交换路由CCIE之路――OSPF多进程数据分流

1、实验 多进程OSPF数据分流一实验拓扑 二实验需求实现去往总部生产业务（10.4.0.0）的数据走左边去往总部办公业务（10.5.0.0）的数据走右边三实验分析首先全网OSPF这里主要分析R3 R4到R1 R2回环接口的路由因为这对后面BGP分析有用，R3到R1应该有一条开销为51下一跳指向R1，到R2的有2条，开销为52，下一跳分别为R1,R4。为满足实验要求后面应该通过改变R1与R2之间开销使到R2下一跳为R4.将不同进程的OSPF重发布进BGP，会发现R3到总部生产，办公网段的路由是BGP路由下一跳都为R1, R4到总部生产，办公网段的路由是BGP路由下一跳都为R2,为了满足需求，应该在

2、OSPF重发布进BGP时做策略，使R1发布的生产网段优于R2,R2发布的办公网段优于R1，可以通过改MED到达效果，因为MED可以在一个AS内传递，所以将从R1发布的生产网段MED改为100，办公网段改为200，从R2发布的生产网段改为200，办公改为100，根据BGP优先原则，R3会选生产走R1,办公走R2,R4会选生产走R3，办公走R2,这样同时结合上面的OSPF路由就达到了要求。当然这里还要考虑不同进程中设备对总部生产办公网段的学习问题，这时候就要把BGP重发布进OSPF，这里要注意双点双向重分发问题，前面已经分析过就不在重复了。 四实验验证全网运行OSPF查路由表r3#show ip

3、routeO 10.0.0.2/32 110/52 via 10.1.1.5, 00:16:39, Serial0 110/52 via 10.1.1.14, 00:16:39, Ethernet0 /这里是不希望看到的负载均衡C 10.0.0.3/32 is directly connected, Loopback0O 10.0.0.1/32 110/51 via 10.1.1.5, 00:16:39, Serial0O 10.0.0.4/32 110/2 via 10.1.1.14, 00:16:40, Ethernet0r4#show ip routeO 10.0.0.2/32 110/

4、51 via 10.1.1.9, 00:17:09, Serial0O 10.0.0.3/32 110/2 via 10.1.1.13, 00:17:09, Ethernet0O 10.0.0.1/32 110/52 via 10.1.1.9, 00:17:09, Serial0 110/52 via 10.1.1.13, 00:17:09, Ethernet0 建立BGP邻居 为使内部路由器能够都学到两个网段的BGP路由，采用反射器与客户端r1#show ip bgp suBGP router identifier 10.0.0.1, local AS number 65000BGP tab

5、le version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.2 4 65000 15 15 1 0 0 00:11:05 010.0.0.3 4 65000 9 9 1 0 0 00:05:27 010.0.0.4 4 65000 7 7 1 0 0 00:03:29 0 r2#show ip bgp summary BGP router identifier 10.0.0.2, local AS number 6500

6、0BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000 15 15 1 0 0 00:11:17 010.0.0.3 4 65000 9 9 1 0 0 00:05:16 010.0.0.4 4 65000 8 8 1 0 0 00:04:05 0r3#show ip bgp suBGP router identifier 10.0.0.3, local AS number 650

7、00BGP table version is 1, main routing table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000 9 9 1 0 0 00:05:49 010.0.0.2 4 65000 9 9 1 0 0 00:05:26 0r4#show ip bgp suBGP router identifier 10.0.0.4, local AS number 65000BGP table version is 1, main routing

8、 table version 1Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000 8 8 1 0 0 00:04:01 010.0.0.2 4 65000 8 8 1 0 0 00:04:24 0 将OSPF发布进BGP，会发现由于内部各链路也是OSPF路由，故重发布到BGP时都会存在，应该作策略不让这些路由发布进BGP，同时实现办公（10.4.0.0）走奇数，业务（10.5.0.0）走偶数同时链路间路由不发布R3access-list 1 permit 10.4.28.0 0.

