一、简介¶
本章聚焦于IS-IS相关的各个知识点,具体包括IS-IS基本配置,IS-IS邻接关系,IS-IS链路状态数据库,IS-IS DIS,IS-IS的接口开销值和IS-IS路由的协议优先级,IS-IS路由的聚合、引入、过滤和渗透,IS-IS缺省路由,IS-IS网络的监测、调试和排障。
二、IS-IS基本配置¶
2.1 原理概述¶
RIP、OSPF等许多IGP都是针对IP这个网络层协议而开发的路由协议,但IS-IS最初是针对CLNP这个网络层协议而开发的路由协议。后来,进行扩展后的IS-IS既能够支持CLNP,也能够支持IP,这样的IS-IS协议被称为Intergrated IS-IS协议。目前,通常情况下所说的IS-IS都是Intergrated IS-IS协议。
IS-IS协议最初是由ISO对其进行标准化工作的,所以IS-IS协议中有许多ISO的特殊用语,例如,主机(Host)被称为末端系统(End System),简称ES;路由器被称为中间系统(Intermediate System),简称IS;ES与IS之间的信息沟通协议被称为ES-IS协议,而IS-IS之间用来交换路由信息的协议被称为IS-IS协议。
IS-IS协议和OSPF协议非常相似。例如,它们都是基于链路状态的路由协议,都需要建立和维护链路状态数据库(LSDB),都使用Hello报文来建立和维护邻居/邻接关系,都具有区域化和层次化的结构。
IS-IS协议和OSPF协议存在许多差别。如OSPF区域的分界位于路由器上,而IS-IS区域的分界位于链路上;OSPF协议支持点到点、点到多点、NBMA、Broadcast这4种类型的网络,而IS-IS协议只支持点到点和Broadcast这2种类型的网络.
运行IS-IS协议的路由器(简称为IS-IS路由器)必须有一个被称为NET(Network Entity Title)的网络地址,即使是在IP环境下也是如此。NET也被称为网络实体名,长度为8-20个字节,其格式多种多样。通常,在IP环境下NET的格式为:区域ID(1个字节)+系统ID(6个字节)+SEL(1个字节)。如4A.2000.00E0.008C.00就是一个NET,其中每一位都是一个十六进制数字,4A是区域ID,2000.00E0.008C是系统ID,末尾的00是SEL。SEL是NASP(Network Service Access Point)Selector的简称,NET的SEL总是00。总之,一个IS-IS路由器的网络实体名NET中包含了该路由器所属区域的ID,以及在这个区域中该路由器的身份识别标志,即系统ID。
IS-IS区域的区域ID指的都是十六进制数。
2.2 实验目的¶
1、理解网络实体名NET的结构和含义 2、掌握IS-IS协议的基本配置方法
2.3 实验内容¶
本实验模拟了一个简单的企业网络场景,路由器的R1、R2、R3的LoopBack 0分别模拟了企业内部的不同网络。网络需求是:全网运行IS-IS协议,实现企业内部不同网络的互通,并且各路由器接口都需要配置认证功能以保证网络的基本安全性。
2.4 实验拓扑¶
2.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | LoopBack0 | 10.0.2.2 | 255.255.255.255 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:10.0000.0000.0003.00 | N/A |
2.6 实验步骤¶
2.6.1 基本配置¶
根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。
2.6.2 配置IS-IS路由协议¶
1、系统视图下使用命令isis命令创建IS-IS进程。如果不指明IS-IS进程号,则进程号默认为1.
[R1]isis
2、在IS-IS视图下,使用network-entity命令配置路由器的网络实体名,即指定系统的区域ID和系统ID。
[R1-isis-1]network-entity 10.0000.0000.0001.00
3、配置IS-IS时,路由器上需要运行IS-IS的接口必须使用isis enable命令逐一进行IS-IS协议的使能。
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int loop 0
[R1-LoopBack0]isis enable
4、R1已经配置完成,在R2、R3上进行类似操作
[R2]isis
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R2-GigabitEthernet0/0/1]int loop 0
[R2-LoopBack0]isis enable
[R3]isis
[R3-isis-1]network-entity 10.0000.0000.0003.00
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]int loop 0
[R3-LoopBack0]isis enable
5、全部配置完成后,在R2上使用dis isis peer命令查看IS-IS邻居信息。观察到,R2一共有4条邻居消息,分别与系统ID为0000.0000.0001的邻居建立了Level-1邻接关系以及Level-2邻接关系,与系统ID为0000.0000.0003的邻居分别建立了Level-1邻接关系以及Level-2邻接关系。且4条邻居信息的状态均为Up,表示IS-IS邻接关系都已正常建立。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
0000.0000.0001 GE0/0/0 0000.0000.0001.01 Up 8s L1(L1L2) 64
0000.0000.0001 GE0/0/0 0000.0000.0001.01 Up 7s L2(L1L2) 64
0000.0000.0003 GE0/0/1 --- Up 7s L1(L1L2) 64
0000.0000.0003 GE0/0/1 --- Up 7s L2(L1L2) 64
Total Peer(s): 4
6、由于系统ID不易于管理和维护时的识别和认读,可以在IS-IS视图下使用命令is-name为系统设置一个动态主机名。
[R1-isis-1]is-name R1
[R2-isis-1]is-name R2
[R3-isis-1]is-name R3
7、配置完成后,重新在R2上查看IS-IS邻居信息。观察到,动态主机名已经修改完成。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 7s L1(L1L2) 64
R1 GE0/0/0 R1.01 Up 8s L2(L1L2) 64
R3 GE0/0/1 R3.01 Up 8s L1(L1L2) 64
R3 GE0/0/1 R3.01 Up 7s L2(L1L2) 64
Total Peer(s): 4
8、继续查看R1的路由表,观察到R1已经获得了R2和R3的LoopBack 0接口的路由。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.3.3/32 ISIS-L1 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 ISIS-L1 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2.6.3 配置IS-IS认证功能¶
1、ISIS支持使用诸如明文、MD5及Keychain等方式的认证功能,接下来使用基于接口的MD5认证功能来保证网络的基本安全性。
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis authentication-mode md5 plain huawei
2、上述配置完成后,系统会输出日志信息,提示R1与邻居0000.0000.0002的邻接关系由于Hold Timer超时而变为Down状态。
[R1-GigabitEthernet0/0/0]
Mar 23 2022 19:21:21-08:00 R1 %%01ISIS/4/PEER_DWN_HLDTMR_EXPR(l)[0]:ISIS 256 nei
ghbor 0000.0000.0002 was Down on interface GE0/0/0 because hold timer expired. T
he Hello packet was received at 19:21:11 last time; the maximum interval for sen
ding Hello packets was 270991360; the local router sent 2349072384 Hello packets
and received 100663296 packets; the type of the Hello packet was Lan Level-2; C
PU usage was 0%.
[R1-GigabitEthernet0/0/0]
Mar 23 2022 19:21:21-08:00 R1 %%01ISIS/4/ADJ_CHANGE_LEVEL(l)[1]:The neighbor of
ISIS was changed. (IsisProcessId=256, Neighbor=0000.0000.0002, InterfaceName=GE0
/0/0, CurrentState=down, ChangeType=L2_HOLDTIMER_EXPIRED, Level=Level-2)
[R1-GigabitEthernet0/0/0]
Mar 23 2022 19:21:23-08:00 R1 %%01ISIS/4/PEER_DWN_HLDTMR_EXPR(l)[2]:ISIS 256 nei
ghbor 0000.0000.0002 was Down on interface GE0/0/0 because hold timer expired. T
he Hello packet was received at 19:21:19 last time; the maximum interval for sen
ding Hello packets was 270991360; the local router sent 2315517952 Hello packets
and received 117440512 packets; the type of the Hello packet was Lan Level-1; C
PU usage was 0%.
[R1-GigabitEthernet0/0/0]
Mar 23 2022 19:21:23-08:00 R1 %%01ISIS/4/ADJ_CHANGE_LEVEL(l)[3]:The neighbor of
ISIS was changed. (IsisProcessId=256, Neighbor=0000.0000.0002, InterfaceName=GE0
/0/0, CurrentState=down, ChangeType=L1_HOLDTIMER_EXPIRED, Level=Level-1)
3、继续验证R1的IS-IS是否邻居断掉,在R2上查看ISIS邻居状态。观察到R2和R1的邻居状态现在处于Init。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 --- Init 22s L1(L1L2) 64
R1 GE0/0/0 --- Init 29s L2(L1L2) 64
R3 GE0/0/1 R3.01 Up 8s L1(L1L2) 64
R3 GE0/0/1 R3.01 Up 7s L2(L1L2) 64
Total Peer(s): 4
4、在R2的G0/0/0接口上做相应的认证功能。
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]isis authentication-mode md5 plain huawei
5、配置完成后,继续在R2上查看IS-IS邻居信息。观察到,邻居关系恢复正常。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 8s L1(L1L2) 64
R1 GE0/0/0 R1.01 Up 8s L2(L1L2) 64
R3 GE0/0/1 R3.01 Up 9s L1(L1L2) 64
R3 GE0/0/1 R3.01 Up 7s L2(L1L2) 64
Total Peer(s): 4
6、继续在R2和R3上接口认证功能的配置
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]isis authentication-mode md5 plain huawei
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]isis authentication-mode md5 plain huawei
7、配置完成后,在R3上观察IS-IS邻居信息。观察到,R2和R3已经重新建立起邻接关系。
[R3]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R2 GE0/0/1 R3.01 Up 25s L1(L1L2) 64
R2 GE0/0/1 R3.01 Up 20s L2(L1L2) 64
Total Peer(s): 2
2.7 思考¶
OSPF网络中,区域0专门用来表示骨干区域。IS-IS网络中也是这样的嘛? 答:不是
三、IS-IS邻接关系¶
3.1 原理概述¶
在IS-IS协议中,路由器的IS-IS接口有3种不同的类型或级别:Level-1、Level-2、Level-1-2。Level-1接口只能发送和接收IS-IS Level-1 Hello消息,Level-2接口只能发送和接收IS-IS Level-2 Hello消息,Level-1-2接口同时能发送和接收IS-IS Level-1和Level-2 Hello消息。
相应地,IS-IS路由器也有3种不同的类型或级别:Level-1、Level-2、Level-1-2.如果一台路由器的所有IS-IS接口都是Level-1接口,则这种路由器称为Level-1路由器;如果一台路由器的所有IS-IS接口都是Level-2接口,则这种路由器称为Level-2路由器;如果一台路由器既有Level-1接口,又有Level-2接口,或者该路由器拥有Level-1-2接口,则这种路由器称为Level-1-2路由器。默认情况下,路由器的IS-IS接口都为Level-1-2接口,因此,IS-IS路由器在默认情况下都是Level-1-2路由器的。根据IS-IS协议的设计思想,Level-1路由器部署在IS-IS区域内,Level-2路由器部署在IS-IS区域之间,Level-1-2路由器部署在Level-1路由器和Level-2路由器之间。
在IS-IS协议中,路由器之间的邻接关系分为两种类型或级别:通过交换Level-1 Hello消息而建立的邻接关系称为Level-1邻接关系,通过交换Level-2 Hello消息而建立的邻接关系称为Level-2邻接关系.两台路由器之间可以同时具有Level-1邻接关系和Level-2邻接关系。
在IS-IS协议中,Level-1邻接关系只能在区域ID相同的路由器之间建立,而Level-2邻接关系的建立则无需考虑区域ID是否相同。所有建立了Level-2邻接关系的路由器,既所有相连的Level-1-2路由器和Level-2路由器共同构成了IS-IS的骨干区域。Level-1-2路由器既能够与拥有相同区域ID的Level-1路由器建立Level-1邻接关系,又能够与Level-2路由器建立Level-2邻接关系。
OSPF和IS-IS都是基于链路状态的路由协议。在OSPF协议中,描述链路状态及路由信息的报文称为LSA;在IS-IS协议中,描述链路状态及路由信息的报文称为LSP。注意,LSP也有两种类型或级别:Level-1 LSP和Level-2 LSP.
