神舟数码RIP实验学习笔记.doc

RIP实验学习笔记2000一实验目的A.理解RIP的原理和操作；B.清楚RIP注意问题；C.熟悉RIP配置命令；D.使用show和debug命令查看拓扑变化时收敛过程；E.抓包分析RIP报文；二拓扑和要求S1、R1、R2之间RIP采用MD5认证；R1、R4之间RIP采用明文认证；S2运行OSPF,R2从S2重发布，并在LAN上通告这些路由，用于演示RIP的下一条特性；R5的帧中继配置在物理接口上，一边查看no ip split-horizon默认行为的效果；三实验过程3.1 连通性配置遇到的问题：?1.R5路由器ping不通自己的S0/0接口地址，能ping通R2的子接口s1/0.205地址，从R2上却能ping通；R5ping Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds:.Success rate is 0 percent (0/5)R5ping Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/44 msR2#ping Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 28/36/48 ms2.子接口水平分割缺省是enable的；但物理接口的水平分割缺省是disable的（配置了IP地址的FR封装的物理接口上水平分割缺省是disable的！）；R2#sh ip int s1/0.203Serial1/0.203 is up, line protocol is up Internet address is /30 Broadcast address is 55 Proxy ARP is enabled Security level is default Split horizon is enabledR5#sh ip int s0/0Serial0/0 is up, line protocol is up Internet address is /30 Broadcast address is 55 Proxy ARP is enabled Security level is default Split horizon is disabled2.traceroute的问题，从S1上traceroute S1#traceroute 1 28 msec 32 msec 16 msec 2 52 msec 24 msec 20 msec3. S2的loopback接口地址在路由条目里显示为02/32(从OSPF重发布来的)，而S1的loopback接口地址路由条目显示为/24（rip来）3.2 基本rip配置R1(config)#router ripR1(config-router)#?Router configuration commands: address-family Enter Address Family command mode auto-summary Enable automatic network number summarization default Set a command to its defaults default-information Control distribution of default information default-metric Set metric of redistributed routes distance Define an administrative distance distribute-list Filter networks in routing updates exit Exit from routing protocol configuration mode flash-update-threshold Specify flash update threshold in second input-queue Specify input queue depth maximum-paths Forward packets over multiple paths neighbor Specify a neighbor router network Enable routing on an IP network no Negate a command or set its defaults offset-list Add or subtract offset from IGRP or RIP metrics output-delay Interpacket delay for RIP updates passive-interface Suppress routing updates on an interface redistribute Redistribute information from another routing protocol timers Adjust routing timers traffic-share How to compute traffic share over alternate paths validate-update-source Perform sanity checks against source address of routing updates version Set routing protocol versionnetwork命令注解The RIP network command only allows for a classful network as a parameter, which in turn enables RIP on all of that routers interfaces that are part of that network. Enabling RIP on an interface makes the router begin sending RIP updates, listening for RIP updates (UDP port 520), and advertising that interfaces connected subnet.Because the RIP network command has no way to simply match one interface at a time, a RIP configuration may enable these three functions on an interface ，but some or all of these functions are not required. The three RIP functions can be ndividually disabled on an interface with some effort：RIP FunctionHow to DisableSending RIP updates Make the interface passive: configure router rip, followed by passiveinterface type numberListening for RIP updatesFilter all incoming routes using a distribute listAdvertising the connected subnetFilter outbound advertisements on other interfaces using distribute lists, filtering an interfaces connected subnet;using neighbor subcommand to advertise rip updates to that neighbor;问题1.Ping (R5的物理串口地址)问题（1）R6能ping通，R6路由表为：R6sh ip route /16 is variably subnetted, 2 subnets, 2 masksC /24 is directly connected, Serial0/0.601R /16 120/1 via , 00:00:14, Serial0/0.602 /8 is variably subnetted, 3 subnets, 2 masksR /8 120/3 via , 00:00:14, Serial0/0.602C /24 is directly connected, Serial0/0.602C /24 is directly