一、简介¶
本章以RIP路由协议为主题,给出了包括基本配置、认证、汇总、版本兼容、故障排除等多方面特性的配置实例。
二、RIP路由协议基本配置¶
2.1 RIP介绍¶
2.1.1 RIP定义¶
RIP(Routing Information Protocol,路由协议)作为最早的距离矢量IP路由协议。采用了Bellman-Ford算法,现因跳数限制基本淘汰使用。 RIP协议要求网络中每一台路由器都要维护从自身到每一个月的网络的路由信息。RIP协议使用跳数来衡量网络间的"距离":从一台路由器到其直连网络的跳数定义为1,从一台路由器到其非直连网络的距离定义为每经过一个路由器距离加1。"距离"也被称为"跳数"。RIP允许路由的最大跳数为15,因此,16即可不可达。
2.1.2 RIP优点¶
最大特点就是配置简单
2.1.3 RIP缺点¶
RIP协议只适用于小型网络
2.1.4 RIP版本相同点¶
RIPv1和RIPv2,RIPv2针对 RIPv1进行扩充,能够携带更多的信息量,并增加了安全性能。 RIPv1和RIPv2都是基于UDP的协议,使用UDP520号端口收发数据包。
2.1.5 RIP版本不同点¶
1、RIPv2的路由信息中携带了子网掩码 2、RIPv2的路由信息中携带了下一跳地址,标识一个比通告路由器的地址更好的下一跳地址。(它指出的地址,其度量值-跳数比在同一个子网上的通告路由器更靠近目的地。)如果这个字段设置为全0,说明通告路由器的地址是最优的下一跳地址。 3、RIPv2默认采用组播方式发送报文,地址为224.0.0.9。
2.2 RIP路由协议基本配置实验¶
2.2.1 实验内容¶
某小型公司组网拓扑简单,只拥有两台路由器,因此可以采用RIP路由协议来完成网络的部署。本实验通过模拟简单的企业网络场景来描述RIP路由协议的基本配置,并介绍一些基本的查看RIP信息的命令使用方法。
2.2.2 实验目的¶
1、理解RIP的应用场景 2、理解RIP的基本原理 3、掌握RIPv1的基本配置 4、掌握RIPv2的基本配置 5、掌握测试RIP路由网络的连通性的方法 6、掌握使用display与debug命令测试RIP 7、了解RIPv1与RIPv2的区别
2.2.3 实验拓扑¶
2.2.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR1220) | E1/0/0 | 10.0.12.1 | 255.255.255.0 | E1 |
| R1(AR1220) | Loopback 0 | 10.0.1.1 | 255.255.255.0 | E2 |
| R2(AR1220) | E1/0/0 | 10.0.12.2 | 255.255.255.0 | E3 |
| R2(AR1220) | Loopback 0 | 10.0.2.2 | 255.255.255.0 | E4 |
2.2.5 实验步骤¶
2.2.5.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
2.2.5.2 使用RIPv1搭建网络¶
1、在R1和R2上配置RIPv1。使用RIP命令创建并开启协议进程,默认情况下进程号是1。使用network命令对指定网段接口使能RIP功能
[R1]rip
[R1-rip-1]network 10.0.0.0
[R2]rip
[R2-rip-1]network 10.0.0.0
注意:必须是自然网段的地址!!!
2、配置完成后使用dis ip routing-table查看R1和R2的路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 Direct 0 0 D 10.0.1.1 LoopBack0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Ethernet1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 RIP 100 1 D 10.0.12.1 Ethernet1/0/0
10.0.2.0/24 Direct 0 0 D 10.0.2.2 LoopBack0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Ethernet1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、测试R1和R2环回接口间的连通性
[R1]ping 10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.0.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/40 ms
4、使用debugging命令查看RIP协议定期更新情况,并开启RIP调试功能。并使用terminal debugging和terminal monitor命令开启debug信息在屏幕上显示的功能,才能在电脑屏幕上看到路由器之间RIP协议交互的信息。
<R1>debugging rip 1
<R1>terminal debugging
<R1>terminal monitor
<R1>
Jan 26 2022 09:59:35.81.1-08:00 R1 RIP/7/DBG: 25: 5071: RIP 1: Periodic timer ex
pired for interface Ethernet1/0/0
<R1>
Jan 26 2022 09:59:35.81.2-08:00 R1 RIP/7/DBG: 25: 6278: RIP 1: Job Periodic Upda
te is created
<R1>
Jan 26 2022 09:59:35.81.3-08:00 R1 RIP/7/DBG: 25: 5719: RIP 1: Periodic timer ex
pired for interface Ethernet1/0/0 (10.0.12.1) and its added to periodic update q
ueue
<R1>
Jan 26 2022 09:59:35.81.4-08:00 R1 RIP/7/DBG: 25: 5251: RIP 1: Job Periodic Upda
te is scheduled for interface Ethernet1/0/0
<R1>
Jan 26 2022 09:59:35.81.5-08:00 R1 RIP/7/DBG: 25: 5428: RIP 1: Periodic Update C
ompleted for interface Ethernet1/0/0, Time = 0 Ms
<R1>
Jan 26 2022 09:59:35.81.6-08:00 R1 RIP/7/DBG: 25: 6048: RIP 1: Interface Etherne
t1/0/0 (10.0.12.1) is deleted from the periodic update queue
<R1>
Jan 26 2022 09:59:36.271.1-08:00 R1 RIP/7/DBG: 6: 13405: RIP 1: Sending v1 respo
nse on Ethernet1/0/0 from 10.0.12.1 with 1 RTE
<R1>
Jan 26 2022 09:59:36.271.2-08:00 R1 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface Ethernet1/0/0 from 10.0.12.1 to 255.255.255.255
<R1>
Jan 26 2022 09:59:36.271.3-08:00 R1 RIP/7/DBG: 6: 13476: Packet: Version 1, Cmd
response, Length 24
<R1>
Jan 26 2022 09:59:36.271.4-08:00 R1 RIP/7/DBG: 6: 13527: Dest 10.0.1.0, Cost 1
注意:debug命令需要在用户视图下才能使用。 5、使用undo debuging rip或者undo debug all命令关闭debug调试功能
<R1>undo debugging all
Info: All possible debugging has been turned off
<R1>undo debugging rip 1
<R1>undo terminal monitor
注意:开启过多的debug功能会耗费大量路由器资源,甚至可能导致宕机。
2.2.5.3 使用RIPv2搭建网络¶
1、基于前面的配置,只需在RIP子视图模式下配置v2即可
[R1]rip
[R1-rip-1]version 2
[R2]rip
[R2-rip-1]version 2
2、配置完成后使用dis ip routing-table 命令查看各路由器路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 Direct 0 0 D 10.0.1.1 LoopBack0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Ethernet1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.0/24 RIP 100 1 D 10.0.12.1 Ethernet1/0/0
10.0.2.0/24 Direct 0 0 D 10.0.2.2 LoopBack0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Ethernet1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、测试R1和R2环回接口间的连通性
[R1]ping 10.0.2.2
PING 10.0.2.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.2.2: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.0.2.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.0.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.0.2.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.0.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/40 ms
4、使用debugging命令查看RIP协议定期更新情况,并开启RIP调试功能。并使用terminal debugging和terminal monitor命令开启debug信息在屏幕上显示的功能,才能在电脑屏幕上看到路由器之间RIP协议交互的信息。
<R1>
Jan 26 2022 10:18:18.771.1-08:00 R1 RIP/7/DBG: 25: 5071: RIP 1: Periodic timer e
xpired for interface Ethernet1/0/0
<R1>
Jan 26 2022 10:18:18.771.2-08:00 R1 RIP/7/DBG: 25: 6278: RIP 1: Job Periodic Upd
ate is created
<R1>
Jan 26 2022 10:18:18.771.3-08:00 R1 RIP/7/DBG: 25: 5719: RIP 1: Periodic timer e
xpired for interface Ethernet1/0/0 (10.0.12.1) and its added to periodic update
queue
<R1>
Jan 26 2022 10:18:18.771.4-08:00 R1 RIP/7/DBG: 25: 5251: RIP 1: Job Periodic Upd
ate is scheduled for interface Ethernet1/0/0
<R1>
Jan 26 2022 10:18:18.771.5-08:00 R1 RIP/7/DBG: 25: 5428: RIP 1: Periodic Update
Completed for interface Ethernet1/0/0, Time = 0 Ms
<R1>
Jan 26 2022 10:18:18.771.6-08:00 R1 RIP/7/DBG: 25: 6048: RIP 1: Interface Ethern
et1/0/0 (10.0.12.1) is deleted from the periodic update queue
<R1>
Jan 26 2022 10:18:19.961.1-08:00 R1 RIP/7/DBG: 6: 13405: RIP 1: Sending v2 respo
nse on Ethernet1/0/0 from 10.0.12.1 with 1 RTE
<R1>
Jan 26 2022 10:18:19.961.2-08:00 R1 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface Ethernet1/0/0 from 10.0.12.1 to 224.0.0.9
<R1>
Jan 26 2022 10:18:19.961.3-08:00 R1 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 24
<R1>
Jan 26 2022 10:18:19.961.4-08:00 R1 RIP/7/DBG: 6: 13546: Dest 10.0.1.0/24, Nexth
op 0.0.0.0, Cost 1, Tag 0
<R1>
Jan 26 2022 10:18:20.621.1-08:00 R1 RIP/7/DBG: 6: 13414: RIP 1: Receiving v2 res
ponse on Ethernet1/0/0 from 10.0.12.2 with 1 RTE
<R1>
Jan 26 2022 10:18:20.621.2-08:00 R1 RIP/7/DBG: 6: 13465: RIP 1: Receive response
from 10.0.12.2 on Ethernet1/0/0
<R1>
Jan 26 2022 10:18:20.621.3-08:00 R1 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 24
注意:debug命令需要在用户视图下才能使用。 5、使用undo debuging rip或者undo debug all命令关闭debug调试功能
<R1>undo debugging all
Info: All possible debugging has been turned off
<R1>undo debugging rip 1
<R1>undo terminal monitor
三、配置RIPv2的认证¶
3.1 RIPv2认证介绍¶
RIPv2协议能够通过更新消息所包含的口令来验证某个路由选择消息源的合法性,有简单和MD5密文两种验证方式。
3.1.1 简单认证¶
在认证的消息当中所携带的认证口令是以明文传输的,可以通过抓包软件抓取到数据包中的密码。
3.1.2 MD5认证¶
一种单向消息摘要(message digest)算法或安全散列函数(secure hash function),由RSA Date Security,Inc提出。有时MD5也被作为一个加密校验和(cryptographic checksum)。MD5算法是通过一个随意长度的明文消息(例如,一个RIPv2的更新消息)和口类计算出一个128位的hash值。hash值类似"指纹",这个"指纹"随同消息一起传送,拥有相同口令的接收者会计算出它自己的hash值,如果消息的内容没有被更改,接收者的hash值应该和消息发送者的hash值相匹配。
3.1.3 实验内容¶
本实验模拟企业网络场景。某公司有两台路由器R1和R2,各自连接着一台主机,并且R1和R2之间配置RIPv2协议学习路由条目。R3模拟作为网络中的攻击者,窃取R1和R2间的路由信息,并发布了一些虚假路由,使R1和R2的相关路由的选路指向了R3,形成了路由欺骗,为了避免遭受攻击,提高网络安全性,网络管理员将配置RIPv2认证。
3.1.4 实验目的¶
1、理解掌握RIPv2认证的场景和意义 2、掌握配置RIPv2简单验证的方法 3、掌握测试RIPv2简单验证的配置结果的方法 4、掌握配置RIPv2 MD5密文验证的方法 5、掌握测试RIPv2 MD5密文验证配置结果的方法
3.1.5 实验拓扑¶
3.1.6 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| PC-1 | E0/0/1 | 192.168.10.10 | 255.255.255.0 | 192.168.10.1 |
| R1(AR2220) | GE0/0/0 | 192.168.10.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.12.1 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/0 | 192.168.20.1 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.12.2 | 255.255.255.0 | N/A |
| PC-2 | E0/0/1 | 192.168.20.20 | 255.255.255.0 | 192.168.20.1 |
| R3(AR2220) | GE0/0/0 | 10.0.12.3 | 255.255.255.0 | N/A |
| R3(AR2220) | Loopback 0 | 192.168.10.1 | 255.255.255.0 | N/A |
| R3(AR2220) | Loopback 1 | 192.168.20.1 | 255.255.255.0 | N/A |
3.1.7 实验步骤¶
3.1.7.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
3.1.7.2 搭建RIP网络¶
1、配置公司路由器R1和R2的RIPv2的协议,并添加需要通告的网段。
[R1]rip
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]network 10.0.0.0
[R1-rip-1]network 192.168.10.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 10.0.0.0
[R2-rip-1]network 192.168.20.0
2、配置完成后,检查R1与R2的路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/0
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/1
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/1
