https://www.rfyy.net/archives/1546/
这篇博客中和EIGRP实现了DMVPN阶段三,下面用OSPF、RIP路由协议来实现,拓扑如下图:
R1 为总部HUB,起环回口10.10.1.1/24,R2和R3为分部spoke,人别起环回口10.10.2.2/24,10.10.3.3/24
一、使用RIP来实现
R1配置,直接写不同的地方
interface Loopback9
ip address 10.10.1.1 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp network-id 10
ip nhrp redirect<开启nhrp重定向,水平分割默认就是开启的>
ip summary-address rip 10.10.0.0 255.255.0.0<向其它spoke推送汇总的路由>
tunnel source 14.14.14.1
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
interface Ethernet0/0
ip address 14.14.14.1 255.255.255.0
duplex auto
!
router rip
version 2
network 10.0.0.0
network 123.0.0.0
no auto-summary<关闭自动汇总>
interface Loopback9R2上配置
interface Loopback9
ip address 10.10.2.2 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map 123.123.123.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip nhrp network-id 10
ip nhrp nhs 123.123.123.1
tunnel source 24.24.24.2
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
!
interface Ethernet0/1
ip address 24.24.24.2 255.255.255.0
duplex auto
!
router rip
version 2
network 10.0.0.0
network 123.0.0.0
no auto-summary《关闭自动汇总》
R3上配置
interface Loopback9
ip address 10.10.3.3 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map 123.123.123.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip nhrp network-id 10
ip nhrp nhs 123.123.123.1
tunnel source 34.34.34.3
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
interface Ethernet0/2
ip address 34.34.34.3 255.255.255.0
duplex auto
!
router rip
version 2
network 10.0.0.0
network 123.0.0.0
no auto-summary
分别查看R1R2R3上的路由表和nhrp情况
R1#show ip nhrp
123.123.123.2/32 via 123.123.123.2
Tunnel0 created 23:02:37, expire 00:07:25
Type: dynamic, Flags: registered nhop
NBMA address: 24.24.24.2
123.123.123.3/32 via 123.123.123.3
Tunnel0 created 23:02:34, expire 00:07:28
Type: dynamic, Flags: registered nhop
NBMA address: 34.34.34.3
《上面是spoke静态到hub上注册的两条信息》
R1#show ip route rip
R 10.10.2.0/24 [120/1] via 123.123.123.2, 00:00:15, Tunnel0
R 10.10.3.0/24 [120/1] via 123.123.123.3, 00:00:24, Tunnel0
14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
《HUB上通过RIP学习到了spoke的两条路由,下一跳分别为tunnel接口的逻辑ip地址》
R2#sho ip nhrp
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 23:10:02, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
<到nhs上注册的物理ip地址与逻辑ip地址信息,永不过期>
R2#show ip route rip
R 10.10.0.0/16 [120/1] via 123.123.123.1, 00:00:18, Tunnel0
<R2上学习到的汇总路由信息,下一跳为hub的tennel接口的逻辑ip地址,hub上开启了水平分割,所以现在学习不到其它spoke的明细路由>
R3#show ip nhrp
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 23:15:09, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
<到nhs上注册的物理ip地址与逻辑ip地址信息,永不过期>
R3#show ip route rip
R 10.10.0.0/16 [120/1] via 123.123.123.1, 00:00:22, Tunnel0
<R3上学习到的汇总路由信息,下一跳为hub的tennel接口的逻辑ip地址,hub上开启了水平分割,所以现在学习不到其它spoke的明细路由>
现在在R2上ping R3环回口地址,看R2R3上的路由和 nhrp 变化
R2#ping 10.10.3.3 source 10.10.2.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.10.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.10.2.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 1/4/9 ms
R2#show ip nhrp
10.10.2.0/24 via 123.123.123.2
Tunnel0 created 00:00:07, expire 00:09:52
Type: dynamic, Flags: router unique local
NBMA address: 24.24.24.2
(no-socket)
10.10.3.0/24 via 123.123.123.3
Tunnel0 created 00:00:07, expire 00:09:52
