1.ospf雙程序重釋出
重釋出前R1路由表
[r3-ospf-101]import-route ospf 100
[r3-ospf-101]ospf 100
[r3-ospf-100]import-route ospf 101
重釋出後R1路由表
2. virtual link —虛鍊路
配置前R1路由表
穿越區域1上配置虛鍊路
[r2-ospf-100-area-0.0.0.1]vlink-peer 3.3.3.3
[r3-ospf-100-area-0.0.0.1]vlink-peer 2.2.2.2
配置後R1路由表
3.Tunnel 隧道方式
R2
[r2]int Tunnel 0/0/0
[r2-Tunnel0/0/0]ip address 10.1.1.1 24
[r2-Tunnel0/0/0]tunnel-protocol gre
[r2-Tunnel0/0/0]source 2.2.2.2
[r2-Tunnel0/0/0]destination 3.3.3.3
[r2-ospf-100-area-0.0.0.0]network 10.1.1.1 0.0.0.0
R3
[r3]interface Tunnel 0/0/0
[r3-Tunnel0/0/0]ip add 10.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre
[r3-Tunnel0/0/0]source 3.3.3.3
[r3-Tunnel0/0/0]destination 2.2.2.2
[r3-ospf-100-area-0.0.0.0]network 10.1.1.2 0.0.0.0
1.ACL : 抓取路由時不能比對網絡掩碼
[r1]acl 2000
[r1-acl-basic-2000]rule 5 deny source 1.1.1.1 0.0.0.0
[r1-acl-basic-2000]rule 10 permit
檢視
2.Prefix-list:字首清單
字首清單 lemon ,序列号20 ,過濾 1.1.1.0 前24位固定,網絡掩碼範圍大于等于28 小于等于30
[r1]ip ip-prefix lemon index 20 deny 1.1.1.0 24 greater-equal 28 less-equal 30
比對 所有的主機路由 :
[r1]ip ip-prefix l1 permit 0.0.0.0 0 greater-equal 32
比對 所有:
[r1]ip ip-prefix l1 permit 0.0.0.0 0 less-equal 32
比對 預設路由:
[r1]ip ip-prefix l1 permit 0.0.0.0 0
比對 所有的主A類路由:
[r1]ip ip-prefix l1 permit 0.0.0.0 1 greater-equal 8 less-equal 8
比對 所有的C類主網以及子網路由:
[r1]ip ip-prefix l1 permit 192.0.0.0 3 greater-equal 24
檢視
3.fitter-policy :過濾政策清單,進行路由資訊的過濾
距離矢量型路由協定:
Import (in)過濾1.1.1.1
過濾前R2路由
[r2]ip ip-prefix lm1 d
[r2]ip ip-prefix lm1 deny 1.1.1.1 32—拒絕1.1.1.1/32
[r2]ip ip-prefix lm1 permit 0.0.0.0 0 less-equal 32—允許所有
[r2]rip 1
[r2-rip-1]filter-policy ip-prefix lm1 import g0/0/0—調用
檢視
export(out)過濾2.2.2.2
過濾前R3路由
[r2]ip ip-prefix lm2 deny 2.2.2.2 32—拒絕2.2.2.2/32
[r2]ip ip-prefix lm2 permit 0.0.0.0 0 less-equal 32—允許所有
[r2-rip-1]filter-policy ip-prefix lm2 export g0/0/1—調用
檢視:
使用ACL調用
鍊路狀态型協定使用:
Import 過濾1.1.1.1
1.ACL
過濾前R2路由表
[r2]acl 2000
[r2-acl-basic-2000]rule 5 deny source 1.1.1.1 0
[r2-acl-basic-2000]rule 10 permit
[r2-acl-basic-2000]ospf 100
[r2-ospf-100]filter-policy 2000 import
檢視:
未過濾LSA
2. Prefix-list:字首清單
[r2]ip ip-prefix lm1 d
[r2]ip ip-prefix lm1 deny 1.1.1.1 32—拒絕1.1.1.1/32
[r2]ip ip-prefix lm1 permit 0.0.0.0 0 less-equal 32—允許所有
[r2-ospf-100]filter-policy ip-prefix lm1 import—調用
4.route-policy : 政策清單
①抓取流量
[r4]ip ip-prefix lm1 index 10 permit 4.1.1.0 24
[r4]ip ip-prefix lm2 index 10 permit 4.1.2.0 24
[r4]ip ip-prefix lm3 index 10 permit 4.1.3.0 24
[r4]ip ip-prefix lm4 index 10 permit 4.1.4.0 24
[r4]ip ip-prefix lm5 index 10 permit 4.1.5.0 24
檢視:
②建立route-policy清單
Route-Policy的每個節點由一組if-match子句和apply子句組成。
if-match:
定義節點比對規則,即路由資訊通過目前路由政策所需滿足的條件。
apply:
路由政策動作,即滿足if-match子句後所執行的一些屬性配置動作,對路由的某些屬性進行修改。
[r4] route-policy lemon permit node 10
[r4-route-policy]if-match ip-prefix lm1
[r4-route-policy]apply cost-type type-1
[r4-route-policy]route-policy lemon permit node 20
[r4-route-policy]if-match ip-prefix lm2
[r4-route-policy]route-policy lemon permit node 30
[r4-route-policy]if-match ip-prefix lm3
[r4-route-policy]apply cost 88
[r4-route-policy]route-policy lemon permit node 40
[r4-route-policy]if-match ip-prefix lm4
[r4-route-policy]apply tag 10000
[r4-route-policy]route-policy lemon permit node 50
[r4-route-policy]if-match ip-prefix lm5
[r4-route-policy]apply preference 99
[r4-route-policy]route-policy lemon permit node 60
檢視:
③調用
[r4]ospf 100
[r4-ospf-100]import-route direct route-policy lemon
檢視
政策路由
PBR: policy based router—基于政策的路由
1.本地PBR
[r1]acl 2000—建立ACL
[r1-acl-basic-2000]rule 5 permit source 12.1.1.1 0—規則
[r1]policy-based-route lemon permit node 10 –建立PBR
[r1-policy-based-route-lemon-10]if-match acl 2000—比對ACL
[r1-policy-based-route-lemon-10]apply output-interface g0/0/1—規則
[r1-policy-based-route-lemon-10]apply ip-address next-hop 12.1.1.2—強制制定下一跳
[r1]ip local policy-based-route lemon—調用
測試:
2.接口級别的PBR
[r1]acl 2001—建立ACL
[r1-acl-basic-2001]rule 5 permit source 192.168.1.1 0—規則
使用MQC模型中的classifier
[r1]traffic classifier lemon
[r1-classifier-lemon]if-match acl 2001
[r1]traffic behavior lemon2
[r1-behavior-lemon2]redirect ipv6-nexthop
[r1-behavior-lemon2]redirect ip-nexthop 12.1.1.2
[r1]traffic policy lemon3
[r1-trafficpolicy-lemon3]classifier lemon behavior lemon2
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.1.254 24
[r1-GigabitEthernet0/0/0]traffic-policy lemon3 inbound