3.2 实验目的¶
1、理解IS-IS协议中路由器级别和接口级别的含义及关系 2、掌握修改IS-IS路由器级别的方法 3、掌握修改IS-IS路由器接口级别的方法 4、掌握查看IS-IS邻接关系的方法
3.3 实验内容¶
本实验模拟了一个企业网络场景,R1、R2、R3为公司部门A的路由器,R5和R6为公司部门B的路由器,R4为连接公司部门A和部门B的骨干路由器,全网运行IS-IS。R4属于区域20,部门A属于区域10,部门B属于区域30.R1和R2的LoopBack 0接口模拟了部门A的内部网络,R6的LoopBack 0接口模拟了部门B的内部网络。网络需求是:全网互通,并需要通过修改路由器的级别以及接口级别来减少路由器的资源开销及减少网络中的不必要的流量,实现优化整个网络的目的。
3.4 实验拓扑¶
3.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.13.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | LoopBack0 | 10.0.2.2 | 255.255.255.255 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/0 | 10.0.34.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/1 | 10.0.13.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/2 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:10.0000.0000.0003.00 | N/A | ||
| R4(AR2220) | GE0/0/0 | 10.0.34.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/1 | 10.0.45.4 | 255.255.255.0 | N/A |
| R4(AR2220) | NET:20.0000.0000.0004.00 | N/A | ||
| R5(AR2220) | GE0/0/0 | 10.0.56.5 | 255.255.255.0 | N/A |
| R5(AR2220) | GE0/0/1 | 10.0.45.5 | 255.255.255.0 | N/A |
| R5(AR2220) | NET:30.0000.0000.0005.00 | N/A | ||
| R6(AR2220) | GE0/0/0 | 10.0.56.6 | 255.255.255.0 | N/A |
| R6(AR2220) | LoopBack0 | 10.0.6.6 | 255.255.255.255 | N/A |
| R6(AR2220) | NET:30.0000.0000.0006.00 | N/A | ||
| ## 3.6 实验步骤 | ||||
| ### 3.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 3.6.2 配置IS-IS路由协议并查看IS-IS邻接关系 | ||||
| 1、在每台路由器上进行IS-IS协议的基本配置 |
[R1]isis
[R1-isis-1]network-entity 10.0000.0000.0001.00]
[R1-isis-1]is-name R1
[R1-isis-1]int loop 0
[R1-LoopBack0]isis enable
[R1-LoopBack0]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]isis enable
[R2]isis
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]is-name R2
[R2-isis-1]int loop 0
[R2-LoopBack0]isis enable
[R2-LoopBack0]int g 0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/2
[R2-GigabitEthernet0/0/2]isis enable
[R3]isis
[R3-isis-1]network-entity 10.0000.0000.0003.00
[R3-isis-1]is-name R3
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]isis enable
[R3-GigabitEthernet0/0/2]int g0/0/0
[R3-GigabitEthernet0/0/0]isis enable
[R4]isis
[R4-isis-1]network-entity 20.0000.0000.0004.00
[R4-isis-1]is-name R4
[R4-isis-1]int g0/0/0
[R4-GigabitEthernet0/0/0]isis enable
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]isis enable
[R5]isis
[R5-isis-1]network-entity 30.0000.0000.0005.00
[R5-isis-1]is-name R5
[R5-isis-1]int g0/0/0
[R5-GigabitEthernet0/0/0]isis enable
[R5-GigabitEthernet0/0/0]int g0/0/1
[R5-GigabitEthernet0/0/1]isis enable
[R6]isis
[R6-isis-1]network-entity 30.0000.0000.0006.00
[R6-isis-1]is-name R6
[R6-isis-1]int g0/0/0
[R6-GigabitEthernet0/0/0]isis enable
[R6-GigabitEthernet0/0/0]int loop 0
[R6-LoopBack0]isis enable
2、配置完成后,在R1上测试R1的LoopBack 0接口和R6的LoopBack 0接口之间的连通性。观察到,连通性正常。
<R1>ping -a 10.0.1.1 10.0.6.6
PING 10.0.6.6: 56 data bytes, press CTRL_C to break
Reply from 10.0.6.6: bytes=56 Sequence=1 ttl=252 time=90 ms
Reply from 10.0.6.6: bytes=56 Sequence=2 ttl=252 time=40 ms
Reply from 10.0.6.6: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 10.0.6.6: bytes=56 Sequence=4 ttl=252 time=30 ms
Reply from 10.0.6.6: bytes=56 Sequence=5 ttl=252 time=50 ms
--- 10.0.6.6 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/52/90 ms
3、在R3上查看IS-IS邻居关系。观察到R3与R2、R1既建立起L1邻接关系,又建立起L2邻接关系。由于R4的区域ID为20,与R3的区域ID不同,所以R3和R4只能建立L2邻接关系。
[R3]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/1 R3.01 Up 29s L1(L1L2) 64
R1 GE0/0/1 R3.01 Up 29s L2(L1L2) 64
R2 GE0/0/2 R3.02 Up 23s L1(L1L2) 64
R2 GE0/0/2 R3.02 Up 25s L2(L1L2) 64
R4 GE0/0/0 R3.03 Up 27s L2(L1L2) 64
Total Peer(s): 5
3.6.3 修改IS-IS路由器的级别¶
1、在R1上使用dis isis lsdb命令查看IS-IS协议的链路状态数据库(LSDB)。观察到R1同时为Level-1和Level-2分别维护了一个LSDB。Level-1的LSDB中有R1所属区域的LSP,Level-2的LSDB除了有R1所属区域的LSP,还有其他区域的LSP。
[R1]dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x00000009 0xaf5 990 115 1/0/0
R1.01-00* 0x00000002 0xb5d4 990 55 0/0/0
R2.00-00 0x00000009 0x5a88 1107 115 1/0/0
R3.00-00 0x0000000a 0x5040 587 115 1/0/0
R3.01-00 0x00000001 0xadda 458 55 0/0/0
R3.02-00 0x00000001 0xc2c3 469 55 0/0/0
Total LSP(s): 6
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x0000000d 0x7d50 990 151 0/0/0
R1.01-00* 0x00000002 0xb5d4 990 55 0/0/0
R2.00-00 0x0000000d 0xcfec 1107 151 0/0/0
R3.00-00 0x0000000f 0x6ef 665 162 0/0/0
R3.01-00 0x00000001 0xadda 466 55 0/0/0
R3.02-00 0x00000001 0xc2c3 472 55 0/0/0
R3.03-00 0x00000001 0xf38f 567 55 0/0/0
R4.00-00 0x00000008 0x988b 664 99 0/0/0
R4.02-00 0x00000001 0x2061 653 55 0/0/0
R5.00-00 0x00000009 0x8ca7 737 111 0/0/0
R6.00-00 0x00000007 0x5d98 746 100 0/0/0
R6.01-00 0x00000001 0x3945 736 55 0/0/0
Total LSP(s): 12
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
2、在R1上使用dis isis route命令查看IS-IS路由表。观察到,R1也同时为Level-1和Level-2分别维护了一张ISIS路由表。其中Level-2路由表中非本地区域路由的下一跳均为R3。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/L/-
GE0/0/1 10.0.13.3
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.2.2/32 10 NULL GE0/0/0 10.0.12.2 A/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.6.6/32 40 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.23.0/24 20 NULL
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.2.2/32 10 NULL
10.0.56.0/24 40 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.45.0/24 30 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.34.0/24 20 NULL
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、在R1上使用dis ip routing-table命令查看路由表。观察到,R1去往所属区域的其他目标网络的路由均是由ISIS-L1路由表提供的,而去往非R1所属区域的网络的路由,则是由ISIS-L2路由表提供的,且去往这些目标网络的路由的下一跳地址为R3。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.6.6/32 ISIS-L2 15 40 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/1
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L1 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
ISIS-L1 15 20 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.34.0/24 ISIS-L1 15 20 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.45.0/24 ISIS-L2 15 30 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.56.0/24 ISIS-L2 15 40 D 10.0.13.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、综合上述得知,R1没必要为Level-2维护一张LSDB表和ISIS路由表。使用****命令将R1修改为Level-1路由器,使R1停止为Level-2维护LSDB和ISIS路由表
[R1]isis
[R1-isis-1]is-level level-1
5、在R1上查看ISIS协议的LSDB和IS-IS路由表。观察到,R1目前只维护一张LSDB表,一张ISIS路由表,且缺省路由的下一跳分别指向R2和R3。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/1 10.0.13.3 A/-/-/-
GE0/0/0 10.0.12.2
10.0.23.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
GE0/0/0 10.0.12.2
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.2.2/32 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
[R1]dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x0000000c 0xe323 1116 115 0/0/0
R1.01-00* 0x00000004 0xafda 1116 55 0/0/0
R2.00-00 0x0000000b 0x35ab 1095 115 1/0/0
R3.00-00 0x0000000d 0x3f4e 1147 115 1/0/0
R3.01-00 0x00000004 0xa7dd 1147 55 0/0/0
R3.02-00 0x00000003 0xbec5 1147 55 0/0/0
Total LSP(s): 6
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
6、在R1上查看IP路由表。观察到R1目前只存在用于访问R1所在IS-IS区域内的网络路由和用于访问其他IS-IS区域的网络的缺省路由,缺省路由的下一跳地址分别为R2和R3。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.13.3 GigabitEthernet
0/0/1
ISIS-L1 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L1 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/1
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L1 15 20 D 10.0.13.3 GigabitEthernet
0/0/1
ISIS-L1 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 ISIS-L1 15 20 D 10.0.13.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
7、为进一步优化,可以将Level-1-2路由器R2修改为Level-1路由器
[R2]isis
[R2-isis-1]is-level level-1
8、在R1和R2上查看缺省路由。观察到,R1和R2的缺省路由的下一跳都指向了R3。
[R1]dis ip routing-table 0.0.0.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.13.3 GigabitEthernet
0/0/1
[R2]dis ip routing-table 0.0.0.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.23.3 GigabitEthernet
0/0/2
9、为保证路由器只维护自身的LSDB和IS-IS路由表,将R4设置成Level-2路由器,将R6设置成Level-1路由器
[R6]isis
[R6-isis-1]is-level level-1
[R4]isis
[R4-isis-1]is-level level-2
3.6.4 修改IS-IS路由器接口的级别¶
1、在R3上使用debugging isis adjacency int g0/0/0命令针对R3的GE0/0/0接口上启用IS-IS邻接关系的调试工具。观察到,R3和R4由于区域ID不同,仅建立Level-2关系。但是R3的GE0/0/0接口仍同时发送Level-1和Level-2的Hello消息尝试建立Level-1和Level-2的邻接关系。
<R3>debugging isis adjacency int g0/0/0
<R3>terminal debugging
Info: Current terminal debugging is on.
