News
发布日期:2022-06-10 浏览次数:2613 来源:崔志鹏
HCIE Datacom学习指导-ISIS路由管理路由泄露实验详解
HCIE Datacom学习培训选择WOLFLAB,享受终身重认证题库免费服务!
@R1/R2/R3属于区域49.0123,R4/R5属于区域49.0045;
@R1是L1,R4/R5是L2,R2/R3是L1/2;
@R2的g0/0/0接口是L1,g0/0/1接口是L2;
@R3的g0/0/2接口是L1,g0/0/1接口是L2;
结论:
L1的路由器只通过L1的LSP描述直连链路信息,跟链路级别无关;
L2的路由器只通过L2的LSP描述直连链路信息,跟链路级别无关;
L1/2的路由器通过L1的LSP也通过L2的LSP描述自身L1/2的直连链路;
L1/2的路由器只通过L2的LSP描述自身L2的直连链路;
L1/2的路由器通过L1的LSP和L2的LSP描述自身L1的直连链路;(因为默认L1的直连链路会装载到L2的LSDB中去)
L1的路由器引入外部路由时,会用分片的L1 LSP进行描述;
L2的路由器引入外部路由时,会用分片的L2 LSP进行描述;
L1/2的路由器引入外部路由时
①如果以L1的方式引入,则会用分片的L1 LSP进行描述,并且不会装载到L2的LSDB中;
②如果以L2的方式引入,则会用分片的L2 LSP进行描述,即便是做了路由泄露也不会装载到L2的LSDB中;
问题1:非骨干区域现在有几条LSP?
5条,三条实节点LSP,两条伪节点LSP
[AR1]dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000012 0xc718 1027 113 0/0/0
0000.0000.0001.01-00* 0x00000007 0xa9dd 1027 55 0/0/0
0000.0000.0001.02-00* 0x00000008 0xbcc7 1027 55 0/0/0
0000.0000.0002.00-00 0x00000018 0x5f3c 447 74 1/0/0
0000.0000.0003.00-00 0x00000011 0x721f 647 74 1/0/0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
问题2:骨干区域现在有几条LSP?
7条,四条实节点LSP,三条伪节点LSP
[AR5]dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00 0x00000022 0x9ff8 1035 110 0/0/0
0000.0000.0003.00-00 0x0000001f 0xbcc2 467 110 0/0/0
0000.0000.0004.00-00 0x00000012 0x9e9e 958 113 0/0/0
0000.0000.0004.01-00 0x00000006 0xc8b7 958 55 0/0/0
0000.0000.0004.02-00 0x00000006 0x1666 958 55 0/0/0
0000.0000.0005.00-00* 0x00000011 0xd347 904 113 0/0/0
0000.0000.0005.02-00* 0x00000005 0xe894 904 55 0/0/0
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
问题3:AR2的LSDB里面是否即维护L1的LSDB也维护L2的LSDB?
