1、第五章 IP 路由,本章内容,PLANNING & DESIGNINGDesign a simple LAN using Cisco TechnologyDesign an IP addressing scheme to meet design requirementsSelect an appropriate routing protocol based on user requirementsDesign a simple internetwork using Cisco technologyIMPLEMENTATION & OPERATIONConfigure routing proto
2、cols given user requirementsConfigure IP addresses, subnet masks, and gateway addresses on routers and hostsConfigure a router for additional administrative functionalityPerform an initial configuration on a routerPerform an initial configuration on a switch,TROUBLESHOOTINGPerform LAN and VLAN troub
3、leshootingTroubleshoot routing protocolsTroubleshoot IP addressing and host configurationTroubleshoot a device as part of a working networkTECHNOLOGYEvaluate the characteristics of routing protocolsEvaluate TCP/IP communication process and its associated protocols,什么是IP路由,difference between a routin
4、g protocol and a routed protocol,A routing protocol Dynamically find all the networks in the internetwork Ensure that all routers have the same routing table Determines the path of a packet through an internetwork Select a best path to delivery Examples of routing protocols are RIP, IGRP, EIGRP, and
5、 OSPF,A routed protocol Be used to send user data(packets) through the established enterprise Assigned to an interface Determine the method of packet delivery Examples of routed protocols are IP and IPX,学习本章目标: 配置和校验思科路由器,静态路由IP ROUTE NETWORK MASK NEXT-HOP 缺省路由IP ROUTE 0.0.0.0 0.0.0.0 DEFAULT-GATEWA
6、Y 动态路由ROUTER RIPROUTER IGRP,路由基础,Routers route traffic to all the networks in your internetwork Configure logical network addresses, such as IP addresses Routers dont really care about hosts address Care about networks and the best path to each network The logical network address of the destination
7、host is used to get packets to a network through a routed network The hardware address of the host is used to deliver the packet from a router to the correct destination host,路由器路由数据包的基本条件,目的地地址 任何一个能够学习远端网络的邻居路由器 到所有远端网络的可能路由器 到每一个远端网络的最优路由 如何维护和校验路由信息,路由器 A要想知道路由器C的存在,有两种办法: 一是,通过邻居路由器B来得知路由器C的存在。
8、 二是,通过管理员手工添加路由来得知路由器C的存在。,路由器如何获得远端路由的信息,路由表,router# show ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSP
9、F external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is 218.12.46.137 to network 0.0.0.0218.12.46.0/29 is subnetted, 1 subnets C 218.12.46.
10、136 is directly connected, FastEthernet0/0 C 192.168.3.0/24 is directly connected, FastEthernet0/1 S* 0.0.0.0/0 1/0 via 218.12.46.137,The router then builds a routing table that describes how to find the remote networks.,直连的网络,路由器知道如何到达目的网络,非直连网络,路由器到达远端网络有两种方式: 网管员手工添加静态路由 动态路由,单路由与多路由网络,单个路由器的IP路由
11、过程,多路由器的IP路由一,多路由器的IP路由二,多路由器的IP路由三,多路由器的IP路由四查看路由表,多路由器的IP路由五Lab_B配置,多路由器的IP路由六- Lab_B路由表,Lab_B#sh ip routeoutput cutGateway of last resort is not setC 192.168.20.0/24 is directly connected, Serial0/0C 192.168.40.0/24 is directly connected, Serial0/1C 192.168.30.0 is directly connected FastEthernet
