OSPF综合实验

一、实验拓扑

二、实验需求

1、R4为ISP，其上只配置IP地址；R4与其他所直连设备间均使用公有IP；
2、R3-R5、R6、R7为MGRE环境，R3为中心站点；
3、整个OSPF环境IP基于172.16.0.0/16划分；除了R12有两个环回，其他路由器均有一个环回IP
4、所有设备均可访问R4的环回；
5、减少LSA的更新量，加快收敛，保障更新安全；
6、全网可达；

三、实验思路

1.搭建拓扑图，配置ip

根据ospf划分的区域来分配网段，将该网段划分为8个网段，去其中6个网段作为实验所使用的地址，剩下的两个网段作为备份网段，每个网段进行子网划分，分为P2P网络需要所使用的IP地址、MA网络所使用的IP地址及环回口所使用的IP地址。

网段划分图中实验拓扑所示

2.私网通第一个大区域，配置ospf协议

3.私网通第二个大区域，在RIP区域配置RIP协议

4.公网通，在公网口的路由器上下发静态缺省

5.公网通，搭建MGRE隧道，R3为中心站点

6.所有设备均可访问R4的环回，做NAT-easy ip(四个隧道上的路由器)

7.减少LSA的更新量，ospf路由聚合

8.减少LSA的更新量，特殊区域

9.加快收敛，进入到接口下更改hello时间

10.保障更新安全，做区域验证/接口验证

四、实验步骤

1.搭建拓扑图，配置IP

区域1

[R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 172.16.33.1 24 [R1-GigabitEthernet0/0/0]int l0 [R1-LoopBack0]ip add 172.16.34.1 24 [R1-LoopBack0]q [R1]dis ip int br	 [R1]dis ip int brief 

[R2-GigabitEthernet0/0/0]ip add 172.16.33.2 24 Jul 27 2024 10:00:36-08:00 R2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R2-GigabitEthernet0/0/0]int l0 [R2-LoopBack0]ip add 172.16.35.2 24 [R2-LoopBack0]q [R2]dis ip int brief 

[R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ip add 172.16.33.3 24 Jul 27 2024 10:02:24-08:00 R3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R3-GigabitEthernet0/0/0]int l0 [R3-LoopBack0]ip add 172.16.36.3 24 [R3-LoopBack0]q [R3]dis ip int brief

区域0：

[R3]int s 4/0/0 [R3-Serial4/0/0]ip add 43.0.0.3 24 [R3-Serial4/0/0]q [R3]dis ip int brief

[R5]int s 4/0/0 [R5-Serial4/0/0]ip add 45.0.0.5 24 [R5-Serial4/0/0]q [R5]int l0 [R5-LoopBack0]ip add 172.16.3.5 24 [R5-LoopBack0]q [R5]dis ip int brief

[R6]int s 4/0/0 [R6-Serial4/0/0]ip add 46.0.0.6 24 [R6-Serial4/0/0]q [R6]int l0 [R6-LoopBack0]ip add 172.16.4.6 24 [R6-LoopBack0]q [R6]dis ip int brief

[R7]int g0/0/0 [R7-GigabitEthernet0/0/0]ip add 47.0.0.7 24 Jul 27 2024 10:08:47-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R7-GigabitEthernet0/0/0]int l0 [R7-LoopBack0]ip add 172.16.5.7 24 [R7-LoopBack0]q [R7]dis ip int brief

[R4]int s 4/0/0 [R4-Serial4/0/0]ip add 43.0.0.4 24 [R4-Serial4/0/0] Jul 27 2024 10:10:23-08:00 R4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol PPP  IPCP on the interface Serial4/0/0 has entered the UP state.  [R4-Serial4/0/0]int s 4/0/1 [R4-Serial4/0/1]ip add 45.0.0.4 24 [R4-Serial4/0/1] Jul 27 2024 10:10:38-08:00 R4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol PPP  IPCP on the interface Serial4/0/1 has entered the UP state.  [R4-Serial4/0/1]int s 3/0/0 [R4-Serial3/0/0]ip add 46.0.0.4 24 [R4-Serial3/0/0] Jul 27 2024 10:11:04-08:00 R4 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol PPP  IPCP on the interface Serial3/0/0 has entered the UP state.  [R4-Serial3/0/0]int g0/0/0 [R4-GigabitEthernet0/0/0]ip add 47.0.0.4 24 Jul 27 2024 10:11:25-08:00 R4 %%01IFNET/4/LINK_STATE(l)[3]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R4-GigabitEthernet0/0/0]int l0 [R4-LoopBack0]ip add 172.16.2.4 24 [R4-LoopBack0]q [R4]dis ip int brief 

