如何将默认路由下放到EIGRP域

EIGRP2_address

预配:

R1:

interface s1/0

ip address 12.1.1.1 255.255.255.0

no shut

interface loopback 0

ip address 1.1.1.1 255.255.255.0

no shut

R2:

interface s1/1

ip address 12.1.1.2 255.255.255.0

no shut

interface s1/0

ip address 23.1.1.2 255.255.255.0

no shut

interface loopback 0

ip address 2.2.2.2 255.255.255.0

no shut

R3:

interface s1/1

ip address 23.1.1.3 255.255.255.0

no shut

interface loopback 0

ip address 3.3.3.3 255.255.255.0

no shut

配置EIGRP域

R1:

router eigrp 90

eigrp router-id 1.1.1.1

network 12.1.1.0 0.0.0.255

no auto-summary

R2:

router eigrp 90

eigrp router-id 2.2.2.2

network 12.1.1.0 0.0.0.255

network 23.1.1.0 0.0.0.255

no auto-summary

R3:

router eigrp 90

eigrp router-id 3.3.3.3

network 23.1.1.0 0.0.0.255

no auto-summary


1、重分布默认路由

  R1:

  ip route 0.0.0.0 0.0.0.0 12.1.1.2或s1/0

  router eigrp 90

  redistribute static 重分布静态路由

2、宣告0.0.0.0 网络

  这里的默认路由必须是以退出接口的配置参数

  ip route 0.0.0.0 0.0.0.0 s1/0

  router eigrp 90

  network 0.0.0.0

3、使用ip default-network

  命令如下:

  ip default-network 12.0.0.0

  ip route 12.0.0.0 255.0.0.0 s1/0创建需要通告的类似直连网络的静态路由,且只能以退出接口

  router eigrp 90

  network 12.0.0.0

  添加ip default-network是添加默认路由,而需要通告该默认路由,没有类似的直连网络

  所以需要创建一个类似于直连接口的静态路由

4、在接口中将汇总成默认路由

  R1:

  interface s1/0

  ip summary-address eigrp 90 0.0.0.0 0.0.0.0


auto-summary:

1、在主类网络边界上自动汇总

2、手工汇总:在接口下作手工汇总,是路由传播方向的Out方向

  当汇总路由的所有明细条目down后,汇总路由才消失

  当汇总的明细路由是多条不同metric的时候,汇总选最小值的metric


EIGRP的三种管理距离:

内部EIGRP路由是90

外部EIGRP路由是170

EIGRP汇总路由是50


验证16次重传机制:

EIGRP2_address_02

配置:

R1

interface f0/0

ip address 12.1.1.1 255.255.255.0

no shut

interface lo0

ip address 1.1.1.1 255.255.255.0

no shut

router eigrp 90

eigrp router-id 1.1.1.1

network 12.1.1.0 0.0.0.255

network 1.1.1.0 0.0.0.255

no auto-summary

R2:

interface f0/1

ip address 12.1.1.2 255.255.255.0

no shut

interface l0

ip address 2.2.2.2 255.255.255.0

no shut

router eigrp 90

eigrp router-id 2.2.2.2

network 12.1.1.0 0.0.0.255

network 2.2.2.0 0.0.0.255

no auto-summary

设想这样一个场景:

当R2发送hello包给R1的时候,采用一些措施不让R1回复hello包给R2,从而导致重传的开始

开始我采用这个ACL规则:在R1上

ip access-list extended 100

deny eigrp any host 12.1.1.1

permit ip any any

interface f0/0

ip access-group 100 in

可是不起作用哦!为什么呢?

我们只知道,它们发送hello包的时候,目的IP地址是224.0.0.10

所以这个ACL规则根本抓不到包,规则不起作用的哦

修改如下

ip access-list extended 100

deny eigrp any host 224.0.0.10

permit ip any any

就可以了

Mar  1 00:06:59.943:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Mar  1 00:06:59.975: EIGRP: Sending UPDATE on FastEthernet0/1 nbr 12.1.1.1, retry 16, RTO 5000

*Mar  1 00:06:59.975:   AS 90, Flags 0x1, Seq 12/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/2

R2#un all

*Mar  1 00:07:02.855: EIGRP: Received HELLO on FastEthernet0/1 nbr 12.1.1.1

*Mar  1 00:07:02.859:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/2

R2#un all

*Mar  1 00:07:04.479: EIGRP: Sending HELLO on FastEthernet0/1

*Mar  1 00:07:04.479:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Mar  1 00:07:04.699: EIGRP: Sending HELLO on Loopback0

*Mar  1 00:07:04.699:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Mar  1 00:07:04.703: EIGRP: Received HELLO on Loopback0 nbr 2.2.2.2