12、 0/0Lab_B#,多路由器的IP路由七 Lab_C配置,Lab_C(config)#interface fa0/0Lab_C(config-if)#ip address 192.168.50.1 255.255.255.0Lab_C(config-if)#description Lab_C LAN ConnectionLab_C(config-if)#no shutLab_C(config-if)#interface serial 0/0Lab_C(config-if)#ip address 192.168.40.2 255.255.255.0Lab_C(config-if)#descri
13、ption WAN Connection to Lab_BLab_C(config-if)#no shutLab_C(config-if)#exit,多路由器的IP路由七 Lab_C路由表,Lab_C#sh ip routeoutput cutGateway of last resort is not setC 192.168.50.0/24 is directly connected, FastEthernet0/0C 192.168.40.0/24 is directly connected, Serial0/0Lab_C#,思考,经过这样的配置后,数据包是否可以经过多个路由器进行传送到目
14、标主机呢?答案是:否!为什么呢?,配置IP路由,Static routingDefault routingDynamic routing,配置IP路由-静态路由,Static routing has the following benefits:There is no overhead on the router CPU, which means you could possibly buy a cheaper router than if you were using dynamic routing.There is no bandwidth usage between routers, w
15、hich means you could possibly save money on WAN links.It adds security, because the administrator can choose to allow routing access to certain networks only.,配置IP路由-静态路由,Static routing has the following disadvantages:The administrator must really understand the internetwork and how each router is c
16、onnected in order to configure routes correctly.If a network is added to the internetwork, the administrator has to add a route to it on all routersby hand.Its not feasible in large networks because maintaining it would be a full-time job in itself.,ip route destination_network mask next-hop_address
17、 or exitinterface administrative_distance permanent This list describes each command in the string: ip route The command used to create the static route. destination_network The network youre placing in the routing table. mask The subnet mask being used on the network. next-hop_address The address o
18、f the next-hop router that will receive the packet and forward,静态路由的配置格式,exitinterface You can use it in place of the next-hop address if you want, but its got to be on a point-to-point link, such as a WAN. This command wont work on a LAN such as Ethernet. administrative_distance By default, static
19、routes have an administrative distance of 1(or even 0 is you use an exit interface instead of a next hop address). You can change the default value by adding an administrative weight at the end of the command. Ill talk a lot more about this subject later in the chapter when we get to the section on
20、dynamic routing. permanent If the interface is shut down, or the router cant communicate to the next-hop router, the route will automatically be discarded from the routing table. Choosing the permanent option keeps the entry in the routing table no matter what happens.,静态路由的配置格式续,注:如果改变了静态路由的管理距离,则此
21、条路由被称为浮动静态路由。,静态路由实战配置,静态路由实战配置续一LAB_a配置,注意:直接链接到路由器端口网络将自动添加到路由器的路由表中。 任何一个路由器的路由表中必须包含到达远端网络的路径。,路由器A的路由表中除了包含直联网段,还需要描述如何到达以下网段:192.168.30.0192.168.40.0192.168.50.0,静态路由实战配置续一LAB_a配置,返回特权模式,输入show running-config检测路由器的配置。,静态路由实战配置续一LAB_a配置,静态路由实战配置续一LAB_b配置,路由器B的路由表中除了包含直联网段:192.168.20.0192.168.30
22、.0192.168.40.0 还需要描述如何到达以下网段:192.168.10.0192.168.50.0,静态路由实战配置续一LAB_b配置,返回特权模式,输入show running-config检测路由器的配置。,静态路由实战配置续一LAB_b配置,路由器C的路由表中除了包含直联网段:192.168.40.0192.168.50.0 还需要描述如何到达以下网段:192.168.10.0192.168.20.0192.168.30.0,静态路由实战配置续一LAB_c配置,静态路由实战配置续一LAB_c配置,在路由器的全局配置模式下输入以下命令:,返回特权模式,输入show running-
