碼上歡樂
相關內容    簡體    繁體

路由雙向引入引發的環路與次優路徑及解決方案

本文轉載自   查看原文   2021-06-09 12:27   2248    路由-路由控制

驗證理論:

1.逐步搭建雙向路由引入,觀察並分析路由表變化

  分析OSPF的兩個不同優先級如何防止次優路徑

2.引入外部150.1.1.1的路由,設計並分析存在的環路

3.破除環路的方案

  3.1修改優先級

  3.2修改cost

  3.3利用標簽

4.度量值繼承-inherit-cost

  

 

 

實驗拓撲:

 

 

 

 

初始配置:

配置接口及地址,OSPF及ISIS,不引入路由

初始結果:

[AR2]dis ip routing-table | in 150.1
150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0

150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1

 

[AR3]DIS IP routing-table | IN 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

 

[AR4]DIS IP routing-table | IN 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR5]dis ip routing-table | in 150.1

150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

 

 

 

一.

實驗目的:

搭建路由雙向引入

實驗步驟:

第一步,在AR3上配置OSPE->ISIS的路由引入

[AR3]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32 

[AR3-isis-1]filter-policy ip-prefix NET150 export 

[AR3-isis-1]import-route ospf 1 

此時AR2,3路由表不會變化,觀察AR5,4路由表抉擇

[AR5]DIS IP routing-table | IN 150.1

150.1.2.2/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
150.1.3.3/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

        注解:外部引入到ISIS的路由開銷默認64,類型為L2。本例中沒有為ISIS接口配置任何開銷值,ISIS接口的默認開銷為10,開銷類型為narrow

[AR4]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR4]dis ip routing-table protocol isis | in 150.1

150.1.2.2/32 ISIS-L2 15 84 10.1.45.5 GigabitEthernet0/0/1
150.1.3.3/32 ISIS-L2 15 84 10.1.45.5 GigabitEthernet0/0/1

[AR4]dis ip routing-table protocol ospf | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2

  注解:4.4和5.5的路由通過ISIS學到無可厚非。但是2.2和3.3在OSPF內部AR4是可以學到的,又因為2.2和3.3引入到了ISIS中,所以AR4作為邊界路由器在ISIS中也可以學到2.2和3.3,此時根據協議優先級比較OSPF內部協議優先級10<ISIS優先級15,AR4選擇155.1.24.2宣告的從OSPF學到的路由計入路由表

 

 

 

第二步,在AR3上配置ISIS->OSPF的引入,實現單點雙向路由引入

已有:

[AR3]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32 

[AR3-isis-1]filter-policy ip-prefix NET150 export 

[AR3-isis-1]import-route ospf 1 

再配:

[AR3-ospf-1]filter-policy ip-prefix NET150 export

[AR3-ospf-1]import-route isis 1

此時AR3,5路由表不會變化,觀察AR2,4路由表抉擇

[AR2]dis ip routing-table | in 150.1

150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.4.4/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.5.5/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1

  注釋:AR2學習到從AR3過來的,通過路由引入的4,4和5.5的網段

[AR4]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR4]dis ip routing-table protocol ospf | in 150.1

150.1.4.4/32 O_ASE 150 1 155.1.24.2 GigabitEthernet0/0/2
150.1.5.5/32 O_ASE 150 1 155.1.24.2 GigabitEthernet0/0/2

[AR4]dis ip routing-table protocol isis | in 150.1

150.1.5.5/32  ISIS-L2 15   10          D   10.1.45.5       GigabitEthernet0/0/1

4.4直連

  注釋:AR4,5將自己的環回口路由,在AR3上傳入OSPF中,AR3->AR2->AR4,AR4在OSPF外部路由中也學到了4.4和5.5,此時AR4比較協議優先級。發現OSPF外部路由優先級150>ISIS 15,所以AR4將來源於ISIS的4.4和5.5放入路由表中

 

 

 

第三步,在AR4上配置OSPF->ISIS引入

[AR4]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32
[AR4-isis-1]filter-policy ip-prefix NET150 export
[AR4-isis-1]import-route ospf 1