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/0
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.1.7.3 模拟网络攻击¶
1、配置路由器R3作为攻击者,接入公司网络。在基本配置中已经将接口GE0/0/0地址配置为10.0.12.3,与公司路由器在同一网段,并配置RIPv2协议,通告该网段,配置完成后查看R3的路由表
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.3 GigabitEthernet
0/0/0
10.0.12.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/0
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、以上可发现R3已经非法获取R1和R2上用户终端所在的两个网段的路由信息。此时R3上可以向两个网段发送大量的Ping包,导致网络链路拥塞,形成攻击。
[R3]ping -c 100000 192.168.10.10
PING 192.168.10.10: 56 data bytes, press CTRL_C to break
Request time out
Reply from 192.168.10.10: bytes=56 Sequence=2 ttl=127 time=70 ms
Reply from 192.168.10.10: bytes=56 Sequence=3 ttl=127 time=40 ms
Reply from 192.168.10.10: bytes=56 Sequence=4 ttl=127 time=50 ms
Reply from 192.168.10.10: bytes=56 Sequence=5 ttl=127 time=50 ms
Reply from 192.168.10.10: bytes=56 Sequence=6 ttl=127 time=50 ms
Reply from 192.168.10.10: bytes=56 Sequence=7 ttl=127 time=40 ms
Reply from 192.168.10.10: bytes=56 Sequence=8 ttl=127 time=50 ms
3.1.7.4 模拟网络地址欺骗¶
1、在R3上分别配置用于两个用于欺骗的环回接口,地址分别为192.168.10.1和1192.168.20.1,并且在RIP协议中通告这两个欺骗的网段。
[R3]int LoopBack 0
[R3-LoopBack0]ip add 192.168.10.1 24
[R3-LoopBack0]int loop 1
[R3-LoopBack1]ip add
[R3-LoopBack1]ip address 192.168.20.1 24
[R3]rip
[R3-rip-1]network 192.168.10.0
[R3-rip-1]network 192.168.20.0
2、配置完成后,查看R1和R2的路由表,观察到目的为192.168.10.0网段和192.168.20.0网段形成了两条等价负载均衡的路径,下一跳地址分别是R2和R3、R1和R3。这样会导致去往192.168.20.0网段的数据包有部门转发给了欺骗路由器R3。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/0
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/1
RIP 100 1 D 10.0.12.3 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/1
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/1
RIP 100 1 D 10.0.12.3 GigabitEthernet
0/0/1
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/0
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3.1.7.5 配置RIPv2简单明文验证¶
1、在R1和R2的G0/0/1接口配置认证,使用简单验证方式,密码为huawei。
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]rip authentication-mode simple huawei
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]rip authentication-mode simple huawei
注意:两边密码必须保持一致,否则会认证失败!!! 2、配置完成后,等待一段时间,再次查看R1和R2的路由表。R1与R2的路由表恢复正常,R3发送的欺骗路由在路由表中消失。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/1
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/0
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/1
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/1
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/0
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R1上的G0/0/1接口进行抓包,观察到R1和R2间发送的RIP报文含authentication字段,并且密码为明文的huawei。
3.1.7.6 配置RIPv2MD5密文验证¶
1、在R1和R2的G0/0/1接口删除上一步的简单验证配置,选择MD5密文验证方式配置。配置时可以选择MD5密文验证方式的报文格式(usual表示使用通用报文格式;nonstandard表示使用非标准报文格式-IETF标准,但是必须保证两端的报文格式一致,这里选择通用标准格式)
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo rip authentication-mode
[R1-GigabitEthernet0/0/1]rip authentication-mode md5 usual huawei
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]undo rip authentication-mode
[R2-GigabitEthernet0/0/1]rip authentication-mode md5 usual huawei
2、配置完成后,等待一段时间,再次查看R1和R2的路由表。R1与R2的路由表恢复正常,R3发送的欺骗路由在路由表中消失。与之前配置明文认证效果相同。 3、在R1上的G0/0/1接口进行抓包,观察到R1和R2间发送的RIP报文含authentication字段,此时密码为密文。
3.2 思考¶
在本实验中,R1和R2上配置了认证,R3没有配置认证,根据分析,R1和R2不会再接收R3发送的不包含认证信息的RIP更新,那R3是否会接收R1和R2发送过来的带有认证信息的RIP更新呢?为什么? 答:(1)不会接收(2)因为数据包里认证字段跟自己不匹配,所以路由器R3不会收,单向的路由通常是没有意义的,大部分应用都是需要双向通信的。
四、RIP路由协议的汇总¶
4.1 路由汇总介绍¶
当网络中路由器的路由条目非常多,可以通过路由汇总(又称路由汇聚或路由聚合)来减少路由条目数。
4.1.1 路由汇总优点¶
通过减少路由条目数,加快路由收敛时间和增强网络稳定性。路由汇总后路由器将不会感知被汇总子网有关的变化,从而提高网络稳定性,减少了不必要的路由器更新。
4.1.2 路由汇总原理¶
同一个自然网段内的不同子网的路由在向外(其他网段)发送时聚合成一个网段的路由发送。
4.2 RIPv1和RIPv2区别¶
4.2.1 RIPv1¶
有类别路由协议,它的协议报文中没有携带掩码信息,只能识别A、B、C类这样的自然网段的路由,因此RIPv1无法支持路由聚合,也不支持不连续子网,所以路由会被自动汇总为有类路由。
4.2.2 RIPv2¶
无分类路由协议,报文中携带掩码信息,支持手动路由汇总和自动路由汇总两种方式。 基于RIP进程的有类自动汇总:比如对于10.1.1.0/24(metric=2)和10.1.2.0/24(metric=3)这两条路由,聚合成自然网段路由10.0.0.0/8(metric=2)。自动汇总是按类聚合的,在华为设备上自动汇总是默认关闭的,可手动配置使自动汇总生效 基于接口的手动汇总:用户可以指定聚合路由。比如:对于10.1.1.0/24(metric=2)和10.1.2.0/24(metric=3)这两条路由,可以在接口上配置聚合路由10.1.0.0/16(metric=2)。
4.2.3 实验内容¶
在由3台路由器所组成的简单网络中,R3连接着多个网段,通过Loopback口来模拟多个网段,通过实验实现RIPv1自动汇总、RIPv2自动汇总以及RIPv2手工汇总。
4.2.4 实验目的¶
1、理解RIP路由协议汇总的应用场景 2、理解RIPv1和RIPv2的自动汇总 3、掌握配置和测试RIPv1自动汇总、RIPv2自动汇总以及RIPv2手动汇总
4.2.5 实验拓扑¶
4.2.6 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR1220) | S1/0/0 | 192.168.12.1 | 255.255.255.0 | N/A |
| R2(AR1220) | S1/0/1 | 192.168.12.2 | 255.255.255.0 | N/A |
| R2(AR1220) | S1/0/0 | 192.168.23.2 | 255.255.255.0 | N/A |
| R3(AR1220) | S1/0/1 | 192.168.23.3 | 255.255.255.0 | N/A |
| R3(AR1220) | Loop0 | 3.3.0.3 | 255.255.255.0 | N/A |
| R3(AR1220) | Loop1 | 3.3.1.3 | 255.255.255.0 | N/A |
| R3(AR1220) | Loop2 | 3.3.2.3 | 255.255.255.0 | N/A |
| R3(AR1220) | Loop3 | 3.3.3.3 | 255.255.255.0 | N/A |
4.2.7 实验步骤¶
4.2.7.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
4.2.7.2 配置RIPv1协议¶
1、在R1、R2、R3上配置RIPv1协议,通告相应网段。
[R1]rip
[R1-rip-1]network 192.168.12.0
[R2]rip
[R2-rip-1]network 192.168.12.0
[R2-rip-1]network 192.168.23.0
[R3]rip 1
[R3-rip-1]network 192.168.23.0
[R3-rip-1]network 3.0.0.0
2、配置完成后,查看R1与R2的路由表。观察到R3发送过来的汇总路由条目3.0.0.0/8,没有任何明细路由条目。
[R1-rip-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.0.0.0/8 RIP 100 2 D 192.168.12.2 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.1 Serial1/0/0
192.168.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.12.2/32 Direct 0 0 D 192.168.12.2 Serial1/0/0
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.0/24 RIP 100 1 D 192.168.12.2 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.0.0.0/8 RIP 100 1 D 192.168.23.3 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.2 Serial1/0/1
192.168.12.1/32 Direct 0 0 D 192.168.12.1 Serial1/0/1
192.168.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R3的S1/0/1接口上抓包,可以观察到RIPv1的协议报文中没有携带掩码信息,只有相应的网络号以及Metric值,即RIPv1只发布汇总后的有类路由。RIPv1默认开启自动汇总,且无法关闭,也不支持手动汇总。
4、使用display default-parameter rip命令查看RIP默认配置信息。观察到默认开启自动汇总。
<R3>display default-parameter rip
--------------------------------------------
Protocol Level Default Configurations
--------------------------------------------
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Auto Summary : Enabled
Host-route : Enabled
Maximum Balanced Paths : 4
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Default-route : Disabled
Verify-source : Enabled
Graceful restart : Disabled
--------------------------------------------
Interface Level Default Configurations
--------------------------------------------
Metricin : 0
Metricout : 1
Input Packet Processing : Enabled
Output Packet Processing: Enabled
Poison Reverse : Disabled
Replay Protect : Disabled
Split Horizon
For Broadcast and P2P Interfaces : Enabled
For NBMA Interfaces : Disabled
Packet Transmit Interval : 200 msecs
Packet Transmit Number : 50
RIP Protocol Version : RIPv1 Compatible (Non-Standard)
4.2.7.3 配置RIPv2自动汇总¶
1、在R1、R2、R3上运行RIPv2协议,并发布自然网段
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]network 192.168.12.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 192.168.12.0
[R2-rip-1]network 192.168.23.0
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]network 192.168.23.0
[R3-rip-1]network 3.0.0.0
2、配置完成后,查看R1和R2的路由表。观察到接收到的路由条目是具体的明细路由条目,而没有汇总路由,此时RIPv2默认自动汇总并没有生效。
[R1-rip-1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.0.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.1.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.2.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.3.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.1 Serial1/0/0
192.168.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.12.2/32 Direct 0 0 D 192.168.12.2 Serial1/0/0
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.0/24 RIP 100 1 D 192.168.12.2 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.0.0/24 RIP 100 1 D 192.168.23.3 Serial1/0/0
3.3.1.0/24 RIP 100 1 D 192.168.23.3 Serial1/0/0
3.3.2.0/24 RIP 100 1 D 192.168.23.3 Serial1/0/0
3.3.3.0/24 RIP 100 1 D 192.168.23.3 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.2 Serial1/0/1
192.168.12.1/32 Direct 0 0 D 192.168.12.1 Serial1/0/1
192.168.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
RIPv2默认自动汇总失效原因:在华为设备上,以太网接口和串口都默认启用了水平分割功能。为了防止环路和不连续子网问题的产生,在启用了水平分割或毒性逆转的接口上,RIPv2的默认自动汇总就会失效,所以从R3通告过来的都是具体的明确路由条目。
3、使用summary always命令或使用undo rip split-horizon 使RIPv2的默认自动汇总生效
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]summary always
[R3]int s1/0/1
[R3-Serial1/0/1]undo rip split-horizon
4、查看R1、R2的路由表,观察到此时RIPv2的自动汇总生效了
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.0.0.0/8 RIP 100 2 D 192.168.12.2 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.1 Serial1/0/0
