实验7 ISIS多区域配置
实验任务一:ISIS路由聚合和验证配置
-
建立物理连接
-
配置IS多区域
[RTA-isis-1]network-entity 10.0000.0000.0001.00//配置网络实体
[RTA-isis-1]is-level level-1//配置路由器类型
[RTA-GigabitEthernet0/0]isis enable//使能接口
[RTA-GigabitEthernet0/1]isis enable
[RTA-GigabitEthernet0/1]isis circuit-level level-1//配置接口的链路邻接关系类型。
[RTB-isis-1]network-entity 10.0000.0000.0002.00
[RTB-isis-1]is-level level-1
[RTB-GigabitEthernet0/2]isis enable
[RTB-GigabitEthernet0/2]isis circuit-level level-1
[RTC-isis-1]network-entity 10.0000.0000.0003.00
[RTC-isis-1]is-level level-1-2//默认也是level-1-2
[RTC-GigabitEthernet0/0]isis enable
[RTC-GigabitEthernet0/0]isis circuit-level level-2
[RTC-GigabitEthernet0/2]isis enable
[RTC-GigabitEthernet0/2]isis circuit-level level-1
[RTC-GigabitEthernet0/1]isis enable
[RTC-GigabitEthernet0/1]isis circuit-level level-1
[RTD-isis-1]network-entity 20.0000.0000.0004.00
[RTD-isis-1]is-level level-2//默认也是level-1-2
[RTD-GigabitEthernet0/1]isis enable
[RTD-GigabitEthernet0/0]isis enable
[RTD-GigabitEthernet0/0]isis circuit-level level-2
-
isis路由表及LSDB查看
[RTA]display isis routeRoute information for IS-IS(1) ------------------------------ Level-1 IPv4 Forwarding Table -----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
0.0.0.0/0 10 NULL GE0/1 172.16.1.2 R/-/-
172.16.2.0/24 20 NULL GE0/1 172.16.1.2 R/-/-
172.16.1.0/24 10 NULL GE0/1 Direct D/L/-
172.16.0.0/24 10 NULL GE0/0 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set
[RTB]display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
0.0.0.0/0 10 NULL GE0/2 172.16.2.2 R/-/-
172.16.2.0/24 10 NULL GE0/2 Direct D/L/-
172.16.1.0/24 20 NULL GE0/2 172.16.2.2 R/-/-
172.16.0.0/24 30 NULL GE0/2 172.16.2.2 R/-/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set
//level-1路由器有一条缺省路由指向level-2的路由器。
[RTC]display isis route
Route information for IS-IS(1)
------------------------------
Level-1 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
172.16.2.0/24 10 NULL GE0/2 Direct D/L/-
172.16.1.0/24 10 NULL GE0/1 Direct D/L/-
172.16.0.0/24 20 NULL GE0/1 172.16.1.1 R/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
172.16.2.0/24 10 NULL D/L/-
172.16.1.0/24 10 NULL D/L/-
192.168.2.0/24 20 NULL GE0/0 192.168.1.2 R/-/-
192.168.1.0/30 10 NULL GE0/0 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set
//level-2路由器的路由表存放着level-1的路由,level-1路由器的路由表存放着缺省路由指向level2路由器。
例如:
RTA------------------------------------------RTB-------------------------------------------------RTC
Level-1 level-1-2 level-2
-----------------level-1的明细路由发送--------->>>>
<<------缺省路由指向level-2路由器
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
//每条链路的开销值为10,ISIS缺省的路由开销类型为narrow
修改开销类型为wide,设置参考带宽,使能自动计算链路度量值
[RTA-isis-1]cost-style wide
[RTA-isis-1]bandwidth-reference 1000
[RTA-isis-1]auto-cost enable
[RTA]display ip routing-table
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.1.0/30 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
Wide或wide-campatible,根据公式开销=(参考值/带宽)*10
- 配置is-is的聚合与验证
(1)Level-1聚合到level-2
[RTC-isis-1-ipv4]summary 172.16.0.0 16 level-2//配置聚合路由发往level-2的路由
[RTD]display ip routing-table
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/16 IS_L2 15 20 192.168.1.1 Ser1/0
192.168.1.0/30 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.0/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.1/32 Direct 0 0 192.168.1.1 Ser1/0
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.3/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.2.0/24 Direct 0 0 192.168.2.254 GE0/1
192.168.2.0/32 Direct 0 0 192.168.2.254 GE0/1
192.168.2.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.254 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
(1) Level-2聚合到level-1
[RTD-isis-1-ipv4]summary 192.168.0.0 16 level-1
//发现没能在RTA看到RTD聚合的路由,必须配置路由渗透。
Destinations : 20 Routes : 20
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.0.0/16 IS_L1 15 156261 172.16.1.2 GE0/1
192.168.1.0/30 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[RTC-isis-1-ipv4]import-route isis level-2 into level-1//路由渗透
[RTC-isis-1-ipv4]summary 192.168.0.0 16 level-1//路由聚合
Destinations : 19 Routes : 19
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
192.168.0.0/16 IS_L1 15 156260 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
验证:
(1) 区域验证
