一、相关知识
1、基本概念
- OSPF是一个内部网关协议,用于单一自治系统内决策路由
- OSPF是链路状态路由协议
- OSPF通过路由器之间通告网络接口的状态来建立链路状态数据库,生成最短路径树,每个OSPF路由器使用这些最短路径构造路由表
- OSPF路由器利用最短路径优先算法(SPF),独立地计算出到达任意目的地的路由
- OSPF协议引入“分层路由”的概念,将网络分割成一个“主干”连接的一组相互独立的部分,这些相互独立的部分被称为“区域”,“主干”的部分称为“主干区域”。
2、协议操作
- 建立路由器的邻接关系:OSPF路由器以交换路由器信息为目的,在所选择的相邻路由器之间建立的一种关系。
- 发现路由器:路由器与路由器之间首先利用Hello报文的ID信息确认主从关系,然后主从路由器相互交换部分链路状态信息。
- 选择适当的路由器:当一个路由器拥有完整独立的链路状态数据库,将采用SPF算法计算并创建路由表。OSPF利用量度计算目的路径,Cost最小者即为最短路径。如:链路带宽(主要)、时延或经济上的费用(可以忽略不计)。
- 维护路由信息:当链路状态发生变化时,OSPF通过Flooding过程通告网络上其他路由器。当路由器接收到更新报文,就会更新自己的链路状态数据库。(注:当链路状态没有发生改变,OSPF路由信息也会自动更新,默认时间为30分钟)。
3、OSPF优缺点
- OSPF是真正的LOOP-FREE(无路由自环)路由协议
- OSPF收敛速度快,能够在最短的时间内将路由变化传递到整个自治系统
- 区域划分的概念,可以更方便管提出理网络,网络信息也不会随规模扩大一下子就膨胀(注:区域划分时,分区须与骨干区相连)
- 将协议自身的开销控制到最小
- 通过严格划分路由的级别(共分4级),提供更可信的路由选择
- OSPF支持基于接口的明文及MD5验证
- OSPF适应各种规模的网络,最多可达数千台。
- 缺点:配置相对复杂,路由负载均衡能力较弱。
二、例子
1、简单拓扑
注意:其他区域需要与骨干网有直接连接,如果有区域没跟骨干网“直接”相连是不行的
2、相关配置
R1:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host R1
R1(config)#int g 0/0
R1(config-if)#ip add
R1(config-if)#ip address 192.168.1.254 255.255.255.0
R1(config-if)#no sh
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R1(config-if)#e
R1(config-if)#exit
R1(config)#int g 0/1
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
R1(config-if)#e
R1(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
R1(config)#route os 配置OSPF协议
R1(config)#route ospf 1
R1(config-router)#net
R1(config-router)#network 192.168.1.0 0.0.0.255 area 1
R1(config-router)#network 192.168.12.0 0.0.0.255 area 0
R1(config-router)#
00:13:15: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.23.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
R1(config-router)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route 启用OSPF后的路由表 O代表OSPF
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
O IA 192.168.2.0/24 [110/2] via 192.168.12.2, 00:05:54, GigabitEthernet0/1
O IA 192.168.3.0/24 [110/3] via 192.168.12.2, 00:02:52, GigabitEthernet0/1
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.1/32 is directly connected, GigabitEthernet0/1
O IA 192.168.23.0/24 [110/2] via 192.168.12.2, 00:05:27, GigabitEthernet0/1
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int g 0/1 启用认证(也就是设密码)
R1(config-if)#ip ospf
R1(config-if)#ip ospf authentication m
R1(config-if)#ip ospf authentication message-digest ?
<cr>
R1(config-if)#ip ospf authentication message-digest (启用MD5认证)
R1(config-if)#ip ospf authenttication-key ?
% Unrecognized command
R1(config-if)#ip ospf authenttication-key
00:22:37: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.23.1 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
00:22:37: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.23.1 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached (提示信息)
% Invalid input detected at '^' marker.