192.168.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.12.2/32 Direct 0 0 D 192.168.12.2 Serial1/0/0
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.0/24 RIP 100 1 D 192.168.12.2 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.0.0.0/8 RIP 100 1 D 192.168.23.3 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.2 Serial1/0/1
192.168.12.1/32 Direct 0 0 D 192.168.12.1 Serial1/0/1
192.168.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4.2.7.4 配置RIPv2手动汇总¶
1、删除上一步骤中使RIPv2自动汇总功能生效的配置
[R3-rip-1]undo summary
或
[R3]int s1/0/1
[R3-Serial1/0/1]rip split-horizon
2、删除完毕后查看R1和R2的路由表,这里只查看R1,R2省略
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.0.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.1.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.2.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
3.3.3.0/24 RIP 100 2 D 192.168.12.2 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.1 Serial1/0/0
192.168.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.12.2/32 Direct 0 0 D 192.168.12.2 Serial1/0/0
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.0/24 RIP 100 1 D 192.168.12.2 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R3上使用rip summary-address 3.3.0.0 255.255.252.0 命令配置手动汇总,配合需要汇总的本地网络IP地址为3.3.0.0,网络掩码为255.255.252.0
[R3]int s1/0/1
[R3-Serial1/0/1]rip summary-address 3.3.0.0 255.255.252.0
4、配置完成后,查看R1和R2的路由表。观察到R1和R2上已经接收了该汇总路由条目,且没有任何明细路由条目。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.0.0/22 RIP 100 2 D 192.168.12.2 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.1 Serial1/0/0
192.168.12.1/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.12.2/32 Direct 0 0 D 192.168.12.2 Serial1/0/0
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.0/24 RIP 100 1 D 192.168.12.2 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
3.3.0.0/22 RIP 100 1 D 192.168.23.3 Serial1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 Direct 0 0 D 192.168.12.2 Serial1/0/1
192.168.12.1/32 Direct 0 0 D 192.168.12.1 Serial1/0/1
192.168.12.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.12.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4.3 思考¶
华为设备默认开启RIPv2的自动汇总,如果没有默认开启接口下的水平分割,即自动汇总生效的情况下,可能会导致出现环路以及不连续子网等问题。请设计一个相关场景,模拟在RIPv2开启了自动汇总且关闭了水平分割的情况下,导致路由环路或不连续子网问题的出现。 答: (1)
在这样的拓扑环境下,首先自动汇总开启的时候,R2和R4是主类网络边界,这样R3会从两个方向收到10.0.0.0/8的路由。对于R3来说,两条路由会进行基于流的负载均衡,这样从R3通过的数据是无法正常转发到各自目的网段,所以无法支持不连续的子网。 (2)
在这样的拓扑环境下,假如R1和R2中的链路Down掉,R2会失去10.0.12.0/24的路由条目。由于关闭了水平分割,R3会将从R2学到的10.0.0.0/8还给R2,R2会将10.0.0.0/8路由再还回给R3,这样直到最终达到16跳。在此时间内,R2和R3都将学到的10.0.0.0/8扔给对方,这就造成了环路。
五、配置RIP的版本兼容、定时器及协议优先级¶
5.1 RIP版本¶
RIP在IPv4中有v1和v2两个版本。在配置RIP时,如果不指定版本,接口默认情况下能接收v1和v2的报文,但只能发送v1的报文;在指定版本的情况下,RIPv1只能接收和发送v1的报文,RIPv2只能接收和发送v2的报文。
5.2 RIP定时器¶
RIP定时器有3种:更新计时器,默认每30s发送一次更新;超时计时器,默认时间为180s,如果在超时计时器内没有收到邻居发来的更新报文,则把路由的度量值设置为16,并启动垃圾收集定时器;垃圾收集定时器,默认120s,如果启动了该计时器,那么120s超时以后,路由表中会删除该路由表项。
5.3 RIP协议优先级¶
默认协议优先级为100,可手动修改
5.4 配置RIP的版本兼容、定时器及协议优先级实验¶
5.4.1 实验内容¶
本实验中采用简单的场景介绍RIP各版本之间的区别及如何实现相互间的兼容、RIP的3种定时器的作用及修改方法。
5.4.2 实验目的¶
1、掌握配置RIP版本的方法 2、理解RIPv1和RIPv2的相互兼容性 3、掌握RIP的3种定时器的配置 4、掌握RIP的协优先级的配置
5.4.3 实验拓扑¶
5.4.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | G0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | G0/0/1 | 192.168.10.1 | 255.255.255.0 | N/A |
| R2(AR2220) | G0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | G0/0/1 | 192.168.20.1 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 192.168.10.10 | 255.255.255.0 | 192.168.10.1 |
| PC-2 | E0/0/1 | 192.168.20.20 | 255.255.255.0 | 192.168.20.1 |
5.4.5 实验步骤¶
5.4.5.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
5.4.5.2 配置RIP协议的版本兼容¶
1、在R1和R2上配置RIP协议,通告相应网段。但是在R1上,不指定RIP的版本,在R2上指定使用版本v2。
[R1]rip
[R1-rip-1]network 10.0.0.0
[R1-rip-1]network 192.168.1.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 10.0.0.0
[R2-rip-1]network 192.168.20.0
2、配置完成后,使用****命令查看R1和R2的路由表,观察到R1的路由表中存在PC-2所在网段的路由条目,在R2的路由表上没有发现PC-1所在网段的路由条目。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/1
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/1
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R1的G0/0/0接口上抓取R1发送给R2和从R2接收到的RIP报文。
说明一:R1上采用版本1,即广播方式来发送更新;而R2采用版本2,即组播方式发送更新。验证了R1在RIP协议进程中没有明确指定版本配置时,默认是可以处理接收版本11和版本2的报文,但仅发送版本1的报文;而R2因在协议进程中明确配置了版本2,仅接收和发送版本2的报文。 说明二:R1上发送的是RIPv1报文,而R2不能正确处理接收,所以R2的路由表上没有PC-1所在网段的路由条目。而R2发送的RIPv2报文能够被R1处理接收,所以在R1的路由表上存在PC-2所在网段的路由条目。 4、在R1上设置接口的RIP版本,使用rip version 2 broadcast命令使R1能够以广播的形式发送RIPv2报文。也可以使用rip version 2 multicast命令使R1能够以组播方式发送RIPv2报文,与上面效果一样。
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]rip version 2 broadcast
或
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]rip version 2 multicast
5、配置完成后,在R2上查看其路由表。观察到路由表中已经存在R1发送过来的路由条目。
注意:在配置RIP协议时建议路由器之间配置相同RIP版本,避免可能由于错误配置而导致RIP协议无法正常工作!!!
5.4.5.3 配置RIP的定时器¶
1、默认情况下RIP协议会每隔30s左右发送一次路由更新 2、路由更新的有效期为超时定时器定义的时间180s,即当在180s内没有收到新的路由更新,则宣布路由不可达,并从路由表中清除掉该路由条目。 3、为验证效果,在R1的GE0/0/0接口上使用undo rip output命令配置停止发送RIP路由更新
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo rip output
4、配置完成后,查看R2的路由表。观察到从R1接收到的路由条目依然存在。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/0
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/1
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5、使用display rip 1 database命令检查R2的RIP发布数据库中的所有激活路由。观察到路由条目没有发生变化,状态仍为[A],即仍被通告。
[R2]display rip 1 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.0.12.0/24, cost 0, [A], Rip-interface
192.168.10.0/24, cost 1, ClassfulSumm
192.168.10.0/24, cost 1, [A], nexthop 10.0.12.1
192.168.20.0/24, cost 0, ClassfulSumm
192.168.20.0/24, cost 0, [A], Rip-interface
6、在等待超时计时器到期定义的180s以后再使用dis ip routing-table检查。观察到R2的路由表无法看到R1发送过来的路由条目,原因是超时定时器已经到期,该路由条目被定义为失效,已经从路由表中删除。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet
0/0/1
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
7、使用display rip 1 database再次检查R2的路由表和发布数据库,观察到该路由条目已经被标记为16跳,即不可达,并且状态标记为[I],该路由将不能被通告出去。由于RIP垃圾收集定时器启动,且没有到期,暂时不能从数据库中删除,该路由条目仍存在。
[R2]display rip 1 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.0.12.0/24, cost 0, [A], Rip-interface
192.168.10.0/24, cost 16, ClassfulSumm
192.168.10.0/24, cost 16, [I], nexthop 10.0.12.1
192.168.20.0/24, cost 0, ClassfulSumm
192.168.20.0/24, cost 0, [A], Rip-interface
8、如果在默认的120s内仍然没有收到更新报文,垃圾收集定时器超时后将删除该表项。经过120s后再查看R2上的发布数据库。
[R2]display rip 1 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.0.12.0/24, cost 0, [A], Rip-interface
192.168.10.0/24, cost 1, ClassfulSumm
192.168.10.0/24, cost 1, [A], nexthop 10.0.12.1
192.168.20.0/24, cost 0, ClassfulSumm
192.168.20.0/24, cost 0, [A], Rip-interface
9、可以通过timers rip 20 120 60命令改变这几个定时器的默认值来影响RIP的收敛速度。将R1的更新报文的时间间隔修改为20s,超时计时器的超时计时器的超时时间修改为120s,垃圾收集计时器的超时时间修改为60s。
[R1]rip
[R1-rip-1]timers rip 20 120 60
10、配置完成后,使用dis rip查看RIP的协议信息
[R1]dis rip
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 20 sec #路由更新时间 Age time : 120 sec #老化时间
Garbage-collect time : 60 sec #垃圾收集时间
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.10.0 10.0.0.0
Configured peers : None
Number of routes in database : 4
Number of interfaces enabled : 2
Triggered updates sent : 1
Number of route changes : 1
Number of replies to queries : 1
Number of routes in ADV DB : 3
Total count for 1 process :
Number of routes in database : 4
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 8
Number of routes sent in last periodic update : 4
5.4.5.4 配置RIP协议优先级¶
1、使用dis ip routing-table命令查看R1的路由表,观察到RIP默认优先级为100
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/1
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、RIP默认优先级为100,使用preference 80将R1的路由优先级设置为80,然后查看R1的路由表
[R1]rip
[R1-rip-1]preference 80
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet
0/0/1
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.20.0/24 RIP 80 1 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
注意:优先级的数值越小,代表优先级越高!!!
5.5 思考¶
在此实验中,如果在R1上配置一条去往192.168.20.0网段的静态路由,再把RIP优先级修改为60,那么在R1上的IP路由表中该网段路由来自RIP还是静态路由?为什么? 答:(1)在R1上的IP路由表中该网段路由来自静态路由(2)若同一条路由条目来自两个不同协议,且协议优先级一样,路由器会根据协议内部优先级来选择最优路由,内部优先级也就是协议优先级的初始值。
六、配置RIP抑制接口及单播更新¶
6.1 RIP抑制接口¶
6.1.1 RIP抑制接口介绍¶
配置后禁止接口发送更新报文,但此接口所在网段的路由可以发布出去。 注意:RIPv1和RIPv2对于抑制接口和单播更新的特性支持情况相同!!!
6.1.2 RIP抑制接口配置方法¶
1、执行silent-interface命令或在接口下配置undo rip output使其只接收报文,但不能发送RIP报文。(silent-interface的优先级大于在接口下配置的undo rip output,默认情况下为不抑制状态) 2、在接口下配置undo rip input命令,禁止接口接收RIP更新报文,这也是预防路由环路的一种方式。
6.2 单播更新¶
指RIP使用单播发送RIP报文。在默认情况下,RIP每隔30s以广播或组播方式交换整个路由表信息,这将耗费大量网络带。为解决因RIP广播报文而产生的网络性能问题,可以使用单播更新的方式来交换路由信息。当使用silent-interface命令配置抑制接口后,再指定单播更新的目的地址后,单播更新有效;
注意:如果在接口下使用undo ripoutput命令来配置抑制接口,即使再指定单播更新的目的地址也是无法发送更新的路由条目的!!!