[RTC-isis-1]domain-authentication-mode simple plain 123
[RTD-isis-1]domain-authentication-mode simple plain 111
[RTC-isis-1]display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 25s Type: L1 PRI: 64
System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 26s Type: L1 PRI: 64
System ID: 0000.0000.0004
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 28s Type: L2 PRI: --
[RTD-Serial1/0]display isis route
Route information for IS-IS(1)
------------------------------
Level-2 IPv4 Forwarding Table
-----------------------------
IPv4 Destination IntCost ExtCost ExitInterface NextHop Flags
192.168.3.0/24 0 NULL Loop1 Direct D/L/-
192.168.2.0/24 1 NULL GE0/1 Direct D/L/-
192.168.1.0/30 15625 NULL Ser1/0 Direct D/L/-
Flags: D-Direct, R-Added to Rib, L-Advertised in LSPs, U-Up/Down bit set
配置路由域验证方式和验证密码后,验证密码将按照设定的方式插入到发送的Level-2报文(包括LSP、CSNP、PSNP)中并对收到的Level-2报文进行验证密码的检查。所以说,还是可以建立邻居,但是不能互相学习路由。
(2)接口验证
[RTC-Serial1/0]isis authentication-mode simple plain 111
[RTC-Serial1/0]display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 28s Type: L1 PRI: 64
System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 26s Type: L1 PRI: 64
配置邻居关系验证方式和验证密码后,验证密码将会按照设定的方式封装到Hello报文中,并对接收到的Hello报文进行验证密码的检查,通过检查才会形成邻居关系,否则将不会形成邻居关系。
所以说,接口验证失败,不能够建立邻居。
补充:
问题1:当RTA的开销类型为narrow不能向RTC的开销类型为wide学习到路由。
[RTC-isis-1]cost-style wide
[RTC-isis-1]bandwidth-reference 1000
[RTC-isis-1]auto-cost enable
问题2:当RTC和RTD的邻居链路类型是不一样的,能建立邻居,但不能学习到各自的的路由。
(1) [RTC-Serial1/0]isis circuit-level level-2, [RTD-Serial1/0]isis circuit-level level-1-2,RTA和RTB是不能学习到level-2的默认路由。
[RTD]display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0003
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 22s Type: L2 PRI: --
(2) [RTC-Serial1/0]isis circuit-level level-1-2, [RTD-Serial1/0]isis circuit-level level-1-2,RTA和RTB是只能学习到RTC使能的接口下的level-1网段,并且学不到level-1的默认路由。RTD能学习到level-1的明细路由。
[RTD-Serial1/0]display ip routing-table
Destinations : 24 Routes : 24
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 IS_L2 15 15645 192.168.1.1 Ser1/0
172.16.1.0/24 IS_L2 15 15635 192.168.1.1 Ser1/0
172.16.2.0/24 IS_L2 15 15635 192.168.1.1 Ser1/0
192.168.1.0/30 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.0/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.1.1/32 Direct 0 0 192.168.1.1 Ser1/0
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.3/32 Direct 0 0 192.168.1.2 Ser1/0
192.168.2.0/24 Direct 0 0 192.168.2.254 GE0/1
192.168.2.0/32 Direct 0 0 192.168.2.254 GE0/1
192.168.2.254/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.254 GE0/1
192.168.3.0/24 Direct 0 0 192.168.3.1 Loop1
192.168.3.0/32 Direct 0 0 192.168.3.1 Loop1
192.168.3.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.3.255/32 Direct 0 0 192.168.3.1 Loop1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[RTD]display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0003
Interface: Ser1/0 Circuit Id: 001
State: Up HoldTime: 22s Type: L2 PRI: --
(3) [RTC-Serial1/0]isis circuit-level level-1, [RTD-Serial1/0]isis circuit-level level-2,RTA和RTB能学习到RTC使能的接口下的level-1网段,且不和RTD建立邻居。
[RTC-Serial1/0]display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: GE0/1 Circuit Id: 0000.0000.0003.02
State: Up HoldTime: 22s Type: L1 PRI: 64
System ID: 0000.0000.0002
Interface: GE0/2 Circuit Id: 0000.0000.0003.03
State: Up HoldTime: 21s Type: L1 PRI: 64
(4) [RTC-Serial1/0]isis circuit-level level-2, [RTD-Serial1/0]isis circuit-level level-2,RTA和RTB才能学习到RTC使能的接口下的level-2网段。
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 IS_L1 15 10 172.16.1.2 GE0/1
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.254 GE0/0
172.16.0.0/32 Direct 0 0 172.16.0.254 GE0/0
172.16.0.254/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.255/32 Direct 0 0 172.16.0.254 GE0/0
172.16.1.0/24 Direct 0 0 172.16.1.1 GE0/1
172.16.1.0/32 Direct 0 0 172.16.1.1 GE0/1
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.255/32 Direct 0 0 172.16.1.1 GE0/1
172.16.2.0/24 IS_L1 15 20 172.16.1.2 GE0/1
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
问题3:模拟器,isis区域之间,一个配置了区域验证,一个没有,但是还是可以学习到各自的路由,但是两个都配置区域验证,验证失败才不能学习到各自的路由。
解决问题2:level-1-2链路互相可以学习到路由。之前失败是因为左边的路由器开销类型都是wide,右边的不是,不能互相学习路由。
解决问题3:配置了验证的路由器,收到没配置验证的路由器发来的链路信息,验证路由器不会学习它的路由,但是未配置验证的路由器会学习到验证路由器发来的链路信息。