<R3>
Mar 23 2022 20:56:08.124.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-2 IIH enconde cache to send IIH, GE0/0/0.(IS15_2731)
<R3>
Mar 23 2022 20:56:08.124.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L2 Hello on GE0/0/0, to SNPA 0180.c200.0015.(IS15_6963)
<R3>
Mar 23 2022 20:56:09.254.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-1 IIH enconde cache to send IIH, GE0/0/0.(IS15_2679)
<R3>
Mar 23 2022 20:56:09.254.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L1 Hello on GE0/0/0, to SNPA 0180.c200.0014.(IS15_6941)
<R3>
Mar 23 2022 20:56:10.124.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-2 IIH enconde cache to send IIH, GE0/0/0.(IS15_2731)
<R3>
Mar 23 2022 20:56:10.124.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L2 Hello on GE0/0/0, to SNPA 0180.c200.0015.(IS15_6963)
<R3>
Mar 23 2022 20:56:12.124.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-2 IIH enconde cache to send IIH, GE0/0/0.(IS15_2731)
<R3>
Mar 23 2022 20:56:12.124.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L2 Hello on GE0/0/0, to SNPA 0180.c200.0015.(IS15_6963)
<R3>
Mar 23 2022 20:56:13.374.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-2 IIH enconde cache to send IIH, GE0/0/0.(IS15_2731)
<R3>
Mar 23 2022 20:56:13.374.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L2 Hello on GE0/0/0, to SNPA 0180.c200.0015.(IS15_6963)
<R3>undo d
<R3>undo debugging
Mar 23 2022 20:56:15.384.1-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Use level-2 IIH enconde cache to send IIH, GE0/0/0.(IS15_2731)
<R3>undo debugging
Mar 23 2022 20:56:15.384.2-08:00 R3 ISIS/6/ISIS:
ISIS-1-ADJ: Sending Lan L2 Hello on GE0/0/0, to SNPA 0180.c200.0015.(IS15_6963)
<R3>undo debugging all
Info: All possible debugging has been turned off
2、使用命令isis circuit-level level-2修改R3的GE0/0/0接口的IS-IS级别为Level-2,使其接口不再发送Level-1的Hello消息以减小链路与系统开销。
[R3-GigabitEthernet0/0/0]isis circuit-level level-2
3.7 思考¶
IS-IS中的Level-1路由器、Level-2路由器、Level-1-2路由器分别类似于OSPF网络中的哪种路由器? 答: Level-1-2路由器类似于OSPF网络中的ABR
四、IS-IS链路状态数据库¶
4.1 原理概述¶
一个OSPF链路状态数据库是若干条LSA的集合。一个IS-IS链路状态数据库是若干条LSP的集合。与OSPF链路状态数据库不同,IS-IS链路状态数据库有Level-1和Level-2之分
在IS-IS协议中,每一条LSP都有一个剩余生存时间、一个序列号和一个校验和。LSP的剩余时间是由最大生存时间(默认为120s)开始递减的。当一条LSP的剩余时间递减为0时,仍然会在链路状态数据库中继续保留60s(称为ZeroAgeLifetime),然后才会被删除。LSP的始发路由器会周期性地刷新LSP,刷新时间间隔为900s减去不超过25%的随机量。
LSP的序列号是一个32Bit的整数,初始值为1,每次刷新时都会递增1.与OSPF的LSA一样,同一条LSP,其序列号越大,表示LSP越新,路由器总是将最新的LSP放入其链路状态数据库中。如果序列号递增到最大值时,则无法被继续刷新,但其剩余生存时间会递减为0,然后会被从链路状态数据库中删除。
LSP的校验和用于检验LSP是否在传输过程中受到损坏。当路由器收到一条包含错误的检验和的LSP时,会将其直接丢弃。
4.2 实验目的¶
1、理解IS-IS链路状态数据库的内容 2、掌握查看IS-IS链路状态数据库的方法
4.3 实验内容¶
本实验模拟了一个简单的企业网络场景,Level-1路由器R1和Level-1-2路由器R2为公司部门A的网络设备,Level-2路由器R3为公司骨干路由器。整个网络都运行IS-IS协议,R1和R2属于IS-IS区域10,R3属于IS-IS区域20,R1的LoopBack0接口模拟了部门A的内部网络,R3的LoopBack 0接口模拟了公司服务器所在的网络。实验内容的重点是观察和分析R1、R2、R3上的IS-IS链路状态数据库。
4.4 实验拓扑¶
4.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A |
4.6 实验步骤¶
4.6.1 基本配置¶
根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。
4.6.2 配置IS-IS路由协议¶
1、在R1、R2、R3上配置IS-IS协议,其中R1为Level-1路由器,R2为Level-1-2路由器,R3为Level-2路由器
[R1]isis
[R1-isis-1]is-level level-1
[R1-isis-1]is-name R1
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]int loop 0
[R1-LoopBack0]isis enable
[R1-LoopBack0]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R2]isis
[R2-isis-1]is-level level-1-2
[R2-isis-1]is-name R2
[R2-isis-1]net
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]isis circuit-level level-1
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R2-GigabitEthernet0/0/1]isis circuit-level level-2
[R3]isis
[R3-isis-1]is-name R3
[R3-isis-1]is-level level-2
[R3-isis-1]network-entity 20.0000.0000.0003.00
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]int loop 0
[R3-LoopBack0]isis enable
2、配置完成后,在R2上查看IS-IS邻居关系。观察到,R2与R1建立了Level-1邻接关系,与R3建立Level-2邻接关系。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 8s L1 64
R3 GE0/0/1 R3.01 Up 8s L2 64
Total Peer(s): 2
3、再R1上以10.0.1.1为源测试与10.0.3.3的连通性。观察到,连通性正常。
<R1>ping -a 10.0.1.1 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=140 ms
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.0.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/54/140 ms
4.6.3 查看Level-1路由器的链路状态数据库¶
1、在Level-1路由器R1上查看IS-IS链路状态数据库,观察到,链路状态数据库中包含了3条LSP,以及相应的LSP IS、序列号(Seq Num)、校验和(Checksum )、生存时间(Checksum )、长度(Length)等属性。第一条LSP的LSP ID为R1.00-00,其中R1为动态主机名。如果没有配置动态主机名时,相应的位置是系统ID。R1.00-00前面的00是伪节点点标识,00表示此LSP是由真实节点而非伪节点生成的。R1.00-00中后面的00为分片后,当LSP的长度太长时,LSP会被分片,分片号的作用是为了重组被分片的LSP。R1.00-00中的"*"表示此LSP是于本地生成的。
<R1>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x00000005 0x1c57 544 88 0/0/0
R1.01-00* 0x00000002 0xb3d8 544 55 0/0/0
R2.00-00 0x00000009 0xecf7 677 76 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
2、在R1上使用dis isis lsdb verbose命令查看你IS-IS链路状态数据库的详细信息。观察到,第一条LSP是本地生成的,LSP ID包含了系统ID,系统是一个真实节点而非伪节点。SOURCE 为动态主机名附伪节点标识,HOST NAME为动态主机名,NLPID为该LSP所支持的网络协议,此处为IPv4.AREA ADDR为该LSP的区域地址,此处地址为10.INTF ADDR为接口地址,描述了生成此LSP的路由器所有的接口的IP地址。NBR ID为邻居的系统ID附伪节点标识,COST为去往邻居的开销值。IP-Internal为区域内IP路由信息,描述网络前缀和掩码,以及COST信息。需要注意,第二条LSP是伪节点产生的。
[R1]dis isis lsdb verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000006 0x1a58 678 88 0/0/0
SOURCE R1.00
HOST NAME R1
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.1
INTF ADDR 10.0.12.1
NBR ID R1.01 COST: 10
IP-Internal 10.0.1.1 255.255.255.255 COST: 0
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
0000.0000.0001.01-00* 0x00000003 0xb1d9 678 55 0/0/0
SOURCE R1.01
NLPID IPV4
NBR ID R1.00 COST: 0
NBR ID R2.00 COST: 0
0000.0000.0002.00-00 0x0000000a 0xeaf8 783 76 1/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.23.2
INTF ADDR 10.0.12.2
NBR ID R1.01 COST: 10
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
4.6.4 查看Level-1-2路由器的链路状态数据库¶
1、在Level-1-2路由器R2上查看IS-IS链路状态数据库。观察到,R2为Level-1和Level-2分别维护了一份链路状态数据库。
<R2>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00 0x00000007 0x1859 791 88 0/0/0
R1.01-00 0x00000004 0xafda 791 55 0/0/0
R2.00-00* 0x0000000b 0xe8f9 868 76 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R2.00-00* 0x0000000d 0xc0c9 868 100 0/0/0
R3.00-00 0x00000006 0xb683 1067 88 0/0/0
R3.01-00 0x00000003 0xc5bf 1067 55 0/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
2、在R2上使用命令dis isis lsdb level-1 verbose查看Level-1的链路状态数据库的详细信息。在R2的Level-1的链路状态数据库中,除了用于标识本地生成的LSP的"*"之外,内容上与R1的level-1链路状态数据库完全相同。
<R2>dis isis lsdb level-1 verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00 0x00000007 0x1859 587 88 0/0/0
SOURCE R1.00
HOST NAME R1
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.1
INTF ADDR 10.0.12.1
NBR ID R1.01 COST: 10
IP-Internal 10.0.1.1 255.255.255.255 COST: 0
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
0000.0000.0001.01-00 0x00000004 0xafda 587 55 0/0/0
SOURCE R1.01
NLPID IPV4
NBR ID R1.00 COST: 0
NBR ID R2.00 COST: 0
0000.0000.0002.00-00* 0x0000000b 0xe8f9 664 76 1/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.23.2
INTF ADDR 10.0.12.2
NBR ID R1.01 COST: 10
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
3、在R2上使用命令dis isis lsdb level-2 verbose查看Level-1的链路状态数据库的详细信息。在R2的Level-2的链路状态数据库中,除了用于标识本地生成的LSP的"*"之外,内容上与R1的level-1链路状态数据库完全相同。其中,Level-1链路状态数据库和Level-2链路状态数据库的最主要区别在于:Level-1链路状态数据库中的LSP的区域ID彼此相同,而Level-2链路状态数据库中的LSP的区域ID彼此可以不同。
<R2>dis isis lsdb level-2 verbose
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x0000000e 0xbeca 816 100 0/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.23.2
INTF ADDR 10.0.12.2
NBR ID R3.01 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
IP-Internal 10.0.1.1 255.255.255.255 COST: 10
0000.0000.0003.00-00 0x00000007 0xb484 1040 88 0/0/0
SOURCE R3.00
HOST NAME R3
NLPID IPV4
AREA ADDR 20
INTF ADDR 10.0.23.3
INTF ADDR 10.0.3.3
NBR ID R3.01 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.3.3 255.255.255.255 COST: 0
0000.0000.0003.01-00 0x00000004 0xc3c0 1040 55 0/0/0
SOURCE R3.01
NLPID IPV4
NBR ID R3.00 COST: 0
NBR ID R2.00 COST: 0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
4.6.5 查看Level-2路由器的链路状态数据库¶
1、查看Level-2路由器R3上查看IS-IS链路状态数据库。观察到,Level-2路由器R3只为Level-2维护了一份链路状态数据库,其中的LSP条目与R2的Level-2的链路状态数据库中的LSP条目相同。
<R3>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R2.00-00 0x0000000e 0xbeca 922 100 0/0/0
R3.00-00* 0x00000007 0xb484 1147 88 0/0/0
R3.01-00* 0x00000004 0xc3c0 1147 55 0/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
2、在R3上查看IS-IS链路状态数据库的详细信息。观察到,R3的Level-2链路状态数据库与R2的Level-2链路状态数据库完全相同。
<R3>dis isis lsdb verbose
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00 0x0000000e 0xbeca 588 100 0/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.23.2
INTF ADDR 10.0.12.2
NBR ID R3.01 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
IP-Internal 10.0.1.1 255.255.255.255 COST: 10
0000.0000.0003.00-00* 0x00000007 0xb484 813 88 0/0/0
SOURCE R3.00
HOST NAME R3
NLPID IPV4
AREA ADDR 20
INTF ADDR 10.0.23.3
INTF ADDR 10.0.3.3
NBR ID R3.01 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.3.3 255.255.255.255 COST: 0
0000.0000.0003.01-00* 0x00000004 0xc3c0 813 55 0/0/0
SOURCE R3.01
NLPID IPV4
NBR ID R3.00 COST: 0
NBR ID R2.00 COST: 0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
4.7 思考¶
为什么说RIP是一种基于Road Sign路由协议,而IS-IS是一种基于Road Map的路由协议? 答:
五、IS-IS DIS¶
5.1 原理概述¶
OSPF协议支持4种网络类型,IS-IS协议只支持两种网络类型,即广播网络和点到点网络。与OSPF网络类型相同,IS-IS协议在广播网络中会将网络视为一个伪节点(Pseudonode,简称PSN),并选举一台DIS(Designated IS)路由器来代行这个伪节点的职责。DIS的作用与OSPF的DR类似,可以减少不必要的LSP泛洪。注意,与OSPF协议中的DR选举不同,DIS的选举是抢占性的。另外,DIS还有Level-1和Level-2之分,同一网络的Level-1 DIS和Level-2 DIS可能是同一台路由器,也有可能是不同的路由器。在点到点网络中,IS-IS不选举DIS。
注意,选举出DIS后,广播网络中的路由器仍然需要与所有邻居建立邻接关系,而不仅仅是与DIS建立邻接关系。在广播网络中,DIS会周期性(默认为10s)地发送携带CSNP(Complete Sequence Number PDU)消息的组播帧来实现链路状态数据库之间同步,其中Level-1 DIS使用的组播MAC地址为0180.C200.0014,Level-2 DIS使用的组播MAC地址为0180.C200.0015.
选举DIS的过程是自动进行的,选举的依据是比较同一网络中路由器接口的DIS优先级,其次是比较接口的MAC地址。在接口的DIS优先级相同的情况,MAC地址较大者将成为DIS。
路由器的IS-IS接口都拥有一个Level-1 DIS优先级和一个Level-2 DIS优先级,取值范围为0-127,默认值为64。IS-IS接口所发出的Level-1 Hello报文中携带了Level-1 DIS优先级的值,Level-2 Hello报文中携带了Level-2 DIS优先级的值。注意,如果DIS优先级的值为0,并不表示不参与DIS 的选举,而只是表示DIS优先级最低。
在OSPF协议中,除了有DR,还有Backup DR(BDR)。但是在IS-IS协议中,只有DIS,没有Backup DIS。
IS-IS协议会将广播型网络本身抽象成一个伪节点,伪节点并不实际存在,它只是一个逻辑的概念,广播型网络中的路由器都认为自己的伪节点存在邻接关系,并通过产生相应的LSP来描述自己和这个伪节点之间的链路状态。广播型网络中的DIS充当了伪节点的角色并代伪节点的职责;DIS路由器会代替抽象的伪节点产生PSN LSP(伪节点LSP),用以描述哪些路由器与伪节点相连。PSN LSP与OSPF中的Type-2 LSA非常相似。
伪节点只是一个逻辑的概念,用来表示一个广播型网络本身,而DIS路由器是连接到这个广播型网络的一台路由器,DIS和伪节点是两个不同的概念,只是DIS代行了伪节点的职责而已。在广播网络上,路由器到伪节点的开销值默认为是10,而伪节点到路由器的开销值为0.
