路由双向引入引发的环路与次优路径及解决方案

验证理论:

1.逐步搭建双向路由引入,观察并分析路由表变化

  分析OSPF的两个不同优先级如何防止次优路径

2.引入外部150.1.1.1的路由,设计并分析存在的环路

3.破除环路的方案

  3.1修改优先级

  3.2修改cost

  3.3利用标签

3.破除次优路径的方案

 

 

实验拓扑:

 

 路由双向引入引发的环路与次优路径及解决方案

 

 

初始配置:

配置接口及地址,OSPF及ISIS,不引入路由

初始结果:

[AR2]dis ip routing-table | in 150.1
150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0

150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1

 

[AR3]DIS IP routing-table | IN 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

 

[AR4]DIS IP routing-table | IN 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR5]dis ip routing-table | in 150.1

150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

 

 

 

一.

实验目的:

搭建路由双向引入

实验步骤:

第一步,在AR3上配置OSPE->ISIS的路由引入

[AR3]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32 

[AR3-isis-1]filter-policy ip-prefix NET150 export 

[AR3-isis-1]import-route ospf 1 

此时AR2,3路由表不会变化,观察AR5,4路由表抉择

[AR5]DIS IP routing-table | IN 150.1

150.1.2.2/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
150.1.3.3/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

        注解:外部引入到ISIS的路由开销默认64,类型为L2。本例中没有为ISIS接口配置任何开销值,ISIS接口的默认开销为10,开销类型为narrow

[AR4]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR4]dis ip routing-table protocol isis | in 150.1

150.1.2.2/32 ISIS-L2 15 84 10.1.45.5 GigabitEthernet0/0/1
150.1.3.3/32 ISIS-L2 15 84 10.1.45.5 GigabitEthernet0/0/1

[AR4]dis ip routing-table protocol ospf | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2

  注解:4.4和5.5的路由通过ISIS学到无可厚非。但是2.2和3.3在OSPF内部AR4是可以学到的,又因为2.2和3.3引入到了ISIS中,所以AR4作为边界路由器在ISIS中也可以学到2.2和3.3,此时根据协议优先级比较OSPF内部协议优先级10<ISIS优先级15,AR4选择155.1.24.2宣告的从OSPF学到的路由计入路由表

 

 

 

第二步,在AR3上配置ISIS->OSPF的引入,实现单点双向路由引入

已有:

[AR3]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32 

[AR3-isis-1]filter-policy ip-prefix NET150 export 

[AR3-isis-1]import-route ospf 1 

再配:

[AR3-ospf-1]filter-policy ip-prefix NET150 export

[AR3-ospf-1]import-route isis 1

此时AR3,5路由表不会变化,观察AR2,4路由表抉择

[AR2]dis ip routing-table | in 150.1

150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.4.4/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.5.5/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1

  注释:AR2学习到从AR3过来的,通过路由引入的4,4和5.5的网段

[AR4]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.24.2 GigabitEthernet0/0/2
150.1.3.3/32 OSPF 10 2 D 155.1.24.2 GigabitEthernet0/0/2
150.1.4.4/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR4]dis ip routing-table protocol ospf | in 150.1

150.1.4.4/32 O_ASE 150 1 155.1.24.2 GigabitEthernet0/0/2
150.1.5.5/32 O_ASE 150 1 155.1.24.2 GigabitEthernet0/0/2

[AR4]dis ip routing-table protocol isis | in 150.1

150.1.5.5/32  ISIS-L2 15   10          D   10.1.45.5       GigabitEthernet0/0/1

4.4直连

  注释:AR4,5将自己的环回口路由,在AR3上传入OSPF中,AR3->AR2->AR4,AR4在OSPF外部路由中也学到了4.4和5.5,此时AR4比较协议优先级。发现OSPF外部路由优先级150>ISIS 15,所以AR4将来源于ISIS的4.4和5.5放入路由表中

 

 

 

第三步,在AR4上配置OSPF->ISIS引入

[AR4]ip ip-prefix NET150 permit 150.1.0.0 16 less-equal 32
[AR4-isis-1]filter-policy ip-prefix NET150 export
[AR4-isis-1]import-route ospf 1

