|
|
第八章OSPF 8.1. 配置OSPF
提问NT-FAMILY: 宋体">在网络中启用OSPF
回答
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#router ospf 87
Router5(config-router)#network 0.0.0.0 255.255.255.255 area 0
Router5(config-router)#exit
Router5(config)#end
Router5#
注释 这里OSPF的进程号是本地使用,不需要像EIGRP一样整个网络保持一致。在12.3(11)T
以后有一个专门的命令来指定端口加入OSPF 区域,而不需要用network 的命令
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#router ospf 87
Router9(config-router)#exit
Router9(config)#interface FastEthernet0/0
Router9(config-if)#ip address 172.18.5.9 255.255.255.0
Router9(config-if)#ip ospf 87 area 10
Router9(config-if)#exit
Router9(config)#end
Router9#
8.2. 路由过滤
提问 进行路由过滤,只允许OSPF 宣告特定路由进入路由表
回答
入方向
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#access-list 1 deny 172.20.10.0
Router5(config)#access-list 1 permit any
Router5(config)#router ospf 87
Router5(config-router)#distribute-list 1 in Ethernet0/0
Router5(config-router)#exit
Router5(config)#end
Router5#
注释 根据OSPF 的机制,所有区域内的路由器LSA 数据库内容必须保持一致,所以正常情
况下不能对出方向进行过滤,入方向过滤也是防止其进入路由表,在本地的LSA 数据库还
是有此路由。当然如果确实需要对出方向进行过滤就必须对出方向所有的LSA 进行过滤,
这样会导致下游路由器的LSA 数据库不完整,一般不推荐使用。
点对多点链路出方向过滤
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 87
Router1(config-router)#neighbor 192.168.1.3 database-filter all out
Router1(config-router)#exit
Router1(config)#end
Router1#
广播,点到点链路出方向过滤
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/0
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0/0.10 multipoint
Router1(config-subif)#ip address 192.168.1.1 255.255.255.0
Router1(config-subif)#ip ospf network broadcast
Router1(config-subif)#ip ospf database-filter all out
Router1(config-subif)#frame-relay map ip 192.168.1.3 101 broadcast
Router1(config-subif)#frame-relay map ip 192.168.1.5 109 broadcast
Router1(config-subif)#exit
Router1(config)#router ospf 1
Router1(config-router)#network 0.0.0.0 255.255.255.255 area 10
Router1(config-router)#exit
Router1(config)#end
Router1#
8.3. 调整OSPF 代价值
提问 调整OSPF 链路的代价值
回答
全局调整
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#router ospf 87
Router5(config-router)#auto-cost reference-bandwidth 1000
Router5(config-router)#exit
Router5(config)#end
Router5#
接口调整
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#interface Ethernet0
Router5(config-if)#ip ospf cost 31
Router5(config-if)# exit
Router5(config)#end
Router5#
注释
8.4. 宣告缺省路由到OSPF
提问 宣告缺省路由到OSPF 网络
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 172.25.1.1
Router1(config)#router ospf 55
Router1(config-router)#default-information originate metric 30 metric-type 1
Router1(config-router)#exit
Router1(config)#end
Router1#
注释在这里不能使用再发布静态路由得命令来发布缺省路由
8.5. 再发布静态路由到OSPF
提问 宣告一条或者多条静态路由到OSPF
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 192.168.10.0 255.255.255.0 172.22.1.4
Router1(config)#ip route 172.24.1.0 255.255.255.0 172.22.1.4
Router1(config)#ip route 10.100.1.0 255.255.255.0 172.22.1.4
Router1(config)#router ospf 55
Router1(config-router)#redistribute static
% Only> Router1(config-router)#exit
Router1(config)#end
Router1#
注释根据上面得命令提示可以看到缺省情况下OSPF 只再发布有类得路由,所以按照例子
上虽然三条静态路由但是只有192.168.10.0/24 是有类路由,能够发布出去,其它两个就
不行。这时候就需要配置redistribute static subnets 命令来发布子网,当然也可以添
加metric 等选项
8.6. 再发布外部路由到OSPF
提问 再发布其它路由协议得路由信息到OSPF
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#redistribute eigrp 11 subnets
Router1(config-router)#exit
Router1(config)#end
Router1#
在12.3(2)T 以后增加了下面得命令对再发布过来得条目做了限制
Router1(config-router)#redistribute maximum-prefix 1000 80
注释 这里还是要注意subnet 得参数。对于最后一个条目限制得命令,第一个1000 是路由
条目数,第二个80 是百分比
8.7. DR选举
提问 对DR 选举做人为控制
回答
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#interface Ethernet0
Router5(config-if)#ip ospf priority 10
Router5(config-if)#exit
Router5(config)#end
Router5#
注释DR 选举人工控制最重要得两种情况是MOSPF 和NBMA网络。在MOSPF网络中,MOSPF
得DR 和正常OSPF 得DR 是相同得,而如果DR不是一个MOSPF 得路由器那么所有组播得路
由就不能转发,思科路由器是不支持MOPSF 得,所以在这种情况下必须使用ip ospf
priority 0 得命令来禁止其称为BDR 或者DR。在NBMA得网络中要不DR 设置在Hub 路由器
上。还有一个重要得问题是DR 是不能强占得,如果网络中已经有了DR,这时即使新加入得
路由器有更高得优先级他也不能称为DR,必须等待现在得DR 出了问题才可以重新选举为
DR。
8.8. 设置OSPF RID
提问 人工设定路由器得Router> 回答
一种是Loopback 地址方式
Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#interface Loopback0
Router5(config-if)#ip address 172.25.25.6 255.255.255.255
Router5(config-if)#exit
Router5(config)#end
Router5#
一种是Router> Router5#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router5(config)#router ospf 87
Router5(config-router)#router-id 172.25.1.7
Router5(config-if)#exit
Router5(config)#end
Router5#
注释缺省会用最大IP 地址作为Router>
需要必须是存在得地址。另外router> 更,必须通过clear
ip ospf process 得方式或者reload得方式来改变
8.9. 启用OSPF 鉴权
提问 对邻居关系建立启用鉴权从而保证网络设备得安全性
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/1
Router1(config-if)#ip ospf message-digest-key 1 md5 oreilly
Router1(config-if)#exit
Router1(config)#router ospf 55
Router1(config-router)#area 2 authentication message-digest
Router1(config-router)#exit
Router1(config)#end
Router1#
注释注意得是不同厂商得OPSF MD5 加密认证互联可能会有问题,因为RFC 没有规范。对
于新老密码替换得问题,通过配置新旧两个密码得方式来解决
8.10. 选择合适得区域类型
提问 不同得区域有不同得链路状态数据库,通过不同区域得选择来节省路由器资源和更快
收敛
回答
Stubby Area
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#area 100 stub
Router1(config-router)#exit
Router1(config)#end
Router1#
Totally Stubby Area
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#area 100 stub no-summary
Router1(config-router)#exit
Router1(config)#end
Router1#
Not So Stubby Areas (NSSA), 同时生成一条缺省路由
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#area 100 nssa default-information-originate
Router1(config-router)#exit
Router1(config)#end
Router1#
Totally Stubby, Not So Stubby Area.