[AR2]dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000012 0xc718 776 113 0/0/0
0000.0000.0001.01-00 0x00000007 0xa9dd 776 55 0/0/0
0000.0000.0001.02-00 0x00000008 0xbcc7 776 55 0/0/0
0000.0000.0002.00-00* 0x00000019 0x5d3d 967 74 1/0/0
0000.0000.0003.00-00 0x00000011 0x721f 395 74 1/0/0
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000022 0x9ff8 967 110 0/0/0
0000.0000.0003.00-00 0x0000001f 0xbcc2 395 110 0/0/0
0000.0000.0004.00-00 0x00000012 0x9e9e 888 113 0/0/0
0000.0000.0004.01-00 0x00000006 0xc8b7 888 55 0/0/0
0000.0000.0004.02-00 0x00000006 0x1666 888 55 0/0/0
0000.0000.0005.00-00 0x00000011 0xd347 832 113 0/0/0
0000.0000.0005.02-00 0x00000005 0xe894 832 55 0/0/0
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
是的,L1的路由器维护L1的LSP,L2的路由器维护L2的LSP,L1/2的路由器维护L1/2的LSP;
问题4:查看每一条LSP的详细信息
[AR2]dis isis lsdb verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000012 0xc718 536 113 0/0/0
SOURCE 0000.0000.0001.00 //描述了自己所有启用了isis的接口,和该接口对应的网段信息和TOP信息;
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.1
INTF ADDR 1.1.13.1
INTF ADDR 1.1.1.1
NBR ID 0000.0000.0001.01 COST: 10
NBR ID 0000.0000.0001.02 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 0
0000.0000.0001.01-00 0x00000007 0xa9dd 536 55 0/0/0
SOURCE 0000.0000.0001.01 //R1作为伪节点,通告R1/R2之间的TOP信息;
NLPID IPV4
NBR ID 0000.0000.0001.00 COST: 0
NBR ID 0000.0000.0002.00 COST: 0
0000.0000.0001.02-00 0x00000008 0xbcc7 536 55 0/0/0
SOURCE 0000.0000.0001.02 //R1作为伪节点,通告R1/R3之间的TOP信息;
NLPID IPV4
NBR ID 0000.0000.0001.00 COST: 0
NBR ID 0000.0000.0003.00 COST: 0
0000.0000.0002.00-00* 0x00000019 0x5d3d 726 74 1/0/0
SOURCE 0000.0000.0002.00 //R2描述了自己所有启用了isis的接口,和L1链路的路由信息、L1的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.2
INTF ADDR 1.1.24.2
NBR ID 0000.0000.0001.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
0000.0000.0003.00-00 0x00000012 0x7020 974 74 1/0/0
SOURCE 0000.0000.0003.00 //R3描述了自己所有启用了isis的接口,和L1链路的路由信息、L1的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.13.3
INTF ADDR 1.1.35.3
NBR ID 0000.0000.0001.02 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000022 0x9ff8 726 110 0/0/0
SOURCE 0000.0000.0002.00 //R2描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.2
INTF ADDR 1.1.24.2
NBR ID 0000.0000.0004.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 20
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
0000.0000.0003.00-00 0x00000020 0xbac3 974 110 0/0/0
SOURCE 0000.0000.0003.00 //R3描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.13.3
INTF ADDR 1.1.35.3
NBR ID 0000.0000.0005.02 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
IP-Internal 1.1.35.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 20
0000.0000.0004.00-00 0x00000012 0x9e9e 647 113 0/0/0
SOURCE 0000.0000.0004.00 //R4描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0045
INTF ADDR 1.1.24.4
INTF ADDR 1.1.45.4