此時AR2,4路由表不會變化,觀察AR3,5路由表抉擇

 [AR5]dis ip routing-table 

150.1.2.2/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
      ISIS-L2 15 74 D 10.1.45.4 GigabitEthernet0/0/1
150.1.3.3/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
      ISIS-L2 15 74 D 10.1.45.4 GigabitEthernet0/0/1
150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

  注釋:AR5通過AR3,4都可以學習到2.2和3.3形成等價路由

 

[AR3]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

 

[AR3]dis ip routing-table protocol  isis

150.1.2.2/32 ISIS-L2 15 84 10.1.35.5 GigabitEthernet0/0/0
150.1.3.3/32 ISIS-L2 15 84 10.1.35.5 GigabitEthernet0/0/0


[AR3]dis ip routing-table protocol ospf

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1

3.3直連

  注釋:此時AR3在OSPF內部路由中學到2.2和3.3,同時由於AR4的引入,在ISIS中可以學到類型為ISIS L2的2.2和3.3.此時比較優先級,OSPF內部優先級10<ISIS 15所以在路由表中2.2和3.3為OSPF

 

 

第四步,在AR4上配置ISIS->OSPF引入

已有:

isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0004.00
filter-policy ip-prefix NET150 export
import-route ospf 1

[AR4-ospf-1]dis ip ip-prefix
Prefix-list NET150
Permitted 4
Denied 5
index: 10 permit 150.1.0.0/16 ge 16 le 32

再配:

ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1
area 0.0.0.0

此時AR4,5路由表不會變化,觀察AR2,3路由抉擇

[AR2]dis ip routing-table

150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.4.4/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2
150.1.5.5/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

  注釋:AR2通過AR3,4都可以學習到4.4和5.5,形成等價路由

 

[AR3]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0


[AR3]dis ip routing-table protocol ospf | in 150.1

150.1.4.4/32 O_ASE 150 1 155.1.23.2 GigabitEthernet0/0/1
150.1.5.5/32 O_ASE 150 1 155.1.23.2 GigabitEthernet0/0/1

[AR3]dis ip routing-table protocol isis | in 150.1

150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

  注釋:此時AR3在ISIS內部學習到4.4,5.5的網段,同時4.4和5.5被AR4引入到OSPF中。此時AR3比較優先級。因為OSPF外部路由優先級150>ISIS 15所以4.4和5.5仍然選擇ISIS路由學到的。

 

  因此,通過上面4個步驟發現,OSPF的兩個不同優先級使得:路由器在OSPF內部學到的路由,優先於再從其他協議學到;路由器從其他協議(除BGP)直接學到的路由,優先於從OSPF里其他協議(除BGP)引入到OSPF的路由,從而實現次優路由的避免

 

 

 

 

 

 二.引入150.1.1.1,在AR3,4上設置,路由從ISIS引入到OSPF變為類型1

[AR1-ospf-1]import-route direct 

[AR3-ospf-1]import-route isis 1 type 1

[AR4-ospf-1]import-route isis 1 type 1 

  注釋:OSPF type 1優先於type 2

分析:

假設150.1.1.1是先到AR3(因為AR1到達AR3和4是隨機的),此時網絡中存在逆時針環路AR3->AR2->AR4->AR5->AR3

    first           AR1將150.1.1.1的路由傳到AR3,AR3將該路由引入到ISIS

    second     150.1.1.1經路由引入從AR3->AR5->AR4

    third          AR4比較從AR1->AR2->AR4學到的類型為OSPF的150.1.1.1/32和AR1->AR2->AR3(路由引入)->AR5->AR4學到的類型為ISIS的150.1.1.1/32.根據優先級比較,最后AR4上留下的是類型為ISIS的150.1.1.1/32

    fourth        因為AR4上存在有路由引入,於是將路由表中ISIS的150.1.1.1/32引入到OSPF中並且類型更改為1.此時AR2收到之后,對比從AR1收到的type 為2的150.1.1.1/32會認為從AR4上學習的type 為1的150.1.1.1/32是更優的。

    fifth    AR2將路由傳遞給AR3,此時AR3比較之前從AR2收到的type 2的150.1.1.1/32和現在從AR2收到的type 1的150.1.1.1/32同樣會覺得后到的更優

    sixth     所以現在AR3認為要去150.1.1.1就去找AR2,AR2根據type比較去找AR4,AR4在ISIS中找到150.1.1.1的宣告者是AR3