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#area 100 nssa no-summary
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 这些都是在ABR 上的配置,对于区域里面其它的路由器就是只有NSSA和stub 的配置
没有必要配置是否为totally stubby。
8.11. 在拨号接口上配置OSPF
提问在拨号接口上启用OSPF,但又不想让OSPF的协议数据一直保持拨号链路处于激活状
态
回答
下面例子是R4 只能拨号到R1
Router4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router4(config)#username Router1 password 0 cisco
Router4(config)#interface BRI0
Router4(config-if)#ip address 192.168.15.4 255.255.255.0
Router4(config-if)#encapsulation ppp
Router4(config-if)#ip ospf demand-circuit
Router4(config-if)#dialer map ip 192.168.15.1 broadcast 4165550000
Router4(config-if)#dialer-group 1
Router4(config-if)#isdn switch-type basic-ni
Router4(config-if)#isdn spid1 416555001000 4165550010
Router4(config-if)#isdn spid2 416555001100 4165550011
Router4(config-if)#ppp authentication chap
Router4(config-if)#ppp multilink
Router4(config-if)#exit
Router4(config)#dialer-list 1 protocol ip permit
Router4(config)#router ospf 87
Router4(config-router)#network 192.168.15.0 0.0.0.255 area 10
Router4(config-router)#exit
Router4(config)#end
Router4#
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#username Router4 password 0 cisco
Router1(config)#interface BRI0/0
Router1(config-if)#ip address 192.168.15.1 255.255.255.0
Router1(config-if)#encapsulation ppp
Router1(config-if)#dialer-group 1
Router1(config-if)#isdn switch-type basic-ni
Router1(config-if)#isdn spid1 416555000000 4165550000
Router1(config-if)#isdn spid2 416555000100 4165550001
Router1(config-if)#ppp authentication chap
Router1(config-if)#ppp multilink
Router1(config-if)#exit
Router1(config)#dialer-list 1 protocol ip permit
Router1(config)#router ospf 87
Router1(config-router)#network 192.168.15.0 0.0.0.255 area 10
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 使用ip ospf demand-circuit 的命令可以保持邻居关系一直是FULL 状态,而不管链
路是否激活
8.12. 路由汇总
提问 减少路由表大小
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#area 100 range 172.20.0.0 255.255.0.0
Router1(config-router)#area 0 range 172.25.0.0 255.255.0.0
Router1(config-router)#area 2 range 10.0.0.0 255.0.0.0
Router1(config-router)#exit
Router1(config)#end
Router1#
注释OSPF 的路由汇总只能配置在ABR 上。生成的汇总路由代价值缺省情况下和子网路由中
最小的一致,也就是说汇总路由的稳定状态和代价值最小的那个路由条目相关,这也是
RFC1583 上的定义,在新的RFC中定义了汇总路由代价值和最大的那个路由条目相关,所以
一定要确定所有路由器采用相同的计算方法,思科缺省使用RFC1583 的方法,禁用可以使
用no compatible rfc1583。在ABR 上启用汇总以后会自动生成一条汇总路由的丢弃路由
(12.1(6))来避免路由回环
8.13. 在特定端口禁用OSPF
提问禁止某个端口参与OSPF
回答
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#router ospf 44
Router3(config-router)#network 0.0.0.0 255.255.255.255 area 100
Router3(config-router)#passive-interface Ethernet0
Router3(config-router)#exit
Router3(config)#end
Router3#
注释OSPF 也是通过配置被动接口的方式来不生成邻居关系从而避免参与OSPF。当然也可
以通过不在network命令中包含此端口来禁止,下面就是另外一种很好的配置方法,network
了所有接口,但是缺省所有端口是被动接口,对于需要的接口再使用no的命令才参与OSPF:
Router3(config)#router ospf 44
Router3(config-router)#network 0.0.0.0 255.255.255.255 area 100
Router3(config-router)#passive-interface default
Router3(config-router)#no passive-interface Ethernet0
Router3(config-router)#exit
Router3(config)#end
Router3#
8.14. 修改接口的网络类型
提问 修改某个端口缺省的网络类型
回答
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#interface FastEthernet0/0
Router9(config-if)#ip ospf network ?
broadcast Specify OSPF broadcast multi-access network
non-broadcast Specify OSPF NBMA network
point-to-multipoint Specify OSPF point-to-multipoint network
point-to-point Specify OSPF point-to-point network
Router9(config-if)#
注释上述四个关键词主要定义媒介是否支持广播或者组播数据包,是否需要选举DR。对于
Broadcast 网络,支持组播,DR 可以自动选择,不需要配置。对于nonbroadcast 网络,不
支持组播,必须人工使用neighbor 命令配置邻居关系。对于point-to-multipoint 网络,
不需要DR 选举,也不需要neighbor命令,这时候需要注意的是framerelay 配置中要允许
broadcast:
Router9(config)#interface Serial0/0
Router9(config-if)#ip address 192.168.10.9 255.255.255.0
Router9(config-if)#encapsulation frame-relay
Router9(config-if)#frame-relay map ip 192.168.10.2 123 broadcast
Router9(config-if)#ip ospf network point-to-multipoint
Router9(config-if)#exit
Router9(config)#router ospf 1
Router9(config-router)#network 192.168.10.0 0.0.0.255 area 0
Router9(config-router)#exit
否则必须配置neighbor
Router9(config)#interface Serial0/0
Router9(config-if)#ip address 192.168.10.9 255.255.255.0
Router9(config-if)#encapsulation frame-relay
Router9(config-if)#frame-relay map ip 192.168.10.2 123
Router9(config-if)#ip ospf network point-to-multipoint non-broadcast
Router9(config-if)#exit
Router9(config)#router ospf 1
Router9(config-router)#network 192.168.10.0 0.0.0.255 area 0
Router9(config-router)#neighbor 192.168.10.2
Router9(config-router)#exit
最后一种point-to-point 网络不需要DR,但必须支持组播来建立邻居,否则需要配置
neighbor命令。
还有一个特殊的回环地址,缺省情况OSPF 会宣告回环地址为/32的网络,但是你可以在回
环接口上配置其为ip ospf network point-to-point,来强制他宣告正确的网络掩码
8.15. 路由标签
提问 对特定的路由打标签避免互相再发布出现路由回环
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 55
Router1(config-router)#redistribute eigrp 11 metric-type 1 subnets tag 67
Router1(config-router)#exit
Router1(config)#end
Router1#
注释
8.16. 记录OSPF 邻居状态变化
提问 记录OSPF 邻居状态变化信息
回答
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#router ospf 12
Router2(config-router)#log-adjacency-changes
Router2(config-router)#exit
Router2(config)#end
Router2#
注释12.1 后对上面命令增加了detail参数可以看到更多邻居状态变化的信息
8.17. OSPF 定时器
提问 调整定时器,加快收敛
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/1
Router1(config-if)#ip ospf hello-interval 5
Router1(config-if)#ip ospf dead-interval 20
Router1(config-if)#exit
Router1(config)#end
Router1#
注释要保证和此端口相连的设备采用相同的定时器值,否则邻居关系不能建立
8.18. 减少OSPF 协议流量
提问 在稳定的网络要不需要LSA 的过多数据包传递
回答
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#interface Serial0/0
Router9(config-if)#ip address 192.168.10.9 255.255.255.0
Router9(config-if)#ip ospf flood-reduction
Router9(config-if)#exit
Router9(config)#end
Router9#
注释正常情况下OSPF 会每隔一小时进行所有的LSA 泛洪,在稳定网络里面一般不需要,
所以通过这种方式设定LSA 的DoNotAge 位,避免过多流量
8.19. OSPF 虚拟链路
提问 把两个分开的路由器通过虚拟链路的方式相连
回答
Router9#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router9(config)#router ospf 1
Router9(config-router)#area 10 virtual-link 10.54.0.1
Router9(config-router)#exit
Router9(config)#end
Router9#
注释通过show ip ospf virtual-links 来验证。需要注意的是这个需要两个路由器都进
行配置,IP 地址是对方的Router> 8.20. 使用域名查看OSPF 状态
提问 在OSPF 的show 命令中现实设备域名而不是地址
回答
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#ip ospf name-lookup
Router3(config)#end
Router3#
注释无
8.21. OSPF 排错
提问 对OSPF 进行排错
回答
Router3#debug ip ospf adj
OSPF adjacency events debugging is on
Router3#
注释OSPF 排错命令很多,这里只提供了对邻居关系的排错命令,因为邻居是OSPF的基础
第九章 BGP
9.1. Configuring BGP
提问在网络中启用BGP</S PAN>
回答
Route1在AS 65500 中
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#ip address 192.168.55.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.0
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2 在AS 65501中
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Serial0
Router2(config-if)#ip address 192.168.55.5 255.255.255.252