INTF ADDR 4.4.4.4
NBR ID 0000.0000.0004.02 COST: 10
NBR ID 0000.0000.0004.01 COST: 10
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
IP-Internal 1.1.45.0 255.255.255.0 COST: 10
IP-Internal 4.4.4.4 255.255.255.255 COST: 0
0000.0000.0004.01-00 0x00000006 0xc8b7 647 55 0/0/0
SOURCE 0000.0000.0004.01 //R4作为伪节点,通告R2/R4之间的TOP信息;
NLPID IPV4
NBR ID 0000.0000.0004.00 COST: 0
NBR ID 0000.0000.0002.00 COST: 0
0000.0000.0004.02-00 0x00000006 0x1666 647 55 0/0/0
SOURCE 0000.0000.0004.02 //R4作为伪节点,通告R4/R5之间的TOP信息;
NLPID IPV4
NBR ID 0000.0000.0004.00 COST: 0
NBR ID 0000.0000.0005.00 COST: 0
0000.0000.0005.00-00 0x00000011 0xd347 591 113 0/0/0
SOURCE 0000.0000.0005.00 //R5描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0045
INTF ADDR 1.1.45.5
INTF ADDR 1.1.35.5
INTF ADDR 5.5.5.5
NBR ID 0000.0000.0004.02 COST: 10
NBR ID 0000.0000.0005.02 COST: 10
IP-Internal 1.1.45.0 255.255.255.0 COST: 10
IP-Internal 1.1.35.0 255.255.255.0 COST: 10
IP-Internal 5.5.5.5 255.255.255.255 COST: 0
0000.0000.0005.02-00 0x00000005 0xe894 591 55 0/0/0
SOURCE 0000.0000.0005.02 //R5作为伪节点,通告R3/R5之间的TOP信息;
NLPID IPV4
NBR ID 0000.0000.0005.00 COST: 0
NBR ID 0000.0000.0003.00 COST: 0
Total LSP(s): 7
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
问题5:查看各台设备的路由表中的ISIS路由
R1:
0.0.0.0/0 ISIS-L1 15 10 D 1.1.13.3 GigabitEthernet0/0/2
ISIS-L1 15 10 D 1.1.12.2 GigabitEthernet0/0/0
R2:
1.1.1.1/32 ISIS-L1 15 10 D 1.1.12.1 GigabitEthernet0/0/0
1.1.13.0/24 ISIS-L1 15 20 D 1.1.12.1 GigabitEthernet0/0/0
1.1.35.0/24 ISIS-L2 15 30 D 1.1.24.4 GigabitEthernet0/0/1
1.1.45.0/24 ISIS-L2 15 20 D 1.1.24.4 GigabitEthernet0/0/1
4.4.4.4/32 ISIS-L2 15 10 D 1.1.24.4 GigabitEthernet0/0/1
5.5.5.5/32 ISIS-L2 15 20 D 1.1.24.4 GigabitEthernet0/0/1
R3:
1.1.1.1/32 ISIS-L1 15 10 D 1.1.13.1 GigabitEthernet0/0/2
1.1.12.0/24 ISIS-L1 15 20 D 1.1.13.1 GigabitEthernet0/0/2
1.1.24.0/24 ISIS-L2 15 30 D 1.1.35.5 GigabitEthernet0/0/1
1.1.45.0/24 ISIS-L2 15 20 D 1.1.35.5 GigabitEthernet0/0/1
4.4.4.4/32 ISIS-L2 15 20 D 1.1.35.5 GigabitEthernet0/0/1
5.5.5.5/32 ISIS-L2 15 10 D 1.1.35.5 GigabitEthernet0/0/1
R4:
1.1.1.1/32 ISIS-L2 15 20 D 1.1.24.2 GigabitEthernet0/0/1
1.1.12.0/24 ISIS-L2 15 20 D 1.1.24.2 GigabitEthernet0/0/1
1.1.13.0/24 ISIS-L2 15 30 D 1.1.45.5 GigabitEthernet0/0/0
ISIS-L2 15 30 D 1.1.24.2 GigabitEthernet0/0/1
1.1.35.0/24 ISIS-L2 15 20 D 1.1.45.5 GigabitEthernet0/0/0
5.5.5.5/32 ISIS-L2 15 10 D 1.1.45.5 GigabitEthernet0/0/0
R5:
1.1.1.1/32 ISIS-L2 15 20 D 1.1.35.3 GigabitEthernet0/0/1
1.1.12.0/24 ISIS-L2 15 30 D 1.1.35.3 GigabitEthernet0/0/1
ISIS-L2 15 30 D 1.1.45.4 GigabitEthernet0/0/0
1.1.13.0/24 ISIS-L2 15 20 D 1.1.35.3 GigabitEthernet0/0/1
1.1.24.0/24 ISIS-L2 15 20 D 1.1.45.4 GigabitEthernet0/0/0
4.4.4.4/32 ISIS-L2 15 10 D 1.1.45.4 GigabitEthernet0/0/0
问题6:非骨干区域如何访问骨干区域?
通过默认路由
默认情况下L1/2的路由器不会将L2的路由转化成L1的LSP在非骨干区域泛洪,那么ISIS非骨干区域天生类似于OSPF的特殊区域,通过缺省路由访问骨干区域。
问题7:骨干区域如何访问非骨干区域?
