|
| 关于作者 |
 |
|
|
|
姓名: 大萝卜
职业: 听人说,技术支持是IT业最鸡肋的职业,于是我便开始郁闷起来!
个性签名: 我以为我们同属于/30,Ping出Timed out才明白处于不同的Vlan。我尝试着用爱做为Route,并用Traceroute来验证,可是Netstat的Syn_received结果让我无比伤心。于是我选择了deny any和deny ip any any,但是我心里一直期待着Vpn那天的到来,请将我放在你的Acl之内。
Mailto:bxz1981#gmail.com
|
|
|
| 我的分类 |
|
|
|
|
|
|
|
MPLS-OSPF Sham-Link
|
ip cef
ip vrf test
rd 123:1
import map from-pe-r3
export map to-pe-r3
route-target export 123:1
route-target import 123:3
route-target import 123:65006
!
ip vrf test16
rd 123:65006
route-target export 123:65006
route-target import 123:65007
route-target import 123:1
interface Loopback0
ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
ip vrf forwarding test
ip address 10.1.2.1 255.255.255.255
!
interface Ethernet0/0
ip vrf forwarding test
ip address 14.1.1.1 255.255.255.0
!
interface Serial0/0
no ip address
!
interface Serial0/0.12 point-to-point
ip address 12.1.1.1 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 102
!
interface Serial0/0.16 point-to-point
ip vrf forwarding test16
ip address 16.1.1.1 255.255.255.0
frame-relay interface-dlci 106
!
router ospf 1 vrf test
area 45 sham-link 10.1.2.1 30.1.2.1
redistribute bgp 13 subnets route-map ce5-only
network 14.1.1.0 0.0.0.255 area 45
!
router isis
net 49.0123.0000.0000.0001.00
passive-interface Loopback0
!
router bgp 13
no synchronization
bgp log-neighbor-changes
neighbor 30.1.1.1 remote-as 13
neighbor 30.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 30.1.1.1 activate
neighbor 30.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf test16
neighbor 16.1.1.6 remote-as 65006
neighbor 16.1.1.6 activate
neighbor 16.1.1.6 as-override
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test
redistribute connected route-map sham-loopback
redistribute ospf 1 vrf test
exit-address-family
ip prefix-list to65004 seq 5 deny 60.1.2.0/24
ip prefix-list to65004 seq 10 permit 0.0.0.0/0 le 32
access-list 10 permit 10.1.2.1
access-list 40 permit 40.1.1.0 0.0.0.255
access-list 41 permit 40.1.10.1
access-list 50 permit 10.1.2.1
access-list 50 permit 30.1.2.1
access-list 50 permit 35.1.1.0 0.0.0.255
access-list 60 deny 60.1.2.0 0.0.0.255
access-list 60 permit any
!
route-map ce5-only permit 10
match ip address 50
!
route-map to65004 permit 10
match ip address prefix-list to65004
!
route-map sham-loopback permit 10
match ip address 10
!
route-map from-pe-r3 permit 10
match ip address 60
!
route-map to-pe-r3 permit 10
match ip address 40
set extcommunity rt 123:65004
!
route-map ce1-ospf-to-bgp permit 10
match ip address 41
================================================== =================
hostname r2
ip cef
!
mpls label protocol ldp
interface Loopback0
ip address 20.1.1.1 255.255.255.0
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.12 point-to-point
ip address 12.1.1.2 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 201
!
interface Serial0/0.23 point-to-point
ip address 23.1.1.2 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 203
router isis
net 49.0123.0000.0000.0002.00
passive-interface Loopback0
================================================== ==============
hostname r3
ip cef
ip vrf test
rd 123:3
route-target export 123:3
route-target import 123:1
!
ip vrf test37
rd 123:65007
route-target export 123:65007
route-target import 123:65006
!