Router2(config-if)#exit
Router2(config)#router bgp 65501
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.55.6 remote-as 65500
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
注释在对BGP 验证的时候比较有用的命令是
Router1#show ip bgp summary
BGP router> BGP table version is 7, main routing table version 7
4 network entries and 4 paths using 484 bytes of memory
2 BGP path attribute entries using 196 bytes of memory
BGP activity 11/7 prefixes, 11/7 paths
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2
172.25.2.2 4 65531 527 526 0 0 0 21:05:23 Active
Router1#
需要注意的是理想状态是State 里面是数字,尽管是Active 也不代表是配置正常,反而是
配置出现错误。通过neighbor 172.20.1.2 update-source Loopback0 命令来限制BGP 数
据包源地址为回环地址,但要确保此地址的连通性
9.2. 使用eBGP Multihop
提问配置外部BGP,但是不是直连的路由器
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.1.5 2
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 172.20.1.2 remote-as 65530
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
Router1(config-router)#neighbor 172.20.1.2 ebgp-multihop 3
Router1(config-router)#exit
Router1(config)#end
Router1#
注释缺省情况下eBGP 的路由器必须是直连的,如果不是直连的就需要使用此命令。一种
说法是此跳数越小越好,但是RFC 3682 说为了安全还是越大越好,思科在12.3(7)T 后也
采用了这个建议,使用了neighbor 192.168.55.5 ttl-security hops 1 命令,此命令会
丢弃所有TTL 小于255-1=254 的BGP 数据包,这时候如果对端eBGP 邻居不支持此特性就
必须使用下面的命令来配置neighbor 192.168.55.6 ebgp-multihop 255
9.3. 调整Next-Hop 属性值
提问 在iBGP 之间宣告路由时候修改下一跳属性值,使其指向内部AS 的地址
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.6 remote-as 65500
Router1(config-router)#neighbor 192.168.1.6 next-hop-self
Router1(config-router)#exit
Router1(config)#end
Router1#
注释正常情况下iBGP 之间下一跳属性值是不会修改的,只会在eBGP 时会进行修改,而此
地址会指向eBGP 邻居的地址,而往往内部AS的路由器没有到达此地址的路由。
9.4. 连接两个ISPs
提问 一台路由器连接两个ISP,保证网络冗余
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
注释注意此配置不是最佳配置,可能导致内部AS 称为两个ISP 的transit AS,同时导致
自己路由器接收过多路由
9.5. 两台路由器分别连接两个ISP
提问内部AS 有两台路由器,分别连两个ISP保证网络冗余
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 next-hop-self
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Serial1
Router2(config-if)#description connection to ISP #2, ASN 65520
Router2(config-if)#ip address 192.168.2.6 255.255.255.252
Router2(config-if)#exit
Router2(config)#interface Ethernet0
Router2(config-if)#description connection to internal network, ASN 65500
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#ip as-path access-list 15 permit ^$
Router2(config)#router bgp 65500
Router2(config-router)#network 172.18.5.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.2.5 remote-as 65520
Router2(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router2(config-router)#neighbor 172.18.5.2 remote-as 65500
Router2(config-router)#neighbor 172.18.5.2 next-hop-self
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
注释
9.6. 限制向BGP 对端的网络宣告
提问 限制特定的路由公告给对端的AS
回答
有三种方法,第一种是扩展ACL
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 105 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 105 permit ip any any
Router1(config)#route-map ACL-RT-FILTER permit 10
Router1(config-route-map)#match ip address 105
Router1(config-route-map)#exit
Router1(config)#route-map ACL-RT-FILTER deny 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map ACL-RT-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#
第二种是使用distribute-list:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#access-list 106 deny ip host 172.25.0.0 host 255.255.0.0
Router1(config)#access-list 106 permit ip any any
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 distribute-list 106 in
Router1(config-router)#exit
Router1(config)#end
Router1#
第三种也是最常用的是使用prefix lists
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip prefix-list PREFIX-FILTER seq 10 deny 172.25.0.0/16
Router1(config)#ip prefix-list PREFIX-FILTER seq 20 permit 0.0.0.0/0 le 32
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 prefix-list PREFIX-FILTER in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释 前两种使用的扩展ACL 比较奇特,第一个host 是子网,第二个host 是子网掩码,而
不是传统目的地址,所以host 172.25.0.0 host 255.255.0.0 就代表网络172.25.0.0/16,
如果用正常的ACL 就实现不了对无类网络的控制。所以推荐使用第三种方式prefixlist,
此列表支持序列号,可以帮助你修改和插入新的条目ge 是大于,le 是小于,控制子网掩
码permit 0.0.0.0/0 le 32 就是变相的permit any
9.7. 调整Local Preference 属性值
提问 调整Local Preference 属性值来控制路由选择
回答
第一种全局
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#bgp default local-preference 200
Router1(config-router)#exit
Router1(config)#end
Router1#
第二种使用route map 控制
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip prefix-list LOW_LP_PREFIXES seq 10 permit 172.22.0.0/16
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#match ip address prefix-list LOW_LP_PREFIXES
Router1(config-route-map)#set local-preference 50
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map LOCALPREF in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释此local preference 属性值只在内部AS 有用,选路级别高于AS Path。此值越大优
先级越高,缺省值为100。Show ip bgp 命令可以看到各个路由的local preference 属性
值
9.8. 负载均衡
提问在BGP 邻居之间的多链路上负载均衡流量
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#maximum-paths 4
Router1(config-router)#exit
Router1(config)#end
Router1#
注释正常情况下BGP 选路策略会保证只有一条路径,通过此命令可以增加到4 条,不过要
确保所有属性值相同,包括MED 属性。同时注意此负载均衡只针对出流量而不适合入流量
9.9. 在AS Path 属性值中清除私有ASNs
提问避免内网中的私有ASN 传播到互联网
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 1
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to private network, ASN 65500
Router1(config-if)#ip address 192.168.5.1 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 2
Router1(config-router)#neighbor 192.168.5.2 remote-as 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 1
Router1(config-router)#neighbor 192.168.1.5 remove-private-AS
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
注释注意此命令是不能删除那些在公共ASN之间的私有ASN
9.10. 基于AS Path 属性值的路由过滤
提问 基于接收或者发送路由的AS Path 属性值进行路由过滤
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^65501$
Router1(config)#ip as-path access-list 25 permit _65530_
Router1(config)#ip as-path access-list 25 deny _65531$
Router1(config)#ip as-path access-list 25 permit .*
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 in
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 filter-list 25 out
Router1(config-router)#exit
Router1(config)#end
Router1#
注释正则表达式过滤
9.11. 减少接收到的路由表大小
提问 通过汇总接收到路由的方式来减少所接收的路由表大小
回答
通过缺省路由的方式来过滤到过多的外部路由
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#exit
Router1(config)#end
Router1#
注释
9.12. 出方向路由信息汇总
提问 在向下游路由器发送路由表之前进行路由汇总
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#auto-summary
Router1(config-router)#exit
Router1(config)#end
Router1#
注释这是缺省行为,但是是有类的汇总,并且只能针对再分发过来的路由,不能适用于
network 命令配置的路由。思科使用了如下命令对出方向路由进行汇总
Router3(config)#router bgp 65530
Router3(config-router)#aggregate-address 172.20.0.0 255.252.0.0 summary-only
Summaryonly 选项只发布汇总路由,去掉后会发送汇总路由和子网路由,而为了避免回环建
议添加as-set 选项
9.13. 在AS Path 属性值中添加更多ASN
提问 通过增加AS Path 属性中ASN 的数目来影响BGP 选路
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#match as-path 15
