前言
通过使用路由引入,管理员可以把路由信息从一种路由协议导入到另一种路由协议,或者同种路由协议在不同进程之间的导入。路由引入通常在边界路由器上进行,边界路由器是同时运行两种以上路由协议的路由器,负责不同路由协议间的路由引入操作。
路由引入默认度量值
不同的路由协议的度量值算法不同,所以在路由引入时,无法将路由信息的原度量值也引入。此时,协议一般会给与路由信息一个新的默认度量值,又称种子度量值。默认度量值可以设置,以适应网络实际情况。通常设置为大于路由域内已有路由信息的最大度量值,表示是从域外引入的路由,以避免可能出现的次优路由。
路由引入加表原则以及各路由协议优先级
当一个路由器通过不同的路由协议学习到相同的目的网络,比较优先级,优先级数值低的最优。
| 路由协议类型 | 优先级 |
|---|---|
| Direct | 0 |
| OSPF | 10 |
| ISIS level-1 | 15 |
| ISIS level-2 | 18 |
| Static | 60 |
| RIP | 100 |
| OSPF ASE | 150 |
| OSPF NSSA | 150 |
| IBGP | 255 |
| EBGP | 255 |
路由引入规划
路由引入时,你可以仅在一台边界路由器上引入,称为单边界引入;也可以在多个边界路由器上引入,称为多边界引入。单边界引入时,相当于两个路由域间仅有一个连接点,可靠性相对较差,但是不会有环路或次优路由产生。在多边界引入时,可靠性增加,但是配置更加复杂,也增加配置难度,也增加产生次优路由的可能性。
单向路由引入
路由双向引入
路由引入产生环路及解决办法
路由环路图解
解决办法
使用Tag来选择性引入路由
路由引入产生次优路由及解决办法
设置默认度量值,从而避免次优路由的产生
路由引入配置
RIP
- 引入外部路由
import-route <protocol> [process-id] [cost <cost> | route-policy <route-policy-name> | tag <tag>]
// protocol 路由协议类型 process-id 路由协议进程号 cost 路由引入度量值 route-policy-name 策略路由名称 tag 路由标记
- 修改默认度量值
defult cost <cost> // 建议默认度量值取路由域内度量值的最大值
OSPF
- 引入外部路由
import-route <protocol> [process-id] [cost <cost> | type <type> | route-policy <route-policy-name> | tag <tag>]
// protocol 路由协议类型 process-id 路由协议进程号 cost 路由引入度量值(默认值为1) route-policy-name 策略路由名称 tag 路由标记(默认为1) type 度量值类型(默认为2 外部引入)
- 修改默认度量值
defult cost <cost> // 建议默认度量值取路由域内度量值的最大值
ISIS
- 引入外部路由
import-route <protocol> [process-id] [cost <cost> | cost-type {external|internal} | route-policy <route-policy-name> | tag <tag> | [level-1 | level-1-2] | level-2]
// protocol 路由协议类型 process-id 路由协议进程号 cost 路由引入度量值 route-policy-name 策略路由名称 tag 路由标记 cost-type 路径开销类型 internal 内部路由 external 外部路由
- 修改默认度量值
defult cost <cost> // 建议默认度量值取路由域内度量值的最大值
路由引入配置举例
自治系统内路由引入
基本配置
R1配置
[R1]router id 1.1.1.1
[R1]ospf 1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 12.0.0.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]qu
[R1-ospf-1]qu
[R1]isis 1
[R1-isis-1]network-entity 10.0001.0001.0001.00
[R1-isis-1]cost-style wide // 此类型isis路由携带tag属性
[R1-isis-1]qu
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]isis enable
[R1-LoopBack0]qu
[R1]interface GigabitEthernet 0/1
[R1-GigabitEthernet0/1]ip address 12.0.0.1 24
[R1-GigabitEthernet0/1]qu
[R1]interface GigabitEthernet 0/2
[R1-GigabitEthernet0/2]ip address 41.0.0.1 24
[R1-GigabitEthernet0/2]isis enable
[R1-GigabitEthernet0/2]qu
R2配置
[R2]router id 2.2.2.2
[R2]interface GigabitEthernet 0/0
[R2-GigabitEthernet0/0]ip address 25.0.0.2 24
[R2-GigabitEthernet0/0]qu
[R2]interface GigabitEthernet 0/1
[R2-GigabitEthernet0/1]ip address 12.0.0.2 24
[R2-GigabitEthernet0/1]qu
[R2]interface GigabitEthernet 0/2
[R2-GigabitEthernet0/2]ip address 23.0.0.2 24