6.2.1 实验内容¶
本实验模拟企业场景。R1为该公司出口网关路由器,连接运营商网络:R2为公司IT部门路由器,通过交换机S1与网关相连;人事部员工直接通过交换机S1接入公司网络;R3为公司财务部门路由器,同样通过S1与网关相连。所有路由器运行路由协议RIP实现网络互通。由于交换机S1直连了大量PC用户,如果R1继续以广播(RIPv1)或组播(RIPv2)的方式发送更新的路由给R2和R3,处于同一广播网络中的S1下连接的PC也会收到这些对PC来说无用的更新,造成了带宽或组播更新。为了优化网络,现需要在R1的G0/0/1接口配置抑制接口来抑制广播或组播更新;为了使R2和R3能照常接收更新,还需要在R1上配置与R2和R3的单播更新;同时禁止其他部门访问财务部门,需抑制R3的E0/0/1接口,不发布任何RIP路由(单播更新也不行),仅接收其他路由信息。
6.2.2 实验目的¶
1、掌握RIP抑制接口的配置 2、理解抑制接口的原理及应用场景 3、掌握RIP中单播更新的配置 4、理解单播更新的原理及应用场景
6.2.3 实验拓扑¶
6.2.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1 | G0/0/1 | 172.16.1.254 | 255.255.255.0 | N/A |
| R2(AR2220) | G0/0/1 | 172.16.1.100 | 255.255.255.0 | N/A |
| R2(AR2220) | G0/0/0 | 172.16.2.254 | 255.255.255.0 | N/A |
| R3(AR2220) | G0/0/1 | 172.16.2.100 | 255.255.255.0 | N/A |
| R3(AR2220) | G0/0/0 | 192.168.1.254 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 172.16.2.1 | 255.255.255.0 | 172.16.2.254 |
| PC-2 | E0/0/1 | 172.16.1.1 | 255.255.255.0 | 172.16.1.254 |
| PC-3 | E0/0/1 | 192.168.1.1 | 255.255.255.0 | 192.168.1.254 |
6.2.5 实验步骤¶
6.2.5.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
6.2.5.2 搭建基础的RIP网络¶
1、在R1、R2、R3上运行RIP路由协议,并通告相应网段
[R1]rip 1
[R1-rip-1]net
[R1-rip-1]network 172.16.0.0
[R2]rip
[R2-rip-1]network 172.16.0.0
[R3]rip
[R3-rip-1]network 172.16.0.0
[R3-rip-1]network 192.168.1.0
2、配置完成后,检查3台设备的路由表
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
192.168.1.0/24 RIP 100 1 D 172.16.1.200 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.100 GigabitEthernet
0/0/1
172.16.1.100/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.0/24 RIP 100 1 D 172.16.1.200 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.200 GigabitEthernet
0/0/1
172.16.1.200/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/0
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在PC-2的E0/0/1接口上抓包,可以观察到接收了许多对PC-2来说无用的RIP路由更新。
说明:这是由于在R2上172.16.2.0网段也被通告进了RIP协议中。
6.2.5.3 配置RIP抑制接口,优化公司网络¶
1、在各路由器上使用silent-interface命令将相应接口配置成为抑制端口,使得接口只接收RIP更新报文,而不发送更新报文
[R1]rip
[R1-rip-1]silent-interface g0/0/1
[R2]rip
[R2-rip-1]silent-interface g0/0/0
[R2-rip-1]silent-interface g0/0/1
[R3]rip
[R3-rip-1]silent-interface g0/0/0
[R3-rip-1]silent-interface g0/0/1
2、配置完成后,分别在R1、R2、R3上使用display rip命令查看相关配置信息
[R1]dis rip
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
172.16.0.0
Configured peers : None
Number of routes in database : 4
Number of interfaces enabled : 1
Triggered updates sent : 0
Number of route changes : 2
Number of replies to queries : 2
Number of routes in ADV DB : 3
Total count for 1 process :
Number of routes in database : 4
Number of interfaces enabled : 1
Number of routes sendable in a periodic update : 4
Number of routes sent in last periodic update : 0
<R2>dis rip
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/0 GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
172.16.0.0
Configured peers : None
Number of routes in database : 3
Number of interfaces enabled : 2
Triggered updates sent : 0
Number of route changes : 3
Number of replies to queries : 1
Number of routes in ADV DB : 2
Total count for 1 process :
Number of routes in database : 3
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 6
Number of routes sent in last periodic update : 4
<R3>dis rip
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/0 GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.1.0 172.16.0.0
Configured peers : None
Number of routes in database : 3
Number of interfaces enabled : 2
Triggered updates sent : 2
Number of route changes : 3
Number of replies to queries : 0
Number of routes in ADV DB : 2
Total count for 1 process :
Number of routes in database : 3
Number of interfaces enabled : 2
Number of routes sendable in a periodic update : 6
Number of routes sent in last periodic update : 3
3、配置完成后,在PC-2的E0/0/1接口上抓包。可以观察到PC-2已接收不到RIP路由更新。
6.2.5.4 配置RIP单播更新,恢复网络通信¶
1、上面步骤完成后,各部门无法实现互相通信。查看R1、R2、R3上的路由表,发现路由器上相应接口配置成抑制接口后,接口将无法以广播或组播的方式发送RIP更新报文。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.100 GigabitEthernet
0/0/1
172.16.1.100/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.200 GigabitEthernet
0/0/1
172.16.1.200/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/0
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、增加RIP的单播更新配置,使用peer命令后加上指定邻居路由器IP地址,即各自相连的直连链路上的IP地址。
[R1]rip
[R1-rip-1]peer 172.16.1.100
[R1-rip-1]peer 172.16.1.200
[R2]rip
[R2-rip-1]peer 172.16.1.200
[R2-rip-1]peer 172.16.1.254
[R3]rip
[R3-rip-1]peer 172.16.1.100
[R3-rip-1]peer 172.16.1.254
3、配置完成后分别在R1、R2、R3上使用dis rip 1命令查看RIP协议的信息
<R1>dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
172.16.0.0
Configured peers :
172.16.1.200 172.16.1.100
Number of routes in database : 4
Number of interfaces enabled : 1
Triggered updates sent : 0
Number of route changes : 8
Number of replies to queries : 2
Number of routes in ADV DB : 3
<R2>dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/0 GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
172.16.0.0
Configured peers :
172.16.1.254 172.16.1.200
Number of routes in database : 4
Number of interfaces enabled : 2
Triggered updates sent : 0
Number of route changes : 4
Number of replies to queries : 1
Number of routes in ADV DB : 3
<R3>dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 1
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 8
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces :
GigabitEthernet0/0/0 GigabitEthernet0/0/1
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.1.0 172.16.0.0
Configured peers :
172.16.1.254 172.16.1.100
Number of routes in database : 4
Number of interfaces enabled : 2
Triggered updates sent : 2
Number of route changes : 4
Number of replies to queries : 0
Number of routes in ADV DB : 3
4、查看R1、R2、R3上的路由表,观察到每台路由器上都已拥有所有网段的路由信息。现在网络通信恢复正常,并且所有PC也不会接收到任何RIP报文。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
192.168.1.0/24 RIP 100 1 D 172.16.1.200 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.100 GigabitEthernet
0/0/1
172.16.1.100/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.0/24 RIP 100 1 D 172.16.1.200 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.200 GigabitEthernet
0/0/1
172.16.1.200/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/0
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
6.2.5.5 验证另一种抑制接口方式¶
1、将R3上现有抑制接口和单播更新的配置删除,然后在R3上的G0/0/1接口上配置undo rip output命令,禁止接口发送RIP报文。
[R3]rip 1
[R3-rip-1]undo silent-interface g0/0/0
[R3-rip-1]undo silent-interface g0/0/1
[R3-rip-1]undo peer 172.16.1.100
[R3-rip-1]undo peer 172.16.1.254
[R3-rip-1]int g0/0/1
[R3-GigabitEthernet0/0/1]undo rip output
2、配置完成后,等待一段时间,查看R1、R2的路由表。可以观察R3上的192.168.1.0所在直连网段的路由条目消失,说明undo rip output命令生效,不再发送任何RIP路由更新。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.100 GigabitEthernet
0/0/1
172.16.1.100/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R3上配置与R1间的单播更新
[R3]rip
[R3-rip-1]peer 172.16.1.254
4、配置完成后,等待一段时间,再在R1上查看路由表,观察到R1上仍没有R3上的192.168.1.0所在直连网段的路由条目,证明使用undo rip output命令来抑制接口,即使配置了单播更新也无法再以单播的形式发送路由更新的。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.0/24 RIP 100 1 D 172.16.1.100 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
说明:在接口上使用undo rip output命令禁止该接口发送RIP报文,也可以使用undo rip input命令禁止该接口接收RIP报文,通过这两条命令可以灵活地控制接口对RIP报文的发送和接收(默认情况下是可以接收和发送RIP报文)。
注意:silent-interface命令的优先级大于rip output或rip input命令的优先级!!!
七、RIP与不连续子网¶
7.1 RIP主网边界自动汇总¶
当汇总发生时,汇总的子网路由在边界处被抑制掉,而仅通告主网路由。如果一台路由器上有两个接口,网段分别是10.1.1.0/24和172.16.1.0/24,那么在这两个网段的主网边界路由器就会自动将这两个网段汇总成10.1.1.0和172.16.0.0,并通告给其他路由器。如果主网的子网不连续,被其他主网所分隔,主网边界的自动汇总就会存在问题。
7.2 连续子网与不连续子网介绍¶
7.2.1 连续子网¶
所相连的子网属于同一主网
7.2.2 不连续子网¶
相同主网下的子网被另一个主网分隔
八、实验内容¶
在某公司的网络整改项目中,原先R1和R5属于同一主网络10.0.0.0/8,现被R2、R3、R4分离,整网采用了RIPv1协议,发现在该子网不连续的环境下通信出了问题,现在需要通过额外的配置来解决这些问题,以保证所有设备能够互通。
8.1 实验目的¶
1、理解连续子网和不连续子网的概念 2、掌握RIPv1中解决不连续子网问题的方法 3、掌握RIPv2中解决不连续子网问题的方法 4、理解RIPv1和RIPv2的区别
8.2 实验拓扑¶
8.3 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR1220) | E1/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R2(AR1220) | E1/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR1220) | S2/0/0 | 192.168.23.2 | 255.255.255.0 | N/A |
| R3(AR1220) | S1/0/0 | 192.168.23.3 | 255.255.255.0 | N/A |
| R3(AR1220) | S1/0/1 | 192.168.34.3 | 255.255.255.0 | N/A |
| R4(AR1220) | S2/0/1 | 192.168.34.4 | 255.255.255.0 | N/A |
| R4(AR1220) | E1/0/0 | 10.0.45.4 | 255.255.255.0 | N/A |
| R5(AR1220) | E1/0/0 | 10.0.45.5 | 255.255.255.0 | N/A |
8.4 实验步骤¶
8.4.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
8.4.2 组建基本的RIPv1网络¶
1、在路由器R1、R2、R3、R4、R5上配置RIPv1
[R1]rip
[R1-rip-1]network 10.0.0.0
[R2]rip
[R2-rip-1]network 10.0.0.0
[R2-rip-1]network 192.168.23.0
[R3]rip
[R3-rip-1]network 192.168.34.0
[R3-rip-1]network 192.168.23.0
[R4]rip
[R4-rip-1]network 192.168.34.0
[R4-rip-1]network 10.0.0.0
[R5]rip
[R5-rip-1]network 10.0.0.0
2、配置完成后,查看R1的路由表。发现存在192.168.23.0/24和192.168.34.0/24两条RIP路由条目,但并不存在R4和R5之间的10.0.45.0/24路由条目。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Ethernet1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
192.168.34.0/24 RIP 100 2 D 10.0.12.2 Ethernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、查看R2的路由表,发现存在只有192.168.34.0/24一条RIP路由条目,但并不存在R4和R5之间的10.0.45.0/24路由条目。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Ethernet1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial2/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial2/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.34.0/24 RIP 100 1 D 192.168.23.3 Serial2/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、查看R3的路由表,发现通过R2、R4接收到了两条相同的10.0.0.0/8的主网路由条目,而非现网拓扑中10.0.12.0/24和10.0.45.0/24两条子网路由。
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 192.168.23.2 Serial1/0/0
RIP 100 1 D 192.168.34.4 Serial1/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.34.0/24 Direct 0 0 D 192.168.34.3 Serial1/0/1
192.168.34.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.34.4/32 Direct 0 0 D 192.168.34.4 Serial1/0/1
192.168.34.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
情况说明:由于采用了RIPv1,在R2和R4分别接收到10.0.12.0/24和10.0.45.0/24的路由条目时,默认打开了自动有类汇总功能,所以在主网边界向外发送路由信息的时候都汇总成了10.0.0.0/8,发送给R3,最终在R3上由于接收到了两条目的网段相同、代价值也相同的路由条目。
5、在R3上测试与R1和R5的连通性,发现此时存在有一端无法通信的现象。
[R3]ping 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=254 time=50 ms
Reply from 10.0.45.5: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.0.45.5: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.0.45.5: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.0.45.5: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 10.0.45.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/36/50 ms
[R3]ping 10.0.12.1
PING 10.0.12.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.0.12.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
情况说明:在R3发送ICMP报文的时候,会根据路由表进行匹配,即匹配10.0.0.0/8,那么最终报文流量可能会出现R3将本该要发送给R1的ICMP报文错误转发给R4,导致无法通信。(RIPv1默认自动汇总开启的情况下,设计网络时没有遵循主网的子网应该连续这一要求所致)
8.4.3 RIPv1中解决不连续子网问题¶
1、在R2上的S2/0/0接口上配置从IP地址,只要在常规配置IP地址的命令之后加上sub参数即可。R3、R4也做相应配置。并在R3的RIP进程中添加10.0.0.0网段。
[R2]int s2/0/0
[R2-Serial2/0/0]ip add 10.0.23.2 24 sub
[R3]int s1/0/0
[R3-Serial1/0/0]ip add 10.0.23.3 24 sub
[R3-Serial1/0/0]int s1/0/1
[R3-Serial1/0/1]ip add 10.0.34.3 24 sub
[R3]rip
[R3-rip-1]network 10.0.0.0
[R4]int s2/0/1
[R4-Serial2/0/1]ip add 10.0.34.4 24 sub
情况说明:经过上面配置,相当于原先在整网拓扑中被孤立的两个不连续的子网10.0.12.0/24和10.0.45.0/24网段被新添的子网10.0.23.0/24和10.0.34.0/24网段连接了起来,即现在已经构成了一个连续的子网。 2、配置完成后查看每台路由器的路由表,观察到每台路由器的路由表拥有了所有的子网信息。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Ethernet1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.23.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
