什么事路由泄露
发布网友
发布时间:2023-11-24 04:56
我来回答
共1个回答
热心网友
时间:2024-10-21 16:14
ISIS 泄露:就是把 L2 区域的具体的路由发布到 L1 区域当中去,从而是 L1 能够选择更优的
路由。
| r1-------|-----r2-----r4
| | /
| | /
| | /
| r5
r1#interface Loopback0
ip address 1.1.1.1 255.255.255.0
ip router isis
interface Serial1/1
ip address 12.1.1.1 255.255.255.0
ip router isis
router isis
net 01.0000.0000.0001.00
is-type level-2-only
r2#interface FastEthernet0/0
ip address 25.1.1.2 255.255.255.0
ip router isis
interface Serial1/0
ip address 12.1.1.2 255.255.255.0
ip router isis
interface Serial1/1
ip address 24.1.1.2 255.255.255.0
ip router isis
router isis
net 02.0000.0000.0002.00
r4#
interface Serial1/0
ip address 24.1.1.4 255.255.255.0
ip router isis
interface Serial1/1
ip address 45.1.1.4 255.255.255.0
ip router isis
router isis
net 02.0000.0000.0004.00
is-type level-1
r5#
interface FastEthernet0/0
ip address 25.1.1.5 255.255.255.0
ip router isis
interface Serial1/0
ip address 45.1.1.5 255.255.255.0
ip router isis
router isis
net 02.0000.0000.0005.00
不做泄露,r4将负载均衡,就是一半流量通过r2,一半通过r5
r4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 24.1.1.2 148 msec
45.1.1.5 104 msec
24.1.1.2 92 msec
2 25.1.1.2 84 msec
12.1.1.1 84 msec
25.1.1.2 96 msec
很明显通过r2去是最近的,在r2上做泄露,将1.1.1.0 的L2 的路由通告给r4
泄露路由需要两步:一.建立包含要泄露的路由的列表 二.在路由进程下重分发
r2(config)#access-list 100 permit ip 1.1.1.0 0.0.0.255 any
r2(config-router)#redistribute isis ip level-2 into level-1 distribute-list 100
r4就会直接走r2了
r4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
1 24.1.1.2 64 msec 168 msec 288 msec
2 12.1.1.1 236 msec 140 msec *
r4#sho ip route
i ia 1.1.1.0 [115/158] via 24.1.1.2, Serial1/0
ia表示是泄露来的
接下来我们做一台路由器运行多个L1区域的实验
r2#
router isis 1
net 01.0000.0000.0002.00
is-type level-1
并将与r1相连的接口运行新增加的进程
interface Serial1/0
ip address 12.1.1.2 255.255.255.0
ip router isis 1
r2#sho clns is-neighbors
Area null:
System Id Interface State Type Priority Circuit Id Format
r5 Fa0/0 Up L1L2 64/64 r5.01 Phase V
r4 Se1/1 Up L1 0 00 Phase V
Area 1:
System Id Interface State Type Priority Circuit Id Format
r1 Se1/0 Up IS 0 00 Phase V
看到的关系是IS,这时r2建立是L1,r1是L2,不能建立邻接关系
将r1改为L1/2
r1(config-router)#is-type level-1-2
r2#sho clns is-neighbors
Area 1:
System Id Interface State Type Priority Circuit Id Format
r1 Se1/0 Up L1 0 00 Phase V
r1#sho clns is-neighbors
System Id Interface State Type Priority Circuit Id Format
r2 Se1/1 Up L1 0 00 Phase V
r1,r2只形成L1的邻接,那么我们只要把r1设为L1就可以了
r1(config-router)#is-type level-1
r1#sho ip ro
1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial1/1
i*L1 0.0.0.0/0 [115/10] via 12.1.1.2, Serial1/1
通过默认路由到达区域二的其他地址,减小了数据库,以下是没有在r2配置区域1,并且r1为L1/2路由器的时候,r1的数据库
r1#sho isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
r1.00-00 * 0x0000000A 0x0D09 1189 1/0/0
r2.00-00 0x0000000D 0x8285 939 1/0/0
IS-IS Level-2 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
r1.00-00 * 0x00000001 0xF39A 1184 0/0/0
r2.00-00 0x0000001E 0x1709 1182 0/0/0
r5.00-00 0x0000000D 0xEBB4 1183 0/0/0
r5.01-00 0x00000007 0x2D9F 413 0/0/0
是配了以后r1的数据库
r1#sho isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
r1.00-00 * 0x0000000D 0xFC20 1195 0/0/0
r2.00-00 0x0000000E 0x8086 1186 1/0/0
也可参考吴大卫的博客http://blog.sina.com.cn/s/blog_3cef24f00100ok1v.html