 

假設150.1.1.1是先到的AR4(因為AR1到達AR3和4是隨機的),此時網絡中存在順時針環路AR3->AR5->AR4->AR2->AR3

    first   AR1將150.1.1.1的路由傳到AR4,AR4將此路由引入到ISIS

    second     150經路由引入從AR4->AR5->AR3

    third     AR3比較,認為從ISIS學到的150.1.1.1/32更優,計入路由表並

    fourth   AR3將ISIS的150.1.1.1/32引入到OSPF中更改類型為type 1.AR2收到之后認為從AR3上收到的type 為1的150.1.1.1/32更優

    fifth      AR2將路由傳遞給AR4,AR4通過比較同樣認為從AR3學習的150.1.1.1/32更優

    sixth    所以現在AR4要去150.1.1.1就先在ISIS中找宣告者AR3,AR4認為經過AR2去AR3可以是去150.1.1.1的最優路徑

 

驗證:

在實驗中AR1是先到了AR3(因為只有AR4上對於150.1.1.1是從ISIS學到的),此時網絡中應存在逆時針環路

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 3 D 155.1.23.2 GigabitEthernet0/0/1

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 30 ms 20 ms 20 ms
2 155.1.24.4 40 ms 30 ms 30 ms
3 10.1.45.5 50 ms 30 ms 30 ms
4 10.1.35.3 20 ms 20 ms 20 ms
5 155.1.23.2 40 ms 40 ms 30 ms
6 155.1.24.4 40 ms 30 ms 50 ms
7 10.1.45.5 40 ms 40 ms 40 ms
8 10.1.35.3 50 ms 40 ms 30 ms

[AR2]dis ospf routing

Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
150.1.1.1/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.4.4/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.4.4/32 2 Type1 1 155.1.24.4 10.1.45.4
150.1.5.5/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.5.5/32 2 Type1 1 155.1.24.4 10.1.45.4

 

 

 

三.破除環路的方案

3.1利用優先級破環

  在AR4上修改ISIS中收到的150.1.1.1的優先級為151,使得AR1->2->3->5->4時,在4上面類型為ISIS優先級變成151.所以AR4上會優選來自OSPF的優先級為150的150.1.1.1,所以在路由表中表現為OSPF,而不是被引入到OSPF中類型被改為level 1 從而破除

[AR4]ip ip-prefix NET0 permit 150.1.1.1 32 

[AR4-route-policy]if-match ip-prefix NET0

[AR4-route-policy]apply preference 151 

[AR4-isis-1]preference route-policy SET-PRI

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 3 D 155.1.24.2 GigabitEthernet0/0/2

此時逆時針的環被在AR4上止住。但是因為150.1.1.1在AR4上是OSPF的了,所以匹配上了OSPF->ISIS的引入。從AR4->AR5->AR3,在AR3上沒有更改優先級,所以ISIS又以15的優先級打敗了OSPF的150,所以在AR3上被引入到OSPF中,並更改為類型1了

再去查看AR3的路由

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.35.5 GigabitEthernet0/0/0

發現150.1.1.1是從ISIS學到的了,意味着又出現了順時針的環路

[AR3]tracer -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.35.5 20 ms 10 ms 30 ms
2 10.1.45.4 20 ms 30 ms 20 ms
3 155.1.24.2 20 ms 30 ms 20 ms
4 155.1.23.3 10 ms 30 ms 20 ms
5 10.1.35.5 40 ms 30 ms 30 ms
6 10.1.45.4 40 ms 30 ms 40 ms
7 155.1.24.2 40 ms 30 ms 40 ms
8 155.1.23.3 30 ms 30 ms 30 ms