Router1(config-route-map)#set as-path prepend 65500 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map PREPEND permit 20
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 route-map PREPEND out
Router1(config-router)#exit
Router1(config)#end
Router1#
注释通过这种方式来影响入流量
9.14. 再发布路由到BGP
提问 IGP和BGP之间的再分发
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router ospf 100
Router1(config-router)#network 172.26.0.0 0.0.255.255 area 0
Router1(config-router)#redistribute bgp 65500 metric 500 subnets
Router1(config-router)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#network 172.26.0.0
Router1(config-router)#exit
Router1(config)#end
Router1#
Router2(config)#route-map REDIST permit 5
Router2(config-route-map)#match tag 123
Router2(config-route-map)#exit
Router2(config)#route-map REDIST deny 10
Router2(config-route-map)#match route-type external
Router2(config-route-map)#exit
Router2(config)#route-map REDIST permit 20
Router2(config-route-map)#exit
Router2(config)#router bgp 65520
Router2(config-router)#redistribute eigrp 99 route-map REDIST metric 500
注释
9.15. 使用Peer Groups
提问使用组的形式来简化对多个相同属性邻居的配置
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor EBGP-PEERS peer-group
Router1(config-router)#neighbor EBGP-PEERS prefix-list PRE-RTFILTER in
Router1(config-router)#neighbor EBGP-PEERS filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.9 remote-as 65521
Router1(config-router)#neighbor 192.168.1.9 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.13 remote-as 65522
Router1(config-router)#neighbor 192.168.1.13 peer-group EBGP-PEERS
Router1(config-router)#neighbor 192.168.1.17 remote-as 65523
Router1(config-router)#neighbor 192.168.1.17 peer-group EBGP-PEERS
Router1(config-router)#exit
Router1(config)#end
Router1#
注释当然也可以针对iBGP 邻居
Router1(config)#router bgp 6550
Router1(config-router)#neighbor IBGP-PEERS peer-group
Router1(config-router)#neighbor IBGP-PEERS update-source Loopback0
Router1(config-router)#neighbor IBGP-PEERS route-reflector-client
Router1(config-router)#neighbor 192.168.101.5 remote-as 65500
Router1(config-router)#neighbor 192.168.101.5 peer-group IBGP-PEERS
Router1(config-router)#neighbor 192.168.101.9 remote-as 65500
Router1(config-router)#neighbor 192.168.101.9 peer-group IBGP-PEERS
9.16. BGP邻居认证
提问 使用认证增加安全性
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#neighbor 192.168.55.5 password password-1234
Router1(config-router)#exit
Router1(config)#end
Router1#
注释
9.17. 使用BGP Communities
提问 使用BGP Communities 来对路由进行控制
回答
首先要通过route map 的方式针对邻居设定希望的Communities 值
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#ip prefix-list 10.101/16 seq 5 permit 10.101.0.0/16
Router3(config)#ip prefix-list 10.102/16 seq 5 permit 10.102.0.0/16
Router3(config)#ip prefix-list 10.103/16 seq 5 permit 10.103.0.0/16
Router3(config)#ip prefix-list 10.104/16 seq 5 permit 10.104.0.0/16
Router3(config)#ip prefix-list 10.105/16 seq 5 permit 10.105.0.0/16
Router3(config)#route-map APPLY_COMMUNITY_A permit 10
Router3(config-route-map)#match ip address prefix-list 10.101/16
Router3(config-route-map)#set community no-advertise
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 20
Router3(config-route-map)#match ip address prefix-list 10.102/16
Router3(config-route-map)#set community no-export
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 30
Router3(config-route-map)#match ip address prefix-list 10.103/16
Router3(config-route-map)#set community local-AS
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 40
Router3(config-route-map)#match ip address prefix-list 10.104/16
Router3(config-route-map)#set community internet
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 50
Router3(config-route-map)#match ip address prefix-list 10.105/16
Router3(config-route-map)#set community 4293328976
Router3(config-route-map)#exit
Router3(config)#route-map APPLY_COMMUNITY_A permit 100
Router3(config-route-map)#exit
Router3(config)#router bgp 65500
Router3(config-router)#no synchronization
Router3(config-router)#neighbor 172.18.5.3 remote-as 65500
Router3(config-router)#neighbor 172.18.5.3 next-hop-self
Router3(config-router)#neighbor 172.18.5.3 send-community both
Router3(config-router)#neighbor 172.18.5.10 remote-as 65500
Router3(config-router)#neighbor 172.18.5.10 next-hop-self
Router3(config-router)#neighbor 172.18.5.10 send-community both
Router3(config-router)#neighbor 192.168.1.9 remote-as 65520
Router3(config-router)#neighbor 192.168.1.9 send-community both
Router3(config-router)#neighbor 192.168.1.9 route-map APPLY_COMMUNITY_A in
Router3(config-router)#exit
Router3(config)#end
Router3#
在下游路由器上配置命令使其可以分发此Community 值
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.5.4 remote-as 65500
Router2(config-router)#neighbor 172.18.5.4 send-community both
Router2(config-router)#neighbor 172.18.5.10 remote-as 65500
Router2(config-router)#neighbor 172.18.5.10 send-community both
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#end
Router2#
注释通过定义local-as,no-advertise,no-export,internet 四种不同community 属性值
的方式来限制路由公告的范围
9.18. 使用BGP Route Reflectors
提问通过路由反射器的方式来简化iBGP 邻居关系
回答
只要针对三种不同角色路由器的配置
Router1 是Client Peer:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Ethernet0/0
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Loopback0
Router1(config-if)#ip address 172.18.6.1 255.255.255.255
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#no synchronization
Router1(config-router)#neighbor 172.18.6.2 remote-as 65500
Router1(config-router)#neighbor 172.18.6.2 next-hop-self
Router1(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#exit
Router1(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router1(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router1(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router1(config)#end
Router1#
Router4 是Nonclient Peer:
Router4#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router4(config)#interface Ethernet0
Router4(config-if)#ip address 172.18.5.10 255.255.255.0
Router4(config-if)#exit
Router4(config)#interface Loopback0
Router4(config-if)#ip address 172.18.6.4 255.255.255.255
Router4(config-if)#exit
Router4(config)#router bgp 65500
Router4(config-router)#no synchronization
Router4(config-router)#neighbor 172.18.6.2 remote-as 65500
Router4(config-router)#neighbor 172.18.6.2 update-source Loopback0
Router4(config-router)#exit
Router4(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router4(config)#ip route 172.18.6.2 255.255.255.255 172.18.5.3
Router4(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router4(config)#end
Router4#
R2是Route Reflector
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 172.18.5.3 255.255.255.0
Router2(config-if)#exit
Router2(config)#interface Loopback0
Router2(config-if)#ip address 172.18.6.2 255.255.255.255
Router2(config-if)#exit
Router2(config)#router bgp 65500
