选择区域语言: EN CN HK

05-三层技术-IP路由配置举例

06-H3C_S12500-S_OSPFv3典型配置举例

本章节下载  (232.89 KB)

docurl=/cn/Service/Document_Software/Document_Center/Switches/Catalog/S12500/S12500-S/Configure/Typical_Configuration_Example/H3C_S12500-S_Example-R7150P02-6W100/05/201505/867816_30005_0.htm

06-H3C_S12500-S_OSPFv3典型配置举例

H3C S12500-S OSPFv3典型配置举例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

H3C_彩色.emf

 



1  简介

本文档介绍了OSPFv3路由信息过滤的配置举例。

2  配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档为了便于验证试验结论采用了LoopBack接口去替代某些特定网段。

本文档假设您已了解OSPFv3路由信息过滤的特性。

3  OSPFv3路由信息过滤配置举例

3.1  组网需求

图1所示,公司A使用OSPFv3路由协议实现公司设备全网互通,后来公司A扩张兼并了公司B,要求将公司B采用的RIPng路由协议与公司A的OSPFv3协议互相引入,使得各个部门可以实现互通。Device A和Device B作为公司核心设备负责各个部门间的通信。由于业务需要,现要求通过下列措施控制并调整网络中的路由信息:

·     在Device E上对引入的路由信息进行过滤,使得研发二部所在网段无法被引入到OSPFv3内。

·     在Device C上使用路由信息的过滤功能,使得市场一部所在网段无法访问研发一部。

·     在Device D上使用路由信息的过滤功能,使得研发一部和售后服务部所在网段无法访问市场二部。

图1 OSPFv3路由信息过滤组网图

设备

接口

IP地址

设备

接口

IP地址

Device A

Vlan-int100

1::1/64

Device B

Vlan-int100

1::2/64

 

Vlan-int200

2::1/64

 

Vlan-int300

3::1/64

 

Vlan-int400

4::1/64

 

 

 

Device C

Vlan-int200

2::2/64

Device D

Vlan-int300

3::2/64

 

Loop0

13::1/64

(市场一部所在网段)

 

Loop0

11::1/64

(售后服务部所在网段)

 

 

 

 

Loop1

12::1/64

(研发一部所在网段)

Device E

Vlan-int400

4::2/64

Device F

Vlan-int500

5::2/64

 

Vlan-int500

5::1/64

 

Loop0

14::1/64

(研发二部所在网段)

 

 

 

 

Loop1

15::1/64

(市场二部所在网段)

 

3.2  使用版本

本举例是在S12500-S-CMW710-R7150P02版本上进行配置和验证的。

3.1  配置注意事项

·     路由信息过滤功能中对于引入外部路由信息时采用export关键字进行过滤,该参数只能在ASBR上生效。

·     路由信息过滤功能只是对路由表中相关路由信息过滤,并不是过滤掉OSPFv3中通告的LSA。

·     由于路由通信是双向的,使用路由信息过滤功能将某一目的网段过滤后,该路由器下联的其它网段无法访问这个目的网段的设备,这个目的网段的设备也不能访问源地址网段的设备。

