- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
06-H3C_OSPFv3典型配置舉例
本章節下載: 06-H3C_OSPFv3典型配置舉例 (224.40 KB)
資料版本:6W100-20200330
產品版本:Release 7585P05
Copyright © 2020 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
目 錄
本文檔介紹了OSPFv3路由信息過濾的配置舉例。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解OSPFv3路由信息過濾的特性。
如圖1所示,公司A使用OSPFv3路由協議實現公司設備全網互通,後來公司A擴張兼並了公司B,要求將公司B采用的RIPng路由協議與公司A的OSPFv3協議互相引入,使得各個部門可以實現互通。Device A和Device B作為公司核心設備負責各個部門間的通信。由於業務需要,現要求通過下列措施控製並調整網絡中的路由信息:
· 在Device E上對引入的路由信息進行過濾,使得研發二部所在網段無法被引入到OSPFv3內。
· 在Device C上使用路由信息的過濾功能,使得市場一部所在網段無法訪問研發一部。
· 在Device D上使用路由信息的過濾功能,使得研發一部和售後服務部所在網段無法訪問市場二部。
圖1 OSPFv3路由信息過濾組網圖
|
設備 |
接口 |
IP地址 |
設備 |
接口 |
IP地址 |
|
Device A |
Vlan-int100 |
1::1/64 |
Device B |
Vlan-int100 |
1::2/64 |
|
|
Vlan-int200 |
2::1/64 |
|
Vlan-int300 |
3::1/64 |
|
|
Vlan-int400 |
4::1/64 |
|
|
|
|
Device C |
Vlan-int200 |
2::2/64 |
Device D |
Vlan-int300 |
3::2/64 |
|
|
Loop0 |
13::1/64 (市場一部所在網段) |
|
Loop0 |
11::1/64 (售後服務部所在網段) |
|
|
|
|
|
Loop1 |
12::1/64 (研發一部所在網段) |
|
Device E |
Vlan-int400 |
4::2/64 |
Device F |
Vlan-int500 |
5::2/64 |
|
|
Vlan-int500 |
5::1/64 |
|
Loop0 |
14::1/64 (研發二部所在網段) |
|
|
|
|
|
Loop1 |
15::1/64 (市場二部所在網段) |
· 路由信息過濾功能中對於引入外部路由信息時采用export關鍵字進行過濾,該參數隻能在ASBR上生效。
· 路由信息過濾功能隻是對路由表中相關路由信息過濾,並不是過濾掉OSPFv3中通告的LSA。
· 由於路由通信是雙向的,使用路由信息過濾功能將某一目的網段過濾後,該路由器下聯的其它網段無法訪問這個目的網段的設備,這個目的網段的設備也不能訪問源地址網段的設備。
· 使用路由信息過濾功能配合ACL使用時,必須將最後一條規則設置為允許所有源地址通過才能避免將所有網段路由被全部過濾掉。
· 配置OSPFv3時必須手工指定Router ID。
#配置接口Vlan-int100的IP地址。
<DeviceA> system-view
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] ipv6 address 1::1 64
#請參考以上方法配置其它相關接口的IP地址,配置步驟這裏省略。
# 創建OSPFv3進程,並在Device A的接口上使能OSPFv3路由功能。
<DeviceA> system-view
[DeviceA] ospfv3
[DeviceA-ospfv3-1] router-id 6.6.6.6
[DeviceA-ospfv3-1] quit
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] ospfv3 1 area 0
[DeviceA-Vlan-interface100] quit
[DeviceA] interface vlan-interface 200
[DeviceA-Vlan-interface200] ospfv3 1 area 2
[DeviceA-Vlan-interface200] quit
[DeviceA] interface vlan-interface 400
[DeviceA-Vlan-interface400] ospfv3 1 area 1
[DeviceA-Vlan-interface400] quit
#創建OSPFv3進程,並在Device B的接口上使能OSPFv3路由功能。
<DeviceB> system-view
[DeviceB] ospfv3
[DeviceB-ospfv3-1] router-id 5.5.5.5
[DeviceB-ospfv3-1] quit
[DeviceB] interface vlan-interface 100
[DeviceB-Vlan-interface100] ospfv3 1 area 0
[DeviceB-Vlan-interface100] quit
[DeviceB] interface vlan-interface 300
[DeviceB-Vlan-interface300] ospfv3 1 area 3
[DeviceB-Vlan-interface300] quit
#創建OSPFv3進程,並在Device C的接口上使能OSPFv3路由功能。
<DeviceC> system-view
[DeviceC] ospfv3
[DeviceC-ospfv3-1] router-id 4.4.4.4
[DeviceC-ospfv3-1] quit
[DeviceC] interface vlan-interface 200
[DeviceC-Vlan-interface200] ospfv3 1 area 2
[DeviceC-Vlan-interface200] quit
[DeviceC]interface LoopBack 0
[DeviceC-LoopBack0] ospfv3 1 area 2
[DeviceC-LoopBack0] quit
#創建OSPFv3進程,並在Device D的接口上使能OSPFv3路由功能。
<DeviceD> system-view
[DeviceD] ospfv3
[DeviceD-ospfv3-1] router-id 3.3.3.3
[DeviceD-ospfv3-1] quit
[DeviceD] interface vlan-interface 300
[DeviceD-Vlan-interface300] ospfv3 1 area 3
[DeviceD-Vlan-interface300] quit