Router2(config-router)#no synchronization
Router2(config-router)#neighbor 172.18.6.1 remote-as 65500
Router2(config-router)#neighbor 172.18.6.1 route-reflector-client
Router2(config-router)#neighbor 172.18.6.1 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.3 remote-as 65500
Router2(config-router)#neighbor 172.18.6.3 route-reflector-client
Router2(config-router)#neighbor 172.18.6.3 update-source Loopback0
Router2(config-router)#neighbor 172.18.6.4 remote-as 65500
Router2(config-router)#neighbor 172.18.6.4 update-source Loopback0
Router2(config-router)#no auto-summary
Router2(config-router)#exit
Router2(config)#ip route 172.18.6.1 255.255.255.255 172.18.5.2
Router2(config)#ip route 172.18.6.3 255.255.255.255 172.18.5.4
Router2(config)#ip route 172.18.6.4 255.255.255.255 172.18.5.10
Router2(config)#end
Router2#
注释 路由反射器是解决要求iBGP 全互联的问题。不过为了保证冗余性还是要配置多个路
由反射器,使用bgp cluster-id 1234 命令来定义cluster
<!--[if !supportLists]-->9.19. <!--[endif]-->汇总实验
提问 结合前面的方法,重新配置一台路由器两个冗余链路的情况
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#description connection to ISP #1, ASN 65510
Router1(config-if)#ip address 192.168.1.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Serial1
Router1(config-if)#description connection to ISP #2, ASN 65520
Router1(config-if)#ip address 192.168.2.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Ethernet0
Router1(config-if)#description connection to internal network, ASN 65500
Router1(config-if)#ip address 172.18.5.2 255.255.255.0
Router1(config-if)#exit
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.101.0 1
Router1(config)#ip route 0.0.0.0 0.0.0.0 192.168.102.0 2
Router1(config)#ip prefix-list CREATE-DEFAULT seq 10 permit 192.168.101.0/24
Router1(config)#ip prefix-list CREATE-DEFAULT seq 20 permit 192.168.102.0/24
Router1(config)#ip prefix-list BLOCK-DEFAULT seq 10 permit 0.0.0.0/0 ge 1
Router1(config)#route-map PREPEND permit 10
Router1(config-route-map)#set as-path prepend 65500 65500
Router1(config-route-map)#exit
Router1(config)#route-map LOCALPREF permit 10
Router1(config-route-map)#set local-preference 75
Router1(config-route-map)#exit
Router1(config)#route-map DEFAULT-ROUTE permit 10
Router1(config-route-map)#match ip address prefix-list CREATE-DEFAULT
Router1(config-route-map)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 172.18.5.0 mask 255.255.255.0
Router1(config-router)#neighbor 172.18.5.3 remote-as 65500
Router1(config-router)#neighbor 172.18.5.3 password password_number1
Router1(config-router)#neighbor 172.18.5.3 default-origniate route-map
DEFAULT-ROUTE
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 password password_number2
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.1.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.1.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 password password_number3
Router1(config-router)#neighbor 192.168.2.5 filter-list 15 out
Router1(config-router)#neighbor 192.168.2.5 prefix-list CREATE-DEFAULT in
Router1(config-router)#neighbor 192.168.2.5 prefix-list BLOCK-DEFAULT out
Router1(config-router)#neighbor 192.168.2.5 route-map PREPEND out
Router1(config-router)#neighbor 192.168.2.5 route-map LOCALPREF in
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
第十章帧中继
10.1. 使用点对点子接口的方式配置帧中继
提问 ">每个PVC 归属特定子接口的方式来配置帧中继
回答
中心配置
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#description Frame-Relay host circuit
Central(config-if)#no ip address
Central(config-if)#encapsulation frame-relay
Central(config-if)#exit
Central(config)#interface Serial0.1 point-to-point
Central(config-subif)#description PVC to first branch - DLCI 101
Central(config-subif)#ip address 192.168.1.5 255.255.255.252
Central(config-subif)#frame-relay interface-dlci 101
Central(config-fr-dlci)#exit
Central(config-subif)#exit
Central(config)#interface Serial0.2 point-to-point
Central(config-subif)#description PVC to second branch - DLCI 102
Central(config-subif)#ip address 192.168.1.9 255.255.255.252
Central(config-subif)#frame-relay interface-dlci 102
Central(config-fr-dlci)#exit
Central(config-subif)#exit
Central(config)#end
Central#
边缘配置
Branch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Branch1(config)#interface Serial0
Branch1(config-if)#description Frame-Relay circuit
Branch1(config-if)#no ip address
Branch1(config-if)#encapsulation frame-relay
Branch1(config-if)#exit
Branch1(config)#interface Serial0.1 point-to-point
Branch1(config-subif)#description PVC to Central host - DLCI 50
Branch1(config-subif)#ip address 192.168.1.6 255.255.255.252
Branch1(config-subif)#frame-relay interface-dlci 50
Branch1(config-fr-dlci)#exit
Branch1(config-if)#exit
Branch1(config)#end
Branch1#
注释点对点子接口方式应该是最简单的一种帧中继配置方式了。对于互联非思科设备时候
可能需要人工指定包封装格式为标准的IETF格式(RFC1490),可以在接口下配置
encapsulation frame-relay ietf 或者在子接口下配置frame-relay interface-dlci 101
ietf。当你启用帧中继的时候路由器会自动激活Inverse ARP,而通常都是自动配置映射关
系,所以我们一般都不需要no frame-relay inverse-arp。还有要注意的是这里的
interface Serial0.1 point-to-point,后面的子接口模式不能写错,否则需要删除错误
的,然后重启才可以更改
10.2. 调整LMI 选项
提问 在帧中继电路上配置不同的LMI
回答
Branch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Branch1(config)#interface Serial0
Branch1(config-if)#encapsulation frame-relay
Branch1(config-if)#frame-relay lmi-type ansi (cisco,q933a)
Branch1(config-if)#exit
Branch1(config)#end
Branch1#
缺省情况下LMI 的Keeplive 包每十秒钟发一次,也可以调整此间隔
Branch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Branch1(config)#interface Serial0
Branch1(config-if)#encapsulation frame-relay
Branch1(config-if)#keepalive 5
Branch1(config-if)#exit
Branch1(config)#end
Branch1#
对于不支持LMI 的网络必须配置路由器宣告自己的DLCI
Branch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Branch1(config)#interface Serial0
Branch1(config-if)#encapsulation frame-relay
Branch1(config-if)#frame-relay local-dlci 50
Branch1(config-if)#exit
Branch1(config)#end
Branch1#
注释对于最后不支持LMI 的例子中建议用no keepalive 来关闭LMI 的轮询
10.3. 使用MAP 命令配置
提问 所有的PVC 共享同一个接口
回答
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config)#description Frame> Central(config-if)#ip address 192.168.1.1 255.255.255.0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay map ip 192.168.1.10 101
Central(config-if)#frame-relay map ip 192.168.1.11 102
Central(config-if)#frame-relay map ip 192.168.1.12 103
Central(config-if)#exit
Central(config)#end
Central#
注释在10.1 中使用了点对点子接口的方式来配置,此小节MAP 的方式和下节的多点子接
口都是类似的实现方法,但是在网管中点对点可以生成各个PVC 的trap,而后两种则无法
针对每个链路产生告警。同时由于帧中继是NBMA 网络,所以建议frame-relay map ip
192.168.1.10 101 broadcast 方式来允许广播包的传递
10.4. 使用多点子接口
提问 所有的PVC 共享同一个接口
回答
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0.1 multipoint
Central(config-subif)#description Frame> Central(config-subif)#ip address 192.168.1.1 255.255.255.0
Central(config-subif)#frame-relay interface-dlci 101
Central(config-subif)#frame-relay interface-dlci 102
Central(config-subif)#frame-relay interface-dlci 103