·     使用路由信息过滤功能配合ACL使用时,必须将最后一条规则设置为允许所有源地址通过才能避免将所有网段路由被全部过滤掉。

·     配置OSPFv3时必须手工指定Router ID。

3.2  配置步骤

3.2.1  配置各接口的IP地址

#配置接口Vlan-int100的IP地址。

<DeviceA> system-view

[DeviceA] interface Vlan-interface 100

[DeviceA-Vlan-interface100] ipv6 address 1::1 64

#请参考以上方法配置其它相关接口的IP地址,配置步骤这里省略。

3.2.2  配置OSPFv3网络的基本功能

# 创建OSPFv3进程,并在Device A的接口上使能OSPFv3路由功能。

<DeviceA> system-view

[DeviceA] ospfv3

[DeviceA-ospfv3-1] router-id 6.6.6.6

[DeviceA-ospfv3-1] quit

[DeviceA] interface Vlan-interface 100

[DeviceA-Vlan-interface100] ospfv3 1 area 0

[DeviceA-Vlan-interface100] quit

[DeviceA] interface Vlan-interface 200

[DeviceA-Vlan-interface200] ospfv3 1 area 2

[DeviceA-Vlan-interface200] quit

[DeviceA] interface Vlan-interface 400

[DeviceA-Vlan-interface400] ospfv3 1 area 1

[DeviceA-Vlan-interface400] quit

#创建OSPFv3进程,并在Device B的接口上使能OSPFv3路由功能。

<DeviceB> system-view

[DeviceB] ospfv3

[DeviceB-ospfv3-1] router-id 5.5.5.5

[DeviceB-ospfv3-1] quit

[DeviceB] interface Vlan-interface 100

[DeviceB-Vlan-interface100] ospfv3 1 area 0

[DeviceB-Vlan-interface100] quit

[DeviceB] interface Vlan-interface 300

[DeviceB-Vlan-interface300] ospfv3 1 area 3

[DeviceB-Vlan-interface300] quit

#创建OSPFv3进程,并在Device C的接口上使能OSPFv3路由功能。

<DeviceC> system-view

[DeviceC] ospfv3

[DeviceC-ospfv3-1] router-id 4.4.4.4

[DeviceC-ospfv3-1] quit

[DeviceC] interface Vlan-interface 200

[DeviceC-Vlan-interface200] ospfv3 1 area 2

[DeviceC-Vlan-interface200] quit

[DeviceC]interface LoopBack 0

[DeviceC-LoopBack0] ospfv3 1 area 2

[DeviceC-LoopBack0] quit

#创建OSPFv3进程,并在Device D的接口上使能OSPFv3路由功能。

<DeviceD> system-view

[DeviceD] ospfv3

[DeviceD-ospfv3-1] router-id 3.3.3.3

[DeviceD-ospfv3-1] quit

[DeviceD] interface Vlan-interface 300

[DeviceD-Vlan-interface300] ospfv3 1 area 3

[DeviceD-Vlan-interface300] quit

[DeviceD]interface LoopBack 0

[DeviceD-LoopBack0] ospfv3 1 area 3

[DeviceD-LoopBack0] quit

[DeviceD]interface LoopBack 1

[DeviceD-LoopBack0] ospfv3 1 area 3

[DeviceD-LoopBack0] quit

#创建OSPFv3进程,并在Device E的接口上使能OSPFv3路由功能。

<DeviceE> system-view

[DeviceE] ospfv3

[DeviceE-ospfv3-1] router-id 2.2.2.2

[DeviceE-ospfv3-1] quit

[DeviceE] interface Vlan-interface 400

[DeviceE-Vlan-interface400] ospfv3 1 area 1

[DeviceE-Vlan-interface400] quit

3.2.3  配置RIPng网络的基本功能

#创建RIPng进程,并在Device E的接口上使能RIPng路由功能。

<DeviceE> system-view

[DeviceE] ripng

[DeviceE-ripng-1] quit

[DeviceE] interface vlan-interface 500

[DeviceE-Vlan-interface500] ripng 1 enable

[DeviceE-Vlan-interface500] quit

#创建RIPng进程,并在Device F的接口上使能RIPng路由功能。

<DeviceF> system-view

[DeviceF] ripng

[DeviceF-ripng-1] quit

[DeviceF] interface vlan-interface 500

[DeviceF-Vlan-interface500] ripng 1 enable

[DeviceF-Vlan-interface500] quit

[DeviceF]interface LoopBack 0

[DeviceF-LoopBack0]ripng 1 enable

[DeviceF-LoopBack0] quit

[DeviceF]interface LoopBack 1

[DeviceF-LoopBack0]ripng 1 enable

[DeviceF-LoopBack0] quit

3.2.4  将RIPng路由和OSPFv3路由互相引入

# 在Device E上将直连路由和OSPFv3路由引入到RIPng网络中。

<DeviceE> system-view

[DeviceE] ripng

[DeviceE-ripng-1] import-route direct

[DeviceE-ripng-1] import-route ospfv3

[DeviceE-ripng-1] quit

# 在Device E上将直连路由和RIPng路由引入到OSPFv3网络中。

[DeviceE] ospfv3

[DeviceE-ospfv3-1] import-route direct

[DeviceE-ospfv3-1] import-route ripng

[DeviceE-ospfv3-1] quit

# 查看Device E的路由表信息。

[Device E]display ipv6 routing-table

 

Destinations : 15        Routes : 15

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 2

 

Destination: 2::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 2

 

Destination: 3::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 3

 

Destination: 4::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Vlan400                                     Cost      : 0

 

Destination: 4::2/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 5::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Vlan500                                     Cost      : 0

 

Destination: 5::1/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 11::1/128                                   Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 3

 

Destination: 12::1/128                                   Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 3

 

Destination: 13::1/128                                   Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:124D                    Preference: 10

Interface  : Vlan400                                     Cost      : 2

 

Destination: 14::/64                                     Protocol  : RIPng

NextHop    : FE80::2E0:FCFF:FE11:19B5                    Preference: 100

Interface  : Vlan500                                     Cost      : 1

 