connected, Loopback1（2）R5自己ping不通25.1，能ping通（3）R4能ping通R5（4）R3ping不通，也ping不通；（R3ping自己反应很慢，ping其他都ping不通，R1ping R3的103.3正常，但ping不通R3的13.2），R3#ping Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 1612/1685/1752 msR3#ping Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to , timeout is 2 seconds:.Success rate is 0 percent (0/5)R3路由表为： /16 is variably subnetted, 18 subnets, 2 masksR /24 120/6 via , 00:00:11, Serial0/0.302R /24 120/2 via , 00:00:11, Serial0/0.302 120/2 via , 00:00:17, Serial0/0.301R /24 120/1 via , 00:00:17, Serial0/0.301R /30 120/2 via , 00:00:17, Serial0/0.301C /24 is directly connected, Serial0/0.302R /30 120/1 via , 00:00:13, Serial0/0.302R /30 120/1 via , 00:00:13, Serial0/0.302？问题2：从R2上PING（R1接口）和（R3接口），如何解决？R2#sh ip route R /24 120/1 via , 00:00:17, Serial1/0.203R /30 120/1 via , 00:00:09, FastEthernet0/0R2#sh ip route Routing entry for /30 Known via rip, distance 120, metric 1 Redistributing via rip Last update from on FastEthernet0/0, 00:00:27 ago Routing Descriptor Blocks: * , from , 00:00:27 ago, via FastEthernet0/0 Route metric is 1, traffic share count is 1R2#sh ip route Routing entry for /24 Known via rip, distance 120, metric 1 Redistributing via rip Last update from on Serial1/0.203, 00:00:19 ago Routing Descriptor Blocks: * , from , 00:00:19 ago, via Serial1/0.203 Route metric is 1, traffic share count is 13.3 认证配置配置R1,R2在LAN上MD5认证R1: 定义密钥链 key chain keyLAN -key 1-key string ripv2;Fa0/0接口上启用rip认证 Ip rip authentication key-chain keyLAN -ip rip authentication mode md5R2：定义密钥链：key chain lankey-key 1-key-string ripv2-key 2-key-string ripv22Fa0/0接口上启用RIP认证：ip rip authentication mode md5ip rip authentication key-chain lankey;配置R1与R4明文认证R1：R4(config)#key chain withR2R4(config-keychain)#KEY 1R4(config-keychain-key)#key-string plaintextR4(config-keychain-key)#exitR4(config-keychain)#exitR4(config)#int s0/0.401R4(config-subif)#ip rip authentication key-chain withR23.4 水平分割和下一跳水平分割缺省在每个接口上是ON的，除了配置了IP地址的FR封装的物理串口上（本例中的R5串口S0/0）R5#sh ip int s0/0Serial0/0 is up, line protocol is up Split horizon is disabled ICMP redirects are always sent下一跳（next-hop）属性允许路由器对通告的路由下一跳指向其他路由器，而不是自己；本例中S2运行OSPF，R2将S2连接的网络通过重发布通告给其他路由器，由于R2/S2/R1连接在同一个LAN上，因此R2在向R1通告S2的路由的时候将下一条指向S2而不是R2自己配置：S2:router ospf 10network .55 area 0R2:router ospf 20network 55 area 0 ,network 55 area 0 Router rip-redistribute ospf 20 metric 2R1路由如下：R1#show ip route 02Routing entry for 02/32 Known via rip, distance 120, metric 2 Redistributing via rip Last update from 02 on FastEthernet0/0, 00:00:02 ago Routing Descriptor Blocks: * 02, from , 00:00:02 ago, via FastEthernet0/0 Route metric is 2, traffic share count is 1R1#sh ip routeGateway of last resort is not set /16 is variably subnetted, 14 subnets, 3 masksC /24 is directly connected, Serial1/0.106R 02/32 120/2 via 02, 00:00:24, FastEthernet0/0R 02/32 120/2 via 02, 00:00:24, FastEthernet0/03.5 路由控制Offset lists-改变metric值，对于匹配ACL的路由，接口通告的和接口接收到的；R1上offset list配置R1(config)#router ripR1(config-router)#offset-list 10 out 8 s1/0.103R1(config-router)#offset-list 10 out 8 s1/0.104R1(config-router)#offset-list 10 out 8 s1/0.106R1(config-router)#exitR1(config)#access-list 10 permit 55（匹配的地址范围？）R2上offset list配置：R2(config)#router ripR2(config-router)#offset-list 12 in 4 fa0/0R2(config-router)#exitR2(config)#access-list 12 permit 55R2(config)#使用Distribute list过滤路由匹配ACL和prefix list中deny的子网将被过滤distribute-list access-list-number | name in | out interface-type interface-numberdistribute-list prefix list-name in | out interface-type interface-number四实验总结RIP路由协议复杂的是，在路由失效拓扑收敛时为防止环路所使用的方法。