HCIP OSPF comprehensive experiment

 1.R4 is an ISP, on which only IP addresses can be configured; R4 and all other directly connected devices use public IP addresses;
2.R3-R5/6/7 is the MGRE environment, and R3 is the central site;
3. The IP address of the whole OSPF environment is 172.16.0.0/16;
4. All devices can access the loopback of R4;
5. Reduce the update amount of LSA, accelerate convergence, and ensure the update safety;
6. Network wide accessibility


1, Address planning

172.16.0.0/16
There are five OSPF areas and one RIP area in total, so it is necessary to divide six network segments and borrow three
172.16.0.0/19 A0
172.16.32.0/19 A1
172.16.64.0/19 A2
172.16.96.0/19 A3
172.16.128.0/19 A4
172.16.160.0/19 RIP
172.16.192.0/19
172.16.224.0/19
We only need to take out 6 network segments to use!
Then continue to divide according to the network segment and loopback required by each area:
172.16.0.0/19
Continue to lend five digits to users for network segment division
172.16.0.0/24 - user
Borrow 29or30 bits to divide the backbone link
172.16.0.0/29 - if the backbone link is MA, the netmask is 29
172.16.0.0/30 - if the backbone link is P2P, the network mask is 30
172.16.32.0/19-A1
172.16.64.0/19-A2
172.16.96.0/19-A3
172.16.128.0/19-A4
172.16.160.0/19-RIP
Continue to borrow one digit to divide
172.16.160.0/20
172.16.176.0/20
192.168.1.192/19 reserved
192.168.1.224/19 reserved

2. Configure area0\1\2\3\4 respectively

1. Configure area0:

R4:

<Huawei>sys
[Huawei]sys r4
[r4]int s4/0/0 
[r4-Serial4/0/0]ip add 34.0.0.2 24
[r4-Serial4/0/0]int g0/0/0
[r4-GigabitEthernet0/0/0]ip add 47.0.0.2 24
[r4-GigabitEthernet0/0/0]int s3/0/0
[r4-Serial3/0/0]ip add 46.0.0.2 24
[r4-Serial3/0/0]int s4/0/1
[r4-Serial4/0/1]ip add 45.0.0.2 24
[r4-Serial4/0/1]int l0
[r4-LoopBack0]ip add 4.4.4.4 24

Because R3-R5/6/7 is the MGRE environment and R3 is the central site, therefore:

r3[Center!]
<Huawei>sys  
[r3]int s4/0/0
[r3-Serial4/0/0]ip add 34.0.0.1 24
[r3-Serial4/0/0]q   
[r3]ip route-static 0.0.0.0 0 34.0.0.2
[r3]int t0/0/0
[r3-Tunnel0/0/0]ip add 172.16.1.1 29
[r3-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r3-Tunnel0/0/0]source 34.0.0.1
[r3-Tunnel0/0/0]nhrp network-id 100
[r3-Tunnel0/0/0]nh entry multicast dynamic 


r5: 
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r5
[r5]int s4/0/0
[r5-Serial4/0/0]ip add 45.0.0.1 24
[r5-Serial4/0/0]int l0
[r5-LoopBack0]ip add 192.16.2.1 24
[r5-LoopBack0]int t0/0/0
[r5-Tunnel0/0/0]ip add 172.16.1.2 29
[r5-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r5-Tunnel0/0/0]source s4/0/0
[r5-Tunnel0/0/0]nhrp network-id 100
[r5-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register
[r5]ip route-static 0.0.0.0 0 45.0.0.2

r6: 
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r6
[r6]int s4/0/0
[r6-Serial4/0/0]ip add 46.0.0.1 24
[r6-Serial4/0/0]int t0/0/0
[r6-Tunnel0/0/0]ip add 172.16.1.3 29
[r6-Tunnel0/0/0]int l0
[r6-LoopBack0]ip add 172.16.3.1 24
[r6-LoopBack0]q
[r6]ip route-static 0.0.0.0 0 46.0.0.2 
[r6]int s4/0/0 
[r6-Serial4/0/0]int t0/0/0
[r6-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r6-Tunnel0/0/0]source s4/0/0
[r6-Tunnel0/0/0]nhrp network-id 100
[r6-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register

r7:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r7
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip add 47.0.0.1 24
[r7-GigabitEthernet0/0/0]int l0
[r7-LoopBack0]ip add 172.16.4.1 24
[r7-LoopBack0]int t0/0/0
[r7-Tunnel0/0/0]tunnel-protocol gre p2mp 
[r7]ip route-static 0.0.0.0 0 47.0.0.2
[r7]int t0/0/0
[r7-Tunnel0/0/0]ip add 172.16.1.4 29
[r7-Tunnel0/0/0]source g0/0/0
[r7-Tunnel0/0/0]nhrp network-id 100
[r7-Tunnel0/0/0]nhrp entry 172.16.1.1 34.0.0.1 register

Check whether the routers between the public and private networks can be ping ed.

