40.5,0:34,Fa0/0.70
R    192.168.1.0/24 [120/1] via 172.16.40.5,0:34,Fa0/0.70
R    192.168.2.0/24 [120/1] via 172.16.40.5,0:34,Fa0/0.70
R    192.168.3.0/24 [120/1] via 172.16.40.5,0:34,Fa0/0.70

此时我们有机会比较JUNOS与IOS在对OSPF域外路由汇总上采取的不同的路径,JUNOS先将RIP明细路由通过Aggregate进行汇总,在把汇总后的Aggregate路由通过策略重分布进入OSPF;而IOS则直接将RIP明细路由重发布进入OSPF内,下一步使用summary-address将域外路由在OSPF协议内部进行汇总。相比之下,JUNOS的配置量似乎大得多,其实情况不一定正如看上去那么完美。

[edit logical-routers r6]
nigel@itaa7.2# show routing-options
aggregate {
    route 192.168.0.0/21;
}

[edit logical-routers r6]
nigel@itaa7.2# show policy-options
policy-statement rip-ospf {
    term 1 {
        from {
            protocol aggregate;
            route-filter 192.168.0.0/21 exact;
        }
        then accept;
    }
}

r7(config-router)#router ospf 64
r7(config-router)#redistribute rip subnets
r7(config-router)#summary-address 192.168.0.0
255.255.248.0

查看R5上的OSPF数据库,同时从R6/R7上均收到汇总后的192.168/21域外LSA-5,似乎与我们设想中的结果吻合。而当我们进一步查看R5上的全部域外LSA的时候,却发现从R7上注入了172.16.40.4/30这条额外的LSA,在下一个实验目标中明确规定该网段应当以域内路由的形式出现在OSPF内。由于我们在IOS上进行RIP到OSPF重分布的时候并没有做任何地址限制,因此172.16.40.4/30作为R7上RIP数据库内的路由随同192.168.x/24路由被重分布进OSPF内。

nigel@itaa7.2# run show ospf database logical-router r5
lsa-id 192.168.0.0

    OSPF AS SCOPE link state database
 Type     ID         Adv Rtr  Seq	   Age Opt Cksum Len
Extern 192.168.0.0 10.0.9.6 0x80000001  50 0x2 0x5007 36
Extern 192.168.0.0 10.0.9.7 0x80000005 109 0x2 0x47d8 36

nigel@itaa7.2# run show ospf database logical-router r5
extern

    OSPF AS SCOPE link state database
 Type     ID         Adv Rtr  Seq	   Age Opt Cksum Len
Extern 10.0.5.0    10.0.3.4 0x80000005 887 0x2 0x341b 36
Extern 172.16.40.4 10.0.9.7 0x80000001 366 0x2 0xaaf5 36
Extern 192.168.0.0 10.0.9.6 0x80000001 147 0x2 0x5007 36
Extern 192.168.0.0 10.0.9.7 0x80000005 206 0x2 0x47d8 36

r7#show ip rip database
172.16.0.0/16    auto-summary
172.16.40.4/30   directly connected, Fa0/0.70

显然我们还需要对IOS追加地址过滤的配置,其目的不单纯为了满足实验目标的需求,更重要的是防止在多点双向重分布的网络中形成路由倒灌而产生环路的潜在危险,详见前面的章节。而最简单快速的方式便是access-listroute-map组合在一起,然后将route-map绑定到redistribute命令中。下面的route-map写得不太直观,然而只要你对IOS策略路由的逻辑是否关系有清晰的了解,应该不会感到疑惑。重新应用redistribut,R5上已经不存在172.16.40.4/30的外部LSA-5。

!
access-list 1 permit 172.16.40.4 0.0.0.3
!
route-map rip-import deny 10
 match ip address 1
!
route-map rip-import permit 20
!

r7(config-router)#redistribute rip subnets route-map
rip-import

nigel@itaa7.2# run show ospf database logical-router r5
extern

    OSPF AS SCOPE link state database
 Type     ID         Adv Rtr  Seq	   Age Opt Cksum Len
Extern 10.0.5.0    10.0.3.4 0x80000006 960 0x2 0x321c 36
Extern 192.168.0.0 10.0.9.6 0x80000002 372 0x2 0x4e08 36
Extern 192.168.0.0 10.0.9.7 0x80000006 368 0x2 0x45d9 36
Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s