Central(config-subif)#frame-relay interface-dlci 104
Central(config-subif)#exit
Central(config)#end
Central#
注释这种配置方式最大的不同就是不需要配置映射,使用的Inverse ARP,所以在这种模
式下不能禁用反向ARP。可以通过show frame-relay map命令来验证
10.5. 配置帧中继SVCs
提问配置路由器使其支持帧中继SVC
回答
SVC 子接口模式
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay lmi-type q933a
Central(config-if)#frame-relay svc
Central(config-if)#exit
Central(config)#interface Serial0.10 point-to-point
Central(config-subif)#ip address 192.168.1.129 255.255.255.252
Central(config-subif)#frame-relay interface-dlci 100
Central(config-subif)#map-group SVCMAP
Central(config-fr-dlci)#class SVCclass
Central(config-fr-dlci)#exit
Central(config-subif)# exit
Central(config)#map-list SVCMAP source-addr X121 1234 dest-addr X121 4321
Central(config-map-list)#ip 192.168.55.6> Central(config-map-list)#exit
Central(config)#map-class frame-relay SVCclass
Central(config-map-class)#frame-relay traffic-rate 56000 128000
Central(config-map-class)#exit
Central(config)#end
Central#
SVC 非子接口模式
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#ip address 192.168.55.1 255.255.255.0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay lmi-type q933a
Central(config-if)#frame-relay svc
Central(config-if)#map-group SVCMAP
Central(config-if)#frame-relay interface-dlci 50
Central(config-fr-dlci)#class SVCclass
Central(config-fr-dlci)#exit
Central(config-if)#exit
Central(config)#map-list SVCMAP source-addr X121 1234 dest-addr X121 4321
Central(config-map-list)#ip 192.168.55.6> Central(config-map-list)#exit
Central(config)#map-class frame-relay SVCclass
Central(config-map-class)#frame-relay traffic-rate 56000 128000
Central(config-map-class)#exit
Central(config)#end
Central#
注释缺省情况下在空闲120 秒后此SVC 会被拆除,可以使用frame-relay> 令来修改。通过show frame-relay svc maplist SVCMAP 来验证。一般网络中都使用PVC,
SVC 用于节省成本,但是增加了复杂性和管理难度,路由器可以自动增加或者删除链路
10.6. 模拟帧中继云
提问 使用一台路由器来模拟帧中继交换机
回答
Cloud#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cloud(config)#frame-relay switching
Cloud(config)#interface Serial0
Cloud(config-if)#description Frame-relay connection to Central - DLCI 50
Cloud(config-if)#encapsulation frame-relay
Cloud(config-if)#clock rate 125000
Cloud(config-if)#frame-relay lmi-type cisco
Cloud(config-if)#frame-relay intf-type dce
Cloud(config-if)#frame-relay route 101 interface Serial1 50
Cloud(config-if)#frame-relay route 102 interface Serial2 50
Cloud(config-if)#exit
Cloud(config)#interface Serial1
Cloud(config-if)#description Frame-relay connection to Branch1 - DLCI 101
Cloud(config-if)#encapsulation frame-relay
Cloud(config-if)#clock rate 125000
Cloud(config-if)#frame-relay lmi-type cisco
Cloud(config-if)#frame-relay intf-type dce
Cloud(config-if)#frame-relay route 50 interface Serial0 101
Cloud(config-if)#exit
Cloud(config)#interface Serial2
Cloud(config-if)#description Frame-relay connection to Branch2 - DLCI 102
Cloud(config-if)#encapsulation frame-relay
Cloud(config-if)#clock rate 125000
Cloud(config-if)#frame-relay lmi-type cisco
Cloud(config-if)#frame-relay intf-type dce
Cloud(config-if)#frame-relay route 50 interface Serial0 102
Cloud(config-if)#exit
Cloud(config)#end
Cloud#
注释此种模拟不支持SVC,同时对于流量整形或者与BECN 相关的特性的支持都不是很好。
show frame-relay route 命令来查看当前的链路交换配置。
10.7. 子接口配置下的帧中继压缩
提问 在接口配置帧中继的压缩
回答
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay ip tcp header-compression passive
Central(config-if)#frame-relay payload-compression frf9 stac (packet-by-packet)
Central(config-if)#exit
Central(config)#end
Central#
注释 passive参数的含义是只有收到了压缩的数据包才会采用压缩。压缩模式上建议使用
FRF.9 这个开放标准。使用命令show frame-relay ip tcp header-compression
可以看到压缩的统计数据
10.8. MAP命令下的帧中继压缩
提问 配置MAP 命令下的帧中继压缩
回答
Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#description Frame> Central(config-if)#ip address 192.168.1.1 255.255.255.0
Central(config-if)#encapsulation frame-relay
Central(config-if)#frame-relay map ip 192.168.1.10 101 payload-compression frf9
stac
Central(config-if)#exit
Central(config)#end
Central#
注释
10.9. PPP over Frame> 提问帧中继链路配置PPP 封装
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Loopback1
Router1(config-if)#ip address 10.1.200.5 255.255.255.252
Router1(config-if)#exit
Router1(config)#interface Virtual-Template1
Router1(config-if)#ip unnumbered Loopback1
Router1(config-if)#encapsulation ppp
Router1(config-if)#exit
Router1(config)#interface Serial0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0.1 point-to-point
Router1(config-subif)#frame-relay interface-dlci 104 ppp Virtual-Template1
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
注释有点鬼…
<!--[if !supportLists]-->10.10. <!--[endif]-->查看帧中继状态
提问 查看帧中继状态
回答
Central#show interfaces Serial0
Central#show frame-relay pvc
Central#show frame-relay lmi
第十一章队列和拥塞
11.1. Fast Switching 和CEF
提问:给路由器配置最有效的包交换算法
回答
Fast Switching缺省是启用的
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache
Router(config-if)#exit
Router(config)#end
Router#
如果使用策略,需要下面的命令
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache policy
Router(config-if)#exit
Router(config)#end
Router#
CEF 缺省是没有启用的,全局和端口启用
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip cef
Router(config)#interface FastEthernet0/0
Router(config-if)#ip route-cache cef
Router(config-if)#exit
Router(config)#end
Router#
注释除了上面的policy 参数以外,还有下面的参数来保证进出是同一物理接口
Router(config)#interface Serial0/0
Router(config-if)#ip route-cache same-interface
可以使用下面命令进行验证show cef interface show cef drop 和show cef
not-cef-switched show ip cef
11.2. 设置DSCP 或者TOS位
提问 路由器标记特定数据包的DSCP 或者TOS位
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit any eq ftp any
Router(config)#access-list 101 permit any any eq ftp
Router(config)#access-list 102 permit any eq ftp-data any
Router(config)#access-list 102 permit any any eq ftp-data
Router(config)#class-map match-all ser00-ftpcontrol
Router(config-cmap)#description branch ftp control traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 101
Router(config-cmap)#exit
Router(config)#class-map match-all ser00-ftpdata
Router(config-cmap)#description branch ftp data traffic
Router(config-cmap)#match input-interface serial0/0
Router(config-cmap)#match access-group 102
Router(config-cmap)#exit
Router(config)#policy-map serialftppolicy
Router(config-pmap)#description branch ftp traffic policy
Router(config-pmap)#class ser00-ftpcontrol
Router(config-pmap-c)#set ip precedence immediate
Router(config-pmap-c)#exit
Router(config-pmap)#class ser00-ftpdata
Router(config-pmap-c)#set ip precedence priority
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/0
Router(config-if)#ip route-cache policy
Router(config-if)#service-policy input serialftppolicy
Router(config-if)#exit
Router(config)#end
Router#
注释先使用classmap 来定义特殊的数据流,然后使用policymap 来对TOS 位进行标记
11.3. 使用优先级队列(Priority Queuing)
提问 使用优先级队列这种严格的方式来保证高优先级的数据先被处理
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit ip any any precedence 5 tos 12