区域2：

[R6]int g 0/0/0 [R6-GigabitEthernet0/0/0]ip add 172.16.65.1 30 [R6-GigabitEthernet0/0/0]q [R6]dis ip int brief

[R11]int g0/0/0 [R11-GigabitEthernet0/0/0]ip add 172.16.65.2 30 Jul 27 2024 10:14:29-08:00 R11 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R11-GigabitEthernet0/0/0]int g0/0/1 [R11-GigabitEthernet0/0/1]ip add 172.16.65.5 30 Jul 27 2024 10:14:47-08:00 R11 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP  on the interface GigabitEthernet0/0/1 has entered the UP state.  [R11-GigabitEthernet0/0/1]int l0 [R11-LoopBack0]ip add 172.16.66.11 24 [R11-LoopBack0]q [R11]dis ip int brief 

[R12]int g 0/0/0 [R12-GigabitEthernet0/0/0]ip add 172.16.65.6 30 Jul 27 2024 10:16:42-08:00 R12 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R12-GigabitEthernet0/0/0]

RIP区域

[R12-GigabitEthernet0/0/0]int l0 [R12-LoopBack0]ip add 172.16.160.12 24 [R12-LoopBack0]int l1 [R12-LoopBack1]ip add 172.16.161.12 24 [R12-LoopBack1]q [R12]dis ip int brief 

区域3

[R7]int g0/0/1 [R7-GigabitEthernet0/0/1]ip add 172.16.97.1 30 Jul 27 2024 10:19:23-08:00 R7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/1 has entered the UP state.  [R7-GigabitEthernet0/0/1]q [R7]dis ip int brief

[R8]int g0/0/0 [R8-GigabitEthernet0/0/0]ip add 172.16.97.2 30 Jul 27 2024 10:20:31-08:00 R8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R8-GigabitEthernet0/0/0]int g0/0/1 [R8-GigabitEthernet0/0/1]ip add 172.16.97.5 30 Jul 27 2024 10:20:50-08:00 R8 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP  on the interface GigabitEthernet0/0/1 has entered the UP state.  [R8-GigabitEthernet0/0/1]int l0 [R8-LoopBack0]ip add 172.16.98.8 24 [R8-LoopBack0]q [R8]dis ip int brief 

[R9]int g0/0/0 [R9-GigabitEthernet0/0/0]ip add 172.16.97.6 30 Jul 27 2024 10:22:18-08:00 R9 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP  on the interface GigabitEthernet0/0/0 has entered the UP state.  [R9-GigabitEthernet0/0/0]q [R9]dis ip int brief 

区域4

[R9]int g0/0/1 [R9-GigabitEthernet0/0/1]ip add 172.16.129.1 30 Jul 27 2024 10:23:12-08:00 R9 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP  on the interface GigabitEthernet0/0/1 has entered the UP state.  [R9-GigabitEthernet0/0/1]int l0 [R9-LoopBack0]ip add 172.16.130.9 24 [R9-LoopBack0]q [R9]dis ip int brief 

[R10]int g0/0/1 [R10-GigabitEthernet0/0/1]ip add 172.16.129.2 30 [R10-GigabitEthernet0/0/1]int l0 [R10-LoopBack0]ip add 172.16.131.10 24 [R10-LoopBack0]q [R10]dis ip int brief 

2.私网通第一个区域

[R1]ospf 1 router-id 1.1.1.1 [R1-ospf-1]area 1 [R1-ospf-1-area-0.0.0.1]network 172.16.33.0 0.0.0.255 [R1-ospf-1-area-0.0.0.1]network 172.16.34.0 0.0.0.255

[R2]ospf 1 router-id 2.2.2.2 [R2-ospf-1]area 1 [R2-ospf-1-area-0.0.0.1]network 172.16.33.0 0.0.0.255 [R2-ospf-1-area-0.0.0.1]network 172.16.34.0 0.0.0.255

