CCNP闫辉老师讲解【递归路由】实验手册(课堂笔记).doc

递归路由实验手册实验要求：R1能够R4的4个子网，并且实现路径的冗余备份实现非对称路由:R1的ICMP echo包和R4的ICMP reply包使用不同路径分析：如果只在R2上配置静态路由：ip route 10.0.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.1.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.2.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.3.1.0 255.255.255.0 f0/1 200.2.2.4那么如果R2路由down掉，想切换到R3这条链路，必须在R3上进行同样的配置：ip route 10.0.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.1.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.2.1.0 255.255.255.0 f0/1 200.2.2.4ip route 10.3.1.0 255.255.255.0 f0/1 200.2.2.4如果网络中有成百上千条路由条目，进行这样的配置简直能让人疯掉。-下面，我们来尝试在R1直接配置到目标网段的静态路由：ip route 10.0.1.0 255.255.255.0 f0/0 200.2.2.4ip route 10.1.1.0 255.255.255.0 f0/0 200.2.2.4ip route 10.2.1.0 255.255.255.0 f0/0 200.2.2.4ip route 10.3.1.0 255.255.255.0 f0/0 200.2.2.4此时来查看R1，R2，R3的路由表：R1(config)#do show ip route-Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 100.0.0.0/24 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet0/0 10.0.0.0/24 is subnetted, 4 subnetsS 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.2.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.1.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.0.1.0 1/0 via 200.2.2.4, FastEthernet0/0R2(config)#do sh ip route-Gateway of last resort is not set 100.0.0.0/24 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet0/0C 200.2.2.0/24 is directly connected, FastEthernet0/1 10.0.0.0/24 is subnetted, 4 subnetsS 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.2.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.1.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.0.1.0 1/0 via 200.2.2.4, FastEthernet0/1R3(config)#do show ip route-Gateway of last resort is not set 100.0.0.0/24 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet0/0C 200.2.2.0/24 is directly connected, FastEthernet0/1 10.0.0.0/24 is subnetted, 4 subnetsS 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.2.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.1.1.0 1/0 via 200.2.2.4, FastEthernet0/1S 10.0.1.0 1/0 via 200.2.2.4, FastEthernet0/1可以看出R1，R2，R3都有了去往目标网络的完整路由表此时，如果ping目标网络可以通吗？当然不通，因为R1配置的静态路由只是告诉它去往4个目标网段要从f0/0接口发数据，到达R4的200.2.2.4。可是现在R1没有去往R4到达路由，因此无法ping通。R1(config)#do ping 200.2.2.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 200.2.2.4, timeout is 2 seconds:.Success rate is 0 percent (0/5)此时，R1路由器会像一台PC一样，发送ARP请求200.2.2.24 对应的MAC，下面用debug命令来验证一下，在R1，R2，R3的特权模式下都开启debug arp，在R1上ping其中一个目标IP地址：10.0.1.4R1#ping 10.0.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:*Mar 1 01:16:11.251: IP ARP: sent req src 100.1.1.1 c001.27a4.0000, dst 200.2.2.4 0000.0000.0000 FastEthernet0/0R1发出的ICMP报文想要发往10.0.1.4，由于没有到达200.2.2.4的路由所以超时。此时R1发出arp广播，以100.1.1.1 mac：c001.27a4.0000为源，请求200.2.2.4的mac地址，由于mac未知，写为全0，并通过F0/0接口发出。*Mar 1 01:16:11.267: IP ARP rep filtered src 200.2.2.4 c003.274c.0000, dst 100.1.1.1 c001.27a4.0000 wrong cable, interface FastEthernet0/0此时，在R2和R3路由上会使用proxy arp（代理ARP），用自己的F0/0接口的MAC地址作为200.2.2.4的MAC地址reply给R1。R2和R3启用proxy arp的条件：开启proxy arp（默认都是开启的）源IP和目标IP在不同的网段R2和R3分别都有去往源IP和目标IP的路由。由拓扑可以看出，它们满足上述三个条件。下面来看一下R2的debug arp的输出：R2#*Mar 1 01:34:15.487: IP ARP: rcvd req src 100.1.1.1 c001.27a4.0000, dst 200.2.2.4 FastEthernet0/0*Mar 1 01:34:15.487: IP ARP: sent rep src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 c001.27a4.0000 FastEthernet0/0R2用F0/0接口的MAC地址：c002.271c.0000回复给R1我们来验证一下：R2#show int f0/0FastEthernet0/0 is up, line protocol is up Hardware is Gt96k FE, address is c002.271c.0000 (bia c002.271c.0000) Internet address is 100.1.1.2/24可以看出的确是用R2的F0/0接口的MAC地址回复给R1的。同理，R3也会把自己的F0/0接口的MAC地址回复给R1。但R1不会接收R2和R3的ARP应答。