[R2-GigabitEthernet0/2]qu
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 2.2.2.2 32
[R2-LoopBack0]qu
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.0]network 12.0.0.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]network 25.0.0.0 0.0.0.255
[R2-ospf-1-area-0.0.0.0]qu
[R2-ospf-1]qu
R3配置
[R3]router id 3.3.3.3
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.255
[R3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]qu
[R3-ospf-1]qu
[R3]isis 1
[R3-isis-1]network-entity 10.0003.0003.0003.00
[R3-isis-1]cost-style wide
[R3-isis-1]qu
[R3]interface GigabitEthernet 0/2
[R3-GigabitEthernet0/2]ip address 23.0.0.3 24
[R3-GigabitEthernet0/2]qu
[R3]interface GigabitEthernet 0/1
[R3-GigabitEthernet0/1]ip address 34.0.0.3 24
[R3-GigabitEthernet0/1]isis enable
[R3-GigabitEthernet0/1]qu
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 3.3.3.3 32
[R3-LoopBack0]isis enable
[R3-LoopBack0]qu
R4配置
[R4]isis 1
[R4-isis-1]net
[R4-isis-1]network-entity 10.0004.0004.0004.00
[R4-isis-1]cost-style wide
[R4-isis-1]qu
[R4]interface GigabitEthernet 0/1
[R4-GigabitEthernet0/1]ip address 34.0.0.4 24
[R4-GigabitEthernet0/1]isis enable
[R4-GigabitEthernet0/1]qu
[R4]interface g0/2
[R4-GigabitEthernet0/2]ip address 41.0.0.4 24
[R4-GigabitEthernet0/2]isis enable
[R4-GigabitEthernet0/2]qu
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 4.4.4.4 32
[R4-LoopBack0]isis enable
[R4-LoopBack0]qu
R5配置
[R5]interface GigabitEthernet 0/0
[R5-GigabitEthernet0/0]ip address 25.0.0.5 24
[R5-GigabitEthernet0/0]qu
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 5.5.5.5 32
[R5-LoopBack0]qu
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 25.0.0.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]qu
[R5-ospf-1]qu
[R5]
路由引入
R1配置
[R1]ospf 1
[R1-ospf-1]import-route isis 1
[R1-ospf-1]qu
[R1]isis 1
[R1-isis-1]address-family ipv4
[R1-isis-1-ipv4]import-route ospf 1
[R1-isis-1-ipv4]qu
[R1-isis-1]qu
[R1]
R3配置
[R3]isis 1
[R3-isis-1]address-family ipv4
[R3-isis-1-ipv4]import-route ospf 1
[R3-isis-1-ipv4]qu
[R3-isis-1]qu
[R3]ospf 1
[R3-ospf-1]import-route isis 1
[R3-ospf-1]qu
[R3]
R5配置
[R5]ip prefix-list lo0 permit 5.5.5.5 32
[R5-route-policy-dir>ospf-10]if-match ip address prefix-list lo0
[R5]ospf 1
[R5-ospf-1]import-route direct route-policy dir>ospf
[R5-ospf-1]qu
[R5]
次优路径与环路问题
问题分析
截至目前 次优路径已经产生如下图所示 R1-5.5.5.5下一跳指向R4
环路问题存在 R1宣告5.5.5.5路由存在问题
解决办法
1. 利用路由过滤避免路由环路 (ip-prefix + filter-policy) [运维难度大]
在R1/R3 OSPF路由引入ISIS路由时,过滤掉5.5.5.5路由
R1配置
[R1]ip prefix-list import index 10 deny 5.5.5.5 32 // filter-policy使用prefix的行为进行过滤
[R1]ip prefix-list import index 20 permit 0.0.0.0 0 less-equal 32 // 允许其他网段