[DeviceD]interface LoopBack 0
[DeviceD-LoopBack0] ospfv3 1 area 3
[DeviceD-LoopBack0] quit
[DeviceD]interface LoopBack 1
[DeviceD-LoopBack1] ospfv3 1 area 3
[DeviceD-LoopBack1] quit
#創建OSPFv3進程,並在Device E的接口上使能OSPFv3路由功能。
<DeviceE> system-view
[DeviceE] ospfv3
[DeviceE-ospfv3-1] router-id 2.2.2.2
[DeviceE-ospfv3-1] quit
[DeviceE] interface vlan-interface 400
[DeviceE-Vlan-interface400] ospfv3 1 area 1
[DeviceE-Vlan-interface400] quit
#創建RIPng進程,並在Device E的接口上使能RIPng路由功能。
<DeviceE> system-view
[DeviceE] ripng
[DeviceE-ripng-1] quit
[DeviceE] interface vlan-interface 500
[DeviceE-Vlan-interface500] ripng 1 enable
[DeviceE-Vlan-interface500] quit
#創建RIPng進程,並在Device F的接口上使能RIPng路由功能。
<DeviceF> system-view
[DeviceF] ripng
[DeviceF-ripng-1] quit
[DeviceF] interface vlan-interface 500
[DeviceF-Vlan-interface500] ripng 1 enable
[DeviceF-Vlan-interface500] quit
[DeviceF]interface LoopBack 0
[DeviceF-LoopBack0]ripng 1 enable
[DeviceF-LoopBack0] quit
[DeviceF]interface LoopBack 1
[DeviceF-LoopBack0]ripng 1 enable
[DeviceF-LoopBack0] quit
# 在Device E上將直連路由和OSPFv3路由引入到RIPng網絡中。
<DeviceE> system-view
[DeviceE] ripng
[DeviceE-ripng-1] import-route direct
[DeviceE-ripng-1] import-route ospfv3
[DeviceE-ripng-1] quit
# 在Device E上將直連路由和RIPng路由引入到OSPFv3網絡中。
[DeviceE] ospfv3
[DeviceE-ospfv3-1] import-route direct
[DeviceE-ospfv3-1] import-route ripng
[DeviceE-ospfv3-1] quit
# 查看Device E的路由表信息。
[Device E]display ipv6 routing-table
Destinations : 15 Routes : 15
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 2
Destination: 2::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 2
Destination: 3::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 3
Destination: 4::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Vlan400 Cost : 0
Destination: 4::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 5::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Vlan500 Cost : 0
Destination: 5::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 11::1/128 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 3
Destination: 12::1/128 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 3
Destination: 13::1/128 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:124D Preference: 10
Interface : Vlan400 Cost : 2
Destination: 14::/64 Protocol : RIPng
NextHop : FE80::2E0:FCFF:FE11:19B5 Preference: 100
Interface : Vlan500 Cost : 1
Destination: 15::/64 Protocol : RIPng
NextHop : FE80::2E0:FCFF:FE11:19B5 Preference: 100
Interface : Vlan500 Cost : 1
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0
以上顯示信息表明Device E擁有路由域內所有網段路由,然後依次查看其他所有設備的路由表信息,路由域內所有的網段均可互通。
# 在Device C上創建基本IPv6 ACL並匹配需要拒絕訪問的目的網段12::1/64。
<DeviceC> system-view
[DeviceC] acl ipv6 basic 2000
[DeviceC-acl-ipv6-basic-2000] rule 0 deny source 12::1 64
[DeviceC-acl-ipv6-basic-2000] rule permit source any
[DeviceC-acl-ipv6-basic-2000] quit
# 在Device C上通過指定訪問控製列表IPv6 ACL 2000來對要加入到路由表的路由信息進行過濾。
[DeviceC] ospfv3
[DeviceC-ospfv3-1] filter-policy 2000 import
[DeviceC-ospfv3-1] quit
# 在Device D上創建基本IPv6 ACL並匹配需要拒絕訪問的目的網段15::1/64。
<DeviceD> system-view
[DeviceD] acl ipv6 basic 2000