R1#ping 10.0.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:*Mar 1 01:16:11.267: IP ARP rep filtered src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 c001.27a4.0000 wrong cable, interface FastEthernet0/0.R1认为R2的arp回应包错误，丢弃此arp包。知识点：由于，R1没有去往200.2.2.4的路由，因此会过滤掉R2和R3回应的arp包，不会收录进自己的arp cable。假设此时，R1能够信任R2或R3发来的arp回应包，收录进自己的arp cable，由于R2和R3拥有去往目标网段的路由，这样R1就能够ping通目标网络了。然而，R1不能信任R2或R3的arp回应包的原因是什么呢？当然是R1没有去往200.2.2.0/24网段的路由。下面给R1配置一个去往该网段的静态路由。R1(config)#ip route 200.2.2.0 255.255.255.0 f0/0 100.1.1.2此时，R1收录R2和R3的两条回应包。再去ping 10.0.1.4，当然还是ping不通，因为R4没有echo reply包的路由。R1#ping 10.0.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:*Mar 1 01:30:32.299: IP ARP: rcvd rep src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 FastEthernet0/0*Mar 1 01:30:32.303: IP ARP: rcvd rep src 200.2.2.4 c003.274c.0000, dst 100.1.1.1 FastEthernet0/0R1接收了R2和R3的两条arp回应包。查看R1的arp表：R1#show arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 100.1.1.1 - c001.27a4.0000 ARPA FastEthernet0/0Internet 100.1.1.2 15 c002.271c.0000 ARPA FastEthernet0/0Internet 200.2.2.4 14 c002.271c.0000 ARPA FastEthernet0/0因此，此时ping10.0.1.4的时候，R1就能够把ICMP echo包发送给R4。再看一下R1的路由表：R1#show ip routeGateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 100.0.0.0/24 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet0/0S 200.2.2.0/24 1/0 via 100.1.1.2, FastEthernet0/0这条静态路由称之为“递归路由” 10.0.0.0/24 is subnetted, 4 subnetsS 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.2.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.1.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.0.1.0 1/0 via 200.2.2.4, FastEthernet0/0这4条静态路由称之为“主路由”递归路由告诉主路由该怎么从R1的F0/0接口到达200.2.2.4网段，也可以理解为用来解析主路由。那么在递归路由中的下一跳 100.1.1.2有没有实际意义呢？杰夫道尔说，这个下一跳地址在路径切换的时候有帮助，当R2这条链路down掉以后，只需要重新写递归路由为：ip route 200.2.2.0 255.255.255.0 F0/0 100.1.1.3，就可以实现把路径切换到R3的链路。真的是这样吗？实际并非如此。我们看一下下面的两条路由：S 200.2.2.0/24 1/0 via 100.1.1.2, FastEthernet0/0这条静态路由称之为“递归路由” （递归路由）S 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/0 （主路由）假设上述的理解正确，当R1 ping 10.3.1.0网段的时候，需要到达200.2.2.4节点，而到达200.2.2.0网段需要经过100.1.1.2节点（R2的F0/0接口），那么R1发送arp请求，请求的应该是100.1.1.2节点的MAC地址。我们再来看一下R1的ARP表：Protocol Address Age (min) Hardware Addr Type InterfaceInternet 200.2.2.4 14 c002.271c.0000 ARPA FastEthernet0/0可以很明显看出R1发送arp请求，请求的依然是200.2.2.4节点的MAC地址。因此，下一跳地址100.1.1.2没有实际意义，只是让R1能够信任R2的回应包，认为其应答报文为合法报文，把R2的F0/0接口的MAC地址收录进arp cable，仅此而已。而真正影响路径选择的是，R1的arp表中解析到的主路由的下一跳地址的arp表项（蓝色标记的表项）。而R1解析到的下一跳地址的arp表项，到底是R2的F0/0接口对应的MAC地址，还是R3的F0/0接口对应的MAC地址？R2和R3的应答报文谁后到，R1就收谁。（DHCP offer是谁先到就收谁）因此，递归表查询的下一跳节点的地址，丝毫不影响路径的选择。影响路径选择的是proxy arp。我们现在已经知道递归路由都下一跳地址不会影响选路，那么现在我们需要它能够选路，当R2链路正常的时候，我们使用R2链路；当R2链路down掉以后，使用R3链路。那又该怎么做呢？要是按照杰夫道尔的做法，至少需要4个小时才能切换过来，因为arp cable默认的存活时间是4个小时，这个时间对客户来说太漫长了。下面验证杰夫道尔的做法根本行不通，不仅仅是切换时间长的问题。我们先给R4配置一条应答路由，让R1和ping通R2。R4(config)#ip route 100.1.1.0 255.255.255.0 f0/0R1#ping 10.0.1.4 Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/62/100 ms此时，R1已经能够成功ping通R4的4个子网段。我们现在让R2down掉：R2(config)#int f0/0R2(config-if)#shutdownR2(config-if)#int f0/1R2(config-if)#int f0/1R2(config-if)#shutdown在R1上更新递归路由，让下一跳地址为R3的F0/0接口地址：R1(config)#no ip route 200.2.2.0 255.255.255.0 f0/0 100.1.1.2R1(config)#ip route 200.2.2.0 255.255.255.0 f0/0 100.1.1.3查看R1此时的路由表：R1(config)#do show ip routeGateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 100.0.0.0/24 is subnetted, 1 subnetsC 100.1.1.0 is directly connected, FastEthernet0/0S 200.2.2.0/24 1/0 via 100.1.1.3, FastEthernet0/0递归路由的下一跳已经切换为R3的F0/0节点地址 10.0.0.0/24 is subnetted, 4 subnetsS 10.3.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.2.