五RIP基础知识复习5.0 路由基础(routing basic)A.IP Packet HeaderIP Version numbersTOS or DiffServ(DSCP)Well-known protocol numbers:B.ARP/ReverseARP/ProxyARP/GratuitousARP/InverseARP(FR)ARP packet formatCommon hardware typeC.ICMPICMP packet formatICMP packet types and code fields TypeCodeName00ECHO REPLY3DESTINATION UNREACHABLE0Network Unreachable1Host Unreachable2Protocol Unreachable3Port Unreachable4Fragmentation Needed and Dont Fragment Flag Set5Source Route Failed6Destination Network Unknown7Destination Host Unknown8Source Host Isolated9Destination Network Administratively Prohibited10Destination Host Administratively Prohibited11Destination Network Unreachable for Type of Service12Destination Host Unreachable for Type of Service40SOURCE QUENCH (deprecated)5REDIRECT0Redirect Datagram for the Network (or Subnet)1Redirect Datagram for the Host2Redirect Datagram for the Network and Type of Service3Redirect Datagram for the Host and Type of Service60ALTERNATE HOST ADDRESS80ECHO90ROUTER ADVERTISEMENT100ROUTER SELECTION11TIME EXCEEDED0Time to Live Exceeded in Transit1Fragment Reassembly Time Exceeded12PARAMETER PROBLEM0Pointer Indicates the Error1Missing a Required Option2Bad Length130TIMESTAMP140TIMESTAMP REPLY150INFORMATION REQUEST (Obsolete)160INFORMATION REPLY (Obsolete)170ADDRESS MASK REQUEST (Near-obsolete)180ADDRESS MASK REPLY (Near-obsolete)30-TRACEROUTEDebug ip icmpD.路由基础路由条目至少包含2条信息：一是目的地，一是指向目的地的指针(可以是路由器的某个接口（exit interface）或是下一条的IP地址（next hop）)；路由器获得路由信息的三个方式：1.直连网络（directly connected）；2.人为手工配置的静态路由(static)，一是通过路由协议动态发现并共享信息来构建路由条目（dynamic） 配置静态路由命令：ip route prefix mask address | interface next-hop-address distance permanent name name tag tag-numberFloating static routeFloating Static route:Ip route Ip route 50Ip route Ip route 50Load sharingIp route Ip route Ip route Ip route Show ip route:Load-sharing(equal cost path ,unequal cost path, cef, fast switching,)Per destination load sharing distributes the load according to destination address. This is the default type of load sharing used by Cisco Express Forwarding (CEF). On most platforms, CEF is the default switching mode for IPv4, but not IPv6.Per packet load sharing is another method available to CEF switched IPv4 packets. IPv6 CEF only supports per destination load sharing. Per packet load sharing may distribute the load more evenly than per destination load sharing, depending upon the number of different source-destination pairs, but because the packets to a given destination will be taking different paths, the packets are likely to arrive out of order, which is unacceptable for some applications, such as Voice over IP.questions：1What information must be stored in the route table?2What does it mean when a route table says that an address is variably subnetted?3What are discontiguous subnets?4What IOS command is used to examine the IPv4 route table?5What IOS command is used to examine the IPv6 route table?6What are the two bracketed numbers associated with the nondirectly connected routes in the route table?7When static routes are configured to reference an exit interface instead of a next-hop address, how will the route table be different?8What is a summary route? In the context of static routing, how are summary routes useful?9What is an administrative distance?10What is a floating static route?11What is the difference between equal-cost and unequal-cost load sharing?12How does the switching mode at an interface affect load sharing?13What is a recursive table lookup?E.路由环路排查基本思路PingTraceShow ip routeshow arpARP静态条目5.1 RIP 基础A RIP message formatFeatures:Transport: UDP, port 520.Metric :Hop count, with 15 as the maximum usable metric, and 16 considered to be infinite.Hello interval :None; RIP relies on the regular full routing updates instead.Update destination: Local subnet broadcast (55) for RIPv1; multicast for RIPv2.Update interval :30 seconds.