[R3]ospf 1 router-id 3.3.3.3 [R3-ospf-1]area 1 [R3-ospf-1-area-0.0.0.1]network 172.16.33.0 0.0.0.255 [R3-ospf-1-area-0.0.0.1]network 172.16.36.0 0.0.0.255

查看邻居表：

区域0：

[R5]ospf 1 router-id 5.5.5.5 [R5-ospf-1]area 0 [R5-ospf-1-area-0.0.0.0]network 172.16.3.0 0.0.0.255

[R6]ospf 1 router-id 6.6.6.6 [R6-ospf-1]area 0 [R6-ospf-1-area-0.0.0.0]network 172.16.4.0 0.0.0.255 [R6-ospf-1-area-0.0.0.0]q

[R7]ospf 1 router-id 7.7.7.7 [R7-ospf-1]area 0 [R7-ospf-1-area-0.0.0.0]network 172.16.5.0 0.0.0.255 [R7-ospf-1-area-0.0.0.0]q 

区域2

[R6-ospf-1]ospf 1 router-id 6.6.6.6 [R6-ospf-1]area 2 [R6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.255 [R6-ospf-1-area-0.0.0.2]q [R6-ospf-1]q

[R11]ospf 1 router-id 11.11.11.11 [R11-ospf-1]area 2 [R11-ospf-1-area-0.0.0.2]network 172.16.65.5 0.0.0.0 [R11-ospf-1-area-0.0.0.2]network 172.16.65.2 0.0.0.0 [R11-ospf-1-area-0.0.0.2]network 172.16.66.0 0.0.0.255 [R11-ospf-1-area-0.0.0.2]q [R11-ospf-1]q

[R12]ospf 1 router-id 12.12.12.12 [R12-ospf-1]area 2 [R12-ospf-1-area-0.0.0.2]network 172.16.65.6 0.0.0.0 [R12-ospf-1-area-0.0.0.2]q [R12-ospf-1]q

区域3

[R7-ospf-1]ospf 1 router-id 7.7.7.7 [R7-ospf-1]area 3 [R7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0 [R7-ospf-1-area-0.0.0.3]q [R7-ospf-1]q

[R8]ospf 1 router-id 8.8.8.8 [R8-ospf-1]area 3 [R8-ospf-1-area-0.0.0.3]network 172.16.97.2 0.0.0.0 [R8-ospf-1-area-0.0.0.3]network 172.16.97.5 0.0.0.0 [R8-ospf-1-area-0.0.0.3]network 172.16.98.0 0.0.0.255 [R8-ospf-1-area-0.0.0.3]q [R8-ospf-1]q 

[R9]ospf 1 router-id 9.9.9.9 [R9-ospf-1]area 3 [R9-ospf-1-area-0.0.0.3]network 172.16.97.6 0.0.0.0 [R9-ospf-1-area-0.0.0.3]q [R9-ospf-1]q 

区域4：

[R9]ospf 2 router-id 9.9.9.9 [R9-ospf-2]area 4 [R9-ospf-2-area-0.0.0.4]network 172.16.129.1 0.0.0.0 [R9-ospf-2-area-0.0.0.4]network 172.16.130.0 0.0.0.255 [R9-ospf-2-area-0.0.0.4]q 

[R10]ospf 2 router-id 10.10.10.10 [R10-ospf-2]area 4 [R10-ospf-2-area-0.0.0.4]network 172.16.129.2 0.0.0.0 [R10-ospf-2-area-0.0.0.4]network 172.16.131.0 0.0.0.255 [R10-ospf-2-area-0.0.0.4]q 

[R9]ospf 1 [R9-ospf-1]import-route ospf 2 [R9-ospf-1]quit [R9]ospf 2	 [R9-ospf-2]import-route ospf 1

3.私网通第二个区域

#进行rip宣告 [R12]rip 1 [R12-rip-1]v 2 [R12-rip-1]network 172.16.0.0

在R11上查看路由

[R12]ospf 1 [R12-ospf-1]import-route rip

4.通公网

[R3]ip route-static 0.0.0.0 0 43.0.0.4 [R5]ip route-static 0.0.0.0 0 45.0.0.4 [R6]ip route-static 0.0.0.0 0 46.0.0.4  [R7]ip route-static 0.0.0.0 0 47.0.0.4