Destination: 15::/64                                     Protocol  : RIPng

NextHop    : FE80::2E0:FCFF:FE11:19B5                    Preference: 100

Interface  : Vlan500                                     Cost      : 1

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0

以上显示信息表明Device E拥有路由域内所有网段路由,然后依次查看其他所有设备的路由表信息,路由域内所有的网段均可互通。

3.2.5  配置OSPFv3的路由过滤功能

# 在Device C上创建基本IPv6 ACL并匹配需要拒绝访问的目的网段12::1/64。

<DeviceC> system-view

[DeviceC] acl ipv6 number 2000

[DeviceC-acl6-basic-2000] rule 0 deny source 12::1 64

[DeviceC-acl6-basic-2000] rule permit source any

[DeviceC-acl6-basic-2000] quit

# 在Device C上通过指定访问控制列表ACL 2000来对要加入到路由表的路由信息进行过滤。

[DeviceC] ospfv3

[DeviceC-ospfv3-1] filter-policy 2000 import

[DeviceC-ospfv3-1] quit

# 在Device D上创建基本IPv6 ACL并匹配需要拒绝访问的目的网段15::1/64。

<DeviceD> system-view

[DeviceD] acl ipv6 number 2000

[DeviceD-acl6-basic-2000] rule 0 deny source 15::1 64

[DeviceD-acl6-basic-2000] rule permit source any

[DeviceD-acl6-basic-2000] quit

# 在Device D上通过指定访问控制列表ACL 2000来对要加入到路由表的路由信息进行过滤。

[DeviceD] ospfv3

[DeviceD-ospfv3-1] filter-policy 2000 import

[DeviceD-ospfv3-1] quit

# 在Device E上创建基本IPv6 ACL并匹配需要拒绝访问的目的网段14::1/64。

<DeviceE> system-view

[DeviceE] acl ipv6 number 2000

[DeviceE-acl6-basic-2000] rule 0 deny source 14::1 64

[DeviceE-acl6-basic-2000] rule permit source any

[DeviceE-acl6-basic-2000] quit

# 在Device E上通过指定访问控制列表ACL 2000来对引入OSPFv3的RIPng路由信息进行过滤。

[DeviceE] ospfv3

[DeviceE-ospfv3-1] filter-policy 2000 export ripng 1

[DeviceE-ospfv3-1] quit

3.3  验证配置

# 查看Device C的路由表信息。

[DeviceC]display ipv6 routing-table

 

Destinations : 13        Routes : 13

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 10

Interface  : Vlan200                                     Cost      : 2

 

Destination: 2::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Vlan200                                     Cost      : 0

 

Destination: 2::2/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 3::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 10

Interface  : Vlan200                                     Cost      : 3

 

Destination: 4::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 10

Interface  : Vlan200                                     Cost      : 2

 

Destination: 5::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 150

Interface  : Vlan200                                     Cost      : 1

 

Destination: 11::1/128                                   Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 10

Interface  : Vlan200                                     Cost      : 3

 

Destination: 13::/64                                     Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Loop0                                       Cost      : 0

 

Destination: 13::1/128                                   Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 15::/64                                     Protocol  : OSPFv3

NextHop    : FE80::2E0:FCFF:FE58:1245                    Preference: 150

Interface  : Vlan200                                     Cost      : 1

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0

以上显示信息表明Device C的路由表中已经没有12::/64网段的路由信息了。

# 在Device C上使用源地址13::1 Ping目标地址12::1进行验证。

[DeviceC]ping ipv6 -a 13::1 12::1

Ping6(56 data bytes) 13::1 --> 12::1, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

 

--- Ping6 statistics for 12::1 ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

以上信息表明Device C通过过滤路由表中12::/64网段的路由信息,使得市场一部所在网段无法访问研发一部所在网段。

# 查看Device D的路由表信息。

[DeviceD]display ipv6 routing-table

 

Destinations : 14        Routes : 14

 

Destination: ::1/128                                     Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 1::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2A0:FCFF:FE00:5815                    Preference: 10

Interface  : Vlan300                                     Cost      : 2

 

Destination: 2::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2A0:FCFF:FE00:5815                    Preference: 10

Interface  : Vlan300                                     Cost      : 3

 

Destination: 3::/64                                      Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Vlan300                                     Cost      : 0

 

Destination: 3::3/128                                    Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 4::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2A0:FCFF:FE00:5815                    Preference: 10

Interface  : Vlan300                                     Cost      : 3

 

Destination: 5::/64                                      Protocol  : OSPFv3

NextHop    : FE80::2A0:FCFF:FE00:5815                    Preference: 150

Interface  : Vlan300                                     Cost      : 1

 

Destination: 11::/64                                     Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Loop0                                       Cost      : 0

 

Destination: 11::1/128                                   Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 12::/64                                     Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : Loop1                                       Cost      : 0

 

