晨星
实验介绍
本实验将通过配置单区域OSPF,理解OSPF基本配置与原理。
OSPF的主要优点包括:
-
快速收敛:OSPF能够迅速响应网络拓扑的变化,确保路由信息的及时更新,从而提高网络的稳定性和可靠性。
-
支持大规模网络:OSPF可以有效地管理大型网络,支持分层设计,允许将网络划分为多个区域,以减少路由表的大小和复杂性。
-
负载均衡:OSPF支持多条等价路径的负载均衡,能够在多个路径之间分配流量,提高网络的利用率。
-
灵活性和扩展性:OSPF支持多种网络类型,包括点对点、广播和非广播多路访问(NBMA),使其适用于各种网络环境。
实验目的
掌握OSPF的基本配置命令与认证方法。
拓扑图
接口信息
参考IPv4编址及IPv4路由基础实验 - 晨星的设备名、物理接口和环回接口的IP地址配置。
实验步骤
基本配置
查看路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet2/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/1
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet2/0/3
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0OSPF基本配置
以R2为例,R1和R3同理。
[R2]ospf 1 router-id 10.0.1.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.1.2 0.0.0.0
创建OSPP进程
[R2]ospf 1 router-id 10.0.1.2
创建OSPF进程是设置与OSPF协议相关参数的第一步。OSPF可以同时运行多个进程,它们在同一设备上互不干扰,彼此独立。不同的OSPF进程之间的路由交换就像不同路由协议之间的交换一样。在创建OSPF进程时,可以指定一个进程编号,如果不指定,默认编号是「1」。
创建OSPF区域并使能相应的接口
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 10.0.1.2 0.0.0.0
network network-address wildcard-mask 用来指定在哪些接口上运行OSPF协议。只有满足以下两个条件,OSPF才能在接口上工作:
-
接口的IP地址掩码长度要大于或等于
network命令中设置的掩码长度。例如,OSPF用的反掩码是0.0.0.255,表示掩码长度是24位。 -
接口的IP地址必须在
network命令指定的网络范围内。 -
当使用
network命令设置的通配符掩码为全0时,如果接口的IP地址和网络地址设置的IP地址一样,这个接口也会启用OSPF协议。
当这三个接口都启用后,它们都属于区域0。
OSPF报文交互过程实例:
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[2]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init)
[R2-ospf-1-area-0.0.0.0]network 10.
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[3]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=2Way)
[R2-ospf-1-area-0.0.0.0]network 10.
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=AdjOk?, NeighborPreviousState=2Way, NeighborCurrentState=ExStart)
[R2-ospf-1-area-0.0.0.0]network 10.
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=Exchange)
[R2-ospf-1-area-0.0.0.0]network 10.
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loading)
[R2-ospf-1-area-0.0.0.0]network 10.
May 13 2025 14:20:19-08:00 R2 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=1.12.0.10, NeighborEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
查看OSPF状态
查看OSPF邻居
[R1]display ospf peer
OSPF Process 1 with Router ID 10.0.1.1
Neighbors
Area 0.0.0.0 interface 10.0.12.1(GigabitEthernet2/0/1)'s neighbors
Router ID: 10.0.1.2 Address: 10.0.12.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.0.12.1 BDR: 10.0.12.2 MTU: 0
Dead timer due in 29 sec
Retrans timer interval: 5
Neighbor is up for 00:09:12
Authentication Sequence: [ 0 ]
Neighbors
Area 0.0.0.0 interface 10.0.13.1(GigabitEthernet2/0/3)'s neighbors
Router ID: 10.0.1.3 Address: 10.0.13.3
State: Full Mode:Nbr is Master Priority: 1
DR: 10.0.13.1 BDR: 10.0.13.3 MTU: 0
Dead timer due in 35 sec
Retrans timer interval: 5
Neighbor is up for 00:00:55
Authentication Sequence: [ 0 ]
display ospf peer命令用来显示OSPF中各区域邻居的信息。包括邻居所属的区域、邻居Router ID、邻居状态、DR和BDR路由器等信息。
查看IP路由表中由OSPF学习到的路由
[R1]dis ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 3 Routes : 4
OSPF routing table status : <Active>
Destinations : 3 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet2/0/1
10.0.1.3/32 OSPF 10 1 D 10.0.13.3 GigabitEthernet2/0/3
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet2/0/1
OSPF 10 2 D 10.0.13.3 GigabitEthernet2/0/3
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
配置OSPF认证
在R1上配置接口认证
[R1]int g2/0/1
[R1-GigabitEthernet2/0/1]ospf authentication-mode md5 1 cipher HCIA-Datacom
[R1-GigabitEthernet2/0/1]int g2/0/3
[R1-GigabitEthernet2/0/3]ospf authentication-mode md5 1 cipher HCIA-Datacom
[R1-GigabitEthernet2/0/3]display this
[V200R003C00]
#
interface GigabitEthernet2/0/3
ip address 10.0.13.1 255.255.255.0
ospf authentication-mode md5 1 cipher %$%$omvj2GQBO-79%|52zX*T1GmU%$%$
#
return
由于cipher是密文口令类型,所以查看配置时以密文方式显示口令。
加密后OSFP服务down掉实例:
May 13 2025 14:57:20-08:00 R1 %%01OSPF/3/NBR_CHG_DOWN(l)[0]:Neighbor event:neighbor state changed to Down. (ProcessId=256, NeighborAddress=2.1.0.10, NeighborEvent=InactivityTimer, NeighborPreviousState=Full, NeighborCurrentState=Down)
[R1-GigabitEthernet2/0/3]ospf authentication-mode md5 1 cipher