通过明细路由
L1/2的路由器除了描述自身L2的直连链路之外,还将学到的L1路由和自身L1的直连网段路由装载到L2的LSDB中,作为自己的直连叶子通过L2的LSP进行描述;
0000.0000.0002.00-00* 0x00000022 0x9ff8 726 110 0/0/0
SOURCE 0000.0000.0002.00 //R2描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.2
INTF ADDR 1.1.24.2
NBR ID 0000.0000.0004.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 20
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
0000.0000.0003.00-00 0x00000020 0xbac3 974 110 0/0/0
SOURCE 0000.0000.0003.00 //R3描述了自己所有启用了isis的接口,和L2链路的路由信息、L2的TOP信息
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.13.3
INTF ADDR 1.1.35.3
NBR ID 0000.0000.0005.02 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
IP-Internal 1.1.35.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 20
假设R1上引入一条外部路由,此时查看R1是如何通告的,R2作为L1/2路由器收到R1产生的外部路由,如果去描述?
R1
ip route-static 192.168.1.0 255.255.255.0 NULL0
Isis 1
import-route static level-1 //默认引入外部路由是以level-2的方式进行引入,因为R1是L1的路由器所以需要加上L1的参数
此时R1通过分片去描述外部路由:
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x0000001d 0xb321 591 113 0/0/0
0000.0000.0001.00-01* 0x00000001 0x221f 1126 41 0/0/0
0000.0000.0001.01-00* 0x00000011 0x95e7 591 55 0/0/0
0000.0000.0001.02-00* 0x0000000e 0xb0cd 591 55 0/0/0
0000.0000.0002.00-00 0x00000039 0xec8d 885 74 1/0/0
0000.0000.0003.00-00 0x0000001e 0x582c 904 74 1/0/0
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-----------------------------------------------------------------
0000.0000.0001.00-01* 0x00000001 0x221f 1072 41 0/0/0
SOURCE 0000.0000.0001.00
IP-External 192.168.1.0 255.255.255.0 COST: 64
IP External reachability (t=130, l=12)
Type: 130
Length: 12
IPv4 prefix: 192.168.1.0/24
..00 0000 = Default Metric: 0
.1.. .... = Default Metric IE: External
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
注意:
@针对引入的外部路由,R1通过一条分片的LSP去描述;
@如果引入多条外部路由,R1仍然只会通过一条分片的LSP去描述,不会像ospf一样,一条外部路由一条LSA;
@LSDB中外部路由显示IP-EXTERNAL,内部路由显示IP-INTERRNAL;
@如果使用的cost-type是默认的narrow度量值,针对内部路由使用128TLV携带,针对外部路由使用130TLV携带;
@在报文中内部路由会显示INTERNAL,外部路由会显示EXTERNAL,其他的bit都一样;(这里的INTERNAL和EXTERNAL是显示引入外部路由metric的类型的,不是用来区分内部和外部路由的)
@内部路由始终都是INTERNAL,引入的外部路由才有INTERNAL和EXTERNAL的区分;
问题8:非骨干区域的默认路由怎么来的?
@ATT:骨干区域连接符,L1/2的路由器产生的L1的LSP中会将ATT bit=1;
@L1的路由器通过ATT置为1的LSP得知本区域的L1/2路由器的存在
@由于L1的路由器和L1/2的路由器在同一个区域,所以L1的路由器通过SPF算法将自动在路由表中生成一条指向L1/2路由器的缺省路由,该路由的下一跳为到L1/2路由器的下一跳,该路由的开销为到L1/2路由器的SPF树的开销;
问题9:ATT什么时候会置位1?
