OSPF在转换LSA 5时的转发地址抑制 cyrus
OSPF在转换LSA 5时的转发地址抑制
OSPF在转换LSA 5时的转发地址抑制特性导致NSSA区域的ABR在将LSA 7转化为LSA 5的时候,转发地址由在LSA 7中的明确地址变为LSA 5中的0.0.0.0。即配置了这个特性的路由器没有向骨干区域通告明确的转发地址,而造成骨干区域直接转发流量到NSSA ABR。
[内容]
关于OSPF在转换LSA 5时转发地址抑制的前提条件
这个文档假定你已经在网络设备中配置了OSPF;不需要说明[配置OSPF的其它步骤]
[关于OSPF在转换LSA 5时转发地址抑制的信息]
在你配置OSPF在转换LSA 5时转发地址抑制之前,你应该理解下面的概念:
* OSPF在转换LSA 5时转发地址抑制的优点
* 什么时候在转换LSA 5时抑制OSPF转发地址
(1)OSPF在转换LSA 5时转发地址抑制的优点
OSPF在转换LSA 5时的转发地址抑制特性导致NSSA区域的ABR在将LSA 7转化为LSA 5的时候,转发地址由在LSA 7中的明确地址变为LSA 5中的0.0.0.0。即配置了这个特性的路由器没有向骨干区域通告明确的转发地址,而造成骨干区域直接转发流量到NSSA ABR。
(2)什么时候OSPF在转换LSA 5时抑制转发地址
在图中,过滤区域1向区域0通告的路由从而最小化骨干区域的路由条目是非常有利的。然而使用area filter-list命令过滤地址将会导致骨干区域没有办法到达区域2所通告的外部路由,因为骨干区域无法到达转发地址。
[案例说明]
1.在没有做过滤的时候观察R1的路由表
R1#sh ip rou
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 12.1.1.2, 00:00:13, Serial1/0
23.0.0.0/24 is subnetted, 1 subnets
O IA 23.1.1.0 [110/128] via 12.1.1.2, 00:00:46, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
观察R1的LSA 5
R1#show ip ospf database external 3.3.3.0
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 28
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 3.3.3.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0x80F2
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 23.1.1.3
External Route Tag: 0
可以看到默认情况下,R1所收到外部路由的forward address是23.1.1.3,是明确的ASBR接口的地址。
2.在R2上针对区域2做过滤
ip prefix-list nssa seq 5 deny 23.1.1.0/24
ip prefix-list nssa seq 10 permit 0.0.0.0/0 le 32
router ospf 1
area 1 filter-list prefix nssa out
再次观察R1的路由表
R1#sh ip rou
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
观察R1的数据库
R1#sh ip os da
OSPF Router with ID (1.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 708 0x80000004 0x00F182 2
2.2.2.2 2.2.2.2 538 0x80000005 0x0098D2 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
3.3.3.0 2.2.2.2 500 0x80000001 0x0080F2 0
可以发现外部路由仍然存在在R1的数据库中,但是R1并没有将它添加到路由表中,原因就在于R1现在不知道如何到达forward address(23.1.1.3),因为已经对区域1中的路由做了过滤,所以这里要使R1仍然能够到达外部路由,需要更改转发地址来实现
R2(config-router)#area 1 nssa translate type7 suppress-fa
再次观察R1的路由表
R1#show ip rou
Gateway of last resort is not set
3.0.0.0/24 is subnetted, 1 subnets
O E2 3.3.3.0 [110/20] via 12.1.1.2, 00:00:01, Serial1/0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/0
可以发现外部路由又重新出现在了路由表中
R1#show ip ospf database external 3.3.3.0
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA
LS age: 50
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 3.3.3.0 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x3D51
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
可以看到现在的转发地址变为了0.0.0.0,也就是R1会把数据包交给ABR来处理。此时R1就可以到达外部路由了。
note :
Configuring this feature causes the router to be noncompliant with RFC 1587. Also, suboptimal routing might result because there might be better paths to reach the destination's forwarding address. This feature should not be configured without careful consideration and not until the network topology is understood.
注意:配置这个特性会引起与RFC1587的不兼容性。(NSSA 选项的文档)。同样会造成次优路径的选择,因为可能会有更好的路径到达目的转发地址。三思而后行。
===================
========
基本配制如下:
------------------
R1
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial1/0
ip address 12.1.1.1 255.255.255.0
no shut
!
router ospf 10
network 12.1.1.0 0.0.0.255 area 0
--------------------------------------
R2
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial1/0
ip address 23.1.1.2 255.255.255.0
no shut
interface Serial2/0
ip address 12.1.1.2 255.255.255.0
no shut
router ospf 10
area 1 nssa
network 12.1.1.0 0.0.0.255 area 0
network 23.1.1.0 0.0.0.255 area 1
-----------------
R3
interface Loopback0
ip address 3.3.3.3 255.255.255.0
interface Serial2/0
ip address 23.1.1.3 255.255.255.0
no shut
router ospf 10
area 1 nssa
redistribute connected subnets
network 23.1.1.0 0.0.0.255 area 1