Layer3 OSPF的路由过滤
来源:互联网 发布:python 管道 编码问题 编辑:程序博客网 时间:2024/04/28 08:19
session 1 OSPF的路由过滤(本地有效)
R1#show run | s ospf
ip ospf 1 area 0
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.1 0.0.0.0 area 0
distribute-list prefix R2-2.3 in FastEthernet0/0 使用分发列表过滤前缀列表匹配的路由2.2.2.3/32 OSPF Router with ID (1.1.1.1) (Process ID 1) Router Link States (Area 0) LS age: 888
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 2.2.2.2
Advertising Router: 2.2.2.2
LS Seq Number: 80000009
Checksum: 0x2797
Length: 60
Number of Links: 3 Link connected to: a Stub Network
(Link ID) Network/subnet number: 2.2.2.2
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1 Link connected to: a Stub Network 依然可以看到R2发来的2.2.2.3/32的LSA1
(Link ID) Network/subnet number: 2.2.2.3
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1 Link connected to: a Transit Network
(Link ID) Designated Router address: 12.1.1.2
(Link Data) Router Interface address: 12.1.1.2
Number of TOS metrics: 0
TOS 0 Metrics: 10
一、分发列表,只能过滤掉路由,不让路由进入RIB,但是不能阻止LSA的传递,在LSDB中还是要有Link信息。
1、distribute-list x in 接口:过滤从接口收到的路由。
R1(config-router)#distribute-list ? 可选的路由过滤参数
<1-199> IP access list number
<1300-2699> IP expanded access list number
WORD Access-list name
gateway Filtering incoming updates based on gateway
prefix Filter prefixes in routing updates
route-map Filter prefixes based on the route-map
可以使用ACL和prefix等来过滤路由
例如:在R1上过滤R2宣告来的直连路由2.2.2.3/32,而不过滤2.2.2.2/32
R2#show run | s ospf R2上的直连路由
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
network 2.2.2.2 0.0.0.0 area 0
network 2.2.2.3 0.0.0.0 area 0
network 12.1.1.2 0.0.0.0 area 0
R2#
router ospf 1
R2#
R1#show ip route ospf 没有过滤前的R1收到R2的ospf路由
2.0.0.0/32 is subnetted, 2 subnets
O 2.2.2.2 [110/11] via 12.1.1.2, 00:00:16, FastEthernet0/0
O 2.2.2.3 [110/11] via 12.1.1.2, 00:00:16, FastEthernet0/0
O
O
R1#show ip prefix-list R2-2.3 使用前缀列表匹配2.2.2.3/32路由
ip prefix-list R2-2.3: 1 entries
seq 5 permit 2.2.2.3/32
ip prefix-list R2-2.3: 1 entries
R1#show run | s ospf
router ospf 1
R1#show ip route ospf R1上查看RIB看到2.2.2.3/32的路由已经被过滤
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.3 [110/11] via 12.1.1.2, 00:00:03, FastEthernet0/0
R1#
O
R1#
但是注意:只能过滤掉路由,不让路由进入RIB,但是不能阻止LSA的传递,在LSDB中还是要有Link信息。
R1#show ip ospf database router 2.2.2.2 在R1的LSDB中查看R2发来的LSA1类信息
R1#show ip ospf database router 2.2.2.2
2、redistribute-list x out 协议:仅对AS边界路由器ASBR重分布到OSPF中的路由起作用。不能应用于域内O路由及域间OIA路由的过滤。
R1#show ip interface brief 在R1(ASBR)过滤前配置rip和ospf,并将rip重分布进ospf中
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 12.1.1.1 YES manual up up
Loopback0 1.1.1.1 YES manual up up
Loopback10 10.10.10.10 YES manual up up
Loopback20 20.20.20.20 YES manual up up
Interface
FastEthernet0/0