同樣的解決思路,在AR3上將150.1.1.1/32的優先級更改為151

此時AR3,AR4的路由就都正常了,沒有再通過路由引入使OSPF中出現type 1,環路破除

[AR3]ip ip-prefix NET1 permit 150.1.1.1 32 

[AR3]route-policy SET-PRE permit node 10
[AR3-route-policy]if-match ip-prefix NET1
[AR3-route-policy]apply preference 151

[AR3-isis-1]preference route-policy SET-PRE 

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.24.2 GigabitEthernet0/0/2

 

[AR4]tracert -a 150.1.4.4 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.24.2 20 ms 30 ms 30 ms
2 155.1.12.1 40 ms 40 ms 30 ms
[AR4]

 

 

 

3.2通過cost造環與破環

更改AR3,AR4上面的引入路由策略,取消引入時類型改為type 1 ,使他引入是就用默認的type 2。同時刪除上面的優先級防環配置

此時查看AR3,4上的路由,發現AR4是ISIS,所以此次AR1是先到的AR3

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

當前網絡中對於AR3上存在兩條來自於AR2的等價路由:AR1->2->3->5->4(路由引入,默認type 2)->2->3還有AR1->AR2->AR3

[AR2]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.12.1 GigabitEthernet0/0/0
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

要創建環路,只需要配置cost使得AR2認為去AR1比去AR4遠就可以了,所以修改AR2的g0/0/0接口開銷為10

[AR2-GigabitEthernet0/0/0]OSPF cost 10

150.1.1.1/32 O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

驗證逆時針環路:

<AR3>tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 20 ms 20 ms 20 ms
2 155.1.24.4 30 ms 40 ms 30 ms
3 10.1.45.5 30 ms 30 ms 30 ms
4 10.1.35.3 20 ms 30 ms 20 ms
5 155.1.23.2 30 ms 30 ms 30 ms
6 155.1.24.4 40 ms 50 ms 40 ms
7 10.1.45.5 40 ms 40 ms 50 ms
8 10.1.35.3 30 ms 30 ms 30 ms

 

破環:使得AR2認為去往AR1更近即可

刪除AR2上g0/0/0口開銷的配置,在AR2的g0/0/2口設置開銷為10

[AR2-GigabitEthernet0/0/2]ospf cost 10

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 30 ms 10 ms 20 ms
2 155.1.12.1 50 ms 30 ms 30 ms

路由:

 

 

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

 

 

同理,為了防止比如說設備重啟了,當路由先到AR4產順時針環路,此時AR2需要抉擇去往AR1更近還是去往AR3更近。

為避免環路在AR2的g0/0/1口也設置ospf cost為10

[AR2-GigabitEthernet0/0/1]ospf cost 10

路由:

 

 

至此更改開銷確實可以破環,但是無法解決次優路徑的問題。

 

 

 

 

3.3通過標簽

ISIS中如果要使用標簽,必須使用開銷類型為寬帶,默認為窄帶

刪除上面的AR2的0/0/1和0/0/2的cost,增加g0/0/0的cost還原環路

<AR3>tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 70 ms 10 ms 30 ms
2 155.1.24.4 20 ms 20 ms 20 ms
3 10.1.45.5 30 ms 40 ms 30 ms
4 10.1.35.3 70 ms 20 ms 20 ms
5 155.1.23.2 30 ms 30 ms 40 ms
6 155.1.24.4 40 ms 30 ms 30 ms
7 10.1.45.5 30 ms 30 ms 40 ms
8 10.1.35.3 30 ms 30 ms 20 ms

 

當前150.1.1.1是先到的AR3

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

 

原理:

  先更改AR3,4,5的開銷類型為寬帶

  在AR3上當OSPF->ISIS時將外部引入的路由(150.1.1.1,此時不使用前綴抓取,使得以后如果有其他外部路由引入也能匹配上這個策略路由)的路由打上TAG 3 ,在AR4上當ISIS->OSPF時將帶了TAG 3 的路由deny掉,不允許再進入OSPF

配置:

AR3:

[AR3]route-policy OSPF->ISIS permit node 10 

[AR3-route-policy]if-match route-type external-type2

[AR3-route-policy]apply tag 3 

isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0003.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS

 

AR4: 

[AR4]route-policy ISIS->OSPF deny node 10
[AR4-route-policy]if-match tag 3

ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0

分析:

  此時路由走向:AR1->2->3->5->4,在AR4上不能被過濾到OSPF中,此時AR4比較從AR1->2->4發過來的優先級150的路由和AR1->2->3->5->4過來的優先級為15的路由,所以在AR4上150.1.1.1仍為ISIS路由,環路破除

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 20 ms 20 ms 20 ms
2 155.1.12.1 20 ms 20 ms 40 ms
[AR3]

 

同理,為了防止比如說設備重啟了,當路由先到AR4產順時針環路,在AR4上當OSPF->ISIS設置外部引入的type 2 的路由打上標簽4,在AR3上當ISIS->OSPF設置外部引入的路由上有標簽4的都被丟掉

 

 

 

 

完整配置如下

AR3:

[AR3]dis route-policy
Route-policy : OSPF->ISIS
permit : 10 (matched counts: 1)
Match clauses :
if-match route-type external-type2
Apply clauses :
apply tag 3


Route-policy : ISIS->OSPF
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 4
permit : 20 (matched counts: 4)
[AR3]isis
[AR3-isis-1]dis this
[V200R003C00]
#
isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0003.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS
#
return
[AR3-isis-1]ospf
[AR3-ospf-1]dis this
[V200R003C00]
#
ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0
#
return
[AR3-ospf-1]

 

AR4:

[AR4]dis route-policy
Route-policy : ISIS->OSPF
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 3
permit : 20 (matched counts: 5)


Route-policy : OSPF->ISIS
permit : 10 (matched counts: 0)
Match clauses :
if-match route-type external-type2
Apply clauses :
apply tag 4
[AR4]ospf
[AR4-ospf-1]dis this
[V200R003C00]
#
ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0
#
return
[AR4-ospf-1]isis
[AR4-isis-1]dis this
[V200R003C00]
#
isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0004.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS
#
return
[AR4-isis-1]

 

配置完成后,標簽為空,反復確認配置並沒有問題。最后想起來ISIS一定要把開銷改成寬帶才行

Destination: 150.1.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 84
NextHop: 10.1.45.5 Neighbour: 0.0.0.0
State: Active Adv Age: 03h11m06s
Tag: 0 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D

更改ISIS的開銷類型后正常

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0

[AR3]dis ip routing-table 150.1.1.1 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2

Destination: 150.1.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 20
NextHop: 10.1.35.5 Neighbour: 0.0.0.0
State: Active Adv Age: 00h00m35s
Tag: 4 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/0
TunnelID: 0x0 Flags: D

 

有tag之后發現AR3,4,5都Ping不通150.1.1.1經過排查,發現沒有內部的12段路由,即內部路由沒有引入ISIS,沒有完整的路由

通過修改route policy,在OSPF->ISIS過程中放行內部路由后正常

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.35.5 90 ms 40 ms 30 ms
2 10.1.45.4 70 ms 30 ms 40 ms
3 155.1.24.2 30 ms 20 ms 20 ms
4 155.1.12.1 30 ms 30 ms 50 ms
[AR3]dis ip routing-table 150.1.1.1 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2

Destination: 150.1.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 20
NextHop: 10.1.35.5 Neighbour: 0.0.0.0
State: Active Adv Age: 00h19m37s
Tag: 4 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/0
TunnelID: 0x0 Flags: D

此時狀態:

 

 此時,環路問題解決,但是次優路徑仍然沒有解決,但值得一提的是在這種方式下所有Route-policy都沒有匹配前綴,是得具有可擴展性。

 

解決方法:

先看下當前150.1.1.1是先到的AR3還是AR4

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.24.2 GigabitEthernet0/0/2

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0

AR3上150.1.1.1是從ISIS學到的,所有是先到的AR4

存在次優路徑:

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.35.5 30 ms 10 ms 20 ms
2 10.1.45.4 20 ms 20 ms 40 ms
3 155.1.24.2 30 ms 30 ms 30 ms
4 155.1.12.1 30 ms 30 ms 30 ms