5.2 实验目的¶
1、理解IS-IS协议中的DIS的作用和选举方法 2、理解IS-IS接口的DIS优先级的概念 3、掌握通过修改DIS优先级来控制DIS选举结果的方法
5.3 实验内容¶
R1、R2、R3、R4分别连接着公司部门A、B、C、D;R1、R2、R3、R4分别为Level-1-2、Level-1-2、Level-1、Level-2路由器。网络需求是:必须让R1成为Level-1 DIS,R2成为Level-2 DIS。(本实验路由器的接口MAC地址是随机生成的)
5.4 实验拓扑¶
5.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.1.1 | 255.255.255.0 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R1(AR2220) | MAC:00e0-fc76-67b5 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.1.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R2(AR2220) | MAC:00e0-fc97-3593 | N/A | ||
| R3(AR2220) | GE0/0/0 | 10.0.1.3 | 255.255.255.0 | N/A |
| R3(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R3(AR2220) | MAC:00e0-fc53-2d72 | N/A | ||
| R4(AR2220) | GE0/0/0 | 10.0.1.4 | 255.255.255.0 | N/A |
| R4(AR2220) | NET:10.0000.0000.0004.00 | N/A | ||
| R4(AR2220) | MAC:00e0-fc4c-2f25 | N/A | ||
| ## 5.6 实验步骤 | ||||
| ### 5.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 5.6.2 配置IS-IS路由协议 | ||||
| 1、在每台路由器上配置IS-IS协议,其中R1、R2、R3、R4分别为Level-1-2、Level-1-2、Level-1、Level-2路由器 |
[R1]isis
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]is-name R1
[R1-isis-1]QU
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R2]isis
[R2-isis-1]is-name R2
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]quit
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R3]isis
[R3-isis-1]is-name R3
[R3-isis-1]is-level level-1
[R3-isis-1]network-entity 10.0000.0000.0003.00
[R3-isis-1]int g0/0/0
[R3-GigabitEthernet0/0/0]isis enable
[R4]isis
[R4-isis-1]is-level level-2
[R4-isis-1]is-name R4
[R4-isis-1]network-entity 10.0000.0000.0004.00
[R4-isis-1]int g0/0/0
[R4-GigabitEthernet0/0/0]isis enable
2、配置完成后,在R1上查看IS-IS邻居信息。观察到,R1与R2分别建立了Level-1-2邻接关系,R1与R3建立了Level-1邻接关系,R1与R4建立了Level-2邻接关系。
[R1]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R2 GE0/0/0 R2.01 Up 7s L1(L1L2) 64
R3 GE0/0/0 R2.01 Up 22s L1 64
R2 GE0/0/0 R2.01 Up 8s L2(L1L2) 64
R4 GE0/0/0 R2.01 Up 26s L2 64
Total Peer(s): 4
5.6.3 查找默认选举的DIS¶
1、在每台路由器上使用dis isis int g0/0/0命令查看GE0/0/0接口的IS-IS协议信息。在使用接口的缺省DIS优先级的情况下,能够发送L1和L2Hello报文的接口中,R2的GE0/0/0接口的MAC地址最大,因此R2被选举为L1 DIS和L2 DIS。
[R1]dis isis int g0/0/0
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
<R2>dis isis int g0/0/0
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 Yes/Yes
<R3>dis isis int g0/0/0
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
<R4>dis isis interface g0/0/0
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
2、在每台路由器上使用dis isis int g0/0/0 verbose命令查看G0/0/0接口的IS-IS详细信息。观察到,L1 DIS、L2 DIS优先级值为默认值都为64。
<R1>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc76-67b5
IP Address : 10.0.1.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
<R2>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 Yes/Yes
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc97-3593
IP Address : 10.0.1.2
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
<R3>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc53-2d72
IP Address : 10.0.1.3
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
<R4>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc4c-2f25
IP Address : 10.0.1.4
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
3、在R2上查看IS-IS的链路状态数据库。观察到,Level-1数据库有一条LSP ID为R2.01-00的LSP,这就是一条的Level-1 PSN LSP,同时也说明R2就是Level-1 DIS;在Level-2数据库中有一条LSP ID为R2.01-00 的LSP,这是一条Level-2 PSN LSP,同时说明 R2就是Level-2 DIS.
<R2>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00 0x00000005 0xe22 452 72 0/0/0
R2.00-00* 0x00000004 0x34f9 530 72 0/0/0
R2.01-00* 0x00000003 0x8870 530 66 0/0/0
R3.00-00 0x00000004 0x56d6 516 72 0/0/0
Total LSP(s): 4
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00 0x00000006 0xc23 452 72 0/0/0
R2.00-00* 0x00000005 0x32fa 530 72 0/0/0
R2.01-00* 0x00000003 0xaf48 530 66 0/0/0
R4.00-00 0x00000004 0x7cab 694 72 0/0/0
Total LSP(s): 4
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
4、在R2上使用dis isis lsdb is-name R2 verbose 命令查看R2生成的LSP的详细信息。观察到,在R1的Level-1的LSDB中的LSP ID为0000.0000.0002.01-00*的LSP由R1自己产生,这条LSP描述了R1和伪节点R2.01之间的链路状态信息,其中AREA ADDR代表了R2自己所在区域ID为10.0000,INTF ADDR描述了R1自己与伪节点R2.01相连的接口IP地址为10.0.1.2,NBR ID描述了邻居是伪节点R2.01,Cost描述了R2自己到伪节点R2.01的开销值为10,IP-Internal描述了R1和伪节点R2.01之间的网络前缀和掩码以及开销值信息。
<R2>dis isis lsdb is-name R2 verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000005 0x32fa 859 72 0/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.2
NBR ID R2.01 COST: 10
IP-Internal 10.0.1.0 255.255.255.0 COST: 10
0000.0000.0002.01-00* 0x00000004 0x8671 859 66 0/0/0
SOURCE R2.01
NLPID IPV4
NBR ID R2.00 COST: 0
NBR ID R1.00 COST: 0
NBR ID R3.00 COST: 0
Total LSP(s): 2
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x00000006 0x30fb 859 72 0/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.2
NBR ID R2.01 COST: 10
IP-Internal 10.0.1.0 255.255.255.0 COST: 10
0000.0000.0002.01-00* 0x00000004 0xad49 858 66 0/0/0
SOURCE R2.01
NLPID IPV4
NBR ID R2.00 COST: 0
NBR ID R1.00 COST: 0
NBR ID R4.00 COST: 0
Total LSP(s): 2
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
注意:在广播网络中,路由器到伪节点的开销值为10,而伪节点到路由器的开销值为0! 5、R1既不是 Level-1 DIS,也不是 Level-2 DIS,在R1上使用dis isis lsdb is-name R1 verbose命令查看R1生成的LSP的详细信息。观察到,R1生成了两条LSP,分别描述了自己与伪节点R2.01的关系。
<R1>dis isis lsdb is-name R1 verbose
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000007 0xa24 829 72 0/0/0
SOURCE R1.00
HOST NAME R1
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.1
NBR ID R2.01 COST: 10
IP-Internal 10.0.1.0 255.255.255.0 COST: 10
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0001.00-00* 0x00000008 0x825 829 72 0/0/0
SOURCE R1.00
HOST NAME R1
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.1.1
NBR ID R2.01 COST: 10
IP-Internal 10.0.1.0 255.255.255.0 COST: 10
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
5.6.4 修改DIS优先级来控制DIS选举结果¶
1、根据需求,R1为Level-1 DIS,使用isis dis-priority 127 level-1命令修改接口的Level-1 DIS优先级即可实现。
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis dis-priority 127 level-1
2、配置完成后,在R1上使用dis isis int g0/0/0 verbose命令查看GE0/0/0接口的IS-IS协议的详细信息。观察到,R1的GE0/0/0接口的level-1 DIS优先级值已被修改为127,R2的GE0/0/0接口的level-1 DIS优先级值仍为64。R1接口的DIS属性为Yes/No,说明R1现在为L1 DIS。这里注意,与OSPF协议不同,DIS优先级修改后,优先级更高的路由器会迅速抢占DIS的角色。
[R1]dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 Yes/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc76-67b5
IP Address : 10.0.1.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 127 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
5.7 思考¶
如果一个路由器的DIS优先级的值为0,那它可能会成为DIS吗? 答:可能,如果DIS优先级的值为0,并不表示不参与DIS 的选举,而只是表示DIS优先级最低。
六、IS-IS开销值和协议优先级¶
6.1 原理概述¶
IS-IS协议为路由器的每个IS-IS接口定义并维护了一个Level-1开销值和一个Level-2开销值。开销值可以在接口上或者全局上手动配置,也可以使用Auto-Cost自动计算确定。开销值的优先顺序为:接口上手动配置的开销值,全局上手动配置的开销值,Auto-Cost方式自动计算确定的开销值。
采用Auto-Cost计算确定接口的开销值时,如果开销值类型为Wide,则接口开销值=(参考带宽/接口带宽)X10;如果开销值类型为Narrow,则接口开销值为与接口带宽绑定的固定值。开销值类型为Narrow时,接口带宽分为几个档次,依次为小于等于10MB、大于10MB小于等于100MB、大于100MB小于等于155MB、大于155MB小于等于622MB、大于622MB小于等于2.5GB,而相应的接口开销值分别为60、50、40、30、20、10.在没有任何配置的情况下,IS-IS开销类型默认为Narrow,且所有带宽档次的接口默认开销值为10。
IS-IS路由的协议优先级为15.路由的协议优先级的值越小,路由的优先级越高。
与许多动态路由协议一样,IS-IS也拥有了一系列的计时器,其中Hello Timer是用来控制IS-IS Hello报文发送的时间间隔。
IS-IS协议的Hello PDU中并不包含Hello Time字段,IS-IS协议在建立邻居关系过程中也不会检测邻居的Hello Timer计时器与本端是否一致。
6.2 实验目的¶
1、掌握修改IS-IS开销值的方法 2、掌握修改IS-IS协议优先级的方法 3、掌握修改IS-IS Hello Timer设定值的方法
6.3 实验内容¶
本实验模拟了一个简单的企业网络场景,R1、R2、R3、R4均为Level-1 IS-IS路由器,R1为企业分支机构的路由器,R4的LoopBack0接口、LoopBack1接口以及LoopBack2接口分别模拟了企业总部的3台服务器A、B、C。网络需求是:企业分支机构访问服务器A的报文通过R2转发,企业分支机构访问服务器B和服务器C的报文通过R3转发。此外,为了减少链路上IS-IS Hello报文带来的带宽开销,Hello Timer的设定值需要被修改增大。
6.4 实验拓扑¶
6.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.13.1 | 255.255.255.0 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.24.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/0 | 10.0.34.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/1 | 10.0.13.3 | 255.255.255.0 | N/A |
| R3(AR2220) | NET:10.0000.0000.0003.00 | N/A | ||
| R4(AR2220) | GE0/0/0 | 10.0.34.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/1 | 10.0.24.4 | 255.255.255.0 | N/A |
| R4(AR2220) | LoopBack0 | 10.0.100.1 | 255.255.255.255 | N/A |
| R4(AR2220) | LoopBack1 | 10.0.100.2 | 255.255.255.255 | N/A |
| R4(AR2220) | LoopBack2 | 10.0.100.3 | 255.255.255.255 | N/A |
| R4(AR2220) | NET:10.0000.0000.0004.00 | N/A |
6.6 实验步骤¶
6.6.1 基本配置¶
根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。
6.6.2 配置IS-IS路由协议¶
1、在每台路由器上配置IS-IS协议,其中各路由器都是Level-1路由器。
[R1]isis
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]is-name R1
[R1-isis-1]is-level level-1
[R1-isis-1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]isis enable
[R2]isis
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]is-name R2
[R2-isis-1]is-level level-1
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R3]isis
[R3-isis-1]network-entity 10.0000.0000.0003.00
[R3-isis-1]is-level level-1
[R3-isis-1]is-name R3
[R3-isis-1]int g0/0/0
[R3-GigabitEthernet0/0/0]isis enable
[R3-GigabitEthernet0/0/0]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R4]isis
[R4-isis-1]network-entity 10.0000.0000.0004.00
[R4-isis-1]is-name R4
[R4-isis-1]is-level level-1
[R4-isis-1]int g0/0/0
[R4-GigabitEthernet0/0/0]isis enable
[R4-GigabitEthernet0/0/0]int g0/0/1
[R4-GigabitEthernet0/0/1]isis enable
[R4]int loop 0
[R4-LoopBack0]isis enable
[R4-LoopBack0]int loop 1
[R4-LoopBack1]isis enable
[R4-LoopBack1]int loop 2
[R4-LoopBack2]isis enable
2、配置完成后,在R1上查看IS-IS邻接关系建立情况。观察到R1与R2和R3成功建立了Level-1邻接关系。
<R1>dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R2 GE0/0/0 R2.01 Up 8s L1 64
R3 GE0/0/1 R3.02 Up 7s L1 64
Total Peer(s): 2
6.6.3 修改IS-IS开销值¶
1、在R1上使用dis isis route 命令查看IS-IS路由表, 观察到,R1去往10.0.100.1/32、10.0.100.2/32、10.0.100.3/32的路由采用了负载均衡方式,分别以R2和R3为下一跳。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.100.2/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.13.3
10.0.24.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.100.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.13.3
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.100.3/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.13.3
10.0.34.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
2、在R1上查看GE0/0/0接口的IS-IS协议详细信息。观察到,R1的GE0/0/0接口的IS-IS Level-1和Level-2的开销值为10.