9、0.0.255access-list 2 permit 10.5.28.0 0.0.0.255route-map fuckjiuge permit 10 match ip address 1 /只有匹配ACL才会发布 set metric 100 /生产网段MED改为100! route-map fuckjiuge permit 20 match ip address 2 set metric 200 /办公改为200router bgp 65000 redistribute ospf 10 route-map fuckjiuge /由于route-map有默认拒绝所有，故其它网段不会发布r4

10、(config)#access-list 1 permit 10.5.28.0 0.0.0.255r4(config)#access-list 2 permit 10.4.28.0 0.0.0.255r4(config)#route-map fuckjiuge permit 10r4(config-route-map)#match ip ad 1r4(config-route-map)#set metric 100r4(config-route-map)#exitr4(config)#route-map fuckjiuge permit 20r4(config-route-map)#match

11、 ip ad 2r4(config-route-map)#set metric 200router bgp 65000 redistribute ospf 10 route-map fuckjiuger1(config)#access-list 1 permit 10.4.12.0 0.0.0.255r1(config)#access-list 2 permit 10.5.12.0 0.0.0.255r1(config)#route-map fuckjiuge permit 10r1(config-route-map)#match ip ad 1r1(config-route-map)#set

12、 metric 100r1(config-route-map)#exitr1(config)#route-map fuckjiuge permit 20r1(config-route-map)#match ip ad 2r1(config-route-map)#set metric 200r1(config-route-map)#exitrouter bgp 65000 redistribute ospf 20 route-map fuckjiuger2(config)#access-list 1 permit 10.5.12.0 0.0.0.255r2(config)#access-list

13、 2 permit 10.4.12.0 0.0.0.255r2(config)#route-map fuckjiuge permit 10r2(config-route-map)#match ip ad 1r2(config-route-map)#set metric 100r2(config-route-map)#exitr2(config)#route-map fuckjiuge permit 20r2(config-route-map)#match ip ad 2r2(config-route-map)#set metric 200r2(config-route-map)#exitrou

14、ter bgp 65000 redistribute ospf 20 route-map fuckjiuger1#show ip bgpBGP table version is 36, local router ID is 10.0.0.1 Network Next Hop Metric LocPrf Weight Path* i10.4.12.0/24 10.0.0.2 200 100 0 ?* 10.1.9.5 100 32768 ?* i10.4.28.0/24 10.0.0.4 200 100 0 ?*i 10.0.0.3 100 100 0 ?* i10.5.12.0/24 10.0

15、.0.2 100 100 0 ?* 10.1.9.5 200 32768 ? /这里虽然MED大，但优选权重大的，所以自己始发的优先*i10.5.28.0/24 10.0.0.4 100 100 0 ?* i 10.0.0.3 200 100 0 ?r1#show ip route bgp 10.0.0.0/8 is variably subnetted, 29 subnets, 3 masksB 10.4.28.0/24 200/100 via 10.0.0.3, 00:02:10B 10.5.28.0/24 200/100 via 10.0.0.4, 00:02:10r2#show ip

16、bgpBGP table version is 50, local router ID is 10.0.0.2 Network Next Hop Metric LocPrf Weight Path* 10.4.12.0/24 10.1.9.9 200 32768 ?* i 10.0.0.1 100 100 0 ?* i10.4.28.0/24 10.0.0.4 200 100 0 ?*i 10.0.0.3 100 100 0 ?* 10.5.12.0/24 10.1.9.9 100 32768 ?* i 10.0.0.1 200 100 0 ?*i10.5.28.0/24 10.0.0.4 1

17、00 100 0 ?* i 10.0.0.3 200 100 0 ?r2#show ip route bgp 10.0.0.0/8 is variably subnetted, 29 subnets, 3 masksB 10.4.28.0/24 200/100 via 10.0.0.3, 00:02:27B 10.5.28.0/24 200/100 via 10.0.0.4, 00:02:27r3#show ip bgpBGP table version is 47, local router ID is 10.0.0.3 Network Next Hop Metric LocPrf Weig

18、ht Path* i10.4.12.0/24 10.0.0.2 200 100 0 ?*i 10.0.0.1 100 100 0 ?* 10.4.28.0/24 10.1.25.6 100 32768 ?*i10.5.12.0/24 10.0.0.2 100 100 0 ?* i 10.0.0.1 200 100 0 ?* i10.5.28.0/24 10.0.0.4 100 100 0 ?* i 10.0.0.4 100 100 0 ?* 10.1.25.6 200 32768 ?r3#show ip route bgp 10.0.0.0/8 is variably subnetted, 2

19、7 subnets, 3 masksB 10.4.12.0/24 200/100 via 10.0.0.1, 00:05:26B 10.5.12.0/24 200/100 via 10.0.0.2, 00:05:26r4#show ip bgpBGP table version is 55, local router ID is 10.0.0.4 Network Next Hop Metric LocPrf Weight Path* i10.4.12.0/24 10.0.0.2 200 100 0 ?*i 10.0.0.1 100 100 0 ? /没做策略时上面那条为最佳，根据下一跳IGP开