此时AR2,4路由表不会变化,观察AR3,5路由表抉择

 [AR5]dis ip routing-table 

150.1.2.2/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
      ISIS-L2 15 74 D 10.1.45.4 GigabitEthernet0/0/1
150.1.3.3/32 ISIS-L2 15 74 D 10.1.35.3 GigabitEthernet0/0/0
      ISIS-L2 15 74 D 10.1.45.4 GigabitEthernet0/0/1
150.1.4.4/32 ISIS-L2 15 10 D 10.1.45.4 GigabitEthernet0/0/1
150.1.5.5/32 Direct 0 0 D 127.0.0.1 LoopBack0

  注释:AR5通过AR3,4都可以学习到2.2和3.3形成等价路由

 

[AR3]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

 

[AR3]dis ip routing-table protocol  isis

150.1.2.2/32 ISIS-L2 15 84 10.1.35.5 GigabitEthernet0/0/0
150.1.3.3/32 ISIS-L2 15 84 10.1.35.5 GigabitEthernet0/0/0


[AR3]dis ip routing-table protocol ospf

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1

3.3直连

  注释:此时AR3在OSPF内部路由中学到2.2和3.3,同时由于AR4的引入,在ISIS中可以学到类型为ISIS L2的2.2和3.3.此时比较优先级,OSPF内部优先级10<ISIS 15所以在路由表中2.2和3.3为OSPF

 

 

第四步,在AR4上配置ISIS->OSPF引入

已有:

isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0004.00
filter-policy ip-prefix NET150 export
import-route ospf 1

[AR4-ospf-1]dis ip ip-prefix
Prefix-list NET150
Permitted 4
Denied 5
index: 10 permit 150.1.0.0/16 ge 16 le 32

再配:

ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1
area 0.0.0.0

此时AR4,5路由表不会变化,观察AR2,3路由抉择

[AR2]dis ip routing-table

150.1.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.3.3/32 OSPF 10 1 D 155.1.23.3 GigabitEthernet0/0/1
150.1.4.4/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2
150.1.5.5/32 O_ASE 150 1 D 155.1.23.3 GigabitEthernet0/0/1
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

  注释:AR2通过AR3,4都可以学习到4.4和5.5,形成等价路由

 

[AR3]dis ip routing-table | in 150.1

150.1.2.2/32 OSPF 10 1 D 155.1.23.2 GigabitEthernet0/0/1
150.1.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack0
150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0


[AR3]dis ip routing-table protocol ospf | in 150.1

150.1.4.4/32 O_ASE 150 1 155.1.23.2 GigabitEthernet0/0/1
150.1.5.5/32 O_ASE 150 1 155.1.23.2 GigabitEthernet0/0/1

[AR3]dis ip routing-table protocol isis | in 150.1

150.1.4.4/32 ISIS-L2 15 20 D 10.1.35.5 GigabitEthernet0/0/0
150.1.5.5/32 ISIS-L2 15 10 D 10.1.35.5 GigabitEthernet0/0/0

  注释:此时AR3在ISIS内部学习到4.4,5.5的网段,同时4.4和5.5被AR4引入到OSPF中。此时AR3比较优先级。因为OSPF外部路由优先级150>ISIS 15所以4.4和5.5仍然选择ISIS路由学到的。

 

  因此,通过上面4个步骤发现,OSPF的两个不同优先级使得:路由器在OSPF内部学到的路由,优先于再从其他协议学到;路由器从其他协议(除BGP)直接学到的路由,优先于从OSPF里其他协议(除BGP)引入到OSPF的路由,从而实现次优路由的避免

路由双向引入引发的环路与次优路径及解决方案路由双向引入引发的环路与次优路径及解决方案

 

 

 

 

 

 二.引入150.1.1.1,在AR3,4上设置,路由从ISIS引入到OSPF变为类型1

[AR1-ospf-1]import-route direct 

[AR3-ospf-1]import-route isis 1 type 1

[AR4-ospf-1]import-route isis 1 type 1 

  注释:OSPF type 1优先于type 2

分析:

假设150.1.1.1是先到AR3(因为AR1到达AR3和4是随机的),此时网络中存在逆时针环路AR3->AR2->AR4->AR5->AR3

    first           AR1将150.1.1.1的路由传到AR3,AR3将该路由引入到ISIS

    second     150.1.1.1经路由引入从AR3->AR5->AR4

    third          AR4比较从AR1->AR2->AR4学到的类型为OSPF的150.1.1.1/32和AR1->AR2->AR3(路由引入)->AR5->AR4学到的类型为ISIS的150.1.1.1/32.根据优先级比较,最后AR4上留下的是类型为ISIS的150.1.1.1/32

    fourth        因为AR4上存在有路由引入,于是将路由表中ISIS的150.1.1.1/32引入到OSPF中并且类型更改为1.此时AR2收到之后,对比从AR1收到的type 为2的150.1.1.1/32会认为从AR4上学习的type 为1的150.1.1.1/32是更优的。

    fifth    AR2将路由传递给AR3,此时AR3比较之前从AR2收到的type 2的150.1.1.1/32和现在从AR2收到的type 1的150.1.1.1/32同样会觉得后到的更优

    sixth     所以现在AR3认为要去150.1.1.1就去找AR2,AR2根据type比较去找AR4,AR4在ISIS中找到150.1.1.1的宣告者是AR3

 

假设150.1.1.1是先到的AR4(因为AR1到达AR3和4是随机的),此时网络中存在顺时针环路AR3->AR5->AR4->AR2->AR3

    first   AR1将150.1.1.1的路由传到AR4,AR4将此路由引入到ISIS

    second     150经路由引入从AR4->AR5->AR3

    third     AR3比较,认为从ISIS学到的150.1.1.1/32更优,计入路由表并

    fourth   AR3将ISIS的150.1.1.1/32引入到OSPF中更改类型为type 1.AR2收到之后认为从AR3上收到的type 为1的150.1.1.1/32更优

    fifth      AR2将路由传递给AR4,AR4通过比较同样认为从AR3学习的150.1.1.1/32更优

    sixth    所以现在AR4要去150.1.1.1就先在ISIS中找宣告者AR3,AR4认为经过AR2去AR3可以是去150.1.1.1的最优路径

 

验证:

在实验中AR1是先到了AR3(因为只有AR4上对于150.1.1.1是从ISIS学到的),此时网络中应存在逆时针环路

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 3 D 155.1.23.2 GigabitEthernet0/0/1

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

 

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 30 ms 20 ms 20 ms
2 155.1.24.4 40 ms 30 ms 30 ms
3 10.1.45.5 50 ms 30 ms 30 ms
4 10.1.35.3 20 ms 20 ms 20 ms
5 155.1.23.2 40 ms 40 ms 30 ms
6 155.1.24.4 40 ms 30 ms 50 ms
7 10.1.45.5 40 ms 40 ms 40 ms
8 10.1.35.3 50 ms 40 ms 30 ms

[AR2]dis ospf routing

Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
150.1.1.1/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.4.4/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.4.4/32 2 Type1 1 155.1.24.4 10.1.45.4
150.1.5.5/32 2 Type1 1 155.1.23.3 10.1.35.3
150.1.5.5/32 2 Type1 1 155.1.24.4 10.1.45.4

 

 

 

三.破除环路的方案

3.1利用优先级破环

  在AR4上修改ISIS中收到的150.1.1.1的优先级为151,使得AR1->2->3->5->4时,在4上面类型为ISIS优先级变成151.所以AR4上会优选来自OSPF的优先级为150的150.1.1.1,所以在路由表中表现为OSPF,而不是被引入到OSPF中类型被改为level 1 从而破除

[AR4]ip ip-prefix NET0 permit 150.1.1.1 32 

[AR4-route-policy]if-match ip-prefix NET0

[AR4-route-policy]apply preference 151 

[AR4-isis-1]preference route-policy SET-PRI

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 3 D 155.1.24.2 GigabitEthernet0/0/2

此时逆时针的环被在AR4上止住。但是因为150.1.1.1在AR4上是OSPF的了,所以匹配上了OSPF->ISIS的引入。从AR4->AR5->AR3,在AR3上没有更改优先级,所以ISIS又以15的优先级打败了OSPF的150,所以在AR3上被引入到OSPF中,并更改为类型1了