<R1>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc26-7d7a
IP Address : 10.0.12.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 10 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
3、为了使R1访问10.0.100.1/32、10.0.100.2/32、10.0.100.3/32的报文都通过R3转发,可以在R1的GE0/0/0接口上使用isis cost 50 level-1命令修改Level-1的开销值为50.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis cost 50 level-1
4、配置完成后,在R1上查看GE0/0/0接口的IS-IS协议的详细信息。观察到,R1的GE0/0/0接口的Level-1开销值已经变成了50。
[R1]dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc26-7d7a
IP Address : 10.0.12.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 50 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
5、在R1上查看IS-IS路由表。观察到,R1去往10.0.100.1/32、10.0.100.2/32、10.0.100.3/32的路由以R3为下一跳。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.100.2/32 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.24.0/24 30 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.100.1/32 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.13.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 50 NULL GE0/0/0 Direct D/-/L/-
10.0.100.3/32 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.13.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
6.6.4 修改IS-IS 协议优先级¶
1、在R1上使用dis default-parameter isis命令查看IS-IS协议的默认参数。观察到,IS-IS对于IPv4的协议优先级的值默认为15.
[R1]dis default-parameter isis
Default Configurations For Process
----------------------------------
Cost-Style : Narrow
Circuit-Cost <IPv4> : L1 10 L2 10
Circuit-Cost <IPv6> : L1 10 L2 10
IS-Level : L12
LSP-Originate-Length : 1497
LSP-Receive-Length : 1497
LSP-Max-Age <s> : 1200
LSP-Generation-IntelliTimer <s,ms,ms> : L1 Max 2 Init 0 Incr 0
L2 Max 2 Init 0 Incr 0
LSP-Refresh-Interval <s> : 900
Preference : IPv4 15 IPv6 15
SPF-IntelliTimer <s,ms,ms> : Max 5 Init 50 Incr 200
Default Configurations For Interfaces
-------------------------------------
Circuit-Level : L12
CSNP-Interval <s> : L1 10 L2 10
Cost <IPv4> : L1 10 L2 10
Cost <IPv6> : L1 10 L2 10
DIS-Priority : L1 64 L2 64
Hello-Interval <s> : L1 10 L2 10
Holding-Multiplier : L1 3 L2 3
LSP-Retransmit <s> : 5
LSP-Throttle <ms> : 50 count 10
PPP-Negotiation : 3-Way
2、为了使R1访问服务器A的报文选择经由R2的路径。在R1的IS-IS视图下使用preference 70命令修改R1的IS-IS协议优先级的值为70.
[R1]isis
[R1-isis-1]preference 70
3、配置完成后,继续在R1上配置去往服务器A的静态路由,下一跳为R2。
[R1]ip route-static 10.0.100.1 32 10.0.12.2
4、配置完成后,在R1上查看路由表。观察到R1访问10.0.100.1/32的报文使用的是静态路由。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.13.0/24 Direct 0 0 D 10.0.13.1 GigabitEthernet
0/0/1
10.0.13.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.13.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.0/24 ISIS-L1 70 30 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.34.0/24 ISIS-L1 70 20 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.100.1/32 Static 60 0 RD 10.0.12.2 GigabitEthernet
0/0/0
10.0.100.2/32 ISIS-L1 70 20 D 10.0.13.3 GigabitEthernet
0/0/1
10.0.100.3/32 ISIS-L1 70 20 D 10.0.13.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5、在R1上使用tracert命令验证R1去往10.0.100.1/32、10.0.100.2/32、10.0.100.3/32的报文所经过的路径。观察到,R1去往服务器A选择经由R2的路径,去往服务器B、C选择经由R3的路径。
[R1]tracert 10.0.100.1
traceroute to 10.0.100.1(10.0.100.1), max hops: 30 ,packet length: 40,press CT
RL_C to break
1 10.0.12.2 100 ms 20 ms 20 ms
2 10.0.24.4 80 ms 20 ms 20 ms
[R1]tracert 10.0.100.2
traceroute to 10.0.100.2(10.0.100.2), max hops: 30 ,packet length: 40,press CT
RL_C to break
1 10.0.13.3 40 ms 20 ms 20 ms
2 10.0.34.4 40 ms 30 ms 30 ms
[R1]tracert 10.0.100.3
traceroute to 10.0.100.3(10.0.100.3), max hops: 30 ,packet length: 40,press CT
RL_C to break
1 10.0.13.3 20 ms 20 ms 20 ms
2 10.0.34.4 30 ms 30 ms 30 ms
6.6.5 修改IS-IS Hello Timer的设定值¶
1、在R1上查看GE0/0/0接口的IS-IS协议的详细信息。观察到,R1的L1 和L2 Hello报文时间间隔均为10s,但是DIS接口的Level-1和Level-2 Hello报文时间间隔均为3s(自动取相应值的三分之一,并取整)。
<R1>dis isis int g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc26-7d7a
IP Address : 10.0.12.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 10 L2 10
DIS Hello Timer Value : L1 3 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 50 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
2、在R1的GE0/0/0接口视图下使用****命令修改GE0/0/0接口发送IS-IS Level-1Hello报文的时间间隔为30s.
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis timer hello 30 level-1
3、配置完成后,在R1上查看GE0/0/0接口的IS-IS协议详细信息。观察到Level-1Hello报文的时间间隔为30s,DIS的Level-1Hello报文的时间间隔为10s.
[R1]dis isis interface g0/0/0 verbose
Interface information for ISIS(1)
---------------------------------
Interface Id IPV4.State IPV6.State MTU Type DIS
GE0/0/0 001 Up Down 1497 L1/L2 No/No
Circuit MT State : Standard
Description : HUAWEI, AR Series, GigabitEthernet0/0/0 Interfac
e
SNPA Address : 00e0-fc26-7d7a
IP Address : 10.0.12.1
IPV6 Link Local Address :
IPV6 Global Address(es) :
Csnp Timer Value : L1 10 L2 10
Hello Timer Value : L1 30 L2 10
DIS Hello Timer Value : L1 10 L2 3
Hello Multiplier Value : L1 3 L2 3
LSP-Throttle Timer : L12 50
Cost : L1 50 L2 10
Ipv6 Cost : L1 10 L2 10
Priority : L1 64 L2 64
Retransmit Timer Value : L12 5
Bandwidth-Value : Low 1000000000 High 0
Static Bfd : NO
Dynamic Bfd : NO
Fast-Sense Rpr : NO
6.7 思考¶
直连路由的协议优先级的值,静态路由的协议优先级的值,RIP路由的协议优先级的值,OSPF路由的协议优先级的值,BGP路由的协议优先级的值,IS-IS路由的协议优先级的值各是多少? 答:直连路由的协议优先级的值为0,静态路由的协议优先级的值为60,RIP路由的协议优先级的值为100,OSPF内部路由的协议优先级的值为10,OSPF ASE(AS External)路由的协议优先级的值为150,EBGP路由的协议优先级的值为255,IBGP路由的协议优先级的值为255,IS-IS路由的协议优先级的值是15.
七、IS-IS路由聚合¶
7.1 原理概述¶
与OSPF协议相同,IS-IS也能够通过路由聚合来减少路由条目。不同的是,OSPF只能够在ABR和ASBR路由器上进行路由聚合,而IS-IS路由器能否进行路由聚合以及对什么样的路由才能进行聚合取决于路由器的类型及路由的类型。
在IS-IS网络中,Level-1路由器只维护了Level-1链路状态数据库,只能对相应的Level-1的直连路由进行聚合,并将聚合后的路由以Level-1 LSP的形式发送给其他路由器;Level-2路由器只维护Level-2链路状态数据库,只能对相应的Level-2的直连路由进行聚合,并将聚合后的路由以Level-2 LSP的形式发送给其他路由器;Level-1-2路由器分别维护了Level-1和Level-2链路状态数据库,Level-2路由器能够将Level-1路由器中的路由(不必一定是直连路由)进行聚合后以Level-1 LSP的形式发送给其他路由器,将Level-2路由表中的路由(不必一定是直连路由)进行聚合后以Level-2 LSP的形式发送给其他路由器,并且还能够将Level-1 路由表中的路由(不必一定是直连路由)进行聚合后以Level-2 LSP的形式发送给其他路由器。
7.2 实验目的¶
1、理解IS-IS网络中的路由聚合条件和类型 2、掌握配置IS-IS路由聚合的方法
7.3 实验内容¶
本实验模拟了一个简单的企业网络场景,R1和R2为公司总部的路由器,R3为公司分支机构的路由器。R1为Level-1路由器,R2为Level-2路由器,R3为Level-2路由器。R1和R2属于IS-IS区域10,R3属于IS-IS区域20。R1和R3的LoopBack接口分别用来模拟公司总部的各个网络和公司分支机构的各个网络。网络需求是:全网互通,并配置路由聚合以精简路由表的路由条目。
7.4 实验拓扑¶
7.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | LoopBack1 | 10.0.1.2 | 255.255.255.255 | N/A |
| R1(AR2220) | LoopBack2 | 10.0.1.3 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | LoopBack1 | 10.0.3.2 | 255.255.255.255 | N/A |
| R3(AR2220) | LoopBack2 | 10.0.3.1 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A | ||
| ## 7.6 实验步骤 | ||||
| ### 7.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 7.6.2 配置IS-IS协议 | ||||
| 1、配置IS-IS协议,其中R1为Level-1路由器,R2为Level-2路由器,R3为Level-2路由器。 |
[R1]isis
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]is-name R1
[R1-isis-1]is-level level-1
[R1-isis-1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int loop 0
[R1-LoopBack0]isis enable
[R1-LoopBack0]int loop 1
[R1-LoopBack1]isis enable
[R1-LoopBack1]int loop 2
[R1-LoopBack2]isis enable
[R2]isis
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]is-name R2
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R3]isis
[R3-isis-1]network-entity 20.0000.0000.0003.00
[R3-isis-1]is-name R3
[R3-isis-1]is-level level-2
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]int loop 0
[R3-LoopBack0]isis enable
[R3-LoopBack0]int loop 1
[R3-LoopBack1]isis enable
[R3-LoopBack1]int loop 2
[R3-LoopBack2]isis enable
2、配置完成后,在R2上查看IS-IS邻居信息。观察到,R2与R1和R3已经成功建立了IS-IS邻接关系。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 8s L1 64
R3 GE0/0/1 R3.01 Up 8s L2 64
Total Peer(s): 2
3、在R1上查看IS-IS路由表。观察到,R1的IS-IS路由表中并没有R3上的LoopBack接口的明细路由,但是有一条下一跳为R2的缺省路由,该缺省路由是由Level-1-2路由器R2发布的。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.1.3/32 0 NULL Loop2 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.2/32 0 NULL Loop1 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
7.6.3 在Level-1路由器上进行路由聚合¶
1、在R2上使用dis isis route 命令查看IS-IS路由表。观察到R2路由表上拥有公司总部的各个网络、公司分支机构的各个网络的明细路由。
<R2>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.1.3/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.2/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
10.0.1.1/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.3.3/32 10 NULL GE0/0/1 10.0.23.4 A/-/-/-
10.0.3.2/32 10 NULL GE0/0/1 10.0.23.4 A/-/-/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.3.1/32 10 NULL GE0/0/1 10.0.23.4 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
2、由于默认情况下,IS-IS总是将聚合后的路由以Level-2 LSP的形式传递给其他路由器,在R1的IS-IS视图下使用summary 10.0.1.0 255.255.255.252 level-1命令将聚合后的路由以Level-1 LSP的形式传递给其他路由。
[R1-isis-1]summary 10.0.1.0 255.255.255.252 level-1
3、在R2上使用dis isis route level-1命令查看IS-IS的Level-1路由表。观察到,聚合路由已经生效。
<R2>dis isis route level-1
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.0/30 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
7.6.4 在Level-2路由器上进行路由聚合¶
1、在Level-2路由器R3上将Level-2路由进行聚合,在R3的IS-IS视图下使用summary 10.0.3.0 255.255.255.252 level-2命令进行路由聚合,将聚合后的路由以Level-2 LSP的形式传递给其他路由器。
[R3-isis-1]summary 10.0.3.0 255.255.255.252 level-2
2、配置完成后,在R2查看Level-2路由表。观察到,在R3上配置的路由聚合已经生效。
<R2>dis isis route level-2
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.3.0/30 10 NULL GE0/0/1 10.0.23.3 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
7.6.5 在Level-1-2路由器上进行路由聚合¶
1、在Level-1-2路由器R2上进行路由聚合。进行聚合之前,先取消以前在R1和R3上进行的路由聚合配置
[R1-isis-1]undo summary 10.0.1.0 255.255.255.252 level-1
[R3-isis-1]undo summary 10.0.3.0 255.255.255.252 level-2
2、删除配置后,在R2上查看Level-1路由表。观察到,Level-1路由表出现了具体的明细路由。
<R2>dis isis route level-1
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.1.3/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.2/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
10.0.1.1/32 10 NULL GE0/0/0 10.0.12.1 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、在R2的IS-IS视图下使用summary 10.0.1.0 255.255.255.252 level-2命令进行路由聚合。
[R2-isis-1]summary 10.0.1.0 255.255.255.252 level-2
4、在R2上使用dis isis lsdb is-name R2 level-2 verbose命令查看R2生成的Level-2 LSP的详细信息。观察到,Level-2 LSP描述的是聚合后的路由。
[R2]dis isis lsdb is-name R2 level-2 verbose
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0002.00-00* 0x0000000b 0x5040 1101 100 0/0/0
SOURCE R2.00
HOST NAME R2
NLPID IPV4
AREA ADDR 10
INTF ADDR 10.0.12.2
