控制路由更新数据流(被动接口和分布列表)

2007-09-20 12:27:29

　标签：被动接口控制路由更新数据流分布列表　　　[推送到技术圈]

控制路由更新数据流(被动接口和分布列表)

本实验使用拓扑：

在R1上建立一个环回口模拟R4

1．为什么要控制路由更新

首先假设我们在上面的拓扑中配置rip协议。在默认情况下，r1将通告以下网络:10.1.1.0 10.1.2.0 10.1.3.0 10.1.4.0

A.由于子网10.1.3.0没有其他的路由器能接受路由更新。所以向e0/0口发送rip更新没有意义。不但产生了一些不必要的额外开销，并可能引起安全风险。

B.若r1和r4是通过dial-on-demand(按需拨号)的ISDN链路相连，那么定期的路由更新会让链路保持在线状态，从而产生高额的费用。

2．通过passive-interface控制路由更新

被动接口可以完全阻止接口发送路由更新。此命令适用于所有的IGP协议。

命令格式：(config-router)#passive-interface type number

实例1：禁止e口上发送路由更新。

*Nov 18 08:14:47.639: subnet 10.1.3.0 metric 1

*Nov 18 08:14:47.639: subnet 10.1.4.0 metric 1

*Nov 18 08:14:47.891: RIP: sending v1 update to 255.255.255.255 via Serial2/0 (10.1.2.1)

*Nov 18 08:14:47.891: RIP: build update entries

*Nov 18 08:14:47.891: subnet 10.1.1.0 metric 1

*Nov 18 08:14:47.891: subnet 10.1.3.0 metric 1

*Nov 18 08:14:47.891: subnet 10.1.4.0 metric 1

*Nov 18 08:14:57.079: RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.1.4.2)

*Nov 18 08:14:57.079: RIP: build update entries

*Nov 18 08:14:57.079: subnet 10.1.1.0 metric 1

*Nov 18 08:14:57.079: subnet 10.1.2.0 metric 1

*Nov 18 08:14:57.079: subnet 10.1.3.0 metric 1

现在输入这个命令：

R1(config)#router rip

R1(config-router)#passive-interface ethernet 0/0

R1(config-router)#end

观察debug信息

*Nov 18 08:15:15.507: RIP: sending v1 update to 255.255.255.255 via Serial1/0 (10.1.1.1)

*Nov 18 08:15:15.507: RIP: build update entries

*Nov 18 08:15:15.507: subnet 10.1.2.0 metric 1

*Nov 18 08:15:15.507: subnet 10.1.3.0 metric 1

*Nov 18 08:15:15.507: subnet 10.1.4.0 metric 1

*Nov 18 08:15:25.967: RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.1.4.2)

*Nov 18 08:15:25.967: RIP: build update entries

*Nov 18 08:15:25.967: subnet 10.1.1.0 metric 1

*Nov 18 08:15:25.967: subnet 10.1.2.0 metric 1

*Nov 18 08:15:25.967: subnet 10.1.3.0 metric 1

*Nov 18 08:15:41.587: RIP: sending v1 update to 255.255.255.255 via Serial1/0 (10.1.1.1)

*Nov 18 08:15:41.587: RIP: build update entries

*Nov 18 08:15:41.587: subnet 10.1.2.0 metric 1

*Nov 18 08:15:41.587: subnet 10.1.3.0 metric 1

*Nov 18 08:15:41.587: subnet 10.1.4.0 metric 1

*Nov 18 08:15:41.639: RIP: sending v1 update to 255.255.255.255 via Serial2/0 (10.1.2.1)

*Nov 18 08:15:41.639: RIP: build update entries

*Nov 18 08:15:41.639: subnet 10.1.1.0 metric 1

*Nov 18 08:15:41.639: subnet 10.1.3.0 metric 1

*Nov 18 08:15:41.639: subnet 10.1.4.0 metric 1

*Nov 18 08:15:55.907: RIP: sending v1 update to 255.255.255.255 via Loopback1 (10.1.4.2)