23、config检测路由器的配置。,静态路由实战配置续一LAB_c配置,校验路由器的配置,Lab_A#ping 192.168.50.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.16.50.1, timeout is 2 seconds: ! Success rate is 80 percent (4/5), round-trip min/avg/max = 64/66/68 ms Lab_C#ping 192.168.10.1 Type escape sequence to abort. Sendi
24、ng 5, 100-byte ICMP Echos to 172.16.10.1, timeout is 2 seconds: ! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/72 ms,默认路由,Router(config)ip route 0.0.0.0 0.0.0.0 next-hop add | exit-interface Exit-interface 只能用在stub-interface的网络链接中。 有效减小路由表的长度。 减少系统开销。 如果路由表没有到远端网络的表项,则数据包将通过默认路由
25、发送到远端网络。 非常适合企业到ISP的接入路由。,默认路由实列,以上是Labc的静态路由配置,我们可以用一条默认路由来代替:,172.16.2.1,SO,静态路由,172.16.1.0,B,172.16.2.2,Network,A,在小型网络中适宜设置静态路由。 静态路由是双向的,必须在两个方向上配置才可使用。,B,Stub Network,指定一条可以到达目标网络的路径,Router(config)#ip route network mask address | interfacedistance permanent,静态路由的配置,Stub Network,ip route 172.16
26、.1.0 255.255.255.0 172.16.2.1,172.16.2.1,SO,静态路由的例子,172.16.1.0,B,172.16.2.2,Network,A,B,这是一条单方向的路径,必须配置一条相反的路径。,Stub Network,ip route 0.0.0.0 0.0.0.0 172.16.2.2,缺省路由,172.16.2.1,SO,172.16.1.0,B,172.16.2.2,Network,A,B,使用缺省路由后,Stub Network可以到达路由器A以外的网络。,静态路由总结,配置静态路由的格式: Router(config)#ip route network
27、 mask next-hop address 配置默认路由的格式: Router(config)#ip route 0.0.0.0 0.0.0.0 next-hop address 静态路由必须在两个方向上进行配置。 静态路由的好处:管理员可以完全控制路由器路由表的内容。不会有路由协议的网络管理开销。比较容易实现。非常适合小型网络。,静态路由总结续一,有两台路由器的网络将需要输入两条静态路由。 有三台路由器的网络将需输入六条静态路由。 有100台路由器的网络将需要输入9900条静态路由。 N台路由器网络的静态路由书为N*(N-1)条。,缺点是:网络可扩展性很差。,静态路由 由网络管理员在路由器
28、上手工添加路由信息以实现路由目的,动态路由 根据网络结构或流量的变化,路由协议会自动调整路由信息以实现路由,静态路由和动态路由,路由协议,路由协议 用于路由器选择路径和管理路由表。 一旦选择了一条路径后,路由器将路由可路由协议 。,Network Protocol,Destination Network,Connected RIP IGRP,10.120.2.0 172.16.2.0 172.17.3.0,Exit Interface,E0 S0 S1,可路由协议: IP、IPX,etc 路由协议: RIP, IGRP,EIGRP,OSPF,172.17.3.0,172.16.1.0,10.1
29、20.2.0,E0,S0,基本功能为 路径选择和更新路由表。,自治系统 100,自治系统 200,IGPs: RIP, IGRP,EGPs: BGP,自治系统:内部和外部的路由协议,自治系统:在同一管理机构的控制下,使用相同的路由 策略的一组路由器的集合(如电信、移动、联通网络) IGP在一个自治系统内运行。 EGP连接不同的自治系统。,路由协议基础,路由协议基础管理距离,管理距离是产生(找到)路由的路由协议的可信赖程度。 管理距离可以是0到255之间的值。 值越低,路由的可信赖程度越高。 如果到给定目的地有多条路由,管理距离最小的那条路由将被放入路由表中。,路由协议基础管理距离续,路由的可信
30、度,IGRP Administrative Distance=100,Router D,Router B,Router A,Router C,RIP Administrative Distance=120,E,I need to send a packet to Network E. Both router B and C will get it there. Which route is best?,路由协议的分类,距离矢量,混合路由,链路状态,C,B,A,D,C,D,B,A,距离矢量的路由协议概念,根据距离判断最优路径。 以跳为单位,每经过一台路由器为一跳。 到指定目的网络,跳数或度量值最
31、少的为最优路由。 矢量是指指向目的网络的方向。 定期发送整个路由表到直连的邻居。 被成为传说的(谣言)路由。 典型的例子是:RIP、IGRP。,距离矢量的路由协议,定期将路由表复制给相邻的路由器,C,D,B,A,C,B,A,D,Routing Table,Routing Table,Routing Table,Routing Table,DistanceHow far VectorIn which direction,初始路由表仅包含直连接口的信息,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,Routing Table
32、,10.2.0.0,10.3.0.0,0,0,Routing Table,10.3.0.0,S0,0,10.4.0.0,E0,0,Routing Table,10.1.0.0,10.2.0.0,0,0,距离矢量收敛,通过向邻居发送整个路由表来更新,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,Routing Table,10.1.0.0,10.2.0.0,10.3.0.0,Routing Table,10.2.0.0,10.3.0.0,10.4.0.0,10.1.0.0,0,0,1,1,Routing Table,10.