[DeviceD-acl-ipv6-basic-2000] rule 0 deny source 15::1 64
[DeviceD-acl-ipv6-basic-2000] rule permit source any
[DeviceD-acl-ipv6-basic-2000] quit
# 在Device D上通過指定訪問控製列表IPv6 ACL 2000來對要加入到路由表的路由信息進行過濾。
[DeviceD] ospfv3
[DeviceD-ospfv3-1] filter-policy 2000 import
[DeviceD-ospfv3-1] quit
# 在Device E上創建基本IPv6 ACL並匹配需要拒絕訪問的目的網段14::1/64。
<DeviceE> system-view
[DeviceE] acl ipv6 basic 2000
[DeviceE-acl-ipv6-basic-2000] rule 0 deny source 14::1 64
[DeviceE-acl-ipv6-basic-2000] rule permit source any
[DeviceE-acl-ipv6-basic-2000] quit
# 在Device E上通過指定訪問控製列表IPv6 ACL 2000來對引入OSPFv3的RIPng路由信息進行過濾。
[DeviceE] ospfv3
[DeviceE-ospfv3-1] filter-policy 2000 export ripng 1
[DeviceE-ospfv3-1] quit
# 查看Device C的路由表信息。
[DeviceC]display ipv6 routing-table
Destinations : 13 Routes : 13
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 10
Interface : Vlan200 Cost : 2
Destination: 2::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Vlan200 Cost : 0
Destination: 2::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 3::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 10
Interface : Vlan200 Cost : 3
Destination: 4::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 10
Interface : Vlan200 Cost : 2
Destination: 5::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 150
Interface : Vlan200 Cost : 1
Destination: 11::1/128 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 10
Interface : Vlan200 Cost : 3
Destination: 13::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop0 Cost : 0
Destination: 13::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 15::/64 Protocol : OSPFv3
NextHop : FE80::2E0:FCFF:FE58:1245 Preference: 150
Interface : Vlan200 Cost : 1
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : InLoop0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0
以上顯示信息表明Device C的路由表中已經沒有12::/64網段的路由信息了。
# 在Device C上使用源地址13::1 Ping目標地址12::1進行驗證。
[DeviceC]ping ipv6 -a 13::1 12::1
Ping6(56 data bytes) 13::1 --> 12::1, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping6 statistics for 12::1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
以上信息表明Device C通過過濾路由表中12::/64網段的路由信息,使得市場一部所在網段無法訪問研發一部所在網段。
# 查看Device D的路由表信息。
[DeviceD]display ipv6 routing-table
Destinations : 14 Routes : 14
Destination: ::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 1::/64 Protocol : OSPFv3
NextHop : FE80::2A0:FCFF:FE00:5815 Preference: 10
Interface : Vlan300 Cost : 2
Destination: 2::/64 Protocol : OSPFv3
NextHop : FE80::2A0:FCFF:FE00:5815 Preference: 10
Interface : Vlan300 Cost : 3
Destination: 3::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Vlan300 Cost : 0
Destination: 3::2/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 4::/64 Protocol : OSPFv3
NextHop : FE80::2A0:FCFF:FE00:5815 Preference: 10
Interface : Vlan300 Cost : 3
Destination: 5::/64 Protocol : OSPFv3
NextHop : FE80::2A0:FCFF:FE00:5815 Preference: 150
Interface : Vlan300 Cost : 1
Destination: 11::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop0 Cost : 0
Destination: 11::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 12::/64 Protocol : Direct
NextHop : :: Preference: 0
