交换路由CCIE之路策略路由.docx
- 文档编号:24892080
- 上传时间:2023-06-02
- 格式:DOCX
- 页数:15
- 大小:165.41KB
交换路由CCIE之路策略路由.docx
《交换路由CCIE之路策略路由.docx》由会员分享,可在线阅读,更多相关《交换路由CCIE之路策略路由.docx(15页珍藏版)》请在冰豆网上搜索。
交换路由CCIE之路策略路由
实验策略路由
组网一
实验拓扑图
实验组网需求
A业务(株洲客户端)流量的主路径走专线2,备份走专线1;其它业务流量主路径走专线1备份走专线2。
实验基本配置及测试
(1)各路由器基本信息配置及OSPF路由配置及测试
基本配置
Router>enable
Router#configureterminal
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
Router(config)#hostnameR
R(config)#noipdomain-lookup
R(config)#linec0
R(config-line)#loggs
R(config-line)#nologin
R(config-line)#privilegelevel15
R(config-line)#linevty04
R(config-line)#privilegelevel15
R(config-line)#nologin
R(config-line)#exit
OSPF配置
SW4
routerospf1
router-id192.168.0.4
log-adjacency-changes
passive-interfaceLoopback0
passive-interfaceLoopback1
passive-interfaceLoopback2
network192.168.1.120.0.0.3area0
network192.168.36.00.0.0.255area0
network192.168.37.00.0.0.255area0
R3
routerospf1
router-id192.168.0.3
log-adjacency-changes
network192.168.1.00.0.0.3area0
network192.168.1.40.0.0.3area0
network192.168.1.120.0.0.3area0
R1
routerospf1
router-id192.168.0.1
log-adjacency-changes
network192.168.1.00.0.0.3area0
network192.168.1.40.0.0.3area0
network192.168.1.80.0.0.3area0
SW2
routerospf1
router-id192.168.0.2
log-adjacency-changes
passive-interfaceLoopback0
passive-interfaceLoopback1
passive-interfaceLoopback2
network192.168.1.80.0.0.3area0
network192.168.20.00.0.0.255area0
network192.168.21.00.0.0.255area0
测试(没有进行任何改动,因此数据应该走负载均衡)
r3#showiproute
O192.168.21.0/24[110/66]via192.168.1.6,00:
00:
37,Serial0/1
[110/66]via192.168.1.2,00:
00:
37,Serial0/0
O192.168.20.0/24[110/66]via192.168.1.6,00:
00:
37,Serial0/1
[110/66]via192.168.1.2,00:
00:
37,Serial0/0
O192.168.36.0/24[110/2]via192.168.1.14,00:
00:
37,FastEthernet2/0
O192.168.37.0/24[110/2]via192.168.1.14,00:
00:
37,FastEthernet2/0
192.168.0.0/32issubnetted,1subnets
C192.168.0.3isdirectlyconnected,Loopback0
192.168.1.0/30issubnetted,4subnets
O192.168.1.8[110/65]via192.168.1.6,00:
00:
37,Serial0/1
[110/65]via192.168.1.2,00:
00:
37,Serial0/0
C192.168.1.12isdirectlyconnected,FastEthernet2/0
C192.168.1.0isdirectlyconnected,Serial0/0
C192.168.1.4isdirectlyconnected,Serial0/1
sw4#traceroute192.168.20.1source192.168.36.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.13112msec104msec28msec
2192.168.1.292msec16msec44msec
3192.168.1.1092msec*88msec
sw4#traceroute192.168.21.1source192.168.36.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.21.1
1192.168.1.1356msec96msec24msec
2192.168.1.220msec44msec64msec
3192.168.1.10288msec*72msec
sw4#traceroute192.168.21.1source192.168.37.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.21.1
1192.168.1.1368msec40msec12msec
2192.168.1.264msec36msec24msec
3192.168.1.1064msec*48msec
sw4#traceroute192.168.20.1source192.168.37.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.1356msec68msec24msec
2192.168.1.284msec12msec44msec
3192.168.1.1032msec*80msec
(2)调整两条专线开销值,使其它业务流量主路径走专线1
r1(config)#ints0/0
r1(config-if)#ban2000//改变接口带宽,带宽越大开销越小
r1(config-if)#ints0/1
r1(config-if)#ban1000
r3(config)#ints0/0
r3(config-if)#ban
r3(config-if)#bandwidth2000
r3(config-if)#ints0/1
r3(config-if)#ban1000
这时候通过计算将不会有负载均衡,实现了第一个要求,流量都走专线1
r3#showiproute
O192.168.21.0/24[110/52]via192.168.1.2,00:
00:
33,Serial0/0
O192.168.20.0/24[110/52]via192.168.1.2,00:
00:
33,Serial0/0
O192.168.36.0/24[110/2]via192.168.1.14,00:
00:
33,FastEthernet2/0
O192.168.37.0/24[110/2]via192.168.1.14,00:
00:
33,FastEthernet2/0
192.168.0.0/32issubnetted,1subnets
C192.168.0.3isdirectlyconnected,Loopback0
192.168.1.0/30issubnetted,4subnets
O192.168.1.8[110/51]via192.168.1.2,00:
00:
33,Serial0/0
C192.168.1.12isdirectlyconnected,FastEthernet2/0
C192.168.1.0isdirectlyconnected,Serial0/0
C192.168.1.4isdirectlyconnected,Serial0/1
策略路由配置及测试
(1)策略路由配置使A业务(192.168.36.0)主路径走专线2
r3(config)#$100permitip192.168.36.00.0.0.255192.168.20.00.0.0.255
r3(config)#route-mapa-to-bpermit10
r3(config-route-map)#matchipad100
r3(config-route-map)#setipnext-hop192.168.1.6//设置动作只要匹配条件就将下一跳定义
r3(config-route-map)#exit
r3(config)#intf2/0
r3(config-if)#ippolicyroute-mapa-to-b//在进接口上进行策略
注:
这里route-map没有默认拒绝,其它没有匹配的都按正常路径转发
r1(config)#iproute192.168.36.0255.255.255.0192.168.1.5//另一端通过静态路由来指明流量走向
(2)Traceroute测试(发现A业务的流量走的是专线2)
sw4#traceroute192.168.20.1source192.168.36.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.13164msec32msec16msec
2192.168.1.6360msec52msec56msec//即使路由表中没有该条路由,但由于策略路由优于路由表的查找,所以还是能走1.6
3192.168.1.1080msec*100msec
sw4#traceroute192.168.20.1source192.168.37.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.1344msec60msec24msec
2192.168.1.276msec28msec64msec//未匹配的都按正常路径
3192.168.1.1036msec*144msec
sw2#traceroute192.168.36.1source192.168.20.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.36.1
1192.168.1.9348msec168msec32msec
2192.168.1.560msec56msec40msec//通过静态路由指定
3192.168.1.14364msec*124msec
(3)专线1down后Traceroute测试
sw4#traceroute192.168.20.1source192.168.37.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.1376msec60msec52msec
2192.168.1.6172msec132msec//启用备份路径
3192.168.1.1068msec*44msec
(4)专线2down后Traceroute测试
sw4#traceroute192.168.20.1source192.168.36.1
Typeescapesequencetoabort.
Tracingtherouteto192.168.20.1
1192.168.1.1396msec44msec28msec
2192.168.1.260msec32msec68msec//若匹配路径不可达,就回到正常路径,并不会显示不可达。
3192.168.1.10176msec*88msec
组网二:
校园网双出口
实验拓扑图
实验组网需求
192.168.2.0/24的用户通过电信出口访问Internet,教育网出口做备份
192.168.3.0/24的用户通过教育网出口访问Internet,电信出口做备份
实验连通性配置及测试
r1(config)#intf1/0
r1(config-if)#ipad192.168.1.1255.255.255.252
r1(config-if)#noshu
r1(config-if)#intf2/0
r1(config-if)#ipad202.202.202.2255.255.255.252
r1(config-if)#noshu
r1(config-if)#intf3/0
r1(config-if)#ipad200.200.200.2255.255.255.252
r1(config-if)#noshu
sw2(config)#intf1/1
sw2(config-if)#ipad192.168.1.2255.255.255.252
sw2(config-if)#noshu
sw2(config-if)#intf1/2
sw2(config-if)#swma
sw2(config-if)#swavlan2
sw2(config-if)#intf1/3
sw2(config-if)#swma
sw2(config-if)#swavlan3
sw2(config-if)#intvlan2
sw2(config-if)#ipad192.168.2.1255.255.255.0
sw2(config-if)#noshu
sw2(config-if)#intvlan3
sw2(config-if)#ipad192.168.3.1255.255.255.0
tel(config)#intf2/0
tel(config-if)#ipad202.202.202.1255.255.255.252
tel(config-if)#noshu
tel(config-if)#intlo0
tel(config-if)#ipad200.200.0.1255.255.255.0
edu(config)#intf3/0
edu(config-if)#ipad200.200.200.1255.255.255.252
edu(config-if)#noshu
edu(config-if)#intlo0
edu(config-if)#ipad200.200.0.1255.255.255.0
连通性测试
r1#ping192.168.1.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto192.168.1.1,timeoutis2seconds:
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=4/4/8ms
r1#ping202.202.202.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto202.202.202.1,timeoutis2seconds:
.!
!
!
!
Successrateis80percent(4/5),round-tripmin/avg/max=28/110/276ms
r1#ping200.200.200.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto200.200.200.1,timeoutis2seconds:
.!
!
!
!
Successrateis80percent(4/5),round-tripmin/avg/max=12/85/252ms
实现网段连通
sw2(config)#iproute0.0.0.00.0.0.0192.168.1.1
r1(config)#iproute192.168.0.0255.255.0.0192.168.1.2
sw2#ping202.202.202.2source192.168.2.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto202.202.202.2,timeoutis2seconds:
Packetsentwithasourceaddressof192.168.2.1
!
!
!
!
!
sw2#ping202.202.202.2source192.168.3.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto202.202.202.2,timeoutis2seconds:
Packetsentwithasourceaddressof192.168.3.1
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=16/43/80ms
sw2#ping200.200.200.2source192.168.3.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto200.200.200.2,timeoutis2seconds:
Packetsentwithasourceaddressof192.168.3.1
!
!
!
!
!
Successrateis100percent(5/5),round-tripmin/avg/max=16/49/160ms
sw2#ping200.200.200.2source192.168.2.1
Typeescapesequencetoabort.
Sending5,100-byteICMPEchosto200.200.200.2,timeoutis2seconds:
Packetsentwithasourceaddressof192.168.2.1
!
!
!
!
!
双出口策略部署
(1)边界对接,实现普通用户通过电信出口访问因特网,教育网做备份
r1(config)#iproute0.0.0.00.0.0.0202.202.202.1
r1(config)#iproute0.0.0.00.0.0.0200.200.200.150//利用浮动路由实现主备
r1#showiproute
Gatewayoflastresortis202.202.202.1tonetwork0.0.0.0
200.200.200.0/30issubnetted,1subnets
C200.200.200.0isdirectlyconnected,FastEthernet3/0
202.202.202.0/30issubnetted,1subnets
C202.202.202.0isdirectlyconnected,FastEthernet2/0
192.168.1.0/30issubnetted,1subnets
C192.168.1.0isdirectlyconnected,FastEthernet1/0
S*0.0.0.0/0[1/0]via202.202.202.1
S192.168.0.0/16[1/0]via192.168.1.2
(2)实现192.168.3.0/24用户通过教育网访问因特网,电信做备份
r1(config)#access-list100permitip192.168.3.00.0.0.255any
r1(config)#route-mapto-edupermit10
r1(config-route-map)#matchipad100
r1(config-route-map)#setipnext-hop200.200.200.1//指明下一跳
r1(config)#intf1/0
r1(config-if)#ippolicyroute-mapto-edu//在进端口做策略
(3)NAT部署
r1(config)#intf1/0
r1(config-if)#ipnatinside
r1(config-if)#exit
r1(config)#intf2/0
r1(config-if)#ipnatoutside
r1(config-if)#exit
r1(config)#intf3/0
r1(config-if)#ipnatoutside
r1(config-if)#exit
r1(config)#rout
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 交换 路由 CCIE 策略