再去查看AR3的路由

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.35.5 GigabitEthernet0/0/0

发现150.1.1.1是从ISIS学到的了,意味着又出现了顺时针的环路

[AR3]tracer -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.1.35.5 20 ms 10 ms 30 ms
2 10.1.45.4 20 ms 30 ms 20 ms
3 155.1.24.2 20 ms 30 ms 20 ms
4 155.1.23.3 10 ms 30 ms 20 ms
5 10.1.35.5 40 ms 30 ms 30 ms
6 10.1.45.4 40 ms 30 ms 40 ms
7 155.1.24.2 40 ms 30 ms 40 ms
8 155.1.23.3 30 ms 30 ms 30 ms

同样的解决思路,在AR3上将150.1.1.1/32的优先级更改为151

此时AR3,AR4的路由就都正常了,没有再通过路由引入使OSPF中出现type 1,环路破除

[AR3]ip ip-prefix NET1 permit 150.1.1.1 32 

[AR3]route-policy SET-PRE permit node 10
[AR3-route-policy]if-match ip-prefix NET1
[AR3-route-policy]apply preference 151

[AR3-isis-1]preference route-policy SET-PRE 

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.24.2 GigabitEthernet0/0/2

 

[AR4]tracert -a 150.1.4.4 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.24.2 20 ms 30 ms 30 ms
2 155.1.12.1 40 ms 40 ms 30 ms
[AR4]

 

 

 

3.2通过cost造环与破环

更改AR3,AR4上面的引入路由策略,取消引入时类型改为type 1 ,使他引入是就用默认的type 2。同时删除上面的优先级防环配置

此时查看AR3,4上的路由,发现AR4是ISIS,所以此次AR1是先到的AR3

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

当前网络中对于AR3上存在两条来自于AR2的等价路由:AR1->2->3->5->4(路由引入,默认type 2)->2->3还有AR1->AR2->AR3

[AR2]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.12.1 GigabitEthernet0/0/0
      O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

要创建环路,只需要配置cost使得AR2认为去AR1比去AR4远就可以了,所以修改AR2的g0/0/0接口开销为10

[AR2-GigabitEthernet0/0/0]OSPF cost 10

150.1.1.1/32 O_ASE 150 1 D 155.1.24.4 GigabitEthernet0/0/2

验证逆时针环路:

<AR3>tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 20 ms 20 ms 20 ms
2 155.1.24.4 30 ms 40 ms 30 ms
3 10.1.45.5 30 ms 30 ms 30 ms
4 10.1.35.3 20 ms 30 ms 20 ms
5 155.1.23.2 30 ms 30 ms 30 ms
6 155.1.24.4 40 ms 50 ms 40 ms
7 10.1.45.5 40 ms 40 ms 50 ms
8 10.1.35.3 30 ms 30 ms 30 ms

 

破环:使得AR2认为去往AR1更近即可

删除AR2上g0/0/0口开销的配置,在AR2的g0/0/2口设置开销为10

[AR2-GigabitEthernet0/0/2]ospf cost 10

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 30 ms 10 ms 20 ms
2 155.1.12.1 50 ms 30 ms 30 ms

路由:

路由双向引入引发的环路与次优路径及解决方案

 

 

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

 

 

同理,为了防止比如说设备重启了,当路由先到AR4产顺时针环路,此时AR2需要抉择去往AR1更近还是去往AR3更近。

为避免环路在AR2的g0/0/1口也设置ospf cost为10

[AR2-GigabitEthernet0/0/1]ospf cost 10

路由:

路由双向引入引发的环路与次优路径及解决方案

 

 

至此更改开销确实可以破环,但是无法解决次优路径的问题。

 

 

 

 