10.0.34.0/24 RIP 100 2 D 10.0.12.2 Ethernet1/0/0
10.0.45.0/24 RIP 100 3 D 10.0.12.2 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
192.168.34.0/24 RIP 100 2 D 10.0.12.2 Ethernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 20
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 192.168.23.3 Serial2/0/0
RIP 100 1 D 10.0.23.3 Serial2/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Ethernet1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 Serial2/0/0
10.0.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
10.0.34.0/24 RIP 100 1 D 10.0.23.3 Serial2/0/0
10.0.45.0/24 RIP 100 2 D 10.0.23.3 Serial2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial2/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial2/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.34.0/24 RIP 100 1 D 192.168.23.3 Serial2/0/0
RIP 100 1 D 10.0.23.3 Serial2/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 21 Routes : 22
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 192.168.23.2 Serial1/0/0
RIP 100 1 D 192.168.34.4 Serial1/0/1
10.0.12.0/24 RIP 100 1 D 10.0.23.2 Serial1/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.3 Serial1/0/0
10.0.23.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
10.0.34.0/24 Direct 0 0 D 10.0.34.3 Serial1/0/1
10.0.34.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
10.0.34.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
10.0.45.0/24 RIP 100 1 D 10.0.34.4 Serial1/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.34.0/24 Direct 0 0 D 192.168.34.3 Serial1/0/1
192.168.34.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.34.4/32 Direct 0 0 D 192.168.34.4 Serial1/0/1
192.168.34.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R4>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 20
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 192.168.34.3 Serial2/0/1
RIP 100 1 D 10.0.34.3 Serial2/0/1
10.0.12.0/24 RIP 100 2 D 10.0.34.3 Serial2/0/1
10.0.23.0/24 RIP 100 1 D 10.0.34.3 Serial2/0/1
10.0.34.0/24 Direct 0 0 D 10.0.34.4 Serial2/0/1
10.0.34.4/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
10.0.34.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
10.0.45.0/24 Direct 0 0 D 10.0.45.4 Ethernet1/0/0
10.0.45.4/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 1 D 192.168.34.3 Serial2/0/1
RIP 100 1 D 10.0.34.3 Serial2/0/1
192.168.34.0/24 Direct 0 0 D 192.168.34.4 Serial2/0/1
192.168.34.3/32 Direct 0 0 D 192.168.34.3 Serial2/0/1
192.168.34.4/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
192.168.34.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R5>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.0.0/8 RIP 100 1 D 10.0.45.4 Ethernet1/0/0
10.0.12.0/24 RIP 100 3 D 10.0.45.4 Ethernet1/0/0
10.0.23.0/24 RIP 100 2 D 10.0.45.4 Ethernet1/0/0
10.0.34.0/24 RIP 100 1 D 10.0.45.4 Ethernet1/0/0
10.0.45.0/24 Direct 0 0 D 10.0.45.5 Ethernet1/0/0
10.0.45.5/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 2 D 10.0.45.4 Ethernet1/0/0
192.168.34.0/24 RIP 100 1 D 10.0.45.4 Ethernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R1上测试与R5之间的连通性
<R1>ping 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=252 time=110 ms
Reply from 10.0.45.5: bytes=56 Sequence=2 ttl=252 time=60 ms
Reply from 10.0.45.5: bytes=56 Sequence=3 ttl=252 time=60 ms
Reply from 10.0.45.5: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 10.0.45.5: bytes=56 Sequence=5 ttl=252 time=50 ms
--- 10.0.45.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/64/110 ms
4、通过在不连续子网之间的链路上配置相同子网的IP地址,即采用配置从IP地址的方式来实现子网的连续性,解决了因为自动汇总发生后,子网路由被抑制掉而导致的子网不可达。 优点:RIPv1在不做大的拓扑结构调整的前提下,仅靠配置第二个从IP地址解决了不连续子网问题。 缺点:需要配置第二个IP地址,要消耗掉多个子网网段。
8.4.4 RIPv2中解决不连续子网问题¶
1、删除上一步骤中从IP地址配置命令,搭建新的实验环境
[R2]int s2/0/0
[R2-Serial2/0/0]undo ip address 10.0.23.2 255.255.255.0 sub
[R3]int s1/0/0
[R3-Serial1/0/0]undo ip address 10.0.23.3 255.255.255.0 sub
[R3-Serial1/0/0]int s1/0/1
[R3-Serial1/0/1]undo ip address 10.0.34.3 255.255.255.0 sub
[R3]rip
[R3-rip-1]undo network 10.0.0.0
[R4]int s2/0/1
[R4-Serial2/0/1]undo ip address 10.0.34.4 255.255.255.0 sub
2、将所有路由器的RIP的版本配置为2,且关闭自动汇总
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]undo summary
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]undo summary
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]undo summary
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]undo summary
[R5]rip
[R5-rip-1]version 2
[R5-rip-1]undo summary
3、配置完成后,观察每台路由器上的路由表,观察到10.0.45.0/24和10.0.12.0/24子网出现在所有的路由表中。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 Ethernet1/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.0/24 RIP 100 3 D 10.0.12.2 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 1 D 10.0.12.2 Ethernet1/0/0
192.168.34.0/24 RIP 100 2 D 10.0.12.2 Ethernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 Ethernet1/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.0/24 RIP 100 2 D 192.168.23.3 Serial2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.2 Serial2/0/0
192.168.23.2/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.23.3/32 Direct 0 0 D 192.168.23.3 Serial2/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/0
192.168.34.0/24 RIP 100 1 D 192.168.23.3 Serial2/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 1 D 192.168.23.2 Serial1/0/0
10.0.45.0/24 RIP 100 1 D 192.168.34.4 Serial1/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 Direct 0 0 D 192.168.23.3 Serial1/0/0
192.168.23.2/32 Direct 0 0 D 192.168.23.2 Serial1/0/0
192.168.23.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.23.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/0
192.168.34.0/24 Direct 0 0 D 192.168.34.3 Serial1/0/1
192.168.34.3/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
192.168.34.4/32 Direct 0 0 D 192.168.34.4 Serial1/0/1
192.168.34.255/32 Direct 0 0 D 127.0.0.1 Serial1/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 2 D 192.168.34.3 Serial2/0/1
10.0.45.0/24 Direct 0 0 D 10.0.45.4 Ethernet1/0/0
10.0.45.4/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 1 D 192.168.34.3 Serial2/0/1
192.168.34.0/24 Direct 0 0 D 192.168.34.4 Serial2/0/1
192.168.34.3/32 Direct 0 0 D 192.168.34.3 Serial2/0/1
192.168.34.4/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
192.168.34.255/32 Direct 0 0 D 127.0.0.1 Serial2/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R5]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 3 D 10.0.45.4 Ethernet1/0/0
10.0.45.0/24 Direct 0 0 D 10.0.45.5 Ethernet1/0/0
10.0.45.5/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
10.0.45.255/32 Direct 0 0 D 127.0.0.1 Ethernet1/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.23.0/24 RIP 100 2 D 10.0.45.4 Ethernet1/0/0
192.168.34.0/24 RIP 100 1 D 10.0.45.4 Ethernet1/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、测试R1、R5的连通性
[R1]ping 10.0.45.5
PING 10.0.45.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.45.5: bytes=56 Sequence=1 ttl=252 time=70 ms
Reply from 10.0.45.5: bytes=56 Sequence=2 ttl=252 time=50 ms
Reply from 10.0.45.5: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 10.0.45.5: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 10.0.45.5: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 10.0.45.5 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/70 ms
注意:在RIPv2的环境中,因为默认情况下自动汇总总是开启的,在设计网络时,应尽量不要出现同主网的子网被其他主网分割的情况。如果出现了,关闭自动汇总是最佳的做法,不足之处是路由表中路由条目会增加。
8.1 思考¶
在使用RIPv1的环境下,R2、R3、R4都配置了第二个IP地址,10.0.0.0/8的子网已经连续,如果R2是主网边界,为什么R3还能看到10.0.12.0/24的子网?如果R2不是主网边界,为什么在R3的路由表里能看到10.0.0.0/8的汇总路由? 答:(1)之所以能看到10.0.12.0/24的子网,是因为RIPv1优先按收到路由的接口下网络号掩码来猜掩码,因为接口地址跟路由在同一个主类网络下,自动以接口下24位掩码作为收到路由的掩码,正好一样。 (2)是主类网络边界,所有有10.0.0.0/8的子网,按接口主地址来。
九、RIP的水平分割及触发更新¶
9.1 水平分割(Split Horizon)原理¶
RIP从某个接口接收到的路由信息,不会从该接口再发回给邻居设备。这样不但减少了带宽消耗,还可以防止路由环路。在华为设备上,水平分割功能默认情况下是开启的。
9.2 触发更新(Triggered Updates)原理¶
当路由信息发生变化时,运行RIP的设备会立即向邻居设备发送更新报文,而不必等待定时更新,从而缩短了网络收敛时间。在华为设备上,没有相关命令能主动关闭触发更新的功能。
9.3 毒性逆转(Poison Reverse)原理¶
RIP从某个接口接收到路由信息后,将该路由的开销设置为16(即路由不可达),并从原接口发回邻居设备。利用这种方式,可清除对方路由表中的无用路由。如果同时都配置了毒性逆转和水平分割,水平分割行为会被毒性逆转行为代替。在华为设备上,毒性逆转功能默认是关闭的,需要手动打开。 毒性逆转可以快速消除无用的路由而不必等待老化时间,另外,在帧中继和X.25等非广播多路访问网络中,如果开启了水平分割功能,会造成有的路由器无法接收到更新路由的情况,因此在这种网络中,水平分割是默认禁止的,我们需要手动开启毒性逆转防止路由环路。 注意:RIPv1和RIPv2都支持水平分割、触发更新和毒性逆转功能!!!
9.4 RIP的水平分割及触发更新实验¶
9.4.1 实验内容¶
本实验模拟企业网络场景。R1为该公司出口网关路由器,连接运商网络,R2为公司IT部门路由器,通过交换机S2与网关相连;同时公司人力资源部路由器R3也通交换机S1与网关相连,所有路由器运行路由协议RIPv2实现公司整网互通。当R3与S1之间链路down掉时R1不会触发更新,网络收敛速度慢;而当R1与S1之间链路down掉时,R1会触发更新,网络收敛速度快。华为路由器默认开启RIP水平分割功能,当主动关闭路由器上水平分割功能时,检查路由器发送的RIP路由条目的变化。手动开启毒性逆转功能,检查路由器发送RIP路由条目的变化。
9.4.2 实验目的¶
1、掌握RIP触发更新的原理 2、掌握RIP中触发更新与等待老化时间的现象差别 3、掌握RIP中RIP水平分割的原理和配置 4、掌握开启水平分割与关闭水平分割时路由条目变化 5、掌握毒性逆转原理和配置
9.4.3 实验拓扑¶
9.4.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 172.16.1.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/2 | 172.16.2.1 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/0 | 192.168.2.254 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 172.16.2.2 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/0 | 192.168.1.254 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/0 | 172.16.1.3 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 192.168.2.1 | 255.255.255.0 | 192.168.2.254 |
| PC-2 | E0/0/1 | 192.168.1.1 | 255.255.255.0 | 192.168.1.254 |
9.4.5 实验步骤¶
9.4.5.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
9.4.5.2 搭建RIP网络¶
1、在R1、R2、R3上配置RIP协议,并将相应网段通告进RIP协议中。
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]network 172.16.0.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]network 192.168.2.0
[R2-rip-1]network 172.16.0.0
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]network 172.16.0.0
[R3-rip-1]network 192.168.1.0
2、配置完成后查看R1的路由表,观察到R1已经正常获取到了PC-1和PC-2所在网段的RIP路由信息。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.1 GigabitEthernet
0/0/0
172.16.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.0/24 Direct 0 0 D 172.16.2.1 GigabitEthernet
0/0/2
172.16.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.1.0/24 RIP 100 1 D 172.16.1.3 GigabitEthernet
0/0/0
192.168.2.0/24 RIP 100 1 D 172.16.2.2 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
9.4.5.3 验证触发更新¶
1、断掉R3和S1之间的链路(在模拟器上直接删除该链路),然后查看R2的路由表。发现192.168.1.0网段的路由信息仍然存在,这是因为断掉的不是R1的直连接口,R1无法直接感知到故障的发生。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 172.16.2.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.2 GigabitEthernet
0/0/1
172.16.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.0/24 RIP 100 2 D 172.16.2.1 GigabitEthernet
0/0/1
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/0
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、等待180s的老化计时器超时后,继续查看R2的路由表。发现192.168.1.0网段的路由信息已经消失。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 172.16.2.1 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.2 GigabitEthernet
0/0/1
172.16.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/0
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、恢复 R3与S1之间的链路,并在R2的路由表正常后,断掉R1与S1之间的链路,查看R2路由表。发现192.168.1.0网段的路由信息已经消失。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.2.0/24 Direct 0 0 D 172.16.2.2 GigabitEthernet
0/0/1
172.16.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/0
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
9.4.5.4 验证水平分割¶
1、在R2上使用debugging rip 1 send GigabitEthernet 0/0/1命令打开debug功能,再用terminal monitor、terminal debugging命令查看R2发送给R1的路由条目。观察到从R2发送给R1的路由条目中没有包含192.168.1.网段的路由信息,因为该路由条目是从R1始发过来的。
<R2>debugging rip 1 send GigabitEthernet 0/0/1
<R2>terminal monitor
Info: Current terminal monitor is on.