测试一下是否通了

5.全网通

（1）配置MGRE

[R3]int tu 0/0/0 [R3-Tunnel0/0/0]ip add 172.16.6.3 24 [R3-Tunnel0/0/0]tunnel-protocol  gre p2mp [R3-Tunnel0/0/0]source s4/0/0 [R5]int tu 0/0/0 [R5-Tunnel0/0/0]ip add 172.16.6.5 24 [R5-Tunnel0/0/0]tunnel-protocol gre p2mp [R5-Tunnel0/0/0]source s4/0/0 [R6]int tu0/0/0 [R6-Tunnel0/0/0]ip add 172.16.6.6 24 [R6-Tunnel0/0/0]tunnel-protocol gre p2mp [R6-Tunnel0/0/0]source s4/0/0 [R7]int tu0/0/0 [R7-Tunnel0/0/0]ip add 172.16.6.7 24 [R7-Tunnel0/0/0]tunnel-protocol gre p2mp [R7-Tunnel0/0/0]source g0/0/0

2）配置NHRP

#总部R3 [R3]int tu 0/0/0 [R3-Tunnel0/0/0]nhrp network-id 100 [R3-Tunnel0/0/0]nhrp entry multicast dynamic #分支R5 [R5]int tu0/0/0 [R5-Tunnel0/0/0]nhrp network-id 100 [R5-Tunnel0/0/0]nhrp entry 172.16.6.3 43.0.0.3 register #分支R6 [R6]int tu0/0/0 [R6-Tunnel0/0/0]nhrp network-id 100 [R6-Tunnel0/0/0]nhrp entry 172.16.6.3 43.0.0.3 register

查看nhrp邻居表

（3）进入ospf协议视图下对隧道口进行宣告

[R3]ospf 1  [R3-ospf-1]area 0 [R3-ospf-1-area-0.0.0.0]net	 [R3-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255 [R5]ospf 1 [R5-ospf-1]area 0	 [R5-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255 [R6]ospf 1 [R6-ospf-1]area 0 [R6-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255 [R7]ospf 1 [R7-ospf-1]area 0 [R7-ospf-1-area-0.0.0.0]network 172.16.6.0 0.0.0.255

[R3]int tu0/0/0 [R3-Tunnel0/0/0]ospf network-type broadcast  [R5]int tu0/0/0 [R5-Tunnel0/0/0]ospf network-type broadcast [R6]int Tunnel 0/0/0 [R6-Tunnel0/0/0]ospf network-type broadcast [R7]int tu0/0/0 [R7-Tunnel0/0/0]ospf network-type broadcast [R5]int tu0/0/0 [R5-Tunnel0/0/0]ospf dr-priority 0 [R6]int tu0/0/0	 [R6-Tunnel0/0/0]ospf dr-priority 0 [R7]int tu0/0/0 [R7-Tunnel0/0/0]ospf dr-priority 0

6、所有设备均可访问R4的环回

[R3]acl 2000	 [R3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [R3-acl-basic-2000]quit [R3]int s 4/0/0 [R3-Serial4/0/0]nat outbound 2000 [R5]acl 2000 [R5-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [R5-acl-basic-2000]quit [R5]int s 4/0/0 [R5-Serial4/0/0]nat outbound 2000 [R6]acl 2000 [R6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [R6-acl-basic-2000]quit [R6]int s 4/0/0 [R6-Serial4/0/0]nat outbound 2000 [R7]acl 2000 [R7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255 [R7-acl-basic-2000]quit [R7]int g0/0/0 [R7-GigabitEthernet0/0/0]nat outbound 2000

7、减少LSA的更新量

[R3]ospf 1 [R3-ospf-1]area 1 [R3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0 [R6]ospf 1 [R6-ospf-1]area 2 [R6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0 [R7]ospf 1 [R7-ospf-1]area 3	 [R7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0 [R12]ospf 1 [R12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0 [R9]ospf 1 [R9-ospf-1]asbr	 [R9-ospf-1]asbr-summary 172.16.129.0 255.255.224.0

特殊区域

区域1

[R3]ospf 1 [R3-ospf-1]area 1 [R3-ospf-1-area-0.0.0.1]stub no-summary [R1]ospf 1 [R1-ospf-1]area 1	 [R1-ospf-1-area-0.0.0.1]stub no-summary [R2]ospf 1 [R2-ospf-1]area 1 [R2-ospf-1-area-0.0.0.1]stub no-summary