33、3.0.0,S0,0,10.4.0.0,E0,0,10.2.0.0,1,1,0,0,距离矢量收敛,距离矢量收敛,所有路由器有相同的路由表时,收敛完成。,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,Routing Table,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,Routing Table,10.2.0.0,10.3.0.0,10.4.0.0,10.1.0.0,0,0,1,1,Routing Table,10.3.0.0,S0,0,10.4.0.0,E0,0,10.2.0.0,S0,10
34、.1.0.0,1,2,1,2,0,0,路由循环,距离矢量路由协议发送整个路由表。 低速收敛的网络容易产生路由循环。 当网络5失效时,容易使路由器A和B产生环路。,解决方法:定义最大跳数,指定最大跳数来防止路由自环。 到达最大跳数时,宣布为目标网络不可达。 RIP定义一个最大为16的跳数。 不能从根本上解决路由循环问题。,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,X,解决方法:水平分割,一个接口不会接收由本接口发送出去的路由信息 RouterA向RouterB发送10.3.0.0和10.4.0.0的路由信息时, Rou
35、terB不会接受。 RouterB向RouterA发送10.1.0.0和10.2.0.0的路由信息时, RouterA不会接受。 RouterB向RouterC发送10.4.0.0的路由信息时, RouterC不会接受,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,X,X,X,解决方法:反转毒性,反转毒性可以忽略水平分割 当10.4.0.0网络失效时,RouterC会发送一个路由中毒消息,并将10.4.0.0网络设置16跳或不可达。 RouterB收到中毒消息时,发送一个毒性逆转的更新到RouterC。 确信所有的路由器
36、都将收到这个中毒的路由消息。,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,X,Poison Reverse,解决方法:Hold-Down 计时,路由器在Hold-Down时间内将该条记录标记为possibly down以使其它路由器能够重新计算网络结构的变化 当收到新的信息或路由被删除时,路由器将此路由置为拟制状态。 当处以拟制定时器的范围内,路由器不会发送通告,也不接收路由信息的变化的通告。 可以切断路由信息的错误通告。,Network 10.4.0.0 is down then back upthen back d
37、own,Update after hold-down Time,Network 10.4.0.0 is unreachable,A,B,C,10.1.0.0,10.2.0.0,10.3.0.0,10.4.0.0,E0,S0,S0,S1,S0,E0,X,Update after hold-down Time,解决方法:触发更新,当路由表发生变化时路由器立即发送更新信息。 holddown timer 过期。 Another update is received with a better metric。 可以加速收敛,切断满速收敛引起的网络环路。,A,B,C,10.2.0.0,10.3.0.0,
38、10.4.0.0,E0,S0,S0,S1,S0,E0,X,Network 10.4.0.0 is unreachable,Network 10.4.0.0 is unreachable,Network 10.4.0.0 is unreachable,10.1.0.0,一个完整的方案,D,B,E,A,X,C,10.4.0.0,一个完整的方案,D,B,E,A,C,X,10.4.0.0,Holddown,Holddown,Holddown,一个完整的方案,D,B,E,A,C,X,10.4.0.0,Holddown,Holddown,Holddown,Poison Reverse,Poison Rev
39、erse,Poison Reverse,Poison Reverse,一个完整的方案,D,B,E,A,C,X,10.4.0.0,Holddown,Holddown,Holddown,Packet for Network 10.4.0.0,Packet for Network 10.4.0.0,一个完整的方案,D,B,E,A,C,Link up!,10.4.0.0,一个完整的方案,D,B,E,A,C,Link up!,10.4.0.0,链路状态协议,传递最佳的路径信息给其它的路由器,LSP数据包,SPF 运算,拓朴结构数据,最佳路由信息,路由表,C,A,D,B,距离矢量和环状路由的综合应用,混
40、合 路 由,选择基于距离矢量的路径Converge rapidly using 通过传递变化的更新信息 达到快速收敛,平衡的路由,路由器配置 选择路由协议 指定网络或端口,Network 160.89.0.0,Network 172.30.0.0,IGRP, RIP,Network 172.16.0.0,RIP,RIP,IGRP,IP路由的配置任务,指定IP路由协议,Router(config)#router protocol keyword,指定与路由器直接相连的网络,Router(config-router)#network network-number,动态路由配置,Hop 计算,最大支