May 13 2025 14:57:20-08:00 R1 %%01OSPF/3/NBR_DOWN_REASON(l)[1]:Neighbor state leaves full or changed to Down. (ProcessId=256, NeighborRouterId=2.1.0.10, NeighborAreaId=0, NeighborInterface=GigabitEthernet2/0/1,NeighborDownImmediate reason=Neighbor Down Due to Inactivity, NeighborDownPrimeReason=Hello Not Seen, NeighborChangeTime=2025-05-13 14:57:20-08:00)
查看当前邻居
[R1]dis ospf peer brief
OSPF Process 1 with Router ID 10.0.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
----------------------------------------------------------------------------
认证不通过,故没有邻居。
配置R2上的接口认证
[R2]int g2/0/2
[R2-GigabitEthernet2/0/2]ospf authentication-mode md5 1 cipher HCIA-Datacom
[R2-GigabitEthernet2/0/2]int g2/0/1
[R2-GigabitEthernet2/0/1]ospf authentication-mode md5 1 cipher HCIA-Datacom
OSPF重新发送报文实例:
[R1]
May 13 2025 15:03:35-08:00 R1 %%01OSPF/4/NBR_CHANGE_E(l)[4]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.12.0.10, NeighborEvent=HelloReceived, NeighborPreviousState=Down, NeighborCurrentState=Init)
[R1]
May 13 2025 15:03:35-08:00 R1 %%01OSPF/4/NBR_CHANGE_E(l)[5]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.12.0.10, NeighborEvent=2WayReceived, NeighborPreviousState=Init, NeighborCurrentState=ExStart)
[R1]
May 13 2025 15:03:35-08:00 R1 %%01OSPF/4/NBR_CHANGE_E(l)[6]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.12.0.10, NeighborEvent=NegotiationDone, NeighborPreviousState=ExStart, NeighborCurrentState=Exchange)
[R1]
May 13 2025 15:03:35-08:00 R1 %%01OSPF/4/NBR_CHANGE_E(l)[7]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.12.0.10, NeighborEvent=ExchangeDone, NeighborPreviousState=Exchange, NeighborCurrentState=Loading)
[R1]
May 13 2025 15:03:35-08:00 R1 %%01OSPF/4/NBR_CHANGE_E(l)[8]:Neighbor changes event: neighbor status changed. (ProcessId=256, NeighborAddress=2.12.0.10, NeighborEvent=LoadingDone, NeighborPreviousState=Loading, NeighborCurrentState=Full)
[R1]
查看R2的邻居状态
[R2]display ospf peer brief
OSPF Process 1 with Router ID 10.0.1.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet2/0/1 10.0.1.1 Full
----------------------------------------------------------------------------
[R2]
R3同理。
配置完后,查看邻居状态。
[R3]dis ospf peer brief
OSPF Process 1 with Router ID 10.0.1.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet2/0/3 10.0.1.1 Full
0.0.0.0 GigabitEthernet2/0/2 10.0.1.2 Full
----------------------------------------------------------------------------
[R3]
假设R2为所有网络的出口,所以在R2上向OSPF宣告默认路由
在R2上宣告默认路由
[R2]ospf
[R2-ospf-1]default-route-advertise always
[R2-ospf-1]
default-route-advertise命令用来将默认路由通告到普通OSPF区域,如果没有配置always参数,本机路由表中必须有激活的非本OSPF默认路由时才向其他路由器发布默认路由。本例中,本地路由表中没有默认路由,所以需要增加always参数。
查看R3上的路由表
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 10.0.23.2 GigabitEthernet2/0/2
10.0.1.1/32 OSPF 10 1 D 10.0.13.1 GigabitEthernet2/0/3
10.0.1.2/32 OSPF 10 1 D 10.0.23.2 GigabitEthernet2/0/2
10.0.1.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 OSPF 10 2 D 10.0.23.2 GigabitEthernet2/0/2
OSPF 10 2 D 10.0.13.1 GigabitEthernet2/0/3
10.0.13.0/24 Direct 0 0 D 10.0.13.3 GigabitEthernet2/0/3
10.0.13.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
10.0.23.0/24 Direct 0 0 D 10.0.23.3 GigabitEthernet2/0/2
10.0.23.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/2
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]
可知,R3已经学习到了相应的默认路由。
通过开销值控制选路
从R1的路由表可知,R1通过R1->R3的路径访问R3的LoopBack0接口的路由开销为1,从R1->R2->R3的路由开销为2,故只要使R1->R3的路由开销大于2即可。
修改开销值
[R1]int g2/0/3
[R1-GigabitEthernet2/0/3]ospf cost 10
[R1-GigabitEthernet2/0/3]
查看路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 10.0.12.2 GigabitEthernet2/0/1
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.1.2/32 OSPF 10 1 D 10.0.12.2 GigabitEthernet2/0/1
10.0.1.3/32 OSPF 10 2 D 10.0.12.2 GigabitEthernet2/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet2/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/1
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet2/0/3
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/3
10.0.23.0/24 OSPF 10 2 D 10.0.12.2 GigabitEthernet2/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R1]
比时R1访问R3的LoopBack0接口的下一跳为R2的GigabitEthernet2/0/1接口。
通过Tracert命令验证
[R1]tracert -a 10.0.1.1 10.0.1.3
traceroute to 10.0.1.3(10.0.1.3), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.0.12.2 30 ms 20 ms 20 ms
2 10.0.23.3 40 ms 10 ms 10 ms
[R1]