3.3通过标签

ISIS中如果要使用标签,必须使用开销类型为宽带,默认为窄带

删除上面的AR2的0/0/1和0/0/2的cost,增加g0/0/0的cost还原环路

<AR3>tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 70 ms 10 ms 30 ms
2 155.1.24.4 20 ms 20 ms 20 ms
3 10.1.45.5 30 ms 40 ms 30 ms
4 10.1.35.3 70 ms 20 ms 20 ms
5 155.1.23.2 30 ms 30 ms 40 ms
6 155.1.24.4 40 ms 30 ms 30 ms
7 10.1.45.5 30 ms 30 ms 40 ms
8 10.1.35.3 30 ms 30 ms 20 ms

 

当前150.1.1.1是先到的AR3

[AR4]dis ip routing-table 150.1.1.1

150.1.1.1/32 ISIS-L2 15 84 D 10.1.45.5 GigabitEthernet0/0/1

[AR3]dis ip routing-table 150.1.1.1

150.1.1.1/32 O_ASE 150 1 D 155.1.23.2 GigabitEthernet0/0/1

 

原理:

  先更改AR3,4,5的开销类型为宽带

  在AR3上当OSPF->ISIS时将外部引入的路由(150.1.1.1,此时不使用前缀抓取,使得以后如果有其他外部路由引入也能匹配上这个策略路由)的路由打上TAG 3 ,在AR4上当ISIS->OSPF时将带了TAG 3 的路由deny掉,不允许再进入OSPF

配置:

AR3:

[AR3]route-policy OSPF->ISIS permit node 10 

[AR3-route-policy]if-match route-type external-type2

[AR3-route-policy]apply tag 3 

isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0003.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS

AR4:

 

[AR4]route-policy ISIS->OSPF deny node 10
[AR4-route-policy]if-match tag 3

ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0

分析:

  此时路由走向:AR1->2->3->5->4,在AR4上不能被过滤到OSPF中,此时AR4比较从AR1->2->4发过来的优先级150的路由和AR1->2->3->5->4过来的优先级为15的路由,所以在AR4上150.1.1.1仍为ISIS路由,环路破除

[AR3]tracert -a 150.1.3.3 150.1.1.1
traceroute to 150.1.1.1(150.1.1.1), max hops: 30 ,packet length: 40,press CTRL_C to break
1 155.1.23.2 20 ms 20 ms 20 ms
2 155.1.12.1 20 ms 20 ms 40 ms
[AR3]

同理,为了防止比如说设备重启了,当路由先到AR4产顺时针环路,在AR4上当OSPF->ISIS设置外部引入的type 2 的路由打上标签4,在AR3上当ISIS->OSPF设置外部引入的路由上有标签4的都被丢掉

路由双向引入引发的环路与次优路径及解决方案

 

 

 

 

 

完整配置如下

AR3:

[AR3]dis route-policy
Route-policy : OSPF->ISIS
permit : 10 (matched counts: 1)
Match clauses :
if-match route-type external-type2
Apply clauses :
apply tag 3


Route-policy : ISIS->OSPF
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 4
permit : 20 (matched counts: 4)
[AR3]isis
[AR3-isis-1]dis this
[V200R003C00]
#
isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0003.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS
#
return
[AR3-isis-1]ospf
[AR3-ospf-1]dis this
[V200R003C00]
#
ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0
#
return
[AR3-ospf-1]

 

AR4:

[AR4]dis route-policy
Route-policy : ISIS->OSPF
deny : 10 (matched counts: 0)
Match clauses :
if-match tag 3
permit : 20 (matched counts: 5)


Route-policy : OSPF->ISIS
permit : 10 (matched counts: 0)
Match clauses :
if-match route-type external-type2
Apply clauses :
apply tag 4
[AR4]ospf
[AR4-ospf-1]dis this
[V200R003C00]
#
ospf 1
filter-policy ip-prefix NET150 export
import-route isis 1 route-policy ISIS->OSPF
area 0.0.0.0
#
return
[AR4-ospf-1]isis
[AR4-isis-1]dis this
[V200R003C00]
#
isis 1
is-level level-2
network-entity 49.0000.0000.0000.0000.0004.00
filter-policy ip-prefix NET150 export
import-route ospf 1 route-policy OSPF->ISIS
#
return
[AR4-isis-1]

 

此时,环路问题解决,但是次优路径仍然没有解决。解决方法看下一篇升级版,写不下了

上一篇:IS-IS实验


下一篇:isis常见面试题