<R2>terminal debugging
Info: Current terminal debugging is on.
<R2>
Feb 7 2022 09:58:25.880.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 09:58:25.880.2-08:00 R2 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 24
<R2>
Feb 7 2022 09:58:25.880.3-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.2.0/24, Ne
xthop 0.0.0.0, Cost 1, Tag 0
2、下面关闭debug,并在R2的GE0/0/1和R1的GE0/0/2接口下使用undo rip split-horizon命令关闭水平分割功能。
[R1]int g0/0/2
[R1-GigabitEthernet0/0/2]undo rip split-horizon
<R2>undo debugging all
<R2>sys
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]undo rip split-horizon
3、配置完成后查看debug信息,观察到R2发送给R1的路由条目中包含有192.168.1.0网段,此时接口上的水平分割功能不生效。
<R2>debugging rip 1 send GigabitEthernet 0/0/1
<R2>terminal monitor
Info: Current terminal monitor is on.
<R2>terminal debugging
Info: Current terminal debugging is on.
<R2>
Feb 7 2022 10:09:35.290.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 10:09:35.290.2-08:00 R2 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 64
<R2>
Feb 7 2022 10:09:35.290.3-08:00 R2 RIP/7/DBG: 6: 13546: Dest 172.16.0.0/16, Nex
thop 0.0.0.0, Cost 1, Tag 0
<R2>
Feb 7 2022 10:09:35.290.4-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.1.0/24, Ne
xthop 0.0.0.0, Cost 3, Tag 0
<R2>
Feb 7 2022 10:09:35.290.5-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.2.0/24, Ne
xthop 0.0.0.0, Cost 1, Tag 0
9.4.5.5 验证毒性逆转¶
1、关闭debug,并在R2的GE0/0/1接口上恢复水平分割功能
<R2>undo debugging all
Info: All possible debugging has been turned off
<R2>sy
Enter system view, return user view with Ctrl+Z.
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]rip split-horizon
2、配置完成后,在R2上开启debug功能.观察到开启了水平分割后,R2发送给R1的路由条目中没有包含192.168.1.0网段
<R2>debugging rip 1 send GigabitEthernet 0/0/1
<R2>terminal monitor
Info: Current terminal monitor is on.
<R2>terminal debugging
Info: Current terminal debugging is on.
Feb 7 2022 10:17:39.580.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 10:19:50.600.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 10:19:50.600.2-08:00 R2 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 24
<R2>
Feb 7 2022 10:19:50.600.3-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.2.0/24, Ne
xthop 0.0.0.0, Cost 1, Tag 0
<R2>
Feb 7 2022 10:20:15.630.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 10:20:15.630.2-08:00 R2 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 24
<R2>
Feb 7 2022 10:20:15.630.3-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.2.0/24, Ne
xthop 0.0.0.0, Cost 1, Tag 0
3、关闭debug,并在R2的GE0/0/1接口下使用rip poison-reverse命令开启毒性逆转功能。
<R2>undo debugging all
Info: All possible debugging has been turned off
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]rip poison-reverse
4、配置完成后,查看debug信息。观察到R2发送给R1的路由条目中包含了192.168.1.0,但是cost值为16。说明在毒性逆转和水平分割同时开启的情况下,简单的水平分割行为(从某个接口学到的路由再从这个接口发布会被抑制)会被毒性逆转行为代替。
<R2>debugging rip 1 send GigabitEthernet 0/0/1
<R2>terminal monitor
Info: Current terminal monitor is on.
<R2>terminal debugging
Info: Current terminal debugging is on.
<R2>
Feb 7 2022 10:26:26.790.1-08:00 R2 RIP/7/DBG: 6: 13456: RIP 1: Sending response
on interface GigabitEthernet0/0/1 from 172.16.2.2 to 224.0.0.9
<R2>
Feb 7 2022 10:26:26.790.2-08:00 R2 RIP/7/DBG: 6: 13476: Packet: Version 2, Cmd
response, Length 64
<R2>
Feb 7 2022 10:26:26.790.3-08:00 R2 RIP/7/DBG: 6: 13546: Dest 172.16.0.0/16, Nex
thop 172.16.2.1, Cost 16, Tag 0
<R2>
Feb 7 2022 10:26:26.790.4-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.1.0/24, Ne
xthop 172.16.2.1, Cost 16, Tag 0
<R2>
Feb 7 2022 10:26:26.790.5-08:00 R2 RIP/7/DBG: 6: 13546: Dest 192.168.2.0/24, Ne
xthop 0.0.0.0, Cost 1, Tag 0
9.5 思考¶
水平分割可以防止环路,那为什么RIP协议还需要其他防环机制?水平分割的局限性在哪儿? 答:物理拓扑上的环路导致的路由环路,水平分割是防范不了的,这种环路,路由进出不是同一个接口。
十、配置RIP路由附加度量值¶
10.1 路由附加度量值¶
1、在RIP路由原来度量值的基础上所增加或减少的度量值(跳数)。对于RIP接收和发布路由,可通过不同的命令配置附加度量值更加灵活地控制RIP的路由选择。 2、rip metricin命令用于接收到路由后,给其增加一个附加度量值,再加入路由表中,使得路由表中的度量值发生变化。运行该命令会影响到本地设备和其他设备的路由选择。 3、rip metricout命令用于自身路由的发布,发布时增加一个附加的度量值,但本地路由表中度量值不会发生变化。运行该命令不会影响本地设备的路由选择,但是会影响其他设备的路由选择。
10.1.1 实验内容¶
本公司模拟公司网络场景。路由器R1左侧连接的是公司市场部,路由器R4右侧连接的是公司财务部,R1与R4之间通过R2、R3双链路连接,所有路由器运行RIP协议,R1与R4之间互访的流量通过两条链路负载分担。现在网络管理员在R2上做了流量控制,要求所有市场部访问财务部的流量经过R2,同时为了减轻R2的负担,由财务部去往市场部的流量都由R3来转发。网络管理员可通过两种RIP路由附加度量值的方式修改相应的路由度量值,灵活控制RIP的路由选择来达到公司的流量控制。
10.1.2 实验目的¶
1、理解RIP路由附加度量值应用场景 2、掌握使用metricin方式附加度量值的方法 3、掌握使用metricout方式附加度量值的方法
10.1.3 实验拓扑¶
10.1.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.13.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/2 | 192.168.1.254 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.24.2 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/0 | 10.0.34.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/0 | 10.0.13.3 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/0 | 10.0.34.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/1 | 10.0.24.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/2 | 192.168.2.254 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 192.168.1.1 | 255.255.255.0 | 192.168.1.254 |
| PC-2 | E0/0/1 | 192.168.2.1 | 255.255.255.0 | 192.168.2.254 |
| ### 10.1.5 实验步骤 | ||||
| #### 10.1.5.1 基本配置 | ||||
| 根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。 | ||||
| #### 10.1.5.2 搭建RIP网络 | ||||
| 1、公司内部网络使用RIP协议。首先配置R1、R2、R3和R4运行RIP协议,通告所有网段,使公司网络互通。 |
[R1]rip
[R1-rip-1]version 2
[R1-rip-1]undo summary
[R1-rip-1]network 10.0.0.0
[R1-rip-1]network 192.168.1.0
[R2]rip
[R2-rip-1]version 2
[R2-rip-1]undo summary
[R2-rip-1]network 10.0.0.0
[R3]rip
[R3-rip-1]version 2
[R3-rip-1]undo summary
[R3-rip-1]network 10.0.0.0
[R4]rip
[R4-rip-1]version 2
[R4-rip-1]undo summary
[R4-rip-1]network 10.0.0.0
[R4-rip-1]network 192.168.2.0
2、配置完成后查看R1、R4的路由表,观察到R1和R4上分别存在两条通过RIP协议接收到的去往对方所在网段的路由条目,且有两个下一跳,呈现负载分担。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/1
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 RIP 100 1 D 10.0.13.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/2
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.0/24 RIP 100 2 D 10.0.13.3 GigabitEthernet
0/0/1
RIP 100 2 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 1 D 10.0.24.2 GigabitEthernet
0/0/1
10.0.13.0/24 RIP 100 1 D 10.0.34.3 GigabitEthernet
0/0/0
10.0.24.0/24 Direct 0 0 D 10.0.24.4 GigabitEthernet
0/0/1
10.0.24.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.34.0/24 Direct 0 0 D 10.0.34.4 GigabitEthernet
0/0/0
10.0.34.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 RIP 100 2 D 10.0.34.3 GigabitEthernet
0/0/0
RIP 100 2 D 10.0.24.2 GigabitEthernet
0/0/1
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/2
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.1.5.3 配置RIP Metricin¶
1、在R1上的GE0/0/1接口下使用rip version 2命令,设置R1在接收R3发送来的路由条目时增加度量值2。这样由R3发给R1的路由条目的度量值将大于R2发给R1的路由,R1会优选R2发来的RIP路由条目,并加入路由表中。
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]rip metricin 2
2、配置完成后,查看路由表。可以观察到,此时R1上访问财务部网段只有一个下一跳R2。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/1
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 RIP 100 2 D 10.0.12.2 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.254 GigabitEthernet
0/0/2
192.168.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.0/24 RIP 100 2 D 10.0.12.2 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R1上查看RIP的数据库,观察到去往192.168.2.0网段的下一跳地址为10.0.12.2。
[R1]dis rip 1 database
---------------------------------------------------
Advertisement State : [A] - Advertised
[I] - Not Advertised/Withdraw
---------------------------------------------------
10.0.0.0/8, cost 0, ClassfulSumm
10.0.12.0/24, cost 0, [A], Rip-interface
10.0.13.0/24, cost 0, [A], Rip-interface
10.0.24.0/24, cost 1, [A], nexthop 10.0.12.2
10.0.34.0/24, cost 2, [A], nexthop 10.0.12.2
192.168.1.0/24, cost 0, ClassfulSumm
192.168.1.0/24, cost 0, [A], Rip-interface
192.168.2.0/24, cost 2, ClassfulSumm
192.168.2.0/24, cost 2, [A], nexthop 10.0.12.2
4、在PC-1上测试访问PC-2所经过的网关设备,可以观察到,数据包此时是经过R2转发至PC-2的。
PC>tracert 192.168.2.1
traceroute to 192.168.2.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.1.254 63 ms 47 ms 47 ms
2 *10.0.12.2 46 ms 47 ms
3 *10.0.24.4 63 ms 47 ms
4 *192.168.2.1 62 ms 94 ms
10.1.5.4 配置RIP Metricout¶
1、为了减轻R2的负担,所有由财务部去往市场部的流量都由R3来转发。在R2上的GE0/0/1接口下使用RIP Metricout 2命令,设置R2在向R4发送路由条目时增加度量值2。这样R4收到来自R2的路由的度量值就会大于来自R3的路由,R4会优选来自R3的RIP路由条目,并加入到路由表中。
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]rip metricout 2
2、配置完成后,查看R4的路由表。可以观察到,此时在R4上访问市场部网段只有一个下一跳R3。
[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 2 D 10.0.24.2 GigabitEthernet
0/0/1
10.0.13.0/24 RIP 100 1 D 10.0.34.3 GigabitEthernet
0/0/0
10.0.24.0/24 Direct 0 0 D 10.0.24.4 GigabitEthernet
0/0/1
10.0.24.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.34.0/24 Direct 0 0 D 10.0.34.4 GigabitEthernet
0/0/0