2. Configure area2

r6:
<r6>sys
Enter system view, return user view with Ctrl+Z.
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip add 172.16.65.9 29
Jul 14 2022 19:29:36-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 

r11:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r11
[r11]int g0/0/0
[r11-GigabitEthernet0/0/0]ip add 172.16.65.2 29
[r11-GigabitEthernet0/0/0]int g0/0/1
[r11-GigabitEthernet0/0/1]ip add 172.16.65.9 29
Error: The specified address conflicts with another address.
[r11-GigabitEthernet0/0/1]int l0
[r11-LoopBack0]ip add 172.16.66.1 24

r12:
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r12
[r12]int g0/0/0
[r12-GigabitEthernet0/0/0]ip add 172.16.65.10 29
[r12-GigabitEthernet0/0/0]q

r6:

r11:

r12:

3. Configure area3:

<r7>sys
Enter system view, return user view with Ctrl+Z.
[r7]int g0/0/1
[r7-GigabitEthernet0/0/1]ip add 172.16.97.1 29
Jul 14 2022 19:48:02-08:00 r7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r7-GigabitEthernet0/0/1]


<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r8
[r8]int g0/0/0
[r8-GigabitEthernet0/0/0]ip add 172.16.97.2 29
[r8-GigabitEthernet0/0/0]
Jul 14 2022 19:48:36-08:00 r8 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r8-GigabitEthernet0/0/0]int g0/0/1
[r8-GigabitEthernet0/0/1]ip add 172.16.97.9 29
Jul 14 2022 19:49:18-08:00 r8 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r8-GigabitEthernet0/0/1]int l0
[r8-LoopBack0]ip add 172.16.98.1 24
[r8-LoopBack0


<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r9
[r9]int g0/0/0
[r9-GigabitEthernet0/0/0]ip add 172.16.97.10 29
Jul 14 2022 19:50:03-08:00 r9 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r9-GigabitEthernet0/0/0]

 

4. Configure area4:

[r9-GigabitEthernet0/0/0]int g0/0/1
[r9-GigabitEthernet0/0/1]ip add 172.16.129.1 29
Jul 14 2022 19:53:18-08:00 r9 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state. 
[r9-GigabitEthernet0/0/1]int l0
[r9-LoopBack0]ip add 172.16.130.1 24
[r9-LoopBack0]


<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r10
[r10]int g0/0/0
[r10-GigabitEthernet0/0/0]ip add 172.16.129.2 29
Jul 14 2022 19:53:44-08:00 r10 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r10-GigabitEthernet0/0/0]int l0
[r10-LoopBack0]ip add 172.16.131.1 24
[r10-LoopBack0]

5. Configure area 0

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip add 172.16.33.1 29
Jul 14 2022 20:00:44-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r1-GigabitEthernet0/0/0]int l0
[r1-LoopBack0]ip add 172.16.34.1 24
[r1-LoopBack0]

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]sys  r2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip add 172.16.33.2 29
[r2-GigabitEthernet0/0/0]
Jul 14 2022 20:01:17-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r2-GigabitEthernet0/0/0]int l0
[r2-LoopBack0]ip add 172.16.35.1 24
[r2-LoopBack0]


<r3>sys
Enter system view, return user view with Ctrl+Z.
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip add 172.16.33.3 29
Jul 14 2022 20:01:47-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state. 
[r3-GigabitEthernet0/0/0]int l0
[r3-LoopBack0]ip add 172.16.36.1 24
[r3-LoopBack0]

6. Configure RIP

<r12>sys
Enter system view, return user view with Ctrl+Z.
[r12]int l0
[r12-LoopBack0]int l1
[r12-LoopBack1]ip add 172.16.176.1 20
[r12-LoopBack1]int l0
[r12-LoopBack0]ip add 172.16.160.1 20
[r12-LoopBack0]

3, Configure OSPF

R1
[R1]ospf 1 router-id 1.1.1.1
[R1-ospf-1]area 1
[R1-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255 

R2
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 172.16.0.0 0.0.255.255 
 
R3
[R3]ospf 1 router-id 3.3.3.3 
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 172.16.32.0 0.0.255.255 
[R3-ospf-1-area-0.0.0.1]q
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 172.16.1.1 0.0.0.0
 
R5
[R5]ospf 1 router-id 5.5.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
 
R6
[R6]ospf 1 router-id 6.6.6.6
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[R6-ospf-1-area-0.0.0.0]q
[R6-ospf-1]area 2
[R6-ospf-1-area-0.0.0.2]network 172.16.65.1 0.0.0.0
 
R7
[R7]ospf 1 router-id 7.7.7.7
[R7-ospf-1]area 0
[R7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[R7-ospf-1-area-0.0.0.0]q
[R7-ospf-1]area 3
[R7-ospf-1-area-0.0.0.3]network 172.16.97.1 0.0.0.0
 
R8
[R8]ospf 1 router-id 8.8.8.8 
[R8-ospf-1]area 3
[R8-ospf-1-area-0.0.0.3]network 172.16.0.0 0.0.255.255
 
R9
[R9]ospf 1 router-id 9.9.9.9
[R9-ospf-1]area 3
[R9-ospf-1-area-0.0.0.3]network 172.16.97.10 0.0.0.0
[R9-ospf-1-area-0.0.0.3]q
[R9-ospf-1]q
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 4
[R9-ospf-2-area-0.0.0.4]network 172.16.128.0 0.0.255.255
 
R10
[R10]ospf 1 router-id 10.10.10.10
[R10-ospf-1]area 4
[R10-ospf-1-area-0.0.0.4]network 172.16.0.0 0.0.255.255
 
R11
[R11]ospf 1 router-id 11.11.11.11
[R11-ospf-1]area 2
[R11-ospf-1-area-0.0.0.2]network 172.16.0.0 0.0.255.255
 
R12
[R12]ospf 1 router-id 12.12.12.12
[R12-ospf-1]area 2
[R12-ospf-1-area-0.0.0.2]network 172.16.65.10 0.0.0.0
[R12]rip 1
[R12-rip-1]version 2
[R12-rip-1]network 172.16.0.0 --- Summary announcement

4, Since P2P type cannot establish neighbor relationship with other routes, MGRE type - P2MP type needs to be changed.

r3:