R1(config-if)#ip ospf authentication-key 123456
R1(config-if)#end
R1#
%SYS-5-CONFIG_I: Configured from console by console
R1#show ip route 启用认证后的路由表,因为R2的0/1接口没有配置相同的认证,所以数据到不了路由器2,注:两边的密码也需要相同
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.1/32 is directly connected, GigabitEthernet0/1
R1#
00:24:07: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.23.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
R1#show ip route R2的0/1接口配置后MD5认证后的路由表
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
O IA 192.168.2.0/24 [110/2] via 192.168.12.2, 00:01:13, GigabitEthernet0/1
O IA 192.168.3.0/24 [110/3] via 192.168.12.2, 00:01:13, GigabitEthernet0/1
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.1/32 is directly connected, GigabitEthernet0/1
O IA 192.168.23.0/24 [110/2] via 192.168.12.2, 00:01:13, GigabitEthernet0/1
R2:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host
Router(config)#host R2
R2(config)#int g 0/0
R2(config-if)#ip add
R2(config-if)#ip address 192.168.2.254 255.255.255.0
R2(config-if)#no sh
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R2(config-if)#e
R2(config-if)#exit
R2(config)#int g 0/1
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up
R2(config-if)#e
R2(config)#int g 0/2
R2(config-if)#ip address 192.168.23.1 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
R2(config-if)#e
R2(config)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
R2(config)#route osp 配置OSPF
R2(config)#route ospf 2
R2(config-router)#net
R2(config-router)#network 192.168.2.0 0.0.0.255 area 2
R2(config-router)#network 192.168.12.0 0.0.0.255 area 0
R2(config-router)#network 192.168.23.0 0.0.0.255 area 3
00:13:13: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.12.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
R2(config-router)#do show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
O IA 192.168.1.0/24 [110/2] via 192.168.12.1, 00:00:31, GigabitEthernet0/1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/0
L 192.168.2.254/32 is directly connected, GigabitEthernet0/0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.2/32 is directly connected, GigabitEthernet0/1
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, GigabitEthernet0/2
L 192.168.23.1/32 is directly connected, GigabitEthernet0/2
R2(config-router)#
00:16:11: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.23.2 on GigabitEthernet0/2 from LOADING to FULL, Loading Done
00:22:28: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.12.1 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
00:22:28: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.12.1 on GigabitEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
R2(config-router)#e
R2(config)#int g 0/1 启用MD5认证
R2(config-if)#ip ospf authentication m
R2(config-if)#ip ospf authentication message-digest
R2(config-if)#ip ospf
00:24:05: %OSPF-5-ADJCHG: Process 2, Nbr 192.168.12.1 on GigabitEthernet0/1 from LOADING to FULL, Loading Done
% Incomplete command. (这是提示信息,再配置的过程中会出现)
R2(config-if)#ip ospf authentication-key 123456 (密码需跟前面的一样)
R2(config-if)#end
R2#
%SYS-5-CONFIG_I: Configured from console by console
R2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
O IA 192.168.1.0/24 [110/2] via 192.168.12.1, 00:00:48, GigabitEthernet0/1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, GigabitEthernet0/0
L 192.168.2.254/32 is directly connected, GigabitEthernet0/0
O 192.168.3.0/24 [110/2] via 192.168.23.2, 00:08:42, GigabitEthernet0/2
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, GigabitEthernet0/1
L 192.168.12.2/32 is directly connected, GigabitEthernet0/1
192.168.23.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.23.0/24 is directly connected, GigabitEthernet0/2
L 192.168.23.1/32 is directly connected, GigabitEthernet0/2
R3:
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#host
Router(config)#host R3
R3(config)#int g 0/0
R3(config-if)#ip add
R3(config-if)#ip address 192.168.3.254 255.255.255.0
R3(config-if)#no sh
R3(config-if)#no shutdown
R3(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
R3(config-if)#e
R3(config-if)#exit
R3(config)#int g 0/2
R3(config-if)#ip address 192.168.23.2 255.255.255.0
R3(config-if)#no shutdown
R3(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up
R3(config-if)#e
R3(config)#route os 配置OSPF
R3(config)#route ospf 3
R3(config-router)#net
R3(config-router)#network 192.168.23.0 0.0.0.255 area 3
R3(config-router)#network 192.168.3.0 0.0.0.255 area 3
R3(config-router)#
00:16:33: %OSPF-5-ADJCHG: Process 3, Nbr 192.168.23.1 on GigabitEthernet0/2 from LOADING to FULL, Loading Done
注:OSPF 的认证给链路上的数据传输提供了安全保护,需要注意的是同一链路上的密码需要设置一样,例如上面 R1的0/1接口和R2的0/1接口相连,这时两者都需要配置MD5认证,否则链路时不通的,再来,两者的密码也需一致。
这篇文章就到这里啦,上面就是有关OSPF协议的配置和认证。
如果有哪里写的不好,感谢指出来。
加油加油!