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.1.1.0 1/0 via 200.2.2.4, FastEthernet0/0S 10.0.1.0 1/0 via 200.2.2.4, FastEthernet0/0这时，我们在R1和R4上启用debug ip packet detail 和debug arp看看结果是什么？R1#ping 10.0.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:*Mar 1 06:11:37.626: IP: tableid=0, s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), routed via FIB*Mar 1 06:11:37.626: IP: s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), len 100, sending*Mar 1 06:11:37.626: ICMP type=8, code=0.*Mar 1 06:11:39.622: IP: tableid=0, s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), routed via FIB*Mar 1 06:11:39.622: IP: s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), len 100, sending*Mar 1 06:11:39.622: ICMP type=8, code=0.*Mar 1 06:11:41.622: IP: tableid=0, s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), routed via FIB*Mar 1 06:11:41.622: IP: s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), len 100, sending*Mar 1 06:11:41.622: ICMP type=8, code=0.*Mar 1 06:11:43.622: IP: tableid=0, s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), routed via FIB*Mar 1 06:11:43.622: IP: s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), len 100, sending*Mar 1 06:11:43.622: ICMP type=8, code=0.*Mar 1 06:11:45.622: IP: tableid=0, s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), routed via FIB*Mar 1 06:11:45.622: IP: s=100.1.1.1 (local), d=10.0.1.4 (FastEthernet0/0), len 100, sending*Mar 1 06:11:45.622: ICMP type=8, code=0.Success rate is 0 percent (0/5)-R4#debug ip packet detailIP packet debugging is on (detailed)R4#debug arpARP packet debugging is onR4#这时R1 ping不通R4的4个子网段，而且R4没有任何调试信息出现。可见R1没有把arp请求包发送给R3路由，依然发送给R2路由。R1的arp缓存表中请求目标网段的arp表项，只有消失后才会主动发送arp请求包（默认老化时间4个小时），因此更换递归路由的下一跳地址根本不起作用。可以证明杰夫道尔老先生的这个理论是错误的。那么怎么能让在R2在down掉以后，路径能够快速切换呢？答案是修改arp的老化时间。R1(config)#int f0/0R1(config-if)#arp timeout ? SecondsR1(config-if)#arp timeout 30-R4(config-if)#arp timeR4(config-if)#arp timeout ? SecondsR4(config-if)#arp timeout 30在接口模式下将R1和R2的F0/0接口arp老化时间设置为30秒这时在R2在down掉30秒之后，递归路由的下一跳就自动切换到R3的F0/0接口的IP地址，R3把此节点的MAC地址应答给R1作为目标网段200.2.2.0的MAC。R1(config-if)#*Mar 1 00:31:08.895: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 100.1.1.2 c002.271c.0000 FastEthernet0/0*Mar 1 00:31:08.895: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 200.2.2.4 c002.271c.0000 FastEthernet0/0*Mar 1 00:31:08.895: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 100.1.1.3 c003.274c.0000 FastEthernet0/0*Mar 1 00:31:08.935: IP ARP: rcvd rep src 100.1.1.3 c003.274c.0000, dst 100.1.1.1 FastEthernet0/0R1(config-if)#*Mar 1 00:31:18.259: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 100.1.1.2 c002.271c.0000 FastEthernet0/0*Mar 1 00:31:18.259: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 200.2.2.4 c002.271c.0000 FastEthernet0/0R1(config-if)#*Mar 1 00:31:28.499: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 100.1.1.2 c002.271c.0000 FastEthernet0/0*Mar 1 00:31:28.503: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 200.2.2.4 c002.271c.0000 FastEthernet0/0R1(config-if)#*Mar 1 00:31:38.739: IP ARP: sent req src 100.1.1.1 c001.271c.0000, dst 100.1.1.3 c003.274c.0000 FastEthernet0/0*Mar 1 00:31:38.755: IP ARP: rcvd rep src 100.1.1.3 c003.274c.0000, dst 100.1.1.1 FastEthernet0/0*Mar 1 00:31:38.759: IP ARP: creating entry for IP address: 100.1.1.3, hw: c003.274c.0000此时，R1就可以ping通R4了：R1#ping 10.0.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 32/60/72 ms小总结：使用递归路由来实现路径的切换，跟下一跳的地址没有关系，我们只需要在两端的路由器上，将发送和接收arp报文的接口的arp表项老化时间设置为一个比较小的值就可以满足要求。-下面我们来研究一下非对称路由，在实验的拓扑中，我们想实现R1发送给R4的arp包走R1-R3-R4的路径，而R4的回应包走R4-R2-R1的路径。该怎么实现呢？首先在R1上创建一个环回口，配置IP地址（模拟一台连接R1的主机）R1(config)#int loopb