!
mpls label protocol ldp
interface Loopback0
ip address 30.1.1.1 255.255.255.0
!
interface Loopback2
ip vrf forwarding test
ip address 30.1.2.1 255.255.255.255
!
interface Serial0/0
no ip address
encapsulation frame-relay
no frame-relay inverse-arp
!
interface Serial0/0.23 point-to-point
ip address 23.1.1.3 255.255.255.0
ip router isis
mpls ip
frame-relay interface-dlci 302
interface Serial0/2
ip vrf forwarding test37
ip address 37.1.1.3 255.255.255.0
serial restart-delay 0
clock rate 19200
!
interface Ethernet1/0
ip vrf forwarding test
ip address 35.1.1.3 255.255.255.0
half-duplex
!
router ospf 1 vrf test
log-adjacency-changes
area 45 sham-link 30.1.2.1 10.1.2.1
redistribute bgp 13 subnets
network 35.1.1.0 0.0.0.255 area 45
!
router isis
net 49.0123.0000.0000.0003.00
passive-interface Loopback0
!
router bgp 13
no synchronization
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 13
neighbor 10.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 10.1.1.1 activate
neighbor 10.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf test37
neighbor 37.1.1.7 remote-as 65006
neighbor 37.1.1.7 activate
neighbor 37.1.1.7 as-override
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf test
redistribute connected route-map sham-loopback
redistribute ospf 1 vrf test match internal external 1 external 2
exit-address-family
access-list 30 permit 30.1.2.1
access-list 41 permit 40.1.10.1
access-list 42 deny 40.1.10.1
access-list 42 permit any
access-list 43 permit 40.1.10.1
access-list 43 permit 14.1.1.0 0.0.0.255
!
route-map ce4-only permit 10
match ip address 43
!
route-map sham-loopback permit 10
match ip address 30
!
route-map pe3-bgp-to-ce5 permit 10
match ip address 42
!
route-map pe3-bgp-to-ospf permit 10
match ip address 41
!
!
mpls ldp router-id Loopback0
================================================== ===============
hostname r4
ip cef
interface Loopback0
ip address 40.1.1.1 255.255.255.0
!
interface Loopback2
ip address 40.1.2.1 255.255.255.0
!
interface Loopback10
ip address 40.1.10.1 255.255.255.0
!
interface FastEthernet0/0
ip address 14.1.1.4 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 14.1.1.0 0.0.0.255 area 45
network 40.1.10.0 0.0.0.255 area 45
================================================== ============
hostname r5
interface Loopback0
ip address 50.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 35.1.1.5 255.255.255.0
router ospf 1
network 35.1.1.0 0.0.0.255 area 45
================================================== ====================
hostname r6
ip cef
interface Loopback0
ip address 60.1.1.1 255.255.255.0
!
interface Loopback2
ip address 60.1.2.1 255.255.255.0
!
!
interface Serial0/0
no ip address
encapsulation frame-relay
!
interface Serial0/0.16 point-to-point
ip address 16.1.1.6 255.255.255.0
frame-relay interface-dlci 601
router bgp 65006
no synchronization
bgp log-neighbor-changes
network 60.1.1.0 mask 255.255.255.0
network 60.1.2.0 mask 255.255.255.0
neighbor 16.1.1.1 remote-as 13
no auto-summary
================================================== ==============================
r1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
20.0.0.0/24 is subnetted, 1 subnets
i L1 20.1.1.0 [115/10] via 12.1.1.2, Serial0/0.12
23.0.0.0/24 is subnetted, 1 subnets
i L1 23.1.1.0 [115/20] via 12.1.1.2, Serial0/0.12
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Loopback0
12.0.0.0/24 is subnetted, 1 subnets
C 12.1.1.0 is directly connected, Serial0/0.12
30.0.0.0/24 is subnetted, 1 subnets
i L1 30.1.1.0 [115/20] via 12.1.1.2, Serial0/0.12
================================================== ===============================
r1#sh ip b v v test
BGP table version is 54, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:1 (default for vrf test)
*> 10.1.2.1/32 0.0.0.0 0 32768 ?
*>i30.1.2.1/32 30.1.1.1 0 100 0 ?
*> 40.1.10.1/32 14.1.1.4 11 32768 ?
*> 60.1.1.0/24 16.1.1.6 0 0 65006 i
r1#sh ip b v v test 40.1.10.1
BGP routing table entry for 123:1:40.1.10.1/32, version 53
Paths: (1 available, best #1, table test)
Advertised to update-groups:
3
Local
14.1.1.4 from 0.0.0.0 (10.1.1.1)
Origin incomplete, metric 11, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:123:1 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.45:2:0 OSPF ROUTER ID:14.1.1.1:512,
mpls labels in/out 22/nolabel
================================================== ================================
r3(config-if)#do sh ip b v v test
BGP table version is 52, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:3 (default for vrf test)
*>i10.1.2.1/32 10.1.1.1 0 100 0 ?