区域2

[R6]ospf 1 [R6-ospf-1]area 2 [R6-ospf-1-area-0.0.0.2]nssa no-summary [R11]ospf 1 [R11-ospf-1]area 2 [R11-ospf-1-area-0.0.0.2]nssa no-summary [R12]ospf 1 [R12-ospf-1]area 2 [R12-ospf-1-area-0.0.0.2]nssa no-summary

区域3

[R7]ospf 1 [R7-ospf-1]area 3	 [R7-ospf-1-area-0.0.0.3]nssa no-summary [R8]ospf 1 [R8-ospf-1]area 3 [R8-ospf-1-area-0.0.0.3]nssa no-summary [R9]ospf 1 [R9-ospf-1]area 3 [R9-ospf-1-area-0.0.0.3]nssa no-summary

ping 一下，看是否全网通

R10不通

在R9上下发缺省

[R9]ospf 1 [R9-ospf-1]default-route-advertise

9、加快收敛：进入到接口下更改hello时间

区域1

[R1]int g0/0/0	 [R1-GigabitEthernet0/0/0]ospf timer hello 5 [R2]int g0/0/0 [R2-GigabitEthernet0/0/0]ospf timer hello 5 [R3]int g0/0/0 [R3-GigabitEthernet0/0/0]ospf timer hello 5

区域0

[R3]int s4/0/0	 [R3-Serial4/0/0]ospf timer hello 5 [R5]int s 4/0/0 [R5-Serial4/0/0]ospf timer hello 5 [R6]int s 4/0/0 [R6-Serial4/0/0]ospf timer hello 5 [R7]int g0/0/0 [R7-GigabitEthernet0/0/0]ospf timer hello 5

区域2

[R6]int g0/0/0 [R6-GigabitEthernet0/0/0]ospf timer hello 5 [R11]int g0/0/0 [R11-GigabitEthernet0/0/0]ospf timer hello 5 [R11]int g0/0/1 [R11-GigabitEthernet0/0/1]ospf timer hello 5 [R12]int g0/0/0 [R12-GigabitEthernet0/0/0]ospf timer hello 5

区域3

[R7]int g0/0/1 [R7-GigabitEthernet0/0/1]ospf timer hello 5 [R8]int g0/0/0 [R8-GigabitEthernet0/0/0]ospf timer hello 5 [R8]int g0/0/1 [R8-GigabitEthernet0/0/1]ospf timer hello 5 [R9]int g0/0/0 [R9-GigabitEthernet0/0/0]ospf timer hello 5

区域4

[R9]int g0/0/1 [R9-GigabitEthernet0/0/1]ospf timer hello 5 [R10]int g0/0/0 [R10-GigabitEthernet0/0/0]ospf timer hello 5

10、保障更新安全：做区域验证/接口验证

区域1

[R1]ospf 1 [R1-ospf-1]area 1 [R1-ospf-1-area-0.0.0.1]authentication-mode zzj 1 cipher 123456 [R2]ospf 1 [R2-ospf-1]area 1 [R2-ospf-1-area-0.0.0.1]authentication-mode zzj 1 cipher 123456 [R3]ospf 1 [R3-ospf-1]area 1 [R3-ospf-1-area-0.0.0.1]authentication-mode zzj 1 cipher 123456

区域2

[R6-ospf-1]are 2 [R6-ospf-1-area-0.0.0.2]authentication-mode zzj 1 cipher 123456 [R11]ospf 1 [R11-ospf-1]area 2 [R11-ospf-1-area-0.0.0.2]authentication-mode zzj 1 cipher 123456 [R12]ospf 1 [R12-ospf-1]area 2 [R12-ospf-1-area-0.0.0.2]authentication-mode zzj 1 cipher 123456

区域3

[R7]ospf 1  [R7-ospf-1]area 0 [R7-ospf-1]area 3 [R7-ospf-1-area-0.0.0.3]authentication-mode zzj 1 cipher 123456 [R8]ospf 1 [R8-ospf-1]area 3 [R8-ospf-1-area-0.0.0.3]authentication-mode zzj 1 cipher 123456 [R9]ospf 1 [R9-ospf-1]area 3 [R9-ospf-1-area-0.0.0.3]authentication-mode zzj 1 cipher 123456

R10ping其它区域路由器