双向引入常见问题
次优路径:当只有R2配置双向引入,会出现次优路由
R2:配置
#
isis 50
is-level level-2
cost-style wide
network-entity 49.0001.0020.0200.2002.00
import-route ospf 100 level-2
#
ospf 100 router-id 2.2.2.2
import-route isis 50 type 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
环路:当R2和R3同时双向引入,产生环路风险
解决方法
解决环路:
R2:
[r2]display current-configuration
[V200R003C00]
#
sysname r2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 50
is-level level-2
cost-style wide
network-entity 49.0001.0020.0200.2002.00
import-route ospf 100 route-policy ospf-to-isis
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 30.1.1.1 255.255.255.0
isis enable 50
isis dis-priority 127
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 100 router-id 2.2.2.2
import-route isis 50 type 1 route-policy isis-to-ospf
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
route-policy ospf-to-isis deny node 10
if-match tag 200
#
route-policy ospf-to-isis permit node 20
apply tag 100
#
route-policy isis-to-ospf deny node 10
if-match tag 100
#
route-policy isis-to-ospf permit node 20
apply tag 200
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
[r2]
R3:
<r3>display current-configuration
[V200R003C00]
#
sysname r3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
isis 50
is-level level-2
cost-style wide
network-entity 49.0001.0030.0300.3003.00
import-route ospf 100 route-policy ospf-to-isis
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 20.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 40.1.1.1 255.255.255.0
isis enable 50
isis dis-priority 127
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 100 router-id 3.3.3.3
import-route isis 50 type 1 route-policy isis-to-ospf
area 0.0.0.0
network 20.1.1.0 0.0.0.255
#
route-policy ospf-to-isis deny node 10
if-match tag 200
#
route-policy ospf-to-isis permit node 20
apply tag 100
#
route-policy isis-to-ospf deny node 10
if-match tag 100
#
route-policy isis-to-ospf permit node 20
apply tag 200
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
<r3>
解决次优路由:
1)ip ip-prefix 1 index 10 permit 1.1.1.1 32
2)route-policy PRE permit node 10
if-match ip-prefix 1
apply preference 14
3)ospf 100 router-id 2.2.2.2
import-route isis 50 type 1 route-policy isis-to-ospf
preference ase route-policy PRE 150
area 0.0.0.0
network 10.1.1.0 0.0.0.255