*> 30.1.2.1/32 0.0.0.0 0 32768 ?
r>i40.1.10.1/32 10.1.1.1 11 100 0 ?
r3>en
r3#sh ip b v v test
BGP table version is 52, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 123:3 (default for vrf test)
*>i10.1.2.1/32 10.1.1.1 0 100 0 ?
*> 30.1.2.1/32 0.0.0.0 0 32768 ?
r>i40.1.10.1/32 10.1.1.1 11 100 0 ?
r3#sh ip b v v test 40.1.10.1
BGP routing table entry for 123:3:40.1.10.1/32, version 52
Paths: (1 available, best #1, table test, RIB-failure(17))
Not advertised to any peer
Local, imported path from 123:1:40.1.10.1/32
10.1.1.1 (metric 20) from 10.1.1.1 (10.1.1.1)
Origin incomplete, metric 11, localpref 100, valid, internal, best
Extended Community: RT:123:1 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.45:2:0 OSPF ROUTER ID:14.1.1.1:512,
mpls labels in/out nolabel/22
-------------------------------------------------------------------------
r1#sh ip ospf 1 sham-link
Sham Link OSPF_SL1 to address 30.1.2.1 is up
Area 45 source address 10.1.2.1
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:05
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
---------------------------------------------------------------------------
r3(config-if)#do sh ip ospf 1 sham-link
Sham Link OSPF_SL1 to address 10.1.2.1 is up
Area 45 source address 30.1.2.1
Run as demand circuit
DoNotAge LSA allowed. Cost of using 1 State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Hello due in 00:00:04
Adjacency State FULL (Hello suppressed)
Index 2/2, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
----------------------------------------------------------------------------
r4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
35.0.0.0/24 is subnetted, 1 subnets
O 35.1.1.0 [110/12] via 14.1.1.1, 00:07:08, FastEthernet0/0
40.0.0.0/24 is subnetted, 3 subnets
C 40.1.10.0 is directly connected, Loopback10
C 40.1.1.0 is directly connected, Loopback0
C 40.1.2.0 is directly connected, Loopback2
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.1.2.1 [110/1] via 14.1.1.1, 00:07:08, FastEthernet0/0
14.0.0.0/24 is subnetted, 1 subnets
C 14.1.1.0 is directly connected, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.1.2.1 [110/1] via 14.1.1.1, 00:07:09, FastEthernet0/0
================================================== ====================================
r5#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
50.0.0.0/24 is subnetted, 1 subnets
C 50.1.1.0 is directly connected, Loopback0
35.0.0.0/24 is subnetted, 1 subnets
C 35.1.1.0 is directly connected, FastEthernet0/0
40.0.0.0/32 is subnetted, 1 subnets
O 40.1.10.1 [110/13] via 35.1.1.3, 00:07:18, FastEthernet0/0
10.0.0.0/32 is subnetted, 1 subnets
O E2 10.1.2.1 [110/1] via 35.1.1.3, 00:07:18, FastEthernet0/0
14.0.0.0/24 is subnetted, 1 subnets
O 14.1.1.0 [110/12] via 35.1.1.3, 00:07:18, FastEthernet0/0
30.0.0.0/32 is subnetted, 1 subnets
O E2 30.1.2.1 [110/1] via 35.1.1.3, 00:07:19, FastEthernet0/0
|
|
|
原文地址
http://tcytech.com
|
|
发表于: 2006-12-11,修改于: 2007-03-07 09:28 已浏览3278次,有评论2条
推荐
投诉
|
|
|
|
网友评论 |
|
本站网友 | 时间:2006-12-11 17:19:59 IP地址:60.166.120.★ |
|
|
|
|
|
本站网友 | 时间:2006-12-25 21:53:58 IP地址:220.112.140.★ |
|
|
|
|
|
| |
|
Copyright © 2001-2006 ChinaUnix.net All Rights Reserved
感谢所有关心和支持过ChinaUnix的朋友们
页面生成时间:0.12502 京ICP证041476号
|
|
