【汇总】超好玩的路由环路系列
汇总环路概述
在配置静态路由或动态路由的情况下,有时候会使用路由汇总的功能来减少路由表的大小,但是如果配置不当,可能会引发环路隐患,当有些扫描软件或病毒发包触发环路后,可能会引起网络拥塞甚至瘫痪!!!
实验拓扑
下面拓扑模拟一个中小企业的三层交换及路由网络,交换机充当各的网关做三层交换,路由器做NAT到互联网的设备,在交换机和路由器之间配置静态路由,并配置路由汇总的功能。
路由器的基础配置
#
sysname R1
#
interface GigabitEthernet0/0/0
ip address 192.168.100.1 255.255.255.0
#
interface LoopBack100
ip address 100.100.100.100 255.255.255.0
#
interface LoopBack200
ip address 200.200.200.200 255.255.255.0
#
交换机的基础配置
#
sysname SW1
#
vlan batch 2 to 3 100
#
dhcp enable
#
interface Vlanif1
ip address 172.16.1.1 255.255.255.0
dhcp select interface
#
interface Vlanif2
ip address 172.16.2.1 255.255.255.0
dhcp select interface
#
interface Vlanif3
ip address 172.16.3.1 255.255.255.0
dhcp select interface
#
interface Vlanif100
ip address 192.168.100.2 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 2
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 3
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 100
#
电脑采用DHCP方式得到地址
以用ipconfig验证是否三个电脑都得到地址,下面是PC1的示例
PC>ipconfig
Link local IPv6 address………..: fe80::5689:98ff:fecf:ec77
IPv6 address………………….: :: / 128
IPv6 gateway………………….: ::
IPv4 address………………….: 172.16.1.254
Subnet mask…………………..: 255.255.255.0
Gateway………………………: 172.16.1.1
Physical address………………: 54-89-98-CF-EC-77
DNS server……………………:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
这里是华丽的分割线
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
探讨静态路由汇总环路
在交换机上配置默认路由去互联网
[SW1]ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
在路由器上配置去模拟公网的默认路由
[R1]ip route-static 0.0.0.0 0.0.0.0 LoopBack 100
在路由器上配置反回VLAN的路由(这里为了减少路由表大小,采用汇总方式)
[R1]ip route-static 172.16.0.0 22 192.168.100.2
或者配置
[R1]ip route-static 172.16.0.0 16 192.168.100.2
此时在PC上测试公网互通发现一切正常
PC>ping 100.100.100.100
Ping 100.100.100.100: 32 data bytes, Press Ctrl_C to break
From 100.100.100.100: bytes=32 seq=1 ttl=254 time=78 ms
From 100.100.100.100: bytes=32 seq=2 ttl=254 time=31 ms
From 100.100.100.100: bytes=32 seq=3 ttl=254 time=31 ms
From 100.100.100.100: bytes=32 seq=4 ttl=254 time=31 ms
From 100.100.100.100: bytes=32 seq=5 ttl=254 time=31 ms
— 100.100.100.100 ping statistics —
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/78 ms
PC>tracert 200.200.200.200
traceroute to 200.200.200.200, 8 hops max
(ICMP), press Ctrl+C to stop
1 172.16.1.1 tracert 172.16.0.10
traceroute to 172.16.0.10, 8 hops max
(ICMP), press Ctrl+C to stop
1 172.16.1.1 16 ms 31 ms 2 192.168.100.1 47 ms 15 ms 47 ms
3 192.168.100.2 47 ms 31 ms 16 ms
4 192.168.100.1 62 ms 62 ms 47 ms
5 192.168.100.2 47 ms 46 ms 47 ms
6 192.168.100.1 78 ms 78 ms 63 ms
7 192.168.100.2 78 ms 93 ms 63 ms
8 192.168.100.1 78 ms 93 ms 109 ms
可以发现数据包在三层交换机(100.2)和路由器(100.1)之间打环
路由汇总环路原理分析
三层交换机路由表
[SW1]dis ip routing-table
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 192.168.100.1 Vlanif100
172.16.1.0/24 Direct 0 0 D 172.16.1.1 Vlanif1
172.16.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif1
172.16.2.0/24 Direct 0 0 D 172.16.2.1 Vlanif2
172.16.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif2
172.16.3.0/24 Direct 0 0 D 172.16.3.1 Vlanif3
172.16.3.1/32 Direct 0 0 D 127.0.0.1 Vlanif3
192.168.100.0/24 Direct 0 0 D 192.168.100.2 Vlanif100
192.168.100.2/32 Direct 0 0 D 127.0.0.1
路由器路由表
[R1]dis ip routing-table