41、持15跳,16跳即不可达 路由器每隔30秒更新 最多支持相同hop数的6条路径的负载均衡 RIPV1是有类路由,RIPV2是无类路由 适合以小型网络 在带宽不相等负载均衡中,形成瓶颈拥塞,RIP 概 述,RIP时间,Route update timer每隔30秒向邻居发送一个完整路由表的拷贝。 Route invalid timer宣告路由为无效的时间间隔,通常为180秒。 Holddown timer某个网络不可达的更新消息到达时,触发。通常为180秒。 Route flush timer当一个路由宣告为无效到从路由表中移出的时间,为240秒。,激活RIP协议,Router(config)#
42、router rip,Router(config-router)#network network-number,选择所能到达的网络 必须是有效的网络,RIP 配 置,2.3.0.0,RIP 配置举例,2.3.0.0,172.16.1.1,S2,E0,S3,192.168.1.1,10.1.1.1,10.2.2.2,10.1.1.2,S2,S3,10.2.2.3,172.16.1.0,A,B,C,192.168.1.0,E0,查看RIP信息,RouterA#sh ip protocols Routing Protocol is “rip“Sending updates every 30 seco
43、nds, next due in 0 secondsInvalid after 180 seconds, hold down 180, flushed after 240Outgoing update filter list for all interfaces isIncoming update filter list for all interfaces isRedistributing: ripDefault version control: send version 1, receive any versionInterface Send Recv Key-chainEthernet0
44、 1 1 2Serial2 1 1 2Routing for Networks:10.0.0.0172.16.0.0Routing Information Sources:Gateway Distance Last Update10.1.1.2 120 00:00:10Distance: (default is 120),172.16.1.1,S2,E0,S3,192.168.1.1,10.1.1.1,10.2.2.2,10.1.1.2,S2,S3,10.2.2.3,172.16.1.0,A,B,C,192.168.1.0,E0,查看路由表,RouterA#sh ip route Codes:
45、 C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2
46、, * - candidate defaultU - per-user static route, o - ODRT - traffic engineered routeGateway of last resort is not set172.16.0.0/24 is subnetted, 1 subnets C 172.16.1.0 is directly connected, Ethernet010.0.0.0/24 is subnetted, 2 subnets R 10.2.2.0 120/1 via 10.1.1.2, 00:00:07, Serial2 C 10.1.1.0 is
47、directly connected, Serial2 R 192.168.1.0/24 120/2 via 10.1.1.2, 00:00:07, Serial2,172.16.1.1,S2,E0,S3,192.168.1.1,10.1.1.1,10.2.2.2,10.1.1.2,S2,S3,10.2.2.3,172.16.1.0,A,B,C,192.168.1.0,E0,debug ip rip 命令,RouterA#debug ip rip RIP protocol debugging is on RouterA# 00:06:24: RIP: received v1 update fr
48、om 10.1.1.2 on Serial2 00:06:24: 10.2.2.0 in 1 hops 00:06:24: 192.168.1.0 in 2 hops 00:06:33: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (172.16.1.1) 00:06:34: network 10.0.0.0, metric 1 00:06:34: network 192.168.1.0, metric 3 00:06:34: RIP: sending v1 update to 255.255.255.255 via Serial2 (10.1.1.1) 00:06:34: network 172.16.0.0, metric 1,172.16.1.1,S2,E0,S3,192.168.1.1,10.1.1.1,10.2.2.2,10.1.1.2,S2,S3,10.2.2.3,172.16.1.0,A,B,C,192.168.1.0,E0,阻止RIP传播,