Router(config)#access-list 102 permit ip any any precedence 4
Router(config)#access-list 103 permit ip any any precedence 3
Router(config)#priority-list 1 protocol ip high list 101
Router(config)#priority-list 1 protocol ip medium list 102
Router(config)#priority-list 1 protocol ip normal list 103
Router(config)#priority-list 1 default low
Router(config)#interface Ethernet0
Router(config-if)#priority-group 1
Router(config-if)#exit
Router(config)#end
Router#
注释单纯使用优先级队列可能会导致高优先级的数据占用掉所有的带宽。precedence 5
tos 12 等同于dscp ef。缺省情况下会被不匹配的数据包归入到normal 优先级队列,本例
中特别配置其归入了low 优先级队列。Show interface命令可以看到缺省各个队列大小
(high优先级为20 个,medium 为40 个,依次递增)
Output queue (queue priority:> high: 0/20/0, medium: 0/40/0, normal 0/60/0, low 0/80/0
可以使用Router(config)#priority-list 1 queue-limit 10 15 25 35 命令来修改。建
议使用LLQ 或者CBWFQ 来替代单纯的优先级队列
11.4. 使用自定义队列(Custom Queuing)
提问 根据数据流中IP 优先级的不同来自定义队列共享带宽
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 103 permit ip any any precedence 5
Router(config)#access-list 104 permit ip any any precedence 4
Router(config)#access-list 105 permit ip any any precedence 3
Router(config)#access-list 106 permit ip any any precedence 2
Router(config)#access-list 107 permit ip any any precedence 1
Router(config)#queue-list 1 protocol ip 3 list 103
Router(config)#queue-list 1 protocol ip 4 list 104
Router(config)#queue-list 1 protocol ip 5 list 105
Router(config)#queue-list 1 queue 5 byte-count 3000 limit 55
Router(config)#queue-list 1 protocol ip 6 list 106
Router(config)#queue-list 1 protocol ip 7 list 107
Router(config)#queue-list 1 default 8
Router(config)#interface HSSI0/0
Router(config-if)#custom-queue-list 1
Router(config-if)#exit
Router(config)#end
Router#
注释通过配置自定义队列可以生成16 个应用队列和1 个系统队列。
Queuing strategy: custom-list 1
Output queues: (queue #:> 0: 0/20/0 1: 0/20/0 2: 0/20/0 3: 0/20/0 4: 0/20/0
5: 0/55/3 6: 5/20/0 7: 0/20/0 8: 0/20/0 9: 0/20/0
10: 0/20/0 11: 0/20/0 12: 0/20/0 13: 0/20/0 14: 0/20/0
15: 0/20/0 16: 0/20/0
缺省情况下自定义队列不会对无分类的数据流进行队列归属,所以需要配置一个缺省队列。
缺省情况下每个队列会读取1500 字节,每个队列可最多保存20 个数据包,可以通过
queue-list 1 queue 5 byte-count 3000 limit 55 命令来修改。
对于这种队列方式需要注意的是队列是基于字节的不是基于数据包的,所以对于字节下的
数据流会发送相对多的数据包,但是总体来说流量是平均的。此种方式也是比较老的方案,
推荐使用CBWFQ
11.5. 自定义队列混和优先级队列
提问 高优先级数据优先处理,低优先级数据共享带宽
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 101 permit ip any any precedence 7
Router(config)#access-list 102 permit ip any any precedence 6
Router(config)#access-list 103 permit ip any any precedence 5
Router(config)#access-list 104 permit ip any any precedence 4
Router(config)#access-list 105 permit ip any any precedence 3
Router(config)#access-list 106 permit ip any any precedence 2
Router(config)#access-list 107 permit ip any any precedence 1
Router(config)#queue-list 1 protocol ip 1 list 101
Router(config)#queue-list 1 protocol ip 2 list 102
Router(config)#queue-list 1 protocol ip 3 list 103
Router(config)#queue-list 1 protocol ip 4 list 104
Router(config)#queue-list 1 protocol ip 5 list 105
Router(config)#queue-list 1 protocol ip 6 list 106
Router(config)#queue-list 1 protocol ip 7 list 107
Router(config)#queue-list 1 lowest-custom 4
Router(config)#interface HSSI0/0
Router(config-if)#custom-queue-list 1
Router(config-if)#exit
Router(config)#end
Router#
注释相比11.4 多了一个queue-list 1 lowest-custom 4 ,这样123.被定义为优先级队
列
11.6. 使用加权公平队列(Weighted Fair Queuing)
提问 根据TOS/DSCP 位来转发数据包
回答
缺省情况下WFQ 会自动在小于2M 速率的接口启用
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#interface Serial0/0
Router(config-if)#fair-queue 64 512 10
Router(config-if)#exit
Router(config)#end
Router#
注释WFQ在没有TOS/DSCP 标记的情况下依然可以工作。命令后面的参数分为三个,第一个
为丢弃阀值,某个队列如果超过64 个数据包,以后的数据包就会被丢弃,第二个为动态队
列数目,是16 的倍数,如果端口有很多的数据流建议增加,第三个为RSVP 预留队列,缺
省为0。
11.7. 使用基于类的加权公平队列(Using> 提问 在端口上配置基于类的加权公平队列
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#class-map highprec
Router(config-cmap)#description Highest priority Prec=5
Router(config-cmap)#match ip precedence 5
Router(config-cmap)#exit
Router(config)#class-map medhiprec
Router(config-cmap)#description Medium-high priority Prec=4
Router(config-cmap)#match ip precedence 4
Router(config-cmap)#exit
Router(config)#class-map medloprec
Router(config-cmap)#description Medium-low priority Prec=2,3
Router(config-cmap)#match ip precedence 2 3
Router(config-cmap)#exit
Router(config)#policy-map cbwfqpolicy
Router(config-pmap)#class highprec
Router(config-pmap-c)#bandwidth percent 25
Router(config-pmap-c)#exit
Router(config-pmap)#class medhiprec
Router(config-pmap-c)#bandwidth percent 25
Router(config-pmap-c)#exit
Router(config-pmap)#class medloprec
Router(config-pmap-c)#bandwidth percent 25
Router(config-pmap-c)#exit
Router(config-pmap)#class> Router(config-pmap-c)#fair-queue 512
Router(config-pmap-c)#queue-limit 96
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface serial0/1
Router(config-if)#service-policy output cbwfqpolicy
Router(config-if)#exit
Router(config)#end
Router#
注释
11.8. 使用NBAR
提问 使用NBAR(Network Based Application Recognition)在应用层对数据进行识别和
分类
回答
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#class-map INTERACTIVE
Router1(config-cmap)#match protocol citrix
Router1(config-cmap)#match protocol telnet
Router1(config-cmap)#exit
Router1(config)#policy-map QoSPolicy
Router1(config-pmap)#class INTERACTIVE
Router1(config-pmap-c)#bandwidth percent 50
Router1(config-pmap-c)#set dscp ef
Router1(config-pmap-c)#exit
Router1(config-pmap)#class> Router1(config-pmap-c)#bandwidth percent 20
Router1(config-pmap-c)#random-detect dscp-based
Router1(config-pmap-c)#exit
Router1(config-pmap)#exit
Router1(config)#interface FastEthernet0/0
Router1(config-fi)#service-policy inbound QoSPolicy
Router1(config-if)#exit
Router1(config)#end
Router1#
思科支持在网上下载PDLM(Packet Description Language Module)来激活NBAR 分类
Router1#show flash
System flash directory:
File Length Name/status
1 23169076 c2600-ipvoice-mz.124-10.bin
2 3100 bittorrent.pdlm
[23172304 bytes used, 9857836 available, 33030140 total]
32768K bytes of processor board System flash (Read/Write)
Router1#Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip nbar pdlm flash://bittorrent.pdlm
Router1(config)#class-map BITTORRENT
Router1(config-cmap)#match protocol bittorrent
Router1(config-cmap)#exit
Router1(config)#end
Router1#
也可以使用NBAR 来自动对网络协议进行分类统计
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip nbar protocol-discovery
Router1(config-if)#exit
Router1(config)#end
Router1#
注释NBAR 会增加CPU 利用率。Router1#show ip nbar protocol-discovery top-n 5 可
以显示出NBAR 所识别各个协议数据统计
<!--[if !supportLists]-->11.9. <!--[endif]-->使用WRED 来控制拥塞
提问
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#class-map Prec5
Router(config-cmap)#description Critical
Router(config-cmap)#match ip precedence 5
Router(config-cmap)#exit
Router(config)#policy-map cb_wred
Router(config-pmap)#class Prec5
