迷彩 潜伏 隐蔽 伪装
分类:
2012-05-29 09:32:09
原文地址:静态路由之路由器两种转发模式 作者:linuxnet527
如上图所示,配置如下:
R1#show run
Building configuration...
Current configuration : 941 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Serial0/0
ip address 192.1.12.1 255.255.255.0
serial restart-delay 0
!
interface Serial0/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 3.3.3.0 255.255.255.0 Serial0/0 5 permanent
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end
R2#show run
Building configuration...
Current configuration : 1039 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface Serial0/0
ip address 192.1.12.2 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial0/1
ip address 192.1.23.2 255.255.255.0
serial restart-delay 0
clock rate 64000
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
ip address 193.1.23.2 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 3.3.3.0 255.255.255.0 FastEthernet1/0
ip route 3.3.3.0 255.255.255.0 Serial0/1
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end
R3#show run
Building configuration...
Current configuration : 948 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
no ip domain lookup
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/1
ip address 192.1.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial0/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet1/0
ip address 193.1.23.3 255.255.255.0
duplex auto
speed auto
!
ip http server
no ip http secure-server
!
ip route 192.1.12.0 255.255.255.0 192.1.23.2
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end
此试验为验证R2到R3上双线负载均衡的现象,从而学习的两种转发:进程转发、快速转发
采用进程交换方式转发分组时,将基于每个分组来做出等成本路径上的负载均衡决策;
采用快速交换方式转发分组时,将基于目的地来做出等成本路径上的负载均衡决策。
首先说明,涉及到ip cef (全局支持快速转发),no ip route-cache(接口下关闭快速转发变成进程转发)
1,我们在R2上配置 no ip cef ,关闭全局快速转发。使R2变成进程转发。
我们ping 3.3.3.3 并开启debug ip packet观察
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!
*Mar 1 01:18:51.651: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 01:18:51.651: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:18:51.795: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 01:18:51.795: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 01:18:51.799: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 01:18:51.799: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 01:18:51.803: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, encapsulation failed.!
*Mar 1 01:18:53.799: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 01:18:53.799: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:18:53.907: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 01:18:53.907: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 01:18:53.911: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 01:18:53.911: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 01:18:53.915: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, encapsulation failed.!
一通一断现象,从路径看走193的全不通,因为encapsulation failed. 此原因为我们写静态路由的时候是以出接口为下一跳,从而路由在进程转发时候找到此链路上时,会查找2层RARP相关信息对数据重新封成帧,导致封装失败而ping不通。
※如果我们静态路由下一跳为IP地址,则不会产生这样现象。所以写静态路由时候尽量写下一跳IP地址而不要写出接口。
2,我们查看路由条目详细信息。
R2#show ip route 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0 (connected)
Routing Descriptor Blocks:
* directly connected, via FastEthernet1/0
Route metric is 0, traffic share count is 1
directly connected, via Serial0/1
Route metric is 0, traffic share count is 1
此时关闭快速转发后,每一个包的转发都会跟随着下一跳指针的跳动而走不一样的下一跳F1/0或S0/1,这也是说明上面我们为什么通一个断一个,当指针跳到S0/1时,包可以通,跳到F1/0时,就会不通。
3,我们将静态路由该为下一跳IP地址后,可以看到负载均衡的同时下一跳指针的变化,数据包均通。
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
193.1.23.3
Route metric is 0, traffic share count is 1
* 192.1.23.3
Route metric is 0, traffic share count is 1
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/137/236 ms
R2#
*Mar 1 01:41:23.215: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 01:41:23.215: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:41:23.355: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 01:41:23.355: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 01:41:23.359: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 01:41:23.359: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 01:41:23.499: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:41:23.499: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:41:23.503: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 01:41:23.503: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:4
R2#1:23.595: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 01:41:23.595: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 01:41:23.599: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 01:41:23.599: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 01:41:23.835: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:41:23.835: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:41:23.839: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 01:41:23.839: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:41:23.907: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 01:41:23.907: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 193.1.23.3