INTF ADDR 10.0.23.2
NBR ID R3.01 COST: 10
IP-Internal 10.0.12.0 255.255.255.0 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.1.0 255.255.255.252 COST: 10
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
5、在R3上查看IS-IS路由表。观察到,R3的IS-IS路由表中现在拥有了10.0.1.0/30的聚合路由。
<R3>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.3.3/32 0 NULL Loop0 Direct D/-/L/-
10.0.3.2/32 0 NULL Loop1 Direct D/-/L/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.3.1/32 0 NULL Loop2 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/1 10.0.23.2 A/-/-/-
10.0.1.0/30 20 NULL GE0/0/1 10.0.23.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
7.7 思考¶
能否在Level-1-2路由器上对Level-2路由进行聚合? 答:不能,默认情况下,IS-IS总是将聚合后的路由以Level-2 LSP的形式传递给其他路由器。
八、IS-IS缺省路由¶
8.1 原理概述¶
IS-IS有两种缺省路由,第一种缺省路由是由Level-1 路由器在特定的条件下自动产生的,它的下一跳是离他最近的(Cost最小)的Level-1-2路由器;第二种缺省路由是在IS-IS路由器上使用default-route-advertise命令产生并发布的。
8.2 实验目的¶
1、理解IS-IS中缺省路由的种类 2、掌握在IS-IS协议中发布缺省路由的方法
8.3 实验内容¶
本实验模拟了一个企业网络场景,R1和R2是公司A总部的路由器,R3为公司A的分支机构的路由器,R4是公司B的路由器。R1、R2、R3运行IS-IS协议,其中R1为Level-1路由器,R2为Level-1-2路由器,R3为Level-2路由器,R1的LoopBack0接口和R3的LoopBack0接口分别模拟了公司总部的内部网络和分支机构的内部网络,R4的LoopBack0接口模拟了公司B的内部网络。这两个公司之间有业务合作需要网络互通,R4通过静态路由访问公司A的总部和分支机构。R2作为公司A的出口路由器,使用缺省路由访问公司B。公司A的网络管理员需要在R2上通过IS-IS协议发布缺省路由,使得公司A总部的内部网络和分支机构的内部网络能够与公司B的内部网络进行互访,且当R2与R4的链路出现故障时,缺省路由的发布将自动停止。
8.4 实验拓扑¶
8.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/2 | 10.0.24.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/0 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A | ||
| R4(AR2220) | GE0/0/0 | 10.0.24.4 | 255.255.255.0 | N/A |
| R4(AR2220) | LoopBack0 | 10.0.4.4 | 255.255.255.255 | N/A |
| ## 8.6 实验步骤 | ||||
| ### 8.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 8.6.2 配置IS-IS路由协议 | ||||
| 1、在R1、R2、R3上配置IS-IS协议 |
[R1]isis
[R1-isis-1]is-name R1
[R1-isis-1]is-level level-1
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int loop 0
[R1-LoopBack0]isis enable
[R2]isis
[R2-isis-1]is-name R2
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/1]isis enable
[R3]isis
[R3-isis-1]is-name R3
[R3-isis-1]is-level level-2
[R3-isis-1]network-entity 20.0000.0000.0003.00
[R3-isis-1]int loop 0
[R3-LoopBack0]isis enable
[R3-LoopBack0]int g0/0/0
[R3-GigabitEthernet0/0/0]isis enable
2、配置完成后,查看R2的IS-IS邻居信息。观察到,R2和R1建立L1 邻接关系,R2和R3建立了L2邻接关系。
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 8s L1 64
R3 GE0/0/1 R3.01 Up 8s L2 64
Total Peer(s): 2
3、查看R2的IP路由表。观察到,R2已经接收到了R1和R3的LoopBack 0接口的路由信息。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 15 Routes : 15
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L1 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.24.0/24 Direct 0 0 D 10.0.24.2 GigabitEthernet
0/0/2
10.0.24.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.24.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、通过配置静态路由实现公司A和公司B的网络互通
[R2]ip route-static 0.0.0.0 0 10.0.24.4
[R4]ip route-static 10.0.1.1 32 10.0.24.2
[R4]ip route-static 10.0.3.3 32 10.0.24.2
5、在R2上测试与公司B的内部网络之间的连通性。观察到,连通性正常。
[R2]ping 10.0.4.4
PING 10.0.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.4.4: bytes=56 Sequence=1 ttl=255 time=180 ms
Reply from 10.0.4.4: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 10.0.4.4: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.0.4.4: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.0.4.4: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.0.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/56/180 ms
8.6.3 观察自动生成的缺省路由¶
1、在R1上测试10.0.1.1与10.0.4.4之间的连通性。观察到,公司A总部的内部网络与公司B的内部网络是互通的。
<R1>ping -a 10.0.1.1 10.0.4.4
PING 10.0.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.4.4: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.0.4.4: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.0.4.4: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.0.4.4: bytes=56 Sequence=4 ttl=254 time=40 ms
Reply from 10.0.4.4: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.0.4.4 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/34/40 ms
2、在R1上查看路由表。观察到,R1的路由表中存在一条IS-IS缺省路由,下一跳为R2。另外,路由表中的是没有R3的LoopBack0的明细路由的。这是因为在IS-IS网络中,Level-1路由器只有本区域的路由信息,所有连接骨干区域的Level-1-2路由器会在自己的Level-1 LSP中设置ATT位为1,本区域的Level-1路由器收到来自不同Level-1-2路由器的且ATT位为1的Level-1 LSP后,会比较哪台Level-1-2路由器离自己最近(Cost最小),并自动生成一条缺省路由指向最近的Level-1-2路由器。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 ISIS-L1 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、继续查看R1的IS-IS LSDB。观察到,在R1的IS-IS LSDB中,有一条由Level-1-2路由器R2产生的ATT位被设置为1的Level-1 LSP。所以,R1自动生成了一条指向R2的缺省路由。
<R1>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x00000005 0xfe74 479 88 0/0/0
R1.01-00* 0x00000002 0xb3d8 479 55 0/0/0
R2.00-00 0x00000006 0x52a 588 88 1/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
4、关闭R2的GE0/0/1接口,并且查看R2的IS-IS邻居信息。观察到,R2现在只有一个Level-1邻居R1,没有任何Level-2邻居.R2不再与骨干区域相连。
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]shutdown
[R2]dis isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
-------------------------------------------------------------------------------
R1 GE0/0/0 R1.01 Up 8s L1 64
Total Peer(s): 1
5、在R1上查看IS-IS LSDB信息。观察到,R2产生的Level-1 LSP的ATT位变为0。这是因为Level-1-2路由器连接到IS-IS骨干区域的链路发生故障,则该Level-2路由器将不会再把自己产生的Level-1 LSP的ATT位设置为1,而是0
<R1>dis isis lsdb
Database information for ISIS(1)
--------------------------------
Level-1 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
R1.00-00* 0x00000006 0xfc75 857 88 0/0/0
R1.01-00* 0x00000003 0xb1d9 857 55 0/0/0
R2.00-00 0x00000009 0x2ce7 1007 72 0/0/0
Total LSP(s): 3
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
6、在R1上查看IS-IS路由表。观察到,此时,R1是无法自动生成一条指向R2的缺省路由。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
8.6.4 手动向R1发布缺省路由¶
1、在R2的IS-IS视图下使用default-route-advertise命令强制R2发布缺省路由。
[R2]isis
[R2-isis-1]default-route-advertise
2、配置完成后,在R1上查看IS-IS路由表。结果发现没有缺省路由。这是因为在默认情况下,只向Level-2邻接关系的路由器发布缺省路由的。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、在R2的IS-IS视图下使用default-route-advertise level-1命令强制R2发布缺省路由。
[R2-isis-1]default-route-advertise level-1
4、继续查看R2的IP路由表。观察到,目前拥有了一条下一跳为10.0.12.2的缺省路由。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
5、为模拟R2和公司B之间的链路出现故障,关闭R2的GE0/0/2接口。
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]shutdown
6、查看R2的IP路由表。观察到,R2的路由表中没有缺省路由存在。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L1 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1
7、在R1上查看IS-IS路由表。观察到,R1仍然拥有下一跳为10.0.12.2的缺省路由。这是因为在默认情况下,路由器使用default-route-advertise命令发布缺省路由的原则是:无论自己的IP路由表是否存在缺省路由,都会向建立IS-IS邻接关系的路由器发布缺省路由。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
8、在R2上使用default-route-advertise match default level-1命令使R2只有在IP路由表中拥有缺省路由的情况下,才会向Level-1邻接关系的路由器发布缺省路由。
[R2]isis
[R2-isis-1]default-route-advertise match default level-1
9、在R1上查看IS-IS路由表。观察到,R1现在没有缺省路由了。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
10、恢复R2和R4之间的链路,并查看R2的IP路由表。观察到,R2出现了手动配置的静态缺省路由信息。
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]undo shutdown
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 10.0.24.4 GigabitEthernet
0/0/2
10.0.1.1/32 ISIS-L1 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.24.0/24 Direct 0 0 D 10.0.24.2 GigabitEthernet
0/0/2
10.0.24.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.24.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1
11、查看R1的IS-IS路由表。观察到,R1接收到了来自R2重新发布的缺省路由。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
8.6.5 手动向R3发布缺省路由¶
1、重新开启R2的GE0/0/1接口
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]undo shutdown
2、在R2的IS-IS视图下使用default-route-advertise match default level-1-2命令使得R2在拥有缺省路由时,同时向Level-1邻接的路由器和Level-2邻接的路由器发布缺省路由。
[R2]isis
[R2-isis-1]default-route-advertise match default level-1-2
3、在R3上查看IS-IS路由表。观察到,R3拥有了下一跳为10.0.23.2的缺省路由。
<R3>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.23.2 A/-/-/-
10.0.3.3/32 0 NULL Loop0 Direct D/-/L/-
10.0.23.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.23.2 A/-/-/-
10.0.1.1/32 20 NULL GE0/0/0 10.0.23.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
4、在R3上测试10.0.3.3和10.0.4.4之间的连通性。观察到,连通性正常。
<R3>ping -a 10.0.3.3 10.0.4.4
PING 10.0.4.4: 56 data bytes, press CTRL_C to break
Request time out
Reply from 10.0.4.4: bytes=56 Sequence=2 ttl=254 time=50 ms
Reply from 10.0.4.4: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 10.0.4.4: bytes=56 Sequence=4 ttl=254 time=50 ms
Reply from 10.0.4.4: bytes=56 Sequence=5 ttl=254 time=40 ms
--- 10.0.4.4 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 40/45/50 ms
5、模拟公司A和公司B出现链路故障,关闭R2的GE0/0/2接口。
[R2]int g0/0/2
[R2-GigabitEthernet0/0/2]shutdown
6、查看R2的路由表。观察到,此时R2没有缺省路由。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L1 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.3.3/32 ISIS-L2 15 10 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
7、在R1上查看IS-IS路由表。观察到,R1仍然拥有下一跳地址为10.0.12.2的IS-IS缺省路由。这是因为R1接收到R2的ATT比特位置为1的Level-1 LSP后,自己生成了指向R2的缺省路由。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
8、在R3上查看IS-IS路由表。观察到,R3的IS-IS路由表中是没有缺省路由的。
<R3>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.3.3/32 0 NULL Loop0 Direct D/-/L/-
10.0.23.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/0 10.0.23.2 A/-/-/-
10.0.1.1/32 20 NULL GE0/0/0 10.0.23.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
9、在R1上测试10.0.1.1与10.0.3.3之间的连通性。观察到,连通性正常。
<R1>ping -a 10.0.1.1 10.0.3.3
PING 10.0.3.3: 56 data bytes, press CTRL_C to break
Reply from 10.0.3.3: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.0.3.3: bytes=56 Sequence=3 ttl=254 time=40 ms
Reply from 10.0.3.3: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.0.3.3: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 10.0.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/34/40 ms
10、重新启用R2的GE0/0/2接口后,公司A总部的内部网络和分支机构的内部网络都能通过IS-IS缺省路由与公司B的内部网络进行通信。
8.7 思考¶
Level-1路由器会选择本区域中离它最近(Cost最小)的Level-1-2路由器作为本区域的出口路由器。如果Level-1路由器与其他两个Level-1-2路由器距离相等(Cost相同),那该如何抉择? 答:level1路由器会针对该LSP生成默认路由如果有多个ATT置位的LSP且开销值相等的情况下会生成等价的默认路由。而这个默认路由就是指导level设备到达其他区域的。
九、IS-IS路由引入¶
9.1 原理概述¶
IS-IS网络能够引入其他路由协议的路由和其他IS-IS协议进程的路由。默认情况下,IS-IS总是以Level-2路由类型引入外部路由。但是,通过手动配置,也可以以Level-1路由类型引入外部路由。IS-IS协议在引入外部路由时,可以手动配置引入路由的开销值,并可以使用Route-Policy对引入的路由进行过滤。
当路由器的cost-style为wide、compatible或wide-compatible时,引入外部路由的开销类型将不区分external和internal
9.2 实验目的¶
1、掌握在IS-IS网络中引入外部路由的方法 2、理解Cost类型Internal和External的区别 3、掌握使用Route-Policy控制引入路由的方法