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#class> Router(config-pmap-c)#fair-queue 512
Router(config-pmap-c)#queue-limit 96
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface HSSI0/1
Router(config-if)#service-policy output cb_wred
Router(config-if)#exit
Router(config)#end
Router#
注释
11.10. 使用RSVP
提问 在网络中启用RSVP
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 15 permit ip 192.168.1.0 0.0.0.255
Router(config)#interface FastEthernet0/0
Router(config-if)#ip rsvp bandwidth 128 56
Router(config-if)#ip rsvp neighbor 15
Router(config-if)#exit
Router(config)#end
Router#
注释 配置RSVP 之前,接口要配置WFQ, CBWFQ, 或者WRED
11.11. Manual RSVP Reservations
提问
回答
Sender主机(192.168.100.202)连接R1
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface FastEthernet0/0
Router1(config-if)#ip address 192.168.100.21 255.255.255.0
Router1(config-if)#ip rsvp bandwidth 128 56
Router1(config-if)#exit
Router1(config)#interface Serial0/0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#fair-queue 64 256 37
Router1(config-if)#ip rsvp bandwidth
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 192.168.55.9 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#ip rsvp bandwidth 128 56
Router1(config-subif)#exit
Router1(config)#ip rsvp sender 192.168.9.100 192.168.100.202 UDP 1300 1300
192.168.100.202 FastEthernet0/0 55 1
Router1(config)#end
Router1#
Receiver主机(192.168.9.100)连接R4
Router4# configure terminal
Router4(config)#interface Ethernet0/0
Router4(config-if)#ip address 192.168.9.3 255.255.255.0
Router4(config-if)#ip rsvp bandwidth 128 56
Router4(config-if)#exit
Router4(config)#interface Serial0/0
Router4(config-if)#no ip address
Router4(config-if)#encapsulation frame-relay
Router4(config-if)#fair-queue 64 256 37
Router4(config-if)#ip rsvp bandwidth
Router4(config-if)#exit
Router4(config)#interface Serial0/0.1 point-to-point
Router4(config-subif)#ip address 192.168.56.5 255.255.255.252
Router4(config-subif)#frame-relay interface-dlci 107
Router4(config-fr-dlci)#ip rsvp bandwidth 128 56
Router4(config-subif)#exit
Router4(config)#ip rsvp reservation 192.168.9.100 192.168.100.202 UDP 1300 1300
192.168.9.100 Ethernet0/0 FF RATE 55 1
Router4(config)#end
Router4#
注释
11.12. 聚合RSVP 的预留(Aggregating RSVP Reservations)
提问 聚合多个RSVP 这样核心网络不需要对每个数据流进行追踪
回答
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface FastEthernet0/0
Router2(config-if)#ip address 192.168.101.1 255.255.255.0
Router2(config-if)#ip rsvp bandwidth 128 56
Router2(config-if)#ip rsvp data-packet> Router2(config-if)#ip rsvp resource-provider none
Router2(config-if)#exit
Router2(config)#interface Serial0/0.1 point-to-point
Router2(config-subif)#ip address 192.168.55.10 255.255.255.252
Router2(config-subif)#frame-relay interface-dlci 409
Router2(config-fr-dlci)#ip rsvp bandwidth 128 56
Router2(config-subif)#ip rsvp data-packet> Router2(config-subif)#ip rsvp resource-provider none
Router2(config-subif)#exit
Router2(config)#end
Router2#
注释RSVP 扩展性不强,对于核心网络还是使用传统的DSCP标记方式,12.2(2)T 的IOS 引
入了新的办法来解决此问题,核心路由器配置RSVP 来支持RSVP Requests,但是队列的时
候不需要使用RSVP 的信息
11.13. Using Generic Traffic Shaping
提问
回答
注释
11.14. Using Frame-Relay Traffic Shaping
提问
回答
注释
11.15. Using Committed Access Rate
提问
回答
注释
11.16. 部署基于标准的PHB(Per-Hop Behavior)
提问 配置基于规范的根据DSCP 位的PHB
回答
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#class-map EF
Router(config-cmap)#description Real-time application traffic
Router(config-cmap)#match ip precedence 5
Router(config-cmap)#exit
Router(config)#class-map AF1x
Router(config-cmap)#description Priority> Router(config-cmap)#match ip precedence 1
Router(config-cmap)#exit
Router(config)#class-map AF2x
Router(config-cmap)#description Priority> Router(config-cmap)#match ip precedence 2
Router(config-cmap)#exit
Router(config)#class-map AF3x
Router(config-cmap)#description Priority> Router(config-cmap)#match ip precedence 3
Router(config-cmap)#exit
Router(config)#class-map AF4x
Router(config-cmap)#description Priority> Router(config-cmap)#match ip precedence 4
Router(config-cmap)#exit
Router(config)#policy-map cbwfq_pq
Router(config-pmap)#class EF
Router(config-pmap-c)#priority 58 800
Router(config-pmap-c)#exit
Router(config-pmap)#class AF1x
Router(config-pmap-c)#bandwidth percent 15
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#class AF2x
Router(config-pmap-c)#bandwidth percent 15
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#class AF3x
Router(config-pmap-c)#bandwidth percent 15
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#class AF4x
Router(config-pmap-c)#bandwidth percent 15
Router(config-pmap-c)#random-detect dscp-based
Router(config-pmap-c)#exit
Router(config-pmap)#class> Router(config-pmap-c)#fair-queue 512
Router(config-pmap-c)#queue-limit 96
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface HSSI0/1
Router(config-if)#service-policy output cbwfqpolicy
Router(config-if)#exit
Router(config)#end
Router#
注释
11.17. AutoQoS
提问配置路由器自动生成Voip 或者一般数据包的QoS 策略配置
回答
一种是针对VoIP 数据的
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#interface Serial0/0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 192.168.55.9 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto qos voip
%Creating new map-class.
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
*Mar 1 01:32:55.031: %RMON-5-FALLINGTRAP: Falling trap is generated because the
value of cbQosCMDropBitRate.1169.1171 has fallen below the falling-threshold va
lue 0
Router1#
针对一般的IP 数据包,第一步是流量模式的收集
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip cef
Router1(config)#interface Serial0/0
Router1(config-if)#no ip address
Router1(config-if)#encapsulation frame-relay
Router1(config-if)#exit
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#ip address 192.168.55.9 255.255.255.252
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto discovery qos
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
第二步是生成策略
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0/0.1 point-to-point
Router1(config-subif)#frame-relay interface-dlci 904
Router1(config-fr-dlci)#auto qos
%Creating new map-class.
Router1(config-fr-dlci)#no auto discovery qos
Router1(config-fr-dlci)#exit
Router1(config-subif)#exit
Router1(config)#end
Router1#
注释AutoQoS很好,但是有下面几个限制:只能针对点对点的链路,不能和frame map或
者virtual templates 一起使用,不能用于SVC,两端必须同时配置,必须禁止掉所有的服
务策略或者access-groups 即使用于其他的端口,要启用CEF。针对VoIP的AutoQoS引自
12.2(15)T,通过一个宏来生成配置,可以用show auto qos 来查看。针对通用IP 数据流
的引自12.3(7)T,自动针对数据流分类至十个不同类别,要先用auto qos 然后再no掉原
来的discovery。注意的是你如果后来想不用auto qos了,虽然可以no auot qos但是还
是有很多配置是没法自动清除的,记得要保存之前的show auto qos 的输出。AutoQoS 不是
万能的,要慎用
<!--[if !supportLists]-->11.18. <!--[endif]-->查看队列参数
提问 查看当前端口的队列配置
回答
Router#show queue FastEthernet0/0
Router#show queuing
注释 配置优先级队列或者自定义队列的时候show queue 命令没有相应的输出 |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-18 09:48:30
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