20、销小选出，现在根据MED小选出最佳* i10.4.28.0/24 10.0.0.3 100 100 0 ?* i 10.0.0.3 100 100 0 ?* 10.1.25.10 200 32768 ?*i10.5.12.0/24 10.0.0.2 100 100 0 ?* i 10.0.0.1 200 100 0 ?* 10.5.28.0/24 10.1.25.10 100 32768 ?r4#show ip route bgp 10.0.0.0/8 is variably subnetted, 27 subnets, 3 masksB 10.4.12.0/24 200/100 via 10

21、.0.0.1, 00:06:02B 10.5.12.0/24 200/100 via 10.0.0.2, 00:06:02由于BGP可以通过非直连建邻居，所以上面的BGP下一跳可能不是直指下一台路由器的，还要通过下面的OSPF路由选路，所以必须保证BGP所指的下一跳在OSPF路由没有负载均衡。实现三层数据按需分流r1(config)#int s6r1(config-if)#ip ospf co 100r1(config-if)#endr2(config)#int s0r2(config-if)#ip ospf co 100r2(config-if)#end（r3(config)#int e0r

22、3(config-if)#ip ospf c 50r3(config-if)#endr4(config)#int e0r4(config-if)#ip ospf c 50 /这里cost的更改是为下面服务，这里没有利用到就不分析了r4(config-if)#end ）r3#show ip route ospfO 10.0.0.2/32 110/101 via 10.1.1.14, 00:01:14, Ethernet0 O 10.0.0.1/32 110/51 via 10.1.1.5, 00:01:14, Serial0O 10.0.0.4/32 110/51 via 10.1.1.14,

23、00:01:14, Ethernet0r4#show ip route ospfO 10.0.0.2/32 110/51 via 10.1.1.9, 00:01:28, Serial0O 10.0.0.3/32 110/51 via 10.1.1.13, 00:01:28, Ethernet0O 10.0.0.1/32 110/101 via 10.1.1.13, 00:01:28, Ethernet0/解决了上面的负载均衡问题 为了使OSPF10 OSPF20学到各自的路由，从而达到连通，这里要将IBGP发布进OSPF ,但是由于OSPF管理距离是110而IBGP管理距离是200，要是重发布

24、的话，BGP就不在路由表中了，因此一般情况是不允许这样发布的。如果一定要发布的话，要在BGP进程中利用bgp redistribute-internal 命令。将BGP发布进OSPF注意双点双向重发布，同时使SW8，SW15,SW16生产走左边，办公走右边 r1(config)#router bgp 65000r1(config-router)#bgp redistribute-internal r1(config-router)#exitr1(config)#router ospf 20r1(config-router)#redistribute bgp 65000 subnets r1(c

25、onfig-router)#distance ospf external 210 /使从另一边重分发来的OSPF路由进不了路由表r2(config)#router bgp 65000r2(config-router)#bgp redistribute-internal r2(config-router)#exitr2(config)#router ospf 20r2(config-router)#redistribute bgp 65000 subnets r2(config-router)#distance ospf external 210r2(config-router)#exitr2(

26、config)#endr3(config)#router bgp 65000r3(config-router)#bgp redistribute-internal r3(config-router)#exitr3(config)#router ospf 10r3(config-router)#redistribute bgp 65000 subnets r3(config-router)#distance ospf external 210r4(config)#router bgp 65000r4(config-router)#bgp redistribute-internal r4(conf

27、ig-router)#exitr4(config)#router ospf 10r4(config-router)#redistribute bgp 65000 subnets r4(config-router)#distance ospf external 210r4(config-router)#exitr1(config)#access-list 3 permit 10.4.28.0 0.0.0.255r1(config)#access-list 4 permit 10.5.28.0 0.0.0.255r1(config)#route-map fuckjiuge1 permit 10r1

28、(config-route-map)#match ip ad 3r1(config-route-map)#set m 100r1(config-route-map)#exitr1(config)#route-map fuckjiuge1 permit 20r1(config-route-map)#ma ip ad 4r1(config-route-map)#set m 200r1(config-route-map)#exitr1(config)#router ospf 20r1(config-router)#redistribute bgp 65000 subnets route-map fu

29、ckjiuge1r2(config)#access-list 3 permit 10.5.28.0 0.0.0.255r2(config)#access-list 4 permit 10.4.28.0 0.0.0.255r2(config)#route-map fuckjiuge1 permit 10r2(config-route-map)#ma ip ad 3r2(config-route-map)#set m 100r2(config-route-map)#exitr2(config)#route-map fuckjiuge1 permit 20r2(config-route-map)#m

