【实验】GRE multi-point( NHRP )

【实验】GRE multi-point(NHRP)
【实验】GRE multi-point(NHRP)

实验环境:

操作系统:Mac OS X 10.11.5 Beta 1(当时最新测试版),模拟器:GNS3 IOU for Mac 1.4.5(当时最新版本)
注:当然,只要有思科模拟器都可以做这个实验

实验需求:

IOU2 是互联网,在 IOU1 / 3 / 4 之间实现内网互访。

实验步骤:

以下表格中是基础配置:

IOU1 :

conf t

int l 0
ip add 1.1.1.1 255.255.255.255

int e 0/0
ip add 12.1.1.1 255.255.255.0
no sh

ip route 0.0.0.0 0.0.0.0 12.1.1.2

 IOU2 :

conf t

int e 0/0
ip add 12.1.1.2 255.255.255.0
no sh

int e 0/1
ip add 23.1.1.2 255.255.255.0
no sh

int e 0/2
ip add 24.1.1.2 255.255.255.0
no sh
IOU3 :

conf t

int l 0
ip add 3.3.3.3 255.255.255.255

int e 0/1
ip add 23.1.1.3 255.255.255.0
no sh

ip route 0.0.0.0 0.0.0.0 23.1.1.2

 IOU4 :

conf t

int l 0
ip add 4.4.4.4 255.255.255.255

int e 0/2
ip add 24.1.1.4 255.255.255.0
no sh

ip route 0.0.0.0 0.0.0.0 24.1.1.2

使用 NHRP 配置多点接入的 GRE :

IOU1 :

int tun 123
ip add 123.1.1.1 255.255.255.0
tun so e 0/0
tun mode gre mu
ip nhrp network-id 123

 IOU3 :

int tun 123
ip add 123.1.1.3 255.255.255.0
tun so e 0/1
tun mode gre mu
ip nhrp network-id 123
ip nhrp nhs 123.1.1.1
ip nhrp map 123.1.1.1 12.1.1.1

 IOU4 :

int tun 123
ip add 123.1.1.4 255.255.255.0
tun so e 0/2
tun mode gre mu
ip nhrp network-id 123
ip nhrp nhs 123.1.1.1
ip nhrp map 123.1.1.1 12.1.1.1

现在可以 ping 通 Tunnel 口了:

IOU1#p 123.1.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/6 ms

IOU1#p 123.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/7 ms

IOU3#p 123.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/5/6 ms

IOU3#p 123.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 123.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms

要想实现 IOU1 / 3 / 4 之间的内网互访,就需要在 IOU1 / 3 / 4 之间开启 IGP ,以 OSPF 和 EIGRP 为例:

1、在 IOU1 / 3 / 4 上通过 Tunnel 口开启 OSPF :

如果运行的是 OSPF ,有三个点需要注意:

  • Tunnel 之间要配置成 OSPF broadcast 或 OSPF point-to-multipoint 链路;
  • IOU1 的 Tunnel 口要是 DR ;
  • 如果出现 OSPF 抖动(邻居不断 up 和 down ),请 shutdown 掉全部的 Tunnel 口,然后按照 IOU1 → IOU3 → IOU4 的次序依次开启。
IOU1 :

int tun 123
sh
ip nhrp map multicast dynamic
ip ospf network broadcast

router os 123
router-id 123.1.1.1

int r l 0 , tun 123
ip os 123 a 0

int tun 123
no sh

 IOU3 :

int tun 123
sh
ip nhrp map multicast 12.1.1.1
! 配置成 OSPF broadcast 链路
ip ospf network broadcast
! 优先级设置为零,不参与 OSPF DR 的选举
ip ospf priority 0

router os 123
router-id 123.3.3.3

int r l 0 , tun 123
ip os 123 a 0

int tun 123
no sh

 IOU4 :

int tun 123
sh
ip nhrp map multicast 12.1.1.1
! 配置成 OSPF broadcast 链路
ip ospf network broadcast
! 优先级设置为零,不参与 OSPF DR 的选举
ip ospf priority 0

router os 123
router-id 123.4.4.4

int r l 0 , tun 123
ip os 123 a 0

int tun 123
no sh

OSPF 测试:

IOU3#sh ip route ospf
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

 Gateway of last resort is 23.1.1.2 to network 0.0.0.0

       1.0.0.0/32 is subnetted, 1 subnets
 O        1.1.1.1 [110/1001] via 123.1.1.1, 00:03:06, Tunnel123
       4.0.0.0/32 is subnetted, 1 subnets
 O        4.4.4.4 [110/1001] via 123.1.1.4, 00:01:22, Tunnel123

IOU3#p 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms

IOU3#p 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/6 ms

OSPF 小细节:

如果您在 Tunnel 上配置的是 OSPF point-to-multipoint 链路,那么路由表会产生 32 位的主机路由。(感谢微博网友 “ 不爽来咬我咯 ” 的分享)