Destination: 12::1/128                                   Protocol  : Direct

NextHop    : ::1                                         Preference: 0

Interface  : InLoop0                                     Cost      : 0

 

Destination: 13::1/128                                   Protocol  : OSPFv3

NextHop    : FE80::2A0:FCFF:FE00:5815                    Preference: 10

Interface  : Vlan300                                     Cost      : 3

 

Destination: FE80::/10                                   Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0                                       Cost      : 0

 

Destination: FF00::/8                                    Protocol  : Direct

NextHop    : ::                                          Preference: 0

Interface  : NULL0

以上显示信息表明Device D的路由表中已经没有15::/64网段的路由信息了。

# 在Device D上使用源地址11::1 Ping目标地址15::1进行验证。

[DeviceD]ping ipv6 -a 11::1 15::1

Ping6(56 data bytes) 11::1 --> 15::1, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

 

--- Ping6 statistics for 15::1 ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

# 在Device D上使用源地址12::1 Ping目标地址15::1进行验证。

[DeviceD]ping ipv6 -a 12::1 15::1

Ping6(56 data bytes) 12::1 --> 15::1, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

 

--- Ping6 statistics for 15::1 ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

以上信息表明Device D通过过滤路由表中15::/64网段的路由信息,使得研发一部和售后服务部所在网段无法访问市场二部所在网段。

综合Device C和Device D的路由表信息,发现路由表中均没有14::/64网段路由信息,说明设备已经将引入OSPFv3的RIPng路由中研发二部所在网段过滤掉。

3.4  配置文件

·     Device A:

#

ospfv3 1

 router-id 6.6.6.6

 area 0.0.0.0

 area 0.0.0.1

 area 0.0.0.2

#

vlan 100

#

vlan 200

#

vlan 400

#

interface Vlan-interface100

 ospfv3 1 area 0.0.0.0

 ipv6 address 1::1/64

#

interface Vlan-interface200

 ospfv3 1 area 0.0.0.2

 ipv6 address 2::1/64

#

interface Vlan-interface400

 ospfv3 1 area 0.0.0.1

 ipv6 address 4::1/64

#

·     Device B :

#

ospfv3 1

 router-id 5.5.5.5

 area 0.0.0.0

 area 0.0.0.2

 area 0.0.0.3

#

vlan 100

#

vlan 300

#

interface Vlan-interface100

 ospfv3 1 area 0.0.0.0

 ipv6 address 1::2/64

#

interface Vlan-interface300

 ospfv3 1 area 0.0.0.3

 ipv6 address 3::1/64

#

·     Device C :

#

ospfv3 1

 router-id 4.4.4.4

 filter-policy 2000 import

 area 0.0.0.2

#

vlan 200

#

interface LoopBack0

 ospfv3 1 area 0.0.0.2

 ipv6 address 13::1/64

#

interface Vlan-interface200

 ospfv3 1 area 0.0.0.2

 ipv6 address 2::2/64

#

acl ipv6 number 2000

 rule 0 deny source 12::/64

 rule 5 permit

#

·     Device D :

#

ospfv3 1

 router-id 3.3.3.3

 filter-policy 2000 import

 area 0.0.0.3

#

vlan 300

#

interface LoopBack0

 ospfv3 1 area 0.0.0.3

 ipv6 address 11::1/64

#

interface LoopBack1

 ospfv3 1 area 0.0.0.3

 ipv6 address 12::1/64

#

interface Vlan-interface300

 ospfv3 1 area 0.0.0.3

 ipv6 address 3::3/64

#

acl ipv6 number 2000

 rule 0 deny source 15::/64

 rule 5 permit

#

·     Device E:

#

ospfv3 1

 router-id 2.2.2.2

 import-route direct

import-route ripng 1

 filter-policy 2000 export ripng 1

 area 0.0.0.1

#

ripng 1

 import-route direct

 import-route ospfv3 1

#

vlan 400

#

vlan 500

#

interface Vlan-interface400

 ospfv3 1 area 0.0.0.1

 ipv6 address 4::2/64

#

interface Vlan-interface500

 ipv6 address 5::1/64

 ripng 1 enable

#

acl ipv6 number 2000

 rule 0 deny source 14::/64

 rule 5 permit

#

·     Device F:

#

ripng 1

#

vlan 500

#

interface LoopBack0

 ipv6 address 14::1/64

 ripng 1 enable

#

interface LoopBack1

 ipv6 address 15::1/64

 ripng 1 enable

#

interface Vlan-interface500

 ipv6 address 5::2/64

 ripng 1 enable

#

4  相关资料

·     H3C S12500-S系列交换机 三层技术-IP路由配置指导-Release 7150P02

·     H3C S12500-S系列交换机 三层技术-IP路由命令参考-Release 7150P02

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!