路由器类型为 L1/2
必须有 L1 和 L2 的邻居关系
L2 的邻居关系区域 ID 不能一致
问题10:ATT bit怎样控制?
isis 1
attached-bit advertise always //总是置为1,只要是L1/2路由器,产生的L1的LSP就置为1。
attached-bit advertise never //设置ATT bit总是置0
attached-bit avoid-learning //即便收到ATT位置为1的LSP,也不会产生默认了,本地有效。
问题11:R2会不会有缺省路由指向R3,R3会不会有缺省路由指向R2?
没有
同一个区域(49.0123)如果存在多个L1/2的路由器,彼此不进行确缺省路由的计算,防止路由环路;
问题12:R2的g0/0/1接口down掉了,没有LEVEL-2的邻居了,作为L1/2的R2会不会产生默认路由指向R3?
R2是可以看到R3通告的ATT=1的LSP的,华为此时路由表仍然没有默认路由,cisco有;
如果将R2的路由器的级别从L1-2改成L1,此时R2的路由表中就可以看到默认路由了;
结论:L1-2的路由器收到同区域的ATT=1的L1 LSP不会产生缺省路由;
问题13:通过缺省路由访问骨干区域会存在什么问题?
优点:
1)收敛快,无需维护明细路由
2)节省资源
3)增强网络的稳定性
缺点:
1)明细路由缺失,导致MPLS网络中的LSP无法正常建立。
2)无法感知明细路由的状态,存在或者失效都通过缺省路由转发业务,导致带宽存在浪费,比如5.5.5.0失效了,数据包发到R2才会丢失
3)存在次优路径
问题14:次优路径怎么发生的?
因为AR1路由表中默认路由是等价的,所以AR1访问AR3的loop0接口的时候有几率出现次有路径;
问题15:如何防止次优路径?
1、手动调整缺省路由的开销,通过修改链路开销实现;
int x/x/x
isis cost X level-1 //默认是10
2、通过路由泄露,将骨干区域的路由泄漏到非骨干区域,泄漏到非骨干区域的L2的路由会进行DU bit置1,标识该路由来自骨干区域,是泄露进非骨干区域的。
问题16:什么是路由泄露?
isis 1
network-entity 49.0123.0000.0000.0002.00
import-route isis level-2 into level-1 //在R2上将L2的路由装载到L1的LSDB里面来
此时R2产生的一类LSP如下:
[AR2]dis isis lsdb 0000.0000.0002.00-00 verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x0000001f 0x9a47 1170 134 1/0/0
SOURCE 0000.0000.0002.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.2
INTF ADDR 1.1.24.2
NBR ID 0000.0000.0001.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal* 5.5.5.5 255.255.255.255 COST: 20
IP-Internal* 1.1.45.0 255.255.255.0 COST: 20
IP-Internal* 1.1.35.0 255.255.255.0 COST: 30
IP-Internal* 4.4.4.4 255.255.255.255 COST: 10
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
之前R2产生的1类LSP如下:
0000.0000.0002.00-00* 0x00000019 0x5d3d 726 74 1/0/0
SOURCE 0000.0000.0002.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.12.2
INTF ADDR 1.1.24.2
NBR ID 0000.0000.0001.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
注意:
@R2做了路由泄露,会将学到的L2的路由,和自身L2的直连链路装载L1的LSDB中,作为自身L1的叶子去描述;
@R2上看到带*,表明是R2泄露进来学到的L2的路由;
@R1收到R2通告的L1的LSP,看到带*号的,就知道哪些路由是泄露进来的了;
此时查看R1的路由表:
0.0.0.0/0 ISIS-L1 15 10 D 1.1.13.3 GigabitEthernet0/0/2
ISIS-L1 15 10 D 1.1.12.2 GigabitEthernet0/0/0
1.1.24.0/24 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
1.1.35.0/24 ISIS-L1 15 40 D 1.1.12.2 GigabitEthernet0/0/0
1.1.45.0/24 ISIS-L1 15 30 D 1.1.12.2 GigabitEthernet0/0/0
4.4.4.4/32 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
5.5.5.5/32 ISIS-L1 15 30 D 1.1.12.2 GigabitEthernet0/0/0
问题17:报文中R2产生的L1的LSP怎么去标识?