[R1]isis 1
[R1-isis-1]address-family ipv4
[R1-isis-1-ipv4]filter-policy prefix-list import import // 第一个import为名称 第二个为引入
[R1-isis-1-ipv4]qu
[R1-isis-1]qu
R3配置
[R3]ip prefix-list import index 10 deny 5.5.5.5 32
[R3]ip prefix-list import index 20 permit 0.0.0.0 0 less-equal 32
[R3]isis 1
[R3-isis-1]address-family ipv4
[R3-isis-1-ipv4]filter-policy prefix-list import import
[R3-isis-1-ipv4]qu
[R3-isis-1]qu
[R3]
如下图所示路由表已经恢复正常
反思
- 上列方法虽然可以解决环路问题以及次优路径的问题 但是R1/R3之一与R2链路中断 另一台设备无法起到冗余备份的作用 2. 外部路由数量多时,运维管理难度大
2. 修改路由外部引入路由优先级[垃圾方案]
R1配置
[R1]ospf 1
[R1-ospf-1]preference ase 14 // 修改外部路由优先级 14<15
[R1-ospf-1]qu
[R1]
R3配置
[R3]ospf 1
[R3-ospf-1]preference ase 14
[R3-ospf-1]qu
[R3]
反思
R1-R4 / R3-R4出现次优路径问题 修改优先级只能解决一方面的路由学习问题,但是另一方面会出问题,行不通
3. 打Tag标签方式过滤路由 [推荐方法]
| R1配置 | R3配置 |
|---|---|
| ospf>isis tag10 | isis>ospf filter tag10 |
| isis>ospf tag30 | ospf>isis filter tag30 |
| isis>ospf filter tag20 | ospf>isis tag20 |
| ospf>isis filter tag40 | isis>ospf tag40 |
R1配置
// ospf>isis 打10标签过滤40标签
[R1]route-policy ospf>isis deny node 10
[R1-route-policy-ospf>isis-10]if-match tag 40
[R1-route-policy-ospf>isis-10]qu
[R1]
[R1]route-policy ospf>isis permit node 20
[R1-route-policy-ospf>isis-20]apply tag 10
[R1-route-policy-ospf>isis-20]qu
[R1]
[R1]isis 1
[R1-isis-1]address-family ipv4
[R1-isis-1-ipv4]import-route ospf 1 route-policy ospf>isis
[R1-isis-1-ipv4]qu
[R1-isis-1]qu
[R1]
// isis>ospf 打30标签过滤20
[R1]route-policy isis>ospf deny node 10
[R1-route-policy-isis>ospf-10]if-match tag 20
[R1-route-policy-isis>ospf-10]qu
[R1]
[R1]route-policy isis>ospf permit node 20
[R1-route-policy-isis>ospf-20]apply tag 30
[R1-route-policy-isis>ospf-20]qu
[R1]
[R1]ospf 1
[R1-ospf-1]import-route isis 1 route-policy isis>ospf
[R1-ospf-1]qu
[R1]
R3配置
// isis>ospf 打40标签过滤10标签
[R3]route-policy isis>ospf deny node 10
[R3-route-policy-isis>ospf-10]if-match tag 10
[R3-route-policy-isis>ospf-10]qu
[R3]
[R3]route-policy isis>ospf permit node 20
[R3-route-policy-isis>ospf-20]apply
[R3-route-policy-isis>ospf-20]apply tag 40
[R3-route-policy-isis>ospf-20]qu
[R3]
[R3]ospf 1
[R3-ospf-1]import-route isis 1 route-policy isis>ospf
[R3-ospf-1]qu
[R3]
// ospf>isis 打20标签过滤30标签
[R3]route-policy ospf>isis deny node 10
[R3-route-policy-ospf>isis-10]if-match tag 30
[R3-route-policy-ospf>isis-10]qu
[R3]
[R3]route-policy ospf>isis permit node 20
[R3-route-policy-ospf>isis-20]apply tag 20
[R3-route-policy-ospf>isis-20]qu
[R3]
[R3]isis 1
[R3-isis-1]address-family ipv4
[R3-isis-1-ipv4]import-route ospf 1 route-policy ospf>isis
[R3-isis-1-ipv4]qu
[R3-isis-1]qu
[R3]
反思-路由环路解决
解决了路由环路问题 R1次优路径路由仍然存在
次优路径解决办法