30、a ip ad 4r2(config-route-map)#set m 200r2(config-route-map)#exitr2(config)#router ospf 20r2(config-router)#redistribute bgp 65000 subnets route-map fuckjiuge1r3(config)#access-list 3 permit 10.4.12.0 0.0.0.255r3(config)#access-list 4 permit 10.5.12.0 0.0.0.255r3(config)#route-map fuckjiuge1 permit 1

31、0r3(config-route-map)#match ip ad 3r3(config-route-map)#set me 100r3(config-route-map)#exitr3(config)#route-map fuckjiuge1 permit 20r3(config-route-map)#match ip ad 4r3(config-route-map)#set m 200r3(config-route-map)#exitr3(config)#router ospf 10r3(config-router)#redistribute bgp 65000 subnets route

32、-map fuckjiuge1r4(config)#access-list 3 permit 10.5.12.0 0.0.0.255r4(config)#access-list 4 permit 10.4.12.0 0.0.0.255r4(config)#route-map fuckjiuge1 permit 10r4(config-route-map)#match ip ad 3r4(config-route-map)#se metric 100r4(config-route-map)#exitr4(config)#route-map fuckjiuge1 permit 20r4(confi

33、g-route-map)#mat ip ad 4r4(config-route-map)#set metric 200r4(config-route-map)#exitr4(config)#endr4(config)#router ospf 10r4(config-router)#redistribute bgp 65000 subnets route-map fuckjiuge1r4(config-router)#end其实上面的策略本来应该是一次发布的，但为了分析就分开做了。查路由表sw15#show ip routeO E2 10.4.28.0/24 110/100 via 10.1.9

34、.6, 00:00:36, FastEthernet0/2O E2 10.5.28.0/24 110/100 via 10.1.9.14, 00:00:37, Vlan901sw16#show ip routeO E2 10.4.28.0/24 110/100 via 10.1.9.13, 00:00:44, Vlan901O E2 10.5.28.0/24 110/100 via 10.1.9.10, 00:00:44, FastEthernet0/2 sw8#show ip routeO E2 10.4.12.0/24 110/200 via 10.1.25.9, 00:15:45, Et

35、hernet1/1C 10.0.24.2/32 is directly connected, Loopback0C 10.4.28.0/24 is directly connected, Ethernet1/2C 10.5.28.0/24 is directly connected, Ethernet1/3C 10.1.25.4/30 is directly connected, Ethernet1/0C 10.1.25.8/30 is directly connected, Ethernet1/1发现SW8中少了一条路由，10.5.12.0没有查看R3 R4 的BGP路由r3#show ip

36、 route bgp 10.0.0.0/8 is variably subnetted, 27 subnets, 3 masksB 10.4.12.0/24 200/100 via 10.0.0.1, 01:01:29B 10.5.12.0/24 200/100 via 10.0.0.2, 01:41:24r4#show ip route bgp 10.0.0.0/8 is variably subnetted, 27 subnets, 3 masksB 10.4.12.0/24 200/100 via 10.0.0.1, 00:02:42B 10.5.12.0/24 200/100 via

37、10.0.0.2, 00:43:07BGP路由存在，问题不在这，查OSPF信息r4#sh ip ospf 10 database OSPF Router with ID (10.1.41.9) (Process ID 10) Router Link States (Area 0)Link ID ADV Router Age Seq# Checksum Link count10.0.24.2 10.0.24.2 59 0x 0x00EFDE 710.1.41.5 10.1.41.5 78 0xB 0x005CD5 210.1.41.9 10.1.41.9 59 0x 0x009E7C 2 Typ

38、e-5 AS External Link StatesLink ID ADV Router Age Seq# Checksum Tag10.4.12.0 10.1.41.5 1066 0x 0x002FCB 010.4.12.0 10.1.41.9 648 0x 0x00038F 0发现没有发布进来。查ACL匹配情况r4#sh ip access-lists Standard IP access list 1 permit 10.5.28.0, wildcard bits 0.0.0.255 (223 matches)Standard IP access list 2 permit 10.4.28.0, wildcard bits 0.0.0.255 (223 matches)Standard IP access list 3 permit 10.5.12.0, wildcard bits 0.0.0.255 /没有进行匹配Standard IP access list 4permit 10.4.12.0, wildcard bits 0.0.0.