*Mar  1 00:07:04.707:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0

*Mar  1 00:07:04.707: EIGRP: Packet from ourselves ignored

*Mar  1 00:07:04.975: EIGRP: Retransmission retry limit exceeded

*Mar  1 00:07:04.975: EIGRP: Sending HELLO on FastEthernet0/1

*Mar  1 00:07:04.975:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0

*Mar  1 00:07:04.983: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 90: Neighbor 12.1.1.1 (FastEthernet0/1) is down: retry limit exceeded


看到了吧,16次后,邻居关系down掉


EIGRP DUAL算法:

successor:指的的是路由器哦

         最优路由的下一跳路由器

FS:指的也是路由器

  次优路由的下一跳路由器


FS的条件:

次优路由的AD必须小于最优路由FD,就可以成为FS


如果successor没有了,将启用FS,如果没有FS,就发送查询给邻居


EIGRP 负载均衡

查看负载均衡条目,最大6条 show ip protocols

非等价负载均衡:

successor的FD*varian>FS的FD就可以了


EIGRP接口的利用率:默认百分之五十

ip bandwidth-percent eigrp 90 200 百分之200,结合bandwidth来使用

一般在应用于WAN链路的情况下使用


查询过程:

1、在路由丢失,无FS

2、发送给其他邻居,除了successor接口

3、如果邻居没有该路由信息,查询往其他邻居扩散

会遇到SIA状态,也就是卡在active状态,默认3分钟没有收到回复,重置邻居

timer active-time 3这个就是设置SIA时间,默认在进程下配置


如何限制查询包的扩散:

1、汇总

  汇总后的子网掩码不一样,当查询报文来了后,将没有该路由,直接回复reply

2、EIGRP STUB

  配置stub的路由器主动发送带有stub标识的报文

  而丢失路由的路由器不会发查询报文给stub路由器

  router eigrp 90

  eigrp stub

  模拟这个实验

EIGRP2_router_03

R1:

interface f0/0

ip address 12.1.1.1 255.255.255.0

no shut

interface l0

ip address 1.1.1.1 255.255.255.0

no shut

router eigrp 90

eigrp router-id 1.1.1.1

network 12.1.1.0 0.0.0.255

network 1.1.1.0 0.0.0.255

no auto-summary

R2:

interface f0/1

ip address 12.1.1.2 255.255.255.0

no shut

interface l0

ip address 2.2.2.2 255.255.255.0

no shut

router eigrp 90

eigrp router-id 2.2.2.2

network 12.1.1.0 0.0.0.255

network 2.2.2.0 0.0.0.255

no auto-summary


当R2down掉loopback0口时候

R2会发送query报文给R1

debug eigrp packets query 可以看到发送的query报文

debup eigrp packets hello 可以看到发送的hello报文


show ip eigrp neighbors detail

R2#show ip eigrp neighbors detail

IP-EIGRP neighbors for process 90

H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq

                                           (sec)         (ms)       Cnt Num

0   12.1.1.1                Se1/0             13 00:06:38   37   222  0  39

  Version 12.4/1.2, Retrans: 0, Retries: 0, Prefixes: 1

Stub Peer Advertising ( CONNECTED SUMMARY ) Routes

  Suppressing queries

所以R2是不会发送query报文给R1的

eigrp stub的默认参数有connected summary  

如果配置成stub,只会发直连路由和汇总给邻居


EIGRP的认证:只支持MD5认证

基于接口的认证:

key chain R2 仅本地有效

key 1

key-string cisco

interface f0/0

ip authentication key-chain eigrp 90 R2

ip authentication mode eigrp 90 md5


被动接口passive-interface,用于环回口,不收发认hello报文,但是该环回口会被通告


偏移列表:用来修改metric值

先用ACL来抓路由

offset-list acl名 in 4  路由进程中  入接口


过滤路由:

原理是这样的,如果需要过滤掉EIGRP拓扑表信息,就可以过滤掉路由。

总共有两个方向,in方向是接受到的EIGRP拓扑信息进行过滤,out方向是发送出去的EIGRP拓扑

信息进行路由过滤。


配置信息重新来过:

R1:

interface e0/0

ip add 10.10.12.1 255.255.255.0

no shut

interface lo0

ip add 1.1.1.1 255.255.255.0

ip add 172.16.0.1 255.255.255.0 secondary

ip add 172.16.1.1 255.255.255.0 secondary

ip add 172.16.2.1 255.255.255.0 secondary

no shut

router eigrp 90

eigpr router-id 1.1.1.1

network 10.10.12.0 0.0.0.255

network 1.1.1.0 0.0.0.255

network 172.16.0.0 0.0.0.255

network 172.16.1.0 0.0.0.255

network 172.16.2.0 0.0.0.255

R2:

interface e0/1

ip add 10.10.12.2 255.255.255.0

no shut

interface e0/0

ip add 10.10.23.2 255.255.255.0

no shut

interface l0

ip add 2.2.2.2 255.255.255.0

no shut

router eigrp 90

eigrp router-id 2.2.2.2

network 10.10.12.0 0.0.0.255

network 10.10.23.0 0.0.0.255

network 2.2.2.0 0.0.0.255

router eigrp 90

eigrp router-id 2.2.2.2

network 10.10.12.0 0.0.0.255

network 10.10.23.0 0.0.0.255

network 2.2.2.0 0.0.0.255

R3:

interface e0/1

ip add 10.10.23.3 255.255.255.0

no shut

interface l0

ip add 3.3.3.3 255.255.255.0

no shut

router eigrp 90

eigrp router-id 3.3.3.3

network 10.10.23.0 0.0.0.255

network 3.3.3.0 0.0.0.255


在R2上,show ip route

R2(config-router)#do show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

      D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

      N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

      E1 - OSPF external type 1, E2 - OSPF external type 2

      i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

      ia - IS-IS inter area, * - candidate default, U - per-user static route

      o - ODR, P - periodic downloaded static route


Gateway of last resort is not set


    1.0.0.0/24 is subnetted, 1 subnets

D       1.1.1.0 [90/409600] via 10.10.12.1, 00:32:35, Ethernet0/1

    2.0.0.0/24 is subnetted, 1 subnets

C       2.2.2.0 is directly connected, Loopback0

    3.0.0.0/24 is subnetted, 1 subnets

D       3.3.3.0 [90/409600] via 10.10.23.3, 00:30:24, Ethernet0/0

    172.16.0.0/24 is subnetted, 3 subnets

D       172.16.0.0 [90/409600] via 10.10.12.1, 00:00:07, Ethernet0/1

D       172.16.1.0 [90/409600] via 10.10.12.1, 00:32:35, Ethernet0/1

D       172.16.2.0 [90/409600] via 10.10.12.1, 00:32:37, Ethernet0/1

    10.0.0.0/24 is subnetted, 2 subnets

C       10.10.12.0 is directly connected, Ethernet0/1

C       10.10.23.0 is directly connected, Ethernet0/0

我想过滤掉172.16.0.0 255.255.255.0 这条路由条目


R2:

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

router eigrp 90

distribute-list 1 in e0/1

R2(config-router)#do show ip route eigrp

    1.0.0.0/24 is subnetted, 1 subnets

D       1.1.1.0 [90/409600] via 10.10.12.1, 00:36:51, Ethernet0/1

    3.0.0.0/24 is subnetted, 1 subnets

D       3.3.3.0 [90/409600] via 10.10.23.3, 00:34:39, Ethernet0/0

    172.16.0.0/24 is subnetted, 2 subnets

D       172.16.1.0 [90/409600] via 10.10.12.1, 00:36:51, Ethernet0/1

D       172.16.2.0 [90/409600] via 10.10.12.1, 00:36:51, Ethernet0/1

过滤掉这条172.16.0.0 255.255.255.0了哦!


第二种方法就是使用前缀列表

ip prefix-list test permit 172.16.1.0/24

router eigrp 90

distribute-list prefix test in e0/1

那么这样达到的效果是什么样的呢?

R2(config-router)#do show ip route eigrp

    3.0.0.0/24 is subnetted, 1 subnets

D       3.3.3.0 [90/409600] via 10.10.23.3, 00:56:46, Ethernet0/0

    172.16.0.0/24 is subnetted, 1 subnets

D       172.16.1.0 [90/409600] via 10.10.12.1, 00:58:58, Ethernet0/1

呵呵,看着效果,本来想过滤掉172.16.1.0/24这条路由,说明是放行172.16.1.0/24这条路由

ip prefix-list test deny  172.16.1.0/24

ip prefix-list test permit 0.0.0.0/0 le 32

router eigrp 90

distribute-list prefix test in e0/1

以上两种方法,过滤动作时通过deny来实现的


第三种方法使用route-map

access-list 1 deny 172.16.0.0 0.0.0.255

access-list 1 permit any

route-map test permit 10

match ip address 1

router eigrp 90

distribute-list route-map test in e0/1

这里的拒绝动作还是体现在ACL的deny上,晕啊!

还可以这样的哦

access-list 1 permit 172.16.0.0 0.0.0.255

route-map test deny 10

match ip address 1

route-map test permit 20

exit

router eigrp 90

distribute-list route-map test in e0/1


也就是说,过滤的动作也可以体现在route-map的deny动作上,记得哦

它有默认的deny any的动作