R5在静态路由引入OSPF时进行打标记 然后在R1&R3对R5路由进行优先级修改(低于ISIS外部路由优先级15) 后续所有外部引入的路由都可以打上Tag标记。
R5配置
[R5]route-policy dir>ospf permit node 10
[R5-route-policy-dir>ospf-10]apply tag 50 // 引入时打上标签 方便R1/R3修改优先级
[R5-route-policy-dir>ospf-10]qu
[R5]
R1配置
[R1]route-policy pre permit node 10
[R1-route-policy-pre-10]if-match tag 50
[R1-route-policy-pre-10]apply preference 14
[R1-route-policy-pre-10]qu
[R1]
[R1]ospf 1
[R1-ospf-1]preference ase route-policy pre 150 // 路由匹配的修改为14不匹配为150
[R1-ospf-1]qu
[R1]
R3配置
[R3]route-policy pre permit node 10
[R3-route-policy-pre-10]if-match tag 50
[R3-route-policy-pre-10]apply preference 14
[R3-route-policy-pre-10]qu
[R3]
[R3]ospf 1
[R3-ospf-1]preference ase route-policy pre 150
[R3-ospf-1]qu
[R3]
反思-次优路径解决
显示与维护
查看isis路由是否携带标签
[R3]display isis lsdb verbose local
Database information for IS-IS(1)
---------------------------------
Level-1 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0003.0003.0003.00-00* 0x0000001d 0x6212 777 76 0/0/0
Source 0003.0003.0003.00
NLPID IPv4
Area address 10
IPv4 address 3.3.3.3
IPv4 address 34.0.0.3
+NBR ID
0004.0004.0004.01 Cost: 10
+IP-Extended
3.3.3.3 255.255.255.255 Cost: 0
+IP-Extended
34.0.0.0 255.255.255.0 Cost: 10
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
---------------------------
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0003.0003.0003.00-00* 0x0000006b 0xf9dc 789 164 0/0/0
Source 0003.0003.0003.00
NLPID IPv4
Area address 10
IPv4 address 3.3.3.3
IPv4 address 34.0.0.3
+NBR ID
0004.0004.0004.01 Cost: 10
+IP-Extended
1.1.1.1 255.255.255.255 Cost: 20
+IP-Extended
2.2.2.2 255.255.255.255 Cost: 0 Tag: 20 // 携带标签
+IP-Extended
3.3.3.3 255.255.255.255 Cost: 0
+IP-Extended
4.4.4.4 255.255.255.255 Cost: 10
+IP-Extended
5.5.5.5 255.255.255.255 Cost: 0 Tag: 20
+IP-Extended
12.0.0.0 255.255.255.0 Cost: 0 Tag: 20
+IP-Extended
25.0.0.0 255.255.255.0 Cost: 0 Tag: 20
+IP-Extended
34.0.0.0 255.255.255.0 Cost: 10
+IP-Extended
41.0.0.0 255.255.255.0 Cost: 20
*-Self LSP, +-Self LSP(Extended), ATT-Attached, P-Partition, OL-Overload
[R3]
查看ospf路由是否携带标签
[R3]display ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Table
Routing for network
Destination Cost Type NextHop AdvRouter Area
3.3.3.3/32 0 Stub 0.0.0.0 3.3.3.3 0.0.0.0
23.0.0.0/24 1 Transit 0.0.0.0 3.3.3.3 0.0.0.0
25.0.0.0/24 2 Transit 23.0.0.2 2.2.2.2 0.0.0.0
1.1.1.1/32 2 Stub 23.0.0.2 1.1.1.1 0.0.0.0
12.0.0.0/24 2 Transit 23.0.0.2 1.1.1.1 0.0.0.0
2.2.2.2/32 1 Stub 23.0.0.2 2.2.2.2 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
5.5.5.5/32 1 Type2 1 23.0.0.2 5.5.5.5
4.4.4.4/32 1 Type2 30 23.0.0.2 1.1.1.1
34.0.0.0/24 1 Type2 30 23.0.0.2 1.1.1.1
Total nets: 9
Intra area: 6 Inter area: 0 ASE: 3 NSSA: 0
[R3]