9.3 实验内容¶
本实验模拟了一个企业网络场景,B公司是A公司的业务合作伙伴,A公司在R1和R4上运行OSPF协议,其中R4的LoopBack0和LoopBack1接口代表了两个不同的业务网段。B公司在R1、R2、R3上运行IS-IS协议,R1和R2属于区域10,R3属于IS-IS区域20,R1为Level-1路由器,R2为Level-1-2路由器,R3为Level-2路由器。R3的LoopBack0接口模拟了B公司的外部网络,所以该接口不使能IS-IS。为了实现两个公司的业务对接,B公司决定在R1上引入A公司R4的LoopBack0这个业务网段的路由。
9.4 实验拓扑¶
9.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.14.1 | 255.255.255.0 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| ## 9.6 实验步骤 | ||||
| ### 9.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 9.6.2 配置OSPF和IS-IS协议 | ||||
| 1、在R1和R4上配置OSPF协议,其中R1的Router-ID为10.0.1.1,R4的Router-ID为10.0.4.4 |
[R1]ospf 1 router-id 10.0.1.1
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.0.14.0 0.0.0.255
[R4]ospf 1 router-id 10.0.4.4
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 20.0.4.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]network 10.0.14.0 0.0.0.255
2、配置完成后,在R4上查看OSPF邻居信息。观察到,R4与R1已经成功建立了OSPF邻接关系。
[R4]dis ospf peer bri
OSPF Process 1 with Router ID 10.0.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.0.1.1 Full
----------------------------------------------------------------------------
3、在R1、R2、R3上配置IS-IS协议,其中R1为Level-1路由器,R2为Level-1-2路由器,R3为Level-2路由器。
[R1]isis
[R1-isis-1]is-name R1
[R1-isis-1]is-level level-1
[R1-isis-1]network-entity 10.0000.0000.0001.00
[R1-isis-1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R2]isis
[R2-isis-1]is-name R2
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R3]isis
[R3-isis-1]is-level level-2
[R3-isis-1]network-entity 20.0000.0000.0003.00
[R3-isis-1]is-name R3
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
9.6.3 引入外部直连路由¶
1、在R3上引入直连的LoopBack0接口的路由
[R3]isis
[R3-isis-1]import-route direct
2、在R3上查看IS-IS路由表。观察到,R3拥有了IS-IS Level-2路由表,同时还维护了Level-2重分发表,用以保存引入的外部路由。默认情况下,IS-IS以Level-2路由类型来引入外部路由。默认情况下,被引入进IS-IS的路由的IntCost和ExtCost的值均为0.默认情况下,外部路由被引入进IS-IS路由时,开销类型为External。
[R3]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 20 NULL GE0/0/1 10.0.23.2 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
-------------------------------------------------------------------------------
D 10.0.3.3/32 0 0
Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
3、在R2上查看IS-IS路由表。观察到,R2的Level-2路由表中已经有了关于10.0.3.3/32的路由,但是R2并没有维护Level-2重分发表,这是因为IS-IS重分发表只存在引入IS-IS外部路由的路由器上。
[R2]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.3.3/32 10 0 GE0/0/1 10.0.23.3 A/-/-/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
4、在R2上查看IP路由表。观察到10.0.3.3/32这条路由的Cost为74.10.0.3.3/32这条路由被引入IS-IS时的Cost类型是默认类型为External.对于External类型的Cost。在IP路由表中的Cost值的计算方法为:64+IS-IS路由表中的IntCost+IS-IS路由表中的ExtCost。所以,R2的IP路由表10.0.3.3/32这条路由中的Cost值应该为:64+10+0 = 74
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.3.3/32 ISIS-L2 15 74 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
5、在R1上查看IS-IS路由表。观察到,Level-1路由器R1只维护Level-1 路由表,且使用缺省路由经Level-1-2路由器R2来访问10.0.3.3/32.
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
9.6.4 引入外部OSPF路由¶
1、在R1上以Cost类型为Internal的方式将OSPF协议引入到IS-IS协议中,引入时的IntCost值根据公司要求配置为30.
[R1-isis-1]import-route ospf 1 cost-type internal cost 30
2、在R1上查看IS-IS路由表。观察到,关于10.0.4.4/32和20.0.4.4/32的路由并未进入到R1的IS-IS路由表。这是因为在默认情况下,IS-IS协议总是以Level-2路由类型来引入外部路由,而R1是Level-1路由器,只维护Level-1路由表。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、手动指定以Level-1路由类型引入到OSPF的路由。
[R1-isis-1]import-route ospf 1 level-1 cost-type internal cost 30
4、在R1上查看IS-IS路由表。观察到,OSPF网络中的所有路由已进入到R1的Level-1重分发表,并且IntCost为30.而ExtCost为NULL。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-1 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
-------------------------------------------------------------------------------
D 10.0.14.0/24 30 NULL
O 10.0.4.4/32 30 NULL
O 20.0.4.4/32 30 NULL
Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
5、在R2上查看IS-IS路由表。观察到,关于10.0.14.0/24、10.0.4.4/32、20.0.4.4/32的路由进入到了Level-1路由表,没有进入到Level-2路由表.
[R2]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.14.0/24 40 NULL GE0/0/0 10.0.12.1 A/-/L/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.4.4/32 40 NULL GE0/0/0 10.0.12.1 A/-/L/-
20.0.4.4/32 40 NULL GE0/0/0 10.0.12.1 A/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.3.3/32 10 0 GE0/0/1 10.0.23.3 A/-/-/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
6、查看R2的IP路由表。观察到,R2的IP路由表中已经有了所有的OSPF外部路由。这些外部路由都是以Internal开销类型被引入的。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.3.3/32 ISIS-L2 15 74 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.4.4/32 ISIS-L1 15 40 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 ISIS-L1 15 40 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
20.0.4.4/32 ISIS-L1 15 40 D 10.0.12.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
9.6.5 使用Route-Policy控制路由引入¶
1、在R1上配置Route-Policy,并配置引入OSPF路由时调用Route-Policy
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 10.0.4.4 0.0.0.0
[R1-acl-basic-2000]qu
[R1]route-policy 1 permit node 10
Info: New Sequence of this List.
[R1-route-policy]if
[R1-route-policy]if-match acl 2000
[R1-route-policy]isis
[R1-isis-1]import-route ospf 1 route-policy 1 cost 30 cost-type internal level-1
2、在R1上查看IS-IS路由表。观察到,R1的Level-1重分发表只有关于10.0.4.4/32的路由。需求得到满足。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-1 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
0.0.0.0/0 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
ISIS(1) Level-1 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
-------------------------------------------------------------------------------
O 10.0.4.4/32 30 NULL
Type: D-Direct, I-ISIS, S-Static, O-OSPF, B-BGP, R-RIP, U-UNR
思考 IS-IS路由的最大Cost值默认是多少? 答:64
十、IS-IS路由过滤¶
10.1 原理概述¶
在IS-IS网络中,有时候需要使用Filter-Policy工具对IS-IS路由进行过滤。这里说的过滤,是指路由器在将自己的IS-IS路由表中的某些IS-IS路由纳入自己的IP路由表的过程,一些满足了过滤条件的IS-IS路由将被限制纳入进IP路由表中。
Filter-Policy进行过滤的并非是生成那些IS-IS路由的LSP,所以Filter-Policy进行路由过滤之后,路由器的IS-IS链路状态数据库和IS-IS路由表都不会受到任何影响。
10.2 实验目的¶
1、理解IS-IS路由过滤的工作原理 2、掌握配合使用Filter-Policy和Route-Policy实现IS-IS路由过滤的方法
10.3 实验内容¶
本实验模拟了一个企业网络场景。所以路由器都运行IS-IS协议,且都为Level-2路由器。R1、R2、R4属于区域10,R3属于区域20。R1、R2、R4的LoopBack0接口用来模拟不同的内部网络,R3的LoopBack1接口和LoopBack2接口用来模拟两个不同的业务网段。网络需求是:R1的LoopBack0访问R3的LoopBack1业务网段的流量由R2转发,如果R1与R2之间的链路出现了故障,则由R4转发;R1的LoopBack0访问LoopBack2业务网段的流量由R4转发,如果R1和R4之间的链路出现了故障,则由R2转发。
10.4 实验拓扑¶
10.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.14.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | LoopBack0 | 10.0.2.2 | 255.255.255.255 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/2 | 10.0.34.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack1 | 172.16.1.1 | 255.255.255.255 | N/A |
| R3(AR2220) | LoopBack2 | 172.16.2.1 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A | ||
| R4(AR2220) | GE0/0/1 | 10.0.14.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/2 | 10.0.34.4 | 255.255.255.0 | N/A |
| R4(AR2220) | LoopBack0 | 10.0.4.4 | 255.255.255.255 | N/A |
| R4(AR2220) | NET:10.0000.0000.0004.00 | N/A | ||
| ## 10.6 实验步骤 | ||||
| ### 10.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 10.6.2 配置IS-IS路由协议 | ||||
| 1、在每台路由器上配置IS-IS协议。注意,所有的路由器均为Level-2路由器。 |
[R1]isis
[R1-isis-1]is-name R1
[R1-isis-1]is-level level-2
[R1-isis-1]network-entity 10.0000.0000.0001.00[R1-isis-1]int g0/0/0
[R1-GigabitEthernet0/0/0]isis enable
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]isis enable
[R1-GigabitEthernet0/0/1]int loop 0
[R1-LoopBack0]isis enable
[R2]isis
[R2-isis-1]is-name R2
[R2-isis-1]is-level level-2
[R2-isis-1]network-entity 10.0000.0000.0002.00
[R2-isis-1]int g0/0/0
[R2-GigabitEthernet0/0/0]isis enable
[R2-GigabitEthernet0/0/0]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable
[R2-GigabitEthernet0/0/1]int loop 0
[R2-LoopBack0]isis enable
[R3]isis
[R3-isis-1]is-name R3
[R3-isis-1]is-level level-2
[R3-isis-1]network-entity 20.0000.0000.0003.00
[R3-isis-1]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable
[R3-GigabitEthernet0/0/1]int g0/0/2
[R3-GigabitEthernet0/0/2]isis enable
[R3-GigabitEthernet0/0/2]int loop 1
[R3-LoopBack1]isis enable
[R3-LoopBack1]int loop 2
[R3-LoopBack2]isis enable
[R4]isis
[R4-isis-1]is-name R4
[R4-isis-1]is-level level-2
[R4-isis-1]network-entity 10.0000.0000.0004.00
[R4-isis-1]int g0/0/1
[R4-GigabitEthernet0/0/1]isis enable
[R4-GigabitEthernet0/0/1]int g0/0/2
[R4-GigabitEthernet0/0/2]isis enable
[R4-GigabitEthernet0/0/2]int loop 0
[R4-LoopBack0]isis enable
2、配置完成后,在R1上查看IS-IS路由表。观察到,R1的IS-IS路由表中拥有去往区域20的业务网段以及去往区域10的内部网络路由。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.14.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.2.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.2.2/32 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.1.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.4.4/32 10 NULL GE0/0/1 10.0.14.4 A/-/-/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.14.4 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、在R1上查看IP路由表。观察到,去往172.16.1.1/32和172.16.2.1/32的路由来自于IS-IS路由表,并且采用了负载均衡方式。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L2 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.4.4/32 ISIS-L2 15 10 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
172.16.2.1/32 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
4、在R2和R4上查看IP路由表。观察到,路由表中拥有去往172.16.1.1/32和172.16.2.1/32的路由,使用的是IS-IS路由。
<R2>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 ISIS-L2 15 20 D 10.0.12.1 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 ISIS-L2 15 20 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.34.0/24 ISIS-L2 15 20 D 10.0.23.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 10 D 10.0.23.3 GigabitEthernet
0/0/1
172.16.2.1/32 ISIS-L2 15 10 D 10.0.23.3 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<R4>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.2.2/32 ISIS-L2 15 20 D 10.0.14.1 GigabitEthernet
0/0/1
ISIS-L2 15 20 D 10.0.34.3 GigabitEthernet
0/0/2
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 ISIS-L2 15 20 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.0/24 Direct 0 0 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.14.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L2 15 20 D 10.0.34.3 GigabitEthernet
0/0/2
10.0.34.0/24 Direct 0 0 D 10.0.34.4 GigabitEthernet
0/0/2
10.0.34.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 10 D 10.0.34.3 GigabitEthernet