Type: dynamic, Flags: router used rib
NBMA address: 34.34.34.3
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 23:27:52, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
123.123.123.3/32 via 123.123.123.3
Tunnel0 created 00:00:07, expire 00:09:52
Type: dynamic, Flags: router nhop rib
NBMA address: 34.34.34.3
《动态产生了到10.10.3.0和123.123.123.3的信息》
R2#show ip route nhrp
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
H 10.10.3.0/24 [250/255] via 123.123.123.3, 00:00:17, Tunnel0
123.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
H 123.123.123.3/32 is directly connected, 00:00:17, Tunnel0
《动态产生了到10.10.3.0和123.123.123.3的路由》
R3#show ip nhrp
10.10.2.0/24 via 123.123.123.2
Tunnel0 created 00:03:17, expire 00:06:42
Type: dynamic, Flags: router used rib
NBMA address: 24.24.24.2
10.10.3.0/24 via 123.123.123.3
Tunnel0 created 00:03:17, expire 00:06:42
Type: dynamic, Flags: router unique local
NBMA address: 34.34.34.3
(no-socket)
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 23:30:59, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
123.123.123.2/32 via 123.123.123.2
Tunnel0 created 00:03:17, expire 00:06:42
Type: dynamic, Flags: router nhop rib
NBMA address: 24.24.24.2
R3#show ip route nhrp
10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
H 10.10.2.0/24 [250/255] via 123.123.123.2, 00:03:24, Tunnel0
123.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
H 123.123.123.2/32 is directly connected, 00:03:24, Tunnel0
《同理在R3上一样动态产生相关应的nhrp和路由信息》
如果没R2R3之间没有流量的话,动态产生的nhrp和路由信息就会拆除
R2#show ip nhrp
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 1d00h, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
R2#show ip rout nhrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 24.24.24.4 to network 0.0.0.0
R2#
二、使用OSPF来实现
R1上配置,不同的地方
interface Loopback9
ip address 10.10.1.1 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp network-id 10
ip nhrp redirect
ip ospf network point-to-multipoint<改为点到多点的网络模式>
ip ospf priority 2《优先级为2,成为DR》
tunnel source 14.14.14.1
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
interface Ethernet0/0
ip address 14.14.14.1 255.255.255.0
duplex auto
!
router ospf 100
network 10.10.1.0 0.0.0.255 area 0
network 123.123.123.0 0.0.0.255 area 0
R2上配置
interface Loopback9
ip address 10.10.2.2 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map 123.123.123.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip nhrp network-id 10
ip nhrp nhs 123.123.123.1
ip ospf network point-to-multipoint<改为点到多点的网络模式>
ip ospf priority 0<优先级为0,成为BDR>
tunnel source 24.24.24.2
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
!
interface Ethernet0/1
ip address 24.24.24.2 255.255.255.0
duplex auto
!
router ospf 100
network 10.10.2.0 0.0.0.255 area 0
network 123.123.123.0 0.0.0.255 area 0
R3上配置
interface Loopback9
ip address 10.10.3.3 255.255.255.0
!
interface Tunnel0
ip address 123.123.123.3 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication cisco
ip nhrp map 123.123.123.1 14.14.14.1
ip nhrp map multicast 14.14.14.1
ip ospf priority 0
ip nhrp network-id 10
ip nhrp nhs 123.123.123.1
ip ospf network point-to-multipoint
tunnel source 34.34.34.3
tunnel mode gre multipoint
tunnel key 12345
tunnel protection ipsec profile pro-123
!
!