*Nov 18 08:15:55.907: RIP: build update entries

*Nov 18 08:15:55.907: subnet 10.1.1.0 metric 1

*Nov 18 08:15:55.907: subnet 10.1.2.0 metric 1

*Nov 18 08:15:55.907: subnet 10.1.3.0 metric 1

此时没有e口的更新。

此命令在不同协议下的工作方式：

RIP:只接受路由更新但是不发送

OSPF:即不发送也不接受

EIGRP和OSPF:不发送hello分组，不能在接口上与其他路由器建立邻居关系。

实例2：在OSPF上运用此命令观察现象。

R1(config)#router ospf 10

R1(config-router)#net 10.1.1.0 0.0.0.255 area 0

R1(config-router)#net 10.1.2.0 0.0.0.255 area 0

R1(config-router)#net 10.1.3.0 0.0.0.255 area 0

R1(config-router)#net 10.1.4.0 0.0.0.255 area 0

R2(config)#router ospf 10

R2(config-router)#net 10.1.1.0 0.0.0.255 area 0

R3(config)#router ospf 10

R3(config-router)#net 10.1.2.0 0.0.0.255 area 0

R1#sho ip ospf nei

Neighbor ID Pri State Dead Time Address Interface

10.1.1.2 0 FULL/ - 00:00:38 10.1.1.2 Serial1/0

10.1.2.2 0 FULL/ - 00:00:35 10.1.2.2 Serial2/0

R1#debug ip ospf hell

OSPF hello events debugging is on

R1#

*Nov 18 08:32:18.611: OSPF: Rcv hello from 10.1.2.2 area 0 from Serial2/0 10.1.2.2

*Nov 18 08:32:18.611: OSPF: End of hello processing

*Nov 18 08:32:19.659: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.1.1.1

*Nov 18 08:32:20.459: OSPF: Send hello to 224.0.0.5 area 0 on Serial2/0 from 10.1.2.1

*Nov 18 08:32:31.019: OSPF: Send hello to 224.0.0.5 area 0 on Ethernet0/0 from 10.1.3.1

在接口s1/0上运行此命令：

R1(config)#router ospf 10

R1(config-router)#passive-interface serial 1/0

R1#sho ip ospf nei

Neighbor ID Pri State Dead Time Address Interface

10.1.2.2 0 FULL/ - 00:00:33 10.1.2.2 Serial2/0

此时发现10.1.1.2这个邻居已经没有了。

3．用分布控制列表过滤路由更新

分布控制列表只抑制某些特定的路由不被发送或接受。

命令格式：

A.应用于进入路由更新

(config-router)#distribute-list access-list number in {interfacename}

B.应用于出口路由更新

(config-router)#distribute-list access-listnumber out (interface name |routing pro|as-number)

实例3：禁止R2接受有关于网络10.1.2.0的路由更新

R2#sho ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets

R 10.1.3.0 [120/1] via 10.1.1.1, 00:00:07, Serial2/0

R 10.1.2.0 [120/1] via 10.1.1.1, 00:00:07, Serial2/0

C 10.1.1.0 is directly connected, Serial2/0

R 10.1.4.0 [120/1] via 10.1.1.1, 00:00:07, Serial2/0

R2(config)#access-list 1 deny 10.1.2.0

R2(config)#access-list 1 permit any

R2(config)#router rip

R2(config-router)#distribute-list 1 in

180s后查看路由表：

R2#sh ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets

R 10.1.3.0 [120/1] via 10.1.1.1, 00:00:16, Serial2/0

R 10.1.2.0/24 is possibly down,

routing via 10.1.1.1, Serial2/0

C 10.1.1.0 is directly connected, Serial2/0

R 10.1.4.0 [120/1] via 10.1.1.1, 00:00:16, Serial2/0

实例4：利用distribute-list“伪”被动EIGRP OSPF的接口。观察效果。

R1(config)#router eigrp 10

R1(config-router)#net 10.1.1.0 0.0.0.255

R1(config-router)#net 10.1.2.0 0.0.0.255

R1(config-router)#net 10.1.3.0 0.0.0.255

R1(config-router)#net 10.1.4.0 0.0.0.255

R2(config)#router eigrp 10

R2(config-router)#net 10.1.1.0 0.0.0.255

R3(config)#router eigrp 10

R3(config-router)#net 10.1.2.0 0.0.0.255

R2#sho ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks

D 10.1.3.0/24 [90/2195456] via 10.1.1.1, 00:00:27, Serial2/0

D 10.1.2.0/24 [90/2681856] via 10.1.1.1, 00:00:27, Serial2/0

C 10.1.1.0/24 is directly connected, Serial2/0

D 10.1.4.0/24 [90/2297856] via 10.1.1.1, 00:00:27, Serial2/0

R2#sho ip eigrp nei

IP-EIGRP neighbors for process 10

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 10.1.1.1 Se2/0 11 00:03:42 283 1698 0 1

R2(config)#access-list 3 deny any

R2(config)#router eigrp 10

R2(config-router)#distribute-list 3 out serial 1/0

在240s后查看路由表

R2#sho ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

盖如鹤的步徒

控制路由更新数据流(被动接口和分布列表)

控制路由更新数据流(被动接口和分布列表)