0/0/2
172.16.2.1/32 ISIS-L2 15 10 D 10.0.34.3 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.6.3 使用Filter-Policy实现IS-IS路由过滤¶
1、要求R1的LoopBack0访问R3的LoopBack1业务网段的流量由R2转发,在R2上使用Filter-Policy过滤掉去往R3的LoopBack2(172.16.2.1/32)这个业务网段的路由。
[R2]acl 2000
[R2-acl-basic-2000]rule deny source 172.16.2.1 0.0.0.0
[R2-acl-basic-2000]rule permit source any
[R2-acl-basic-2000]isis
[R2-isis-1]filter-policy 2000 import
2、配置完成后,查看R2的IP路由表。观察到,去往172.16.2.1/32的路由条目已经消失了。
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.4.4/32 ISIS-L2 15 20 D 10.0.12.1 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.23.3 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.12.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 ISIS-L2 15 20 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.23.0/24 Direct 0 0 D 10.0.23.2 GigabitEthernet
0/0/1
10.0.23.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.34.0/24 ISIS-L2 15 20 D 10.0.23.3 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 10 D 10.0.23.3 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3、查看R2的IS-IS路由表。观察到,关于172.16.2.1/32路由条目还存在,并没有被过滤掉。
[R2]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.14.0/24 20 NULL GE0/0/0 10.0.12.1 A/-/-/-
10.0.23.0/24 10 NULL GE0/0/1 Direct D/-/L/-
172.16.2.1/32 10 NULL GE0/0/1 10.0.23.3 -/-/-/-
10.0.2.2/32 0 NULL Loop0 Direct D/-/L/-
172.16.1.1/32 10 NULL GE0/0/1 10.0.23.3 A/-/-/-
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 10 NULL GE0/0/0 10.0.12.1 A/-/-/-
10.0.4.4/32 20 NULL GE0/0/0 10.0.12.1 A/-/-/-
GE0/0/1 10.0.23.3
10.0.34.0/24 20 NULL GE0/0/1 10.0.23.3 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
4、在R2上查看R3产生的LSP的详细信息。观察到,R3产生的关于172.16.2.1/32的LSP依然是保存在R2的LSDB中的,并没有被过滤掉。
[R2]dis isis lsdb is-name R3 verbose
Database information for ISIS(1)
--------------------------------
Level-2 Link State Database
LSPID Seq Num Checksum Holdtime Length ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0003.00-00 0x00000009 0xf73d 510 131 0/0/0
SOURCE R3.00
HOST NAME R3
NLPID IPV4
AREA ADDR 20
INTF ADDR 10.0.23.3
INTF ADDR 10.0.34.3
INTF ADDR 172.16.1.1
INTF ADDR 172.16.2.1
NBR ID R2.02 COST: 10
NBR ID R4.02 COST: 10
IP-Internal 10.0.23.0 255.255.255.0 COST: 10
IP-Internal 10.0.34.0 255.255.255.0 COST: 10
IP-Internal 172.16.1.1 255.255.255.255 COST: 0
IP-Internal 172.16.2.1 255.255.255.255 COST: 0
Total LSP(s): 1
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended),
ATT-Attached, P-Partition, OL-Overload
5、要求R1的LoopBack0访问R3的LoopBack2业务网段的流量由R4转发,在R4上使用Filter-Policy过滤掉去往R3的LoopBack1(172.16.1.1/32)这个业务网段的路由。
[R4]acl 2000
[R4-acl-basic-2000]rule deny source 172.16.1.1 0.0.0.0
[R4-acl-basic-2000]rule permit source any
[R4-acl-basic-2000]isis
[R4-isis-1]filter-policy 2000 import
6、配置完成后,查看R4的IP路由表。观察到,路由表中没有了关于172.16.1.1/32路由条目。
[R4]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 ISIS-L2 15 10 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.2.2/32 ISIS-L2 15 20 D 10.0.14.1 GigabitEthernet
0/0/1
ISIS-L2 15 20 D 10.0.34.3 GigabitEthernet
0/0/2
10.0.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.12.0/24 ISIS-L2 15 20 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.0/24 Direct 0 0 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.14.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L2 15 20 D 10.0.34.3 GigabitEthernet
0/0/2
10.0.34.0/24 Direct 0 0 D 10.0.34.4 GigabitEthernet
0/0/2
10.0.34.4/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.0.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.2.1/32 ISIS-L2 15 10 D 10.0.34.3 GigabitEthernet
0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
10.6.4 配合使用Filter-Policy和Route-Policy¶
1、查看R1的IP路由表。观察发现,R1的IP路由表去往172.16.1.1/32和172.16.2.1/32的路由都有两个下一跳,分别是R2和R4。它们都来自IS-IS路由表。
<R1>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 19
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L2 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.4.4/32 ISIS-L2 15 10 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
172.16.2.1/32 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、查看R1的IS-IS路由表。观察发现,R1的IS-IS路由表去往172.16.1.1/32和172.16.2.1/32的路由都有两个下一跳,分别是R2和R4。
<R1>dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.14.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.2.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.2.2/32 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.1.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.4.4/32 10 NULL GE0/0/1 10.0.14.4 A/-/-/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.14.4 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
3、在R1上定义ACL2000,匹配路由下一跳10.0.12.2;定义ACL 2001,匹配路由下一跳10.0.14.4.
[R1]acl 2000
[R1-acl-basic-2000]rule permit source 10.0.12.2 0.0.0.0
[R1-acl-basic-2000]acl 2001
[R1-acl-basic-2001]rule permit source 10.0.14.4 0.0.0.0
4、定义ACL 2002,匹配路由前缀172.16.1.1/32;定义ACL 2003,匹配路由前缀172.16.2.1/32;
[R1]acl 2002
[R1-acl-basic-2002]rule permit source 172.16.1.1 0.0.0.0
[R1-acl-basic-2002]acl 2003
[R1-acl-basic-2003]rule permit source 172.16.2.1 0.0.0.0
5、创建Route-Policy,并在R1的IS-IS进程视图下配合使用Filter-Policy和Route-Policy
[R1]route-policy isis-filter deny node 10
Info: New Sequence of this List.
[R1-route-policy]if-match ip next-hop acl 2000
[R1-route-policy]if-match acl 2003
[R1-route-policy]qu
[R1]route-policy isis-filter deny node 20
Info: New Sequence of this List.
[R1-route-policy]if-match ip next-hop acl 2001
[R1-route-policy]if-match acl 2002
[R1-route-policy]qu
[R1]route-policy isis-filter permit node 30
Info: New Sequence of this List.
[R1-isis-1]filter-policy route-policy isis-filter import
6、配置完成后,查看R1的路由表。观察到,R1的IP路由表关于172.16.1.1/32路由的下一跳为R2,关于172.16.2.1/32路由的下一跳为R4.
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.0.2.2/32 ISIS-L2 15 10 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.4.4/32 ISIS-L2 15 10 D 10.0.14.4 GigabitEthernet
0/0/1
10.0.12.0/24 Direct 0 0 D 10.0.12.1 GigabitEthernet
0/0/0
10.0.12.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.12.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.0.14.0/24 Direct 0 0 D 10.0.14.1 GigabitEthernet
0/0/1
10.0.14.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.0.23.0/24 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
10.0.34.0/24 ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 ISIS-L2 15 20 D 10.0.12.2 GigabitEthernet
0/0/0
172.16.2.1/32 ISIS-L2 15 20 D 10.0.14.4 GigabitEthernet
0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
7、查看R1的IS-IS路由表。观察到,去往172.16.1.1/32和172.16.2.1/32的路由仍然是负载均衡方式。
[R1]dis isis route
Route information for ISIS(1)
-----------------------------
ISIS(1) Level-2 Forwarding Table
--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags
-------------------------------------------------------------------------------
10.0.14.0/24 10 NULL GE0/0/1 Direct D/-/L/-
10.0.23.0/24 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.2.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.2.2/32 10 NULL GE0/0/0 10.0.12.2 A/-/-/-
172.16.1.1/32 20 NULL GE0/0/0 10.0.12.2 A/-/-/-
GE0/0/1 10.0.14.4
10.0.12.0/24 10 NULL GE0/0/0 Direct D/-/L/-
10.0.1.1/32 0 NULL Loop0 Direct D/-/L/-
10.0.4.4/32 10 NULL GE0/0/1 10.0.14.4 A/-/-/-
10.0.34.0/24 20 NULL GE0/0/1 10.0.14.4 A/-/-/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
8、为解决R1与R2或R4之间的链路出现故障,相应的业务会中断的问题。在R1上配置两条缺省路由,分别把下一跳指向R2和R4;R2和R4分别配置一条缺省路由,下一跳都指向R3。
[R1]ip route-static 0.0.0.0 0 10.0.12.2
[R1]ip route-static 0.0.0.0 0 10.0.14.4
[R2]ip route-static 0.0.0.0 0 10.0.23.3
[R4]ip route-static 0.0.0.0 0 10.0.34.3
10.7 思考¶
本实验中,Filter-Policy都使用import方向。对于IS-IS协议来说,Filter-Policy能使用在Export方向吗?为什么? 答:不能
十一、IS-IS路由渗透¶
11.1 原理概述¶
在IS-IS网络中,所有的Level-2和Level-1-2路由器构成了一个连续的骨干区域。Level-1区域必须且只能与骨干区域相连,不同Level-1区域之间不能够直接相连。Level-1区域内的路由信息会通过Level-1-2路由器通报给Level-2区域,即Level-1-2路由器会将学习到的Level-1路由信息封装进Level-2 LSP,并将此Level-2 LSP传递给其他Level-2和Level-1-2路由器。因此,Level-2和Level-1-2路由器是知道整个IS-IS路由域的路由信息的。另一方面,为了减少路由表的规模,在缺省的情况下,Level-2和Level-1-2路由器并不会将自己知道的路由域其他Level-1区域以及骨干区域的路由信息通报给Level-1区域。这样,Level-1路由器只能通过缺省路由来访问本区域以外的任何目的地。
IS-IS路由渗透指的是Level-1-2和Level-2路由器将自己知道的其他Level-1区域以及Level-2区域的路由信息通报给指定的Level-1 区域的过程。在这个过程中,还可以利用ACL、路由策略、Tag标记等方式把需要渗透的路由筛选出来,实现精细化路由渗透。
11.2 实验目的¶
1、理解IS-IS路由渗透的概念和工作机制 2、掌握在IS-IS网络中控制路由渗透的方法
11.3 实验内容¶
本实验模拟了一个企业网络场景。所有路由器都运行IS-IS协议,其中R1为Level-1路由器,R2和R3为Level-1-2路由器,R4为Level-2路由器。R1和R4使用了LoopBack0接口来模拟内部网络。网络需求:首先实现R1和R4的LoopBack0接口的互通,然后通过修改接口开销值的方法让R1选择一条次优路径去往R4,最后通过配置路由渗透的方法让R1选择一条最优路径去往R4。
11.4 实验拓扑¶
11.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | GE0/0/1 | 10.0.13.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.24.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/0 | 10.0.34.3 | 255.255.255.0 | N/A |
| R3(AR2220) | GE0/0/1 | 10.0.13.3 | 255.255.255.0 | N/A |
| R3(AR2220) | NET:10.0000.0000.0003.00 | N/A | ||
| R4(AR2220) | GE0/0/0 | 10.0.34.4 | 255.255.255.0 | N/A |
| R4(AR2220) | GE0/0/1 | 10.0.24.4 | 255.255.255.0 | N/A |
| R4(AR2220) | LoopBack0 | 10.0.4.4 | 255.255.255.255 | N/A |
| R4(AR2220) | NET:20.0000.0000.0004.00 | N/A | ||
| ## 11.6 实验步骤 | ||||
| ### 11.6.1 基本配置 | ||||
| 根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。 | ||||
| ### 11.6.2 基本配置 | ||||
| # 十二、IS-IS监测和调试 | ||||
| ## 12.1 原理概述 | ||||
| ## 12.2 实验目的 | ||||
| ## 12.3 实验内容 | ||||
| ## 12.4 实验拓扑 | ||||
| ## 12.5 实验编址表 | ||||
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
| --- | --- | --- | --- | --- |
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A |
12.6 实验步骤¶
根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。
十三、IS-IS故障排除¶
13.1 原理概述¶
13.2 实验目的¶
13.3 实验内容¶
13.4 实验拓扑¶
13.5 实验编址表¶
| 设备 | 接口 | IP地址 | 子网掩码 | 默认网关 |
|---|---|---|---|---|
| R1(AR2220) | GE0/0/0 | 10.0.12.1 | 255.255.255.0 | N/A |
| R1(AR2220) | LoopBack0 | 10.0.1.1 | 255.255.255.255 | N/A |
| R1(AR2220) | NET:10.0000.0000.0001.00 | N/A | ||
| R2(AR2220) | GE0/0/0 | 10.0.12.2 | 255.255.255.0 | N/A |
| R2(AR2220) | GE0/0/1 | 10.0.23.2 | 255.255.255.0 | N/A |
| R2(AR2220) | NET:10.0000.0000.0002.00 | N/A | ||
| R3(AR2220) | GE0/0/1 | 10.0.23.3 | 255.255.255.0 | N/A |
| R3(AR2220) | LoopBack0 | 10.0.3.3 | 255.255.255.255 | N/A |
| R3(AR2220) | NET:20.0000.0000.0003.00 | N/A |
13.6 实验步骤¶
根据实验编址表进行相应的基本配置,并使用ping命令检测R1和R2之间的联通性。