DU bit=1,不是泄露进来的路由DU bit=0
IP Internal reachability (t=128, l=72)
Type: 128
Length: 72
IPv4 prefix: 1.1.12.0/24
..00 1010 = Default Metric: 10
.0.. .... = Default Metric IE: Internal
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 5.5.5.5/32
..01 0100 = Default Metric: 20
.0.. .... = Default Metric IE: Internal
1... .... = Distribution: Down
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 1.1.45.0/24
..01 0100 = Default Metric: 20
.0.. .... = Default Metric IE: Internal
1... .... = Distribution: Down
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 1.1.35.0/24
..01 1110 = Default Metric: 30
.0.. .... = Default Metric IE: Internal
1... .... = Distribution: Down
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 4.4.4.4/32
..00 1010 = Default Metric: 10
.0.. .... = Default Metric IE: Internal
1... .... = Distribution: Down
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
IPv4 prefix: 1.1.24.0/24
..00 1010 = Default Metric: 10
.0.. .... = Default Metric IE: Internal
0... .... = Distribution: Up
..00 0000 = Delay Metric: 0
1... .... = Delay Metric: Not Supported
.0.. .... = Delay Metric: Internal
..00 0000 = Expense Metric: 0
1... .... = Expense Metric: Not Supported
.0.. .... = Expense Metric: Internal
..00 0000 = Error Metric: 0
1... .... = Error Metric: Not Supported
.0.. .... = Error Metric: Internal
问题18:DU bit有什么用?
防止路由回馈
R3发现DU=1的路由,就不会将该L1的路由在装载到L2的LSDB中,传递到骨干区域;
就相当于ospf中ABR收到非骨干区域的3类LSA只接收不计算
R3现在通告的L2的LSP:
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-----------------------------------------------------------------
0000.0000.0003.00-00* 0x00000015 0xc9f9 919 122 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.13.3
INTF ADDR 1.1.35.3
NBR ID 0000.0000.0005.02 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
IP-Internal 1.1.35.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 20
IP-Internal 1.1.24.0 255.255.255.0 COST: 30
R3之前通告的LSP:
0000.0000.0003.00-00 0x00000020 0xbac3 974 110 0/0/0
SOURCE 0000.0000.0003.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.13.3
INTF ADDR 1.1.35.3
NBR ID 0000.0000.0005.02 COST: 10
IP-Internal 1.1.13.0 255.255.255.0 COST: 10
IP-Internal 1.1.35.0 255.255.255.0 COST: 10
IP-Internal 1.1.1.1 255.255.255.255 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 20
注意:
R3除了会将R2和R4之间的直连网段,回馈到骨干区域,其他的带有*的路由并没有回馈到骨干区域;
对于R5来讲如果将G0/0/0接口的开销改成30,此时R5上针对1.1.24.0/24这条路由会是等价路由;
问题19:因为R3默认会将非骨干区域L1的路由变成L2的路由,此时在R2上做了路由泄露,R2是否会将这些路由又泄露进非骨干区域呢?
假设R2将g0/0/0接口的开销改的特别的大,此时R2访问1.1.1.1也不会走R3传递过来的L2的路由,因为L1的路由优于L2的路由,通过选路防止路由回馈,这样L2的路由就无法泄漏到非骨干区域,因为R2上看到始终是L1的路由;
如果将R2的g0/0/0接口shut,此时R2就走骨干区域访问R1了,相当于ospf的非骨干区域的一类永远优于骨干区域的三类;
问题20:因为L1的路由优先于L2的路由,此时R3访问R4和R5是否走非骨干区域呢?