Route metric is 0, traffic share count is 1
192.1.23.3
Route metric is 0, traffic share count is 1
4,然后我们再将R2的ip cef 功能全局打开,即全局快速转发,并开启debug ip packet观察。
R2(config)#ip cef
R2(config)#^Z
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 193.1.23.3
Route metric is 0, traffic share count is 1
192.1.23.3
Route metric is 0, traffic share count is 1
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/124/172 ms
R2#
*Mar 1 01:43:44.247: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via FIB
*Mar 1 01:43:44.247: IP: s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:43:44.415: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:43:44.415: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:43:44.419: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via FIB
*Mar 1 01:43:44.419: IP: s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:43:44.559: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:43:44.559: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:43:44.563: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via FIB
*Mar 1 01:43:44.563: IP: s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
R2#*Mar 1 01:43:44.655: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:43:44.655: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:43:44.659: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via FIB
*Mar 1 01:43:44.659: IP: s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:43:44.727: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:43:44.727: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 01:43:44.731: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via FIB
*Mar 1 01:43:44.735: IP: s=193.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 01:43:44.871: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 01:43:44.871: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEt
R2#hernet1/0), len 100, rcvd 3
此现象观察到快速转发而为实现包的负载均衡,应为基于目的的负载均衡,如我们ping其它地址将会看到负载路径的变化。
5,我们将R2的ip cef全局no掉,使R2进入进程交换,我们分别从R1和R2上ping 3.3.3.3 观察结果。
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
193.1.23.3
Route metric is 0, traffic share count is 1
* 192.1.23.3
Route metric is 0, traffic share count is 1
R2#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 96/196/284 ms
R2#
*Mar 1 00:19:48.607: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 00:19:48.607: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 00:19:48.823: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 00:19:48.823: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 00:19:48.827: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 00:19:48.827: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 00:19:49.107: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 00:19:49.107: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 00:19:49.111: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 00:19:49.111: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 00:1
R2#9:49.203: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 00:19:49.203: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
*Mar 1 00:19:49.207: IP: tableid=0, s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), routed via RIB
*Mar 1 00:19:49.207: IP: s=193.1.23.2 (local), d=3.3.3.3 (FastEthernet1/0), len 100, sending
*Mar 1 00:19:49.467: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), routed via RIB
*Mar 1 00:19:49.467: IP: s=3.3.3.3 (FastEthernet1/0), d=193.1.23.2 (FastEthernet1/0), len 100, rcvd 3
*Mar 1 00:19:49.471: IP: tableid=0, s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), routed via RIB
*Mar 1 00:19:49.471: IP: s=192.1.23.2 (local), d=3.3.3.3 (Serial0/1), len 100, sending
*Mar 1 00:19:49.587: IP: tableid=0, s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), routed via RIB
*Mar 1 00:19:49.587: IP: s=3.3.3.3 (Serial0/1), d=192.1.23.2 (Serial0/1), len 100, rcvd 3
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 193.1.23.3
Route metric is 0, traffic share count is 1
192.1.23.3
Route metric is 0, traffic share count is 1
此信息可看出R2在进程转发模式下,R2自身发起的ping包按照进程转发负载均衡的。接着我们去R1发起ping包并观察现象。
R2#clear ip route * (清除路由表,这样R2上对R1来的ping包的第一个包会进行进程转发,随后按照cache表进行快速转发,以下信息可以看到R2上就第一个包进行了进程路由寻径的输出。)
*Mar 1 00:23:15.899: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=192.1.12.1 (Serial0/0), routed via RIB
*Mar 1 00:23:15.899: IP: s=3.3.3.3 (FastEthernet1/0), d=192.1.12.1 (Serial0/0), g=192.1.12.1, len 100, forward
R2#
*Mar 1 00:23:16.923: IP: tableid=0, s=3.3.3.3 (FastEthernet1/0), d=192.1.12.1 (Serial0/0), routed via RIB
*Mar 1 00:23:16.927: IP: s=3.3.3.3 (FastEthernet1/0), d=192.1.12.1 (Serial0/0), g=192.1.12.1, len 100, forward
R2#show ip route 3.3.3.3
Routing entry for 3.3.3.0/24
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
193.1.23.3
Route metric is 0, traffic share count is 1
* 192.1.23.3
Route metric is 0, traffic share count is 1