(interface)Full or partial updates: Full updates each interval. For on-demand circuits, allows RIP to send fullupdates once, and then remain silent until changes occur, per RFC 2091. Full updates each interval.Triggered updates: Yes, when routes change.Multiple routes to the same subnet:Allows installing 1 to 6 (default 4) equal-metric routes to the same subnet in a single routing table.Authentication*:Allows both plain-text and MD5 authentication.Subnet mask in updates*:RIPv2 transmits the subnet mask with each route, thereby supporting VLSM,making RIPv2 classless. This feature also allows RIPv2 to support discontiguous networks.VLSM* Supported :as a result of the inclusion of subnet masks in the routing updates.Route Tags* Allows RIP to tag routes as they are redistributed into RIP.Next Hop field* Supports the assignment of a next-hop IP address for a route, allowing a routerto advertise a next-hop router that is different from itself.RIP Convergence and loop preventionSplit horizon: Triggered update :The immediate sending of a new update when routing information changes, instead of waiting for the Update timer to expire.Route poisoning:The process of sending an infinite-metric (hop count 16) route in routing updates when that route fails.Poison reverse :The act of advertising a poisoned route (metric 16) out an interface, but in reaction to receiving that same poisoned route in an update received on that same interface.Update timer The timer that specifies the time interval over which updates are sent. Each interfaceuses an independent timer, defaulting to 30 seconds.Holddown timer: A per-route timer (default 180 seconds) that begins when a routes metric changes to a larger value. The router does not add an alternative route for this subnet to its routingtable until the Holddown timer for that route expires.Invalid timer A per-route timer that increases until it receives a routing update that confirms theroute is still valid, upon which the timer is reset to 0. If the updates cease, the Invalid timer will grow until it reaches the timer setting (default 180 seconds), after which the route is considered invalid.Flush(Garbage) timerA per-route timer that is reset and grows with the Invalid timer. When the Flush timer mark is reached (default 240 seconds), the router removes the route from the routing table and accepts new routes to the failed subnet.Protocol or Feature StandardRIP (Version 1)RFC 1058RIP (Version 2) RFC 2453RIP Update Authentication RFC 2082RIP Triggered Extensions for On-Demand Circuits RFC 2091RIP 配置命令router rip Global config; puts user in RIP configuration modenetwork ip-address RIP config mode; defines classful network, with all interfaces in that network sending and able to receive RIP advertisementsdistribute-list access-list-number |name | prefix name | in | outinterface-type | interface-numberRIP config mode; defines ACL or prefix list to filter RIP updates ip split-horizon Interface subcommand; enables or disables split horizonpassive-interface defaultinterface-type interface-numberRIP config mode; causes RIP to stop sending updates on the specified interfacetimers basic update invalid holddown flushRIP config mode; sets the values for RIP timersversion 1 | 2 RIP config mode; sets the RIP version to version 1 or version 2offset-list access-list-number |access-list-name in | out offset interface-type interface-numberRIP config mode; defines rules for RIP to add to the metrics of particular routesneighbor ip-address RIP config mode; identifies a neighbor to which unicast RIP updates will be sentshow ip route rip User mode; displays all routes in the IP routing table learned by RIPshow ip rip database User mode; lists all routes learned by RIP, even if a route is notin the routing table because of a route with lower administrative distancedebug ip