不会,因为L2>*L1的路由
R3始终会走骨干区域访问R4和R5,如果R3的g0/0/1接口shut,此时R3会走非骨干区域访问R4和R5;
问题21:此时在R3上也做路由泄露,R1的路由表如下:
[AR1]dis ip routing-table protocol isis
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : ISIS
Destinations : 6 Routes : 8
ISIS routing table status :
Destinations : 6 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 1.1.12.2 GigabitEthernet0/0/0
ISIS-L1 15 10 D 1.1.13.3 GigabitEthernet0/0/2
1.1.24.0/24 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
1.1.35.0/24 ISIS-L1 15 20 D 1.1.13.3 GigabitEthernet0/0/2
1.1.45.0/24 ISIS-L1 15 30 D 1.1.12.2 GigabitEthernet0/0/0
ISIS-L1 15 30 D 1.1.13.3 GigabitEthernet0/0/2
4.4.4.4/32 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
5.5.5.5/32 ISIS-L1 15 20 D 1.1.13.3 GigabitEthernet0/0/2
此时R1访问R4就走R2,访问R5就走R3了,解决次优路径;
问题22:R2和R3是否能够控制哪些路由做泄露?
import-route isis level-2 into level-1 filter-policy xx //L2泄露进L1针对路由做过滤
import-route isis level-1 into level-2 filter-policy xx //L1泄露进L2针对路由做过滤
注意:过滤只针对学到的路由有效,针对直连路由无效
举例:
R2
acl number 2000
rule 5 permit source 4.4.4.4 0
rule 10 permit source 5.5.5.5 0
import-route isis level-2 into level-1 filter-policy 2000
R2产生的L1的LSP:
[AR2]dis isis lsdb 0000.0000.0002.00-00 verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000033 0xabc4 1150 110 1/0/0
SOURCE 0000.0000.0002.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.24.2
INTF ADDR 1.1.12.2
NBR ID 0000.0000.0001.01 COST: 10
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal* 5.5.5.5 255.255.255.255 COST: 20
IP-Internal* 4.4.4.4 255.255.255.255 COST: 10
过滤之前:
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000035 0xd745 1194 122 1/0/0
SOURCE 0000.0000.0002.00
NLPID IPV4
AREA ADDR 49.0123
INTF ADDR 1.1.24.2
INTF ADDR 1.1.12.2
NBR ID 0000.0000.0001.01 COST: 10
IP-Internal 1.1.12.0 255.255.255.0 COST: 10
IP-Internal* 5.5.5.5 255.255.255.255 COST: 20
IP-Internal* 1.1.45.0 255.255.255.0 COST: 20
IP-Internal* 4.4.4.4 255.255.255.255 COST: 10
IP-Internal 1.1.24.0 255.255.255.0 COST: 10
可以看到1.1.45.0/24的L2的路由就被过滤了,但是1.1.24.0/24的直连路由还在;
R3
acl number 2000
rule 5 permit source 4.4.4.4 0
rule 10 permit source 5.5.5.5 0
import-route isis level-2 into level-1 filter-policy 2000
此时R1上看到:
0.0.0.0/0 ISIS-L1 15 10 D 1.1.12.2 GigabitEthernet0/0/0
ISIS-L1 15 10 D 1.1.13.3 GigabitEthernet0/0/2
1.1.24.0/24 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
1.1.35.0/24 ISIS-L1 15 20 D 1.1.13.3 GigabitEthernet0/0/2
4.4.4.4/32 ISIS-L1 15 20 D 1.1.12.2 GigabitEthernet0/0/0
5.5.5.5/32 ISIS-L1 15 20 D 1.1.13.3 GigabitEthernet0/0/2
HCIE Datacom学习相关技术指导可联系WOLFLAB进学习群
电话:173-1636-2402
邮箱:wolflab@wolf-lab.com
地址:上海市徐汇区漕宝路82号E座1902室WOLFLAB实验室
提供: CCNA/HCIA培训 | CCNP/HCIP培训 | HCIE/CCIE培训 | WOLF | 华为认证咨询 | 思科认证咨询 |
官方微信
关注微信公众号