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 D 100.100.100.100 LoopBack100
100.100.100.0/24 Direct 0 0 D 100.100.100.100 LoopBack100
100.100.100.100/32 Direct 0 0 D 127.0.0.1 LoopBack100
100.100.100.255/32 Direct 0 0 D 127.0.0.1 LoopBack100
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.0.0/22 Static 60 0 RD 192.168.100.2 GigabitEthernet0/0/0
192.168.100.0/24 Direct 0 0 D 192.168.100.1 GigabitEthernet0/0/0
192.168.100.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
200.200.200.0/24 Direct 0 0 D 200.200.200.200 LoopBack200
200.200.200.200/32 Direct 0 0 D 127.0.0.1 LoopBack200
200.200.200.255/32 Direct 0 0 D 127.0.0.1 LoopBack200
255.255.255.255/32 Direct 0 0 D 127.0.0.1
电脑发包到172.16.0.10的时候,以路由最长匹配原则,在三层交换机和路由器上分别命中红线标注的路由,下一跳互为对方,故产生环路
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
这里是华丽的分割线
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
RIP路由汇总环路
修改配置为RIP V2并汇总路由
交换机的配置
[SW1]undo ip route-static 0.0.0.0 0.0.0.0
#
rip 1
undo summary
version 2
network 172.16.0.0
network 192.168.100.0
#
interface Vlanif100
rip summary-address 172.16.0.0 255.255.252.0
路由器的配置
undo ip route-static 172.16.0.0 255.255.252.0
#
rip 1
undo summary
default-route originate
version 2
network 192.168.100.0
#
验证与原理分析环路
PC>tracert 172.16.0.100
traceroute to 172.16.0.100, 8 hops max
(ICMP), press Ctrl+C to stop
1 172.16.1.1
原理分析
等同于静态环路,略
配置完后请删除RIP路的配置
[SW1]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
[R1]undo rip 1
Warning: The RIP process will be deleted. Continue?[Y/N]y
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
这里是华丽的分割线
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
OSPF路由汇总环路
配置路由器为OSPF协议
#
ospf 1 router-id 1.1.1.1
default-route-advertise
area 0.0.0.0
network 192.168.100.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 LoopBack100
#
配置交换机为OSPF协议并汇总路由
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 192.168.100.2 0.0.0.0
area 0.0.0.1
abr-summary 172.16.0.0 255.255.252.0
network 172.16.1.1 0.0.0.0
network 172.16.2.1 0.0.0.0
network 172.16.3.1 0.0.0.0
#
验证环路
PC>tracert 172.16.0.200
traceroute to 172.16.0.200, 8 hops max
(ICMP), press Ctrl+C to stop
1 172.16.1.1 374 ms 16 ms 15 ms
2 192.168.100.1 31 ms 47 ms 15 ms
3 192.168.100.2 31 ms 16 ms 47 ms
4 192.168.100.1 62 ms 62 ms 78 ms
5 192.168.100.2 63 ms 31 ms 47 ms
6 192.168.100.1 93 ms 63 ms 62 ms
7 192.168.100.2 94 ms 62 ms 63 ms
8 192.168.100.1 109 ms 93 ms 78 ms
原理分析 同上略
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
这里是华丽的分割线
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
路由汇总环路规避方法
在明细路由的始发地手工写指向NULL 0的路由,把冗余的流量送到bit垃圾桶里,在这个实验里,三层交换机是明细路由的始发地,所以在要三层交换机上写
[SW1]ip route-static 172.16.0.0 22 NULL 0
最后在PC上再测试,不会有环路发生
PC>tracert 172.16.0.10
traceroute to 172.16.0.10, 8 hops max
(ICMP), press Ctrl+C to stop
1 * * *
2 * * *
扩展:给华为路由器一个建议
建议在RIP协议,OSPF协议在手工汇总的时候,能自动生成指向NULL接口的路由来防止环路,这样就更智能了。
目前思科路由器在所有IGP协议上(RIP OSPF EIGRP)都有类似的实现。
关于博客资源下载说明
(1)第一种是书籍PDF与视频类,全部放在博客分享,觉得对大家学习有帮助的博主会收集好、然后以博主的经验整理分类后排序好分享出来。
(2)第二种是技术性文章与视频,全部放在公众号(网络之路博客)/B站(网络之路Blog)发布,以博主原创为主,主要分享系列为主,由浅入深的带大家了解工作中常用到的一些网络技术,当然也会分享一些比较经典的案例。
(3)分享资源有涉及到您的利益以及版权问题,请联系博主,24小时候内删除。
学习视频系列(总有您想要的)
Book与实验手册(从初级到高级)
数通系列(路由交换 无线、防火墙VPN等)
实战系列(最贴近企业需求的案例)
想第一时间收到最新更新内容吗,点击获取~~~