如果在 IOU1 / 3 / 4 上的 Tunnel 口配置成 OSPF broadcast 链路:

IOU1#sh ip ro
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

Gateway of last resort is 12.1.1.2 to network 0.0.0.0

 S*    0.0.0.0/0 [1/0] via 12.1.1.2
       1.0.0.0/32 is subnetted, 1 subnets
 C         1.1.1.1 is directly connected, Loopback0
       3.0.0.0/32 is subnetted, 1 subnets
 O         3.3.3.3 [110/1001] via 123.1.1.3, 00:06:31, Tunnel123
       4.0.0.0/32 is subnetted, 1 subnets
 O         4.4.4.4 [110/1001] via 123.1.1.4, 00:05:09, Tunnel123
       12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C         12.1.1.0/24 is directly connected, Ethernet0/0
 L         12.1.1.1/32 is directly connected, Ethernet0/0
       123.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C         123.1.1.0/24 is directly connected, Tunnel123
 L         123.1.1.1/32 is directly connected, Tunnel123

如果在 IOU1 / 3 / 4 上的 Tunnel 口配置成 OSPF point-to-multipoint 链路:

IOU1#sh ip ro
 Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
        E1 - OSPF external type 1, E2 - OSPF external type 2
        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
        ia - IS-IS inter area, * - candidate default, U - per-user static route
        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
        a - application route
        + - replicated route, % - next hop override

Gateway of last resort is 12.1.1.2 to network 0.0.0.0

 S*    0.0.0.0/0 [1/0] via 12.1.1.2
       1.0.0.0/32 is subnetted, 1 subnets
 C         1.1.1.1 is directly connected, Loopback0
       3.0.0.0/32 is subnetted, 1 subnets
 O         3.3.3.3 [110/1001] via 123.1.1.3, 00:27:04, Tunnel123
       4.0.0.0/32 is subnetted, 1 subnets
 O         4.4.4.4 [110/1001] via 123.1.1.4, 00:26:54, Tunnel123
       12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C         12.1.1.0/24 is directly connected, Ethernet0/0
 L         12.1.1.1/32 is directly connected, Ethernet0/0
       123.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
 C         123.1.1.0/24 is directly connected, Tunnel123
 L         123.1.1.1/32 is directly connected, Tunnel123
 O         123.1.1.3/32 [110/1000] via 123.1.1.3, 00:27:04, Tunnel123
 O         123.1.1.4/32 [110/1000] via 123.1.1.4, 00:26:54, Tunnel123

2、在 IOU1 / 3 / 4 上通过 Tunnel 口开启 EIGRP :

如果运行的是 EIGRP ,有三个点需要注意:

  • 需要在 IOU1 的 Tunnel 接口下关闭 EIGRP 的水平分割,否则 IOU3 接收不到 IOU4 的路由,IOU4 也接收不到 IOU3 的路由;
  • 需要在 IOU1 的 Tunnel 接口下关闭 EIGRP 的 next-hop-self ,否则 IOU3 去往 IOU4 的流量都要经过 IOU1 ,IOU4 去往 IOU3 的流量也要经过 IOU1 ;
  • 如果出现 EIGRP 抖动(邻居不断 up 和 down ),请 shutdown 掉全部的 Tunnel 口,然后按照 IOU1 → IOU3 → IOU4 的次序依次开启。
IOU1 :

int tun 123
sh
ip nhrp map multicast dynamic

router eigrp 123
no au
net 1.1.1.1 0.0.0.0
net 123.1.1.1 0.0.0.0

int tun 123
no ip split-horizon eigrp 123
no ip next-hop-self eigrp 123
no sh

 IOU3 :

int tun 123
sh
ip nhrp map multicast 12.1.1.1

router eigrp 123
no au
net 3.3.3.3 0.0.0.0
net 123.1.1.3 0.0.0.0

int tun 123
no sh

 IOU4 :

int tun 123
sh
ip nhrp map multicast 12.1.1.1

router eigrp 123
no au
net 4.4.4.4 0.0.0.0
net 123.1.1.4 0.0.0.0

int tun 123
no sh

EIGRP 测试:

IOU3#sh ip ro ei
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is 23.1.1.2 to network 0.0.0.0

      1.0.0.0/32 is subnetted, 1 subnets
D        1.1.1.1 [90/27008000] via 123.1.1.1, 00:00:56, Tunnel123
      4.0.0.0/32 is subnetted, 1 subnets
D        4.4.4.4 [90/28288000] via 123.1.1.4, 00:00:54, Tunnel123

IOU3#p 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/6 ms

IOU3#p 4.4.4.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/5/10 ms

 

本文完。如有疑问,欢迎在下方留言;如本文有什么错误,欢迎在下方留言指正,谢谢。

 

其他相关文章:

打赏分享

这篇文章对你有帮助吗?

相关文章

发表评论?

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据