Interface : Loop1 Cost : 0
Destination: 12::1/128 Protocol : Direct
NextHop : ::1 Preference: 0
Interface : InLoop0 Cost : 0
Destination: 13::1/128 Protocol : OSPFv3
NextHop : FE80::2A0:FCFF:FE00:5815 Preference: 10
Interface : Vlan300 Cost : 3
Destination: FE80::/10 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0 Cost : 0
Destination: FF00::/8 Protocol : Direct
NextHop : :: Preference: 0
Interface : NULL0
以上顯示信息表明Device D的路由表中已經沒有15::/64網段的路由信息了。
# 在Device D上使用源地址11::1 Ping目標地址15::1進行驗證。
[DeviceD]ping ipv6 -a 11::1 15::1
Ping6(56 data bytes) 11::1 --> 15::1, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping6 statistics for 15::1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
# 在Device D上使用源地址12::1 Ping目標地址15::1進行驗證。
[DeviceD]ping ipv6 -a 12::1 15::1
Ping6(56 data bytes) 12::1 --> 15::1, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping6 statistics for 15::1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
以上信息表明Device D通過過濾路由表中15::/64網段的路由信息,使得研發一部和售後服務部所在網段無法訪問市場二部所在網段。
綜合Device C和Device D的路由表信息,發現路由表中均沒有14::/64網段路由信息,說明設備已經將引入OSPFv3的RIPng路由中研發二部所在網段過濾掉。
· Device A:
#
ospfv3 1
router-id 6.6.6.6
area 0.0.0.0
area 0.0.0.1
area 0.0.0.2
#
vlan 100
#
vlan 200
#
vlan 400
#
interface Vlan-interface100
ospfv3 1 area 0.0.0.0
ipv6 address 1::1/64
#
interface Vlan-interface200
ospfv3 1 area 0.0.0.2
ipv6 address 2::1/64
#
interface Vlan-interface400
ospfv3 1 area 0.0.0.1
ipv6 address 4::1/64
#
· Device B :
#
ospfv3 1
router-id 5.5.5.5
area 0.0.0.0
area 0.0.0.3
#
vlan 100
#
vlan 300
#
interface Vlan-interface100
ospfv3 1 area 0.0.0.0
ipv6 address 1::2/64
#
interface Vlan-interface300
ospfv3 1 area 0.0.0.3
ipv6 address 3::1/64
#
· Device C :
#
ospfv3 1
router-id 4.4.4.4
filter-policy 2000 import
area 0.0.0.2
#
vlan 200
#
interface LoopBack0
ospfv3 1 area 0.0.0.2
ipv6 address 13::1/64
#
interface Vlan-interface200
ospfv3 1 area 0.0.0.2
ipv6 address 2::2/64
#
acl ipv6 basic 2000
rule 0 deny source 12::/64
rule 5 permit
#
· Device D :
#
ospfv3 1
router-id 3.3.3.3
filter-policy 2000 import
area 0.0.0.3
#
vlan 300
#
interface LoopBack0
ospfv3 1 area 0.0.0.3
ipv6 address 11::1/64
#
interface LoopBack1
ospfv3 1 area 0.0.0.3
ipv6 address 12::1/64
#
interface Vlan-interface300
ospfv3 1 area 0.0.0.3
ipv6 address 3::2/64
#
acl ipv6 basic 2000
rule 0 deny source 15::/64
rule 5 permit
#
· Device E:
#
ospfv3 1
router-id 2.2.2.2
import-route direct
import-route ripng 1
filter-policy 2000 export ripng 1
area 0.0.0.1
#
ripng 1
import-route direct
import-route ospfv3 1
#
vlan 400
#
vlan 500
#
interface Vlan-interface400
ospfv3 1 area 0.0.0.1
ipv6 address 4::2/64
#
interface Vlan-interface500
ipv6 address 5::1/64
ripng 1 enable
#
acl ipv6 basic 2000
rule 0 deny source 14::/64
rule 5 permit
#
· Device F:
#
ripng 1
#
vlan 500
#
interface LoopBack0
ipv6 address 14::1/64
ripng 1 enable
#
interface LoopBack1
ipv6 address 15::1/64
ripng 1 enable
#
interface Vlan-interface500
ipv6 address 5::2/64
ripng 1 enable
#
· H3C S10500係列交換機 三層技術-IP路由配置指導-R758X
· H3C S10500係列交換機 三層技術-IP路由命令參考-R758X
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