在AR3的ISIS上修改收到的帶tag為4的路由的優先級為151,使得AR3在比較AR1->2->3過來的OSPF 150的路由時,優選OSPF路由

配置:

[AR3]route-policy SET-PRE permit node 10
[AR3-route-policy]if-match tag 4
[AR3-route-policy]apply preference 151
[AR3-route-policy]isis
[AR3-isis-1]preference route-policy SET-PRE

此時設置完成后在AR3上,OSPF戰勝了ISIS,所以OSPF在此向ISIS引入,此時又導致生成了新的次優路徑

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 20 D 10.1.45.5 GigabitEthernet0/0/1

[AR4]tracert -a 150.1.4.4 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.45.5 40 ms 10 ms 10 ms
2 10.1.35.3 30 ms 30 ms 20 ms
3 155.1.23.2 40 ms 30 ms 40 ms
4 155.1.12.1 30 ms 40 ms 40 ms

[AR4]dis ip routing-table 150.1.1.1 verbose
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2

Destination: 150.1.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 20
NextHop: 10.1.45.5 Neighbour: 0.0.0.0
State: Active Adv Age: 00h01m37s
Tag: 3 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D

 

同樣的解決思路,在AR4上設置收到的帶tag為3的路由的優先級為151:

[AR4]route-policy SET-PRI permit node 10
[AR4-route-policy]if-match tag 3
[AR4-route-policy]apply preference 151

[AR4-isis-1]preference route-policy SET-PRI 

此時環路及次優路徑徹底解決:

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.24.2 GigabitEthernet0/0/2

[AR4]tra
[AR4]tracert 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.24.2 30 ms 30 ms 20 ms
2 155.1.12.1 20 ms 20 ms 30 ms

 

[AR3]dis ip routing-table 150.1.1.1
Route Flags: R - relay, D - download to fib

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

[AR3]trac
[AR3]tracert 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 20 ms 20 ms 20 ms
2 155.1.12.1 30 ms 20 ms 20 ms
[AR3]

 

 

 

 

4.度量值繼承-inherit-cost

  繼承開銷:將A路由引入到B中,可以保留該路由在A中的開銷

  注意:OSPF只有type 1才能繼承cost

配置:

[AR1-ospf-1]import-route direct type 1

 

[AR3-isis-1]import-route ospf inherit-cost route-policy OSPF->ISIS

[AR3-ospf-1]import-route isis 1 type 1 route-policy ISIS->OSPF 
[AR3-ospf-1]default cost inherit-metric

 

[AR4-isis-1]import-route ospf 1 inherit-cost route-policy OSPF->ISIS 

[AR4-ospf-1]import-route isis 1 type 1 route-policy ISIS->OSPF 

[AR4-ospf-1]default cost inherit-metric 

現象分析:

[AR2]dis ip routing-table 150.1.5.5

150.1.5.5/32   O_ASE 150 11 D 155.1.23.3 GigabitEthernet0/0/1
       O_ASE 150 11 D 155.1.24.4 GigabitEthernet0/0/2

AR2去往150.1.5.5的cost11等於AR2經OSPF到3或者4的開銷1 + 3或者4到AR5的ISIS內部的開銷10

  注意:更改了引入的150.1.1.1之后,之前在route-policy上抓取外部路由類型2打上tag的路由策略要改成抓類型1,不然打不上tag又會出現環路和次優路徑

[AR5]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 22 D 10.1.35.3 GigabitEthernet0/0/0
      ISIS-L2 15 22 D 10.1.45.4 GigabitEthernet0/0/1

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 HCNP Routing&Switching之路由引入導致的問題及解決方案 vue二級路由跳轉后外部引入js失效問題解決方案 react路由解決方案 npm 發布包時 圖片打包在新的項目引入不顯示 路徑錯誤解決方案 Vue實現組件props雙向綁定解決方案 雲控平台的雙向音頻解決方案 angular 前端路由不生效解決方案 【★】路由環路大總結! 路由環路與stp VUE引入jq bootstrap 之終極解決方案(測試)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM