春风十里不如你 —— Taozi - 路由控制 https://xiongan.host/index.php/tag/%E8%B7%AF%E7%94%B1%E6%8E%A7%E5%88%B6/ 【HCIP】路由策略与路由控制 https://xiongan.host/index.php/archives/203/ 2023-05-06T20:24:50+08:00 路由策略与路由控制实验组网每台设备都创建了Loopback0,地址为10.123.x.x/32(x为设备号)在R2、R4上测试ip连通性配置OSPF、IS-ISR1、R2、R3使用Loopback0接口地址作为Router ID,在互联接口、Loopback0接口上激活OSPF。//R1 [R1]ospf 1 router-id 10.123.1.1 [R1-ospf-1] area 0 [R1-ospf-1-area-0.0.0.0] network 10.123.1.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0] network 10.123.12.1 0.0.0.0 [R1-ospf-1-area-0.0.0.0] quit [R1-ospf-1] quit//R2 [R2]ospf 1 router-id 10.123.2.2 [R2-ospf-1] area 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.123.2.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.123.12.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] network 10.123.23.2 0.0.0.0 [R2-ospf-1-area-0.0.0.0] quit [R2-ospf-1] quit//R3 [R3]ospf 1 router-id 10.123.3.3 [R3-ospf-1] area 0.0.0.0 [R3-ospf-1-area-0.0.0.0] network 10.123.3.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0] network 10.123.23.3 0.0.0.0 [R3-ospf-1-area-0.0.0.0] quit [R3-ospf-1] quit在R2上检查OSPF邻居概要信息R3、R4上配置IS-IS,区域为49.0001,系统ID采用0000.0000.000x格式(x为设备编号),两台设备都为Level-1路由器,在互联接口、R4的Loopback0接口上激活IS-IS。//R3 [R3]isis 1 [R3-isis-1] is-level level-1 [R3-isis-1] network-entity 49.0001.0000.0000.0003.00 [R3-isis-1] quit [R3]interface GigabitEthernet0/0/1 [R3-GigabitEthernet0/0/1] isis enable 1 [R3-GigabitEthernet0/0/1] quit//R4 [R4]isis 1 [R4-isis-1] is-level level-1 [R4-isis-1] network-entity 49.0001.0000.0000.0004.00 [R4-isis-1] quit [R4]interface GigabitEthernet0/0/0 [R4-GigabitEthernet0/0/0] isis enable 1 [R4-GigabitEthernet0/0/0] quit [R4]interface LoopBack 0 [R4-LoopBack0] isis enable 1 [R4-LoopBack0] quit在R3上检查IS-IS邻居状态在R1上引入直连路由创建IP前缀列表1,匹配Loopback1接口路由(A业务网段)[R1]ip ip-prefix 1 index 10 permit 172.16.1.0 24 greater-equal 24 less-equal 24创建IP前缀列表2,匹配Loopback2接口路由(B业务网段)[R1]ip ip-prefix 2 index 10 permit 172.16.2.0 24 greater-equal 24 less-equal 24创建Route-Policy hcip,并创建节点10、20,分别调用IP前缀列表1、2,打上路由标记[R1]route-policy hcip permit node 10 [R1-route-policy] if-match ip-prefix 1 [R1-route-policy] apply tag 10 [R1-route-policy] quit [R1]route-policy hcip permit node 20 [R1-route-policy] if-match ip-prefix 2 [R1-route-policy] apply tag 20 [R1-route-policy] quit在R1的OSPF中引入直连路由,调用Route-Policy hcip[R1]ospf 1 [R1-ospf-1] import-route direct route-policy hcip在R1上查看OSPF LSDBLoopback1、2接口路由已经被成功引入OSPF中在R1上查看OSPF LSDB中AS-external LSA 172.16.1.0、172.16.2.0的相关信息在R2上配置过滤策略在R2上配置Filter-Policy对接收的OSPF路由进行过滤,只接收B业务网段的路由。查看配置Filter-Policy前的OSPF路由表查看配置Filter-Policy前的IP路由表中的OSPF路由配置基础ACL[R2]acl number 2000 [R2-acl-basic-2000] rule 5 deny source 172.16.1.0 0.0.0.255 [R2-acl-basic-2000] rule 10 permit在OSPF中部署入方向的Filter-Policy,调用ACL 2000[R2]ospf 1 [R2-ospf-1] filter-policy 2000 import查看配置Filter-Policy后的OSPF路由表查看配置Filter-Policy后的IP路由表中的OSPF路由在IP路由表中路由172.16.2.0/24已经不存在,但是在OSPF路由表中依旧存在。这验证了对于OSPF,Filter-Policy只是限制路由加入IP路由表,不影响本地的LSDB以及LSA的传递。在R3上查看IP路由表中的OSPF路由R3的IP路由表中OSPF外部路由172.16.1.0/24、172.16.2.0/24依旧存在在R3上将OSPF路由引入到IS-IS在R3上将OSPF路由引入到IS-IS中,通过Route-Policy匹配路由标记,只引入A业务网段的OSPF外部路由。创建Route-Policy hcip[R3]route-policy hcip permit node 10 [R3-route-policy] if-match tag 10 [R3-route-policy] quit在IS-IS中引入OSPF路由,调用Route-Policy hcip只引入A业务网段的OSPF外部路由[R3]isis 1 [R3-isis-1] import-route ospf 1 level-1 route-policy hcip查看R3的IS-IS路由表Level-1的路由重分发表中只有172.16.1.0/24。