Loopback0
Loopback10
Loopback20
R1(config-router)#do show run | s ospf
ip ospf 1 area 0
router ospf 1
log-adjacency-changes
redistribute rip subnets
network 1.1.1.1 0.0.0.0 area 0
network 12.1.1.1 0.0.0.0 area 0
router ospf 1
R1(config-router)#do show run | s rip
redistribute rip subnets
router rip
network 10.0.0.0
network 20.0.0.0
R1(config-router)#
router rip
R1(config-router)#
R2#show ip route ospf 在R2上已经学到R1中重分布进ospf的rip路由
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 12.1.1.1, 00:07:48, FastEthernet0/0
20.0.0.0/32 is subnetted, 1 subnets
O E2 20.20.20.20 [110/20] via 12.1.1.1, 00:07:16, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.10.10.10 [110/20] via 12.1.1.1, 00:07:48, FastEthernet0/0
R2#
O
O E2
O E2
R2#
下面在R1上开启重分布路由过滤:
R1(config)#ip prefix-list R1-10 permit 10.10.10.10/32 使用perfix匹配需要过滤的外部路由
R1(config)#ip prefix-list R1-10 permit 10.10.10.10/32
R1(config-router)#distribute-list prefix R1-10 out rip 过滤掉prefix列表匹配外部重分布路由,不宣告
在R2上查看结果:
R2#show ip route ospf R2上已经学不到R1上重分布的10.10.10.10/32的路由了
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/11] via 12.1.1.1, 00:10:26, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.10.10.10 [110/20] via 12.1.1.1, 00:10:26, FastEthernet0/0
O
O E2
二、汇总LSA的过滤
R1(config-router)#area 12 range 172.16.0.0 255.255.0.0 not-advertise 本区域的ABR上做,过滤LSA1/2
R1(config-router)#summary-address 172.16.0.0 255.255.0.0 not-advertise 外部路由产生的ASBR上做,或者LSA7转LSA5的ABR上做,过滤LSA5/7
三、针对LSA3的过滤,必须是前缀列表
R1(config-router)#area 12 filter-list prefix LSA3 in/out 在ABR上过滤LSA3,只有被prefix-list匹配的LSA3才能进来或出去
四、过滤所有的LSA
R1(config-if)#ip ospf database-filter all ou 过滤从该接口收到的所有LSA
R1(config-router)#neighbor 12.1.1.2 database-filter all out 过滤从邻居(接口ip:12.1.1.2)过来的所有LSA(注意:12.4IOS版本中此命令只=在p2p、NBMA网络类型中才能在show run中看到,在其他网络类型中也生效但是在show run中看不到,是个隐藏命令)
R1(config-router)#no discard-route internal 用来过滤LSA3的汇总路由
R1(config-router)#no discard-route external 用来过滤LSA5的汇总路由
ip ospf name-lookup 类似 ip domain lookup ip ospf name-lookup默认是关闭的(应该关闭)
0 0
- Layer3 OSPF的路由过滤
- Layer3 OSPF的路由选路
- Layer3 OSPF
- Layer3 OSPF的状态信息LSA7
- Layer3 OSPF汇总
- Layer3 OSPF认证
- Layer3 OSPF的状态信息LSA3、4、5
- Layer3 OSPF的LSAP和特殊区域总结
- ospf路由过滤归纳(待续)
- h3c ospf import-route 路由过滤
- OSPF过滤的方式
- Layer3-1 路由原理
- Layer3 BGP-3 路由
- OSPF路由协议的配置
- 【路由】OSPF
- Layer3 OSPF网络类型和LSA1、2
- Layer3 OSPF其他特性和虚链路
- Layer3 BGP-5 路由属性
- property和constructor-arg的使用
- Android LayoutInflater详解
- 【打CF,学算法——二星级】CodeForces 96B Lucky Numbers (构造/dfs)
- iOS7下隐藏statusbar
- Jedis的使用说明
- Layer3 OSPF的路由过滤
- HDU 4933 / BC 4C Miaomiao's Functiong
- [台大机器学习笔记整理]机器学习问题与算法的基本分类&由霍夫丁不等式论证机器学习的可行性
- BIND -- DNS 搭建过程总结(二)域从服务器
- js中刷新页面
- 洛谷P1914 小书童——密码
- 使用Docker实现丝般顺滑的持续集成
- 浅谈Java设计模式(五)原型模式(Prototype)
- Lyp的战斗记录