router ospf 100
network 10.10.3.0 0.0.0.255 area 0
network 123.123.123.0 0.0.0.255 area 0
分另查看R1R2R3上的OSPF邻居、NHRP和路由情况
R1#sho ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.10.3.3 0 FULL/ - 00:01:34 123.123.123.3 Tunnel0
10.10.2.2 0 FULL/ - 00:01:47 123.123.123.2 Tunnel0
R1#show ip nhrp
123.123.123.2/32 via 123.123.123.2
Tunnel0 created 1d11h, expire 00:09:57
Type: dynamic, Flags: registered nhop
NBMA address: 24.24.24.2
123.123.123.3/32 via 123.123.123.3
Tunnel0 created 1d11h, expire 00:06:40
Type: dynamic, Flags: registered nhop
NBMA address: 34.34.34.3
R1#show ip route ospf
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.10.2.2/32 [110/1001] via 123.123.123.2, 00:07:15, Tunnel0
O 10.10.3.3/32 [110/1001] via 123.123.123.3, 00:07:15, Tunnel0
123.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 123.123.123.2/32 [110/1000] via 123.123.123.2, 00:07:15, Tunnel0
O 123.123.123.3/32 [110/1000] via 123.123.123.3, 00:07:15, Tunnel0
可以看到R1上有到R2R3和后面私网的OSPF路由,也有到R2R3的NHRP的信息,并且与R2R3建立了OSPF的领居关系。
R2#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.10.1.1 0 FULL/ - 00:01:31 123.123.123.1 Tunnel0
R2#show ip nhrp
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 1d11h, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
R2#sho ip route ospf
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.10.1.1/32 [110/1001] via 123.123.123.1, 00:06:43, Tunnel0
O 10.10.3.3/32 [110/2001] via 123.123.123.1, 00:06:43, Tunnel0
123.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 123.123.123.1/32 [110/1000] via 123.123.123.1, 00:06:53, Tunnel0
O 123.123.123.3/32 [110/2000] via 123.123.123.1, 00:06:43, Tunnel0
R2只与R1建立了OSPF的邻居关系,R2只有到R1的NHRP信息,R2有到R1R3和私网的路由,但下一跳都是R1的tunnel的逻辑接口的ip地址。
R3#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
10.10.1.1 0 FULL/ - 00:01:47 123.123.123.1 Tunnel0
R3#show ip nhrp
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 1d11h, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
R3#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 34.34.34.4 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.10.1.1/32 [110/1001] via 123.123.123.1, 00:06:15, Tunnel0
O 10.10.2.2/32 [110/2001] via 123.123.123.1, 00:06:15, Tunnel0
123.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 123.123.123.1/32 [110/1000] via 123.123.123.1, 00:06:25, Tunnel0
O 123.123.123.2/32 [110/2000] via 123.123.123.1, 00:06:15, Tunnel0
R3上和R2一样。
R2上ping R3的环回口地址,再查看R3R2上的nhrp和路由信息
R2#ping 10.10.3.3 source 10.10.2.2 repeat 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 10.10.3.3, timeout is 2 seconds:
Packet sent with a source address of 10.10.2.2
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 2/5/9 ms
R2#show ip nhrp
10.10.2.0/24 via 123.123.123.2
Tunnel0 created 00:07:21, expire 00:09:55
Type: dynamic, Flags: router unique local
NBMA address: 24.24.24.2
(no-socket)
123.123.123.1/32 via 123.123.123.1
Tunnel0 created 00:12:12, never expire
Type: static, Flags: used
NBMA address: 14.14.14.1
123.123.123.3/32 via 123.123.123.3
Tunnel0 created 00:07:21, expire 00:09:55
Type: dynamic, Flags: router nhop rib nho
NBMA address: 34.34.34.3
R2#sho ip route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 24.24.24.4 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 24.24.24.4
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
O 10.10.1.1/32 [110/1001] via 123.123.123.1, 00:12:10, Tunnel0
C 10.10.2.0/24 is directly connected, Loopback9
L 10.10.2.2/32 is directly connected, Loopback9
O 10.10.3.3/32 [110/2001] via 123.123.123.1, 00:12:00, Tunnel0
14.0.0.0/24 is subnetted, 1 subnets
S 14.14.14.0 [1/0] via 24.24.24.4
24.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 24.24.24.0/24 is directly connected, Ethernet0/1
L 24.24.24.2/32 is directly connected, Ethernet0/1
34.0.0.0/24 is subnetted, 1 subnets
S 34.34.34.0 [1/0] via 24.24.24.4
123.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 123.123.123.0/24 is directly connected, Tunnel0
O 123.123.123.1/32 [110/1000] via 123.123.123.1, 00:12:10, Tunnel0
L 123.123.123.2/32 is directly connected, Tunnel0
O % 123.123.123.3/32 [110/2000] via 123.123.123.1, 00:12:00, Tunnel0
R2#