10.0.34.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 RIP 100 2 D 10.0.34.3 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/2
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在PC-2上测试访问PC-1所经过的网关设备。可以观察到,数据包此时是经过R3转发至PC-1的。
PC>tracert 192.168.1.1
traceroute to 192.168.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.2.254 46 ms 32 ms 47 ms
2 *10.0.34.3 47 ms 47 ms
3 *10.0.13.1 31 ms 63 ms
4 *192.168.1.1 109 ms 78 ms
10.2 思考¶
无论是配置Metricin还是Metricout都会将所有RIP路由条目的度量值增加,如何在完成对财务部由附加度量值配置的同时不影响其他RIP路由的Metric值? 答:可以在命令后面添加访问列表,来匹配路由,实现只给财务部路由附加度量值的需求。
十一、RIP的故障处理¶
11.1 RIP常见的故障¶
1、接口状态不是UP 2、RIP进程下没有对该网段做network配置 3、对端RIP协议报文的版本号和本地接收的RIP协议报文版本号不一致 4、接口上配置了禁止接收RIP报文或禁止发送RIP报文的命令 5、在RIP上配置了策略,过滤掉收到的RIP路由或不允许发送RIP路由 6、接口上没有开启水平分割 7、链路两端的接口认证方式不匹配 8、路由表中存在从其他协议获得的相同路由条目 9、收到的路由度量值大于16
11.2 RIP故障排除实验¶
11.2.1 实验内容¶
本实验模拟企业网络场景。R1为该公司出口网关路由器,连接运营商网络;R2为公司HR部门路由器与网关相连;由于公司的网络规模比较小,所以选择用RIPv2来作为动态路由协议实现公司整网互通。现在公司IT部门发现无法用PC-2无法与HR部门的PC-1通信,作为公司的网络管理员,现需对此网络故障进行排查,恢复网络。两台PC都确认了IP地址和网关地址设置正确,现给出公司网络拓扑以及3台路由器的配置,请用模拟器搭建网络并把已经给出的配置拷贝入对应路由器中,再进行故障处理。本实验较全面地介绍了RIP的排障流程,适合大部分RIP网络。
11.2.2 实验目的¶
1、掌握RIP故障的常见原因 2、掌握RIP故障诊断流程 3、掌握RIP故障处理步骤 4、掌握RIP故障排除的常用命令
11.2.3 实验拓扑¶
11.2.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR1220) | GE0/0/0 | 192.168.1.2 | 255.255.255.0 | N/A |
| R1(AR1220) | GE0/0/1 | 192.168.2.2 | 255.255.255.0 | N/A |
| R2(AR1220) | GE0/0/0 | 192.168.1.1 | 255.255.255.0 | N/A |
| R2(AR1220) | GE0/0/1 | 172.16.1.254 | 255.255.255.0 | N/A |
| R3(AR1220) | GE0/0/0 | 172.16.2.254 | 255.255.255.0 | N/A |
| R3(AR1220) | GE0/0/1 | 192.168.2.1 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 172.16.1.1 | 255.255.255.0 | 172.16.1.254 |
| PC-2 | E0/0/1 | 172.16.2.1 | 255.255.255.0 | 172.16.2.254 |
11.2.5 实验步骤¶
11.2.5.1 导入设备预配置¶
1、本实验设置了如下故障点: (1)R3缺少network 192.168.2.0命令 (2)在R3的GE0/0/1接口下配置undo rip input命令 (3)关闭R1的GE0/0/1接口 (4)在R1的GE0/0/0接口下配置rip metricin 15命令 (5)在R2的GE0/0/0接口下配置RIP认证,方式为明文认证,密码huawei 2、直接使用R1、R2、R3的初始配置
sysname R1
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
rip metricin 15
interface GigabitEthernet0/0/1
shutdown
ip address 192.168.2.2 255.255.255.0
rip 1
version 2
network 192.168.1.0
network 192.168.2.0
sysname R2
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
rip authentication-mode simple cipher %$%$W.vW&cY!|2Wl|CW]a"N=<u4x%$%$
interface GigabitEthernet0/0/1
ip address 172.16.1.254 255.255.255.0
rip 1
version 2
network 172.16.0.0
network 192.168.1.0
sysname R3
interface GigabitEthernet0/0/0
ip address 172.16.2.254 255.255.255.0
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
undo rip input
rip 1
version 2
network 172.16.0.0
11.2.5.2 排除R1与R2间的故障¶
1、测试PC-1与PC-2间的连通性,发现无法正常通信
PC-1>ping 172.16.2.1
Ping 172.16.2.1: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 172.16.2.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
2、在PC-1上测试与网关设备R2间的连通性,发现通信正常,表明PC-1跟网关设备R2之间的链路没有问题。
PC-1>ping 172.16.1.254
Ping 172.16.1.254: 32 data bytes, Press Ctrl_C to break
From 172.16.1.254: bytes=32 seq=1 ttl=255 time=15 ms
From 172.16.1.254: bytes=32 seq=2 ttl=255 time=16 ms
From 172.16.1.254: bytes=32 seq=3 ttl=255 time=31 ms
From 172.16.1.254: bytes=32 seq=4 ttl=255 time=16 ms
From 172.16.1.254: bytes=32 seq=5 ttl=255 time=15 ms
--- 172.16.1.254 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/18/31 ms
3、在P2上使用display ip routing-table命令查看是否有PC-2所在网段的路由条目。观察到R2上没有任何通过RIP协议接收的路由信息,说明R1和R2之间的RIP路由信息通告不正常。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、检查R1和R2所在直连链路上的物理接口状态是否正常。观察到物理接口状态正常。
[R1]dis ip int bri
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.2/24 up up
[R2]dis ip int br
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 3
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 3
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.1/24 up up
5、在R2上使用Ping命令检测直连链路的连通性。观察到连通性没有问题。
[R2]ping 192.168.1.2
PING 192.168.1.2: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 192.168.1.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 192.168.1.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 192.168.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/50 ms
6、检查直连链路上的接口所在网段是否在RIP中通告。观察到接口的网段都已经在RIP中通告,继续下一步排查。
[R1]dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 4
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.2.0 192.168.1.0
Configured peers : None
......
[R2]dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 4
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.1.0 172.16.0.0
......
7、检查R1、R2上的RIP协议发送版本号和本地接口接收的版本号是否匹配。在R1、R2上查看相应运行在RIP协议下的接口的详细信息。观察到双方发送的版本和本地接口接收的版本号匹配,继续进行下一步排查。
[R1]dis rip 1 int g0/0/0 verbose
GigabitEthernet0/0/0(192.168.1.2)
State : UP MTU : 500
Metricin : 15
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : None
Replay Protection : Disabled
[R2]dis rip 1 int g0/0/0 ver
GigabitEthernet0/0/0(192.168.1.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : Simple
Replay Protection : Disabled
8、由于目前在R2上没有接收到R1发送过来的路由信息,所以在R2上的入接口检查是否配置了undo rip input、silent-interface命令。查看R2的入接口GE0/0/0的配置信息。观察到,目前R2的入接口GE0/0/0上并没有配置undo rip input、silent-interface命令。
[R2]dis cu int g0/0/0
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
rip authentication-mode simple cipher %$%$W.vW&cY!|2Wl|CW]a"N=<u4x%$%$
#
return
9、检查是否在RIP进程中配置了filter-policy策略,来过滤掉收到的RIP路由或不允许发送的RIP路由。观察到,并没有配置策略。
[R1]rip
[R1-rip-1]dis th
#
rip 1
version 2
network 192.168.1.0
network 192.168.2.0
#
return
[R2]rip
[R2-rip-1]dis th
#
rip 1
version 2
network 172.16.0.0
network 192.168.1.0
#
return
10、检查接口上是否已经开启水平分割,水平分割为默认开启。查看R1和R2相应接口上的RIP详细信息。观察到,接口下没有关闭水平分割,继续进行下一步排查。
[R1]dis rip 1 int g0/0/0 verbose
GigabitEthernet0/0/0(192.168.1.2)
State : UP MTU : 500
Metricin : 15
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : None
Replay Protection : Disabled
[R2]dis rip 1 int g0/0/0 verbose
GigabitEthernet0/0/0(192.168.1.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : Simple
Replay Protection : Disabled
11、检查链路两端接口的认证方式是否匹配。使用dis rip 1 statistics interface g0/0/0命令查看两端RIP接口上的统计信息。观察到有认证失败的RIP报文,说明两端的RIP认证方式有问题。
[R1]dis rip 1 statistics interface g0/0/0
GigabitEthernet0/0/0(192.168.1.2)
Statistical information Last min Last 5 min Total
-----------------------------------------------------------------------
Periodic updates sent 1 5 126
Triggered updates sent 0 0 0
Response packets sent 1 5 126
Response packets received 0 0 0
Response packets ignored 0 0 0
Request packets sent 0 0 1
Request packets received 0 0 0
Request packets ignored 0 0 0
Bad packets received 0 0 0
Routes received 0 0 0
Routes sent 1 5 126
Bad routes received 0 0 0
Packet authentication failed 1 5 97
Packet send failed 0 0 0
[R2]dis rip 1 statistics interface g0/0/0
GigabitEthernet0/0/0(192.168.1.1)
Statistical information Last min Last 5 min Total
-----------------------------------------------------------------------
Periodic updates sent 1 1 97
Triggered updates sent 0 0 0
Response packets sent 1 1 97
Response packets received 0 0 0
Response packets ignored 0 0 0
Request packets sent 0 0 1
Request packets received 0 0 0
Request packets ignored 0 0 0
Bad packets received 0 0 0
Routes received 0 0 0
Routes sent 2 2 194
Bad routes received 0 0 0
Packet authentication failed 1 1 97
Packet send failed 0 0 0
12、在双方路由器上查看配置信息,发现R2的GE0/0/0接口下配置了RIP认证,而R1的GE0/0/0接口下没有配置RIP认证。同时进入该接口删除认证命令。
[R1]dis current-configuration int g0/0/0
#
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
rip metricin 15
#
return
[R2]dis current-configuration int g0/0/0
#
interface GigabitEthernet0/0/0
ip address 192.168.1.1 255.255.255.0
rip authentication-mode simple cipher %$%$W.vW&cY!|2Wl|CW]a"N=<u4x%$%$
#
return
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]undo rip authentication-mode
13、配置完成后,使用dis ip routing-table protocol rip命令检双方现在是否能够正常收发RIP路由。发现仍没有相关的RIP路由条目。
[R1]dis ip routing-table protocol rip
[R2]dis ip routing-table protocol rip
14、查看路由表中是否存在从其他协议获得的相同路由,查看R2的路由表信息。观察到并没有从其他路由协议获得相同的路由。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 Direct 0 0 D 172.16.1.254 GigabitEthernet
0/0/1
172.16.1.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
172.16.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
15、使用display rip 1 route检查收到的路由度量值是否大于16.发现从R1接收到的172.16.1.0网段的度量值是16,该路由不可达,所以不会将该路由添加到路由表中。
[R1]dis rip 1 route
Route Flags: R - RIP
A - Aging,G-Garbage-collect
------------------------------------------------------------------------------
Peer 192.168.1.1 on GigabitEthernet0/0/0
Destination/Mask Nexthop COst Tag FLags Sec
172.16.1.0/24 192.168.1.1 16 0 RG 16
注意:如果操作到该步骤时距离导入预配置的时间间隔过久,将会无法查看该结果!!! 16、在R1上使用dis current-configuration | include rip命令,查看包含字符串"rip"的所有配置信息,发现R1上配置了rip metricin 15命令,将GE0/0/0接口接收到的路由都加上了15的度量值,再放入路由表中,导致172.16.1.0网段的路由条目的度量值为16.
[R1]dis current-configuration | include rip
rip metricin 15
rip 1
17、进入R1的GE0/0/0接口,删除rip metricin 15命令。
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]undo rip metricin
18、配置完成后,在R1上使用dis ip routing-table 命令检查路由表,发现R1收到了172.16.1.0网段的路由信息,接收到了R2通告的路由条目。此时表明R1与R2之间的故障已排除完毕。但R1此时没有R3上172.16.2.0网段的路由信息,说明R1与R3间的RIP路由信息通告不正常。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.0/24 Direct 0 0 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
11.2.5.3 排除R1和R3间的故障¶
1、检查R1和R3所在直连链路上的物理接口状态是否正常。观察到物理接口工作不正常,并且"Physical"状态为"*down",表示在该接口下执行了shutdown命令。
[R1]dis ip int bri
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 192.168.1.2/24 up up
GigabitEthernet0/0/1 192.168.2.2/24 *down down
NULL0 unassigned up up(s)
[R3]dis ip int bri
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 2
The number of interface that is DOWN in Physical is 1
The number of interface that is UP in Protocol is 2
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 172.16.2.254/24 up up
GigabitEthernet0/0/1 192.168.2.1/24 down down
NULL0 unassigned up up(s)
2、进入R1的GE0/0/1接口,在接口配置undo shutdown命令。
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]undo shutdown
3、配置完成后,测试联通性。
[R1]ping 192.168.2.1
PING 192.168.2.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.2.1: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 192.168.2.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 192.168.2.1: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 192.168.2.1: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 192.168.2.1: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 192.168.2.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/60 ms
4、连通恢复正常后,检查R1的路由表。观察到没有172.16.2.0网段的RIP路由条目。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 192.168.1.1 GigabitEthernet
0/0/0
192.168.1.0/24 Direct 0 0 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.2 GigabitEthernet
0/0/1
192.168.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5、检查直连链路上的接口所在网段是否在RIP中通告。发现R3上没有通告192.168.2.0网段
[R1]dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 4
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
192.168.2.0 192.168.1.0
Configured peers : None
Number of routes in database : 4
Number of interfaces enabled : 2
Triggered updates sent : 2
Number of route changes : 1
Number of replies to queries : 1
Number of routes in ADV DB : 3
[R3]dis rip 1
Public VPN-instance
RIP process : 1
RIP version : 2
Preference : 100
Checkzero : Enabled
Default-cost : 0
Summary : Enabled
Host-route : Enabled
Maximum number of balanced paths : 4
Update time : 30 sec Age time : 180 sec
Garbage-collect time : 120 sec
Graceful restart : Disabled
BFD : Disabled
Silent-interfaces : None
Default-route : Disabled
Verify-source : Enabled
Networks :
172.16.0.0
Configured peers : None
Number of routes in database : 2
Number of interfaces enabled : 1
Triggered updates sent : 0
Number of route changes : 0
Number of replies to queries : 0
Number of routes in ADV DB : 1
6、在R3上通告192.168.2.0网段
[R3]rip
[R3-rip-1]network 192.168.2.0
7、配置完成后,检查R1和R3是否能够收发RIP路由条目。观察到R1此时能够正常接收到R3的路由,但是R3上接收不到R1的路由。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 192.168.1.1 GigabitEthernet
0/0/0
172.16.2.0/24 RIP 100 1 D 192.168.2.1 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.2 GigabitEthernet
0/0/1
192.168.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet
0/0/1
192.168.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
8、检查R1、R2上的RIP协议发送版本号和本地接口接收的版本号是否匹配。在R1、R3上查看相应的RIP接口GE0/0/1的详细信息。观察到,双方的发送版本号和本地接口接收的版本号匹配。
[R1]dis rip 1 interface GigabitEthernet 0/0/1 verbose
GigabitEthernet0/0/1(192.168.2.2)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Enabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : None
Replay Protection : Disabled
[R3]dis rip 1 interface GigabitEthernet 0/0/1 verbose
GigabitEthernet0/0/1(192.168.2.1)
State : UP MTU : 500
Metricin : 0
Metricout : 1
Input : Disabled Output : Enabled
Protocol : RIPv2 Multicast
Send version : RIPv2 Multicast Packets
Receive version : RIPv2 Multicast and Broadcast Packets
Poison-reverse : Disabled
Split-Horizon : Enabled
Authentication type : None
Replay Protection : Disabled
9、由于目前在R3上没有接收到R1发送过来的路由信息,在R3上的入接口检查是否配置了undo rip input、silent-interface命令,查看R3入接口GE0/0/1的配置信息。发现R3的GE0/0/1接口下配置了undo rip input命令禁止RIP报文的接收。
[R3]dis cu int g0/0/1
[V200R003C00]
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
undo rip input
10、在R3的GE0/0/1接口下配置了 rip input命令用于RIP报文的接收
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]rip input
11、配置完成后,检查双方是否能否正常收发RIP路由条目。观察到双方能正常接收到对方的RIP路由。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 1 D 192.168.1.1 GigabitEthernet
0/0/0
172.16.2.0/24 RIP 100 1 D 192.168.2.1 GigabitEthernet
0/0/1
192.168.1.0/24 Direct 0 0 D 192.168.1.2 GigabitEthernet
0/0/0
192.168.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.2.0/24 Direct 0 0 D 192.168.2.2 GigabitEthernet
0/0/1
192.168.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R3]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.0/24 RIP 100 2 D 192.168.2.2 GigabitEthernet
0/0/1
172.16.2.0/24 Direct 0 0 D 172.16.2.254 GigabitEthernet
0/0/0
172.16.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
172.16.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.1.0/24 RIP 100 1 D 192.168.2.2 GigabitEthernet
0/0/1
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet
0/0/1
192.168.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
12、在PC-2上测试PC-1间的联通性。观察到通信正常,至此故障排除完毕。
PC-2>ping 172.16.1.1
Ping 172.16.1.1: 32 data bytes, Press Ctrl_C to break
From 172.16.1.1: bytes=32 seq=1 ttl=125 time=31 ms
From 172.16.1.1: bytes=32 seq=2 ttl=125 time=31 ms
From 172.16.1.1: bytes=32 seq=3 ttl=125 time=32 ms
From 172.16.1.1: bytes=32 seq=4 ttl=125 time=31 ms
From 172.16.1.1: bytes=32 seq=5 ttl=125 time=47 ms
--- 172.16.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/34/47 ms
11.3 思考¶
如果采用debug或者抓包的方式排错,与采用查看命令进行排错相比有什么优劣? 答:debug命令信息相对命令行比较全,可以动态地看到数据包的收发,以及协议或者feature的工作过程和方式,但是在业务繁忙的设备上可能过于消耗资源,甚至有可能导致设备瘫痪。抓包的话可以看到设备的工作方式以及所有的具体数据,是一种非常好的排错手段,但是很多现网环境不允许,导致无法抓包,而且抓包排错,对网络工程师技术要求较高。查看命令行是最简单的排错方法,但是有很多不是由于命令导致的问题无法通过命令行找到。
十二、RIP的路由引入¶
12.1 原理概述¶
RIP支持不同路由协议的引入,包括直连路由、静态路由或其他动态路由协议。由于RIP的度量值是跳数且最大值不能超过15,所以在将其他路由协议引入至RIP时需要注意设置度量值,避免引入的路由度量值超过15.默认情况下,引入另一种协议或引入同种协议的不同进程时往往是把该协议或该进程的所以路由一起引入,可以在引入的同时通过设置策略来控制和过滤特定的路由信息。
12.2 RIP路由引入实验¶
12.2.1 实验内容¶
A和B两家公司,R4是公司A的网关路由器,左侧连接的公司A内网;R1是公司B的网关路由器,右侧是公司B的内网。内网中的R2连接财务部门,R3连接研发部门,3台路由器运行RIP协议。财务部门和研发部门不希望接收到大量RIP的更新报文,通过把它们的网段当作外部网络引入到RIP中实现。而在优化完公司B的RIP网络之后,要求公司B与公司A能够相互通信,现需要使用静态路由和路由引入技术使两家公司的网络能够互访。
12.2.2 实验目的¶
1、掌握RIP路由引入的应用场景 2、掌握在RIP中引入直连路由的配置 3、掌握在RIP中引入静态路由的配置 4、理解RIP抑制接口的使用场景
12.2.3 实验拓扑¶
12.2.4 实验编址¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 14.1.1.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/2 | 10.0.13.1 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 192.168.2.254 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/1 | 192.168.3.254 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/2 | 10.0.13.3 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/0 | 192.168.4.254 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/1 | 14.1.1.4 | 255.255.255.0 | N/A |
| PC-1 | E0/0/1 | 192.168.2.1 | 255.255.255.0 | 192.168.2.254 |
| PC-2 | E0/0/1 | 192.168.3.1 | 255.255.255.0 | 192.168.3.254 |
| PC-3 | E0/0/1 | 192.168.4.1 | 255.255.255.0 | 192.168.4.254 |
12.2.5 实验步骤¶
12.2.5.1 基本配置¶
根据实验编制表进行相应的基本配置,并使用Ping命令检测直连链路的连通性。
12.2.5.2 搭建公司B的RIP网络¶
1、在公司B的路由器R1、R2、R3上配置RIPv2协议,通告所有公司B内部网段。
[R1]rip 1
[R1-rip-1]undo summary
[R1-rip-1]version 2
[R1-rip-1]network 10.0.0.0
[R2]rip
[R2-rip-1]undo summary
[R2-rip-1]version 2
[R2-rip-1]network 10.0.0.0
[R2-rip-1]network 192.168.2.0
[R3]rip
[R3-rip-1]undo summary
[R3-rip-1]version 2
[R3-rip-1]network 10.0.0.0
[R3-rip-1]network 192.168.3.0
2、配置完成后查看R1的路由表,观察到公司B的网关路由器R1已经成功接收到内网财务部192.168.2.0/24和研发部门192.168.3.0/24网段的路由条目。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/2
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
14.1.1.0/24 Direct 0 0 D 14.1.1.1 GigabitEthernet
0/0/1
14.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
14.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
192.168.3.0/24 RIP 100 1 D 10.0.13.3 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
12.2.5.3 优化公司B的RIP网络¶
1、公司B网络搭建完成后,网络管理员对网络进行维护。在R2的GE0/0/1接口抓取数据包。观察到R2上连接财务部门终端一侧的接口上会通告RIP路由信息,这些RIP报文对终端PC而言是毫无用处的。
2、在R2的RIP进程中不使用network命令通告财务部门所在网段,采用引入直连路由的方式来代替,将财务部门的网段作为外部路由发布到公司RIP网络中。在R2上使用import-route命令配置路由引入,指定引入的源路由协议为直连路由。
[R2]rip
[R2-rip-1]undo network 192.168.2.0
[R2-rip-1]import-route direct
注意:在一台设备上配置路由引入时,需要保证被引入的路由条目已经存在于当前设备的路由表中!!! 3、配置完成后,查看R1路由表。可以观察到,R1上接收到了R2引入的192.168.2.0/24网段的路由信息。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/2
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
14.1.1.0/24 Direct 0 0 D 14.1.1.1 GigabitEthernet
0/0/1
14.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
14.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 1 D 10.0.12.2 GigabitEthernet
0/0/0
192.168.3.0/24 RIP 100 1 D 10.0.13.3 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、再次在R2的GE0/0/1接口抓取数据包。观察到现在接口上没有发送任何RIP更新报文,即此时完成优化,财务部门的终端不再接收与其无关的RIP更新报文。
5、研发部门也会存在同样的问题,即收到对用户无用的RIP报文,同样采用引入直连路由的方式解决,这里不做过多概述,直接进行操作。
[R3]rip
[R3-rip-1]undo network 192.168.3.0
[R3-rip-1]import-route direct
12.2.5.4 连接公司A和公司B的网络¶
1、在公司B的网关设备R1上配置目的为192.168.4.0/24网段的静态路由,并在RIP进程中引入该条静态路由,引入后后公司B中RIP网络内的所有路由器会通过RIP协议自动学习到该路由。
[R1]ip route-static 192.168.4.0 24 14.1.1.4
[R1]rip
[R1-rip-1]import-route static
2、配置完成后,查看公司B的R2、R3路由表。观察到公司B的内部路由器R2和R3上能够正常获得公司A内部网段的路由信息。
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 Direct 0 0 D 192.168.2.254 GigabitEthernet
0/0/1
192.168.2.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.3.0/24 RIP 100 2 D 10.0.12.1 GigabitEthernet
0/0/0
192.168.4.0/24 RIP 100 1 D 10.0.12.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 RIP 100 1 D 10.0.13.1 GigabitEthernet
0/0/2
10.0.13.0/24 Direct 0 0 D 10.0.13.3 GigabitEthernet
0/0/2
10.0.13.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.2.0/24 RIP 100 2 D 10.0.13.1 GigabitEthernet
0/0/2
192.168.3.0/24 Direct 0 0 D 192.168.3.254 GigabitEthernet
0/0/1
192.168.3.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.3.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.4.0/24 RIP 100 1 D 10.0.13.1 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、在R4上配置一条默认路由,下一跳为R1
[R4]ip route-static 0.0.0.0 0 14.1.1.1
4、配置完成后,查看R4路由表。观察到静态路由配置成功。
[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 14.1.1.1 GigabitEthernet
0/0/1
14.1.1.0/24 Direct 0 0 D 14.1.1.4 GigabitEthernet
0/0/1
14.1.1.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
14.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.4.0/24 Direct 0 0 D 192.168.4.254 GigabitEthernet
0/0/0
192.168.4.254/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
192.168.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5、在PC-1上测试与PC-3间的联通性,观察到PC-1与PC-3通信正常。
PC-1>ping 192.168.4.1
Ping 192.168.4.1: 32 data bytes, Press Ctrl_C to break
From 192.168.4.1: bytes=32 seq=1 ttl=125 time=63 ms
From 192.168.4.1: bytes=32 seq=2 ttl=125 time=78 ms
From 192.168.4.1: bytes=32 seq=3 ttl=125 time=78 ms
From 192.168.4.1: bytes=32 seq=4 ttl=125 time=94 ms
From 192.168.4.1: bytes=32 seq=5 ttl=125 time=78 ms
--- 192.168.4.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 63/78/94 ms
12.3 思考¶
使用network命令方式通告路由,与路由引入的方式通告路由有什么区别? 答:network作用不是通告路由,network匹配的是一个地址范围,落在范围内的接口启用这个协议,而具体网络号掩码是协议自己根据接口参数找的,network范围内包含的接口就会收发协议数据包。路由引入完全就是向路由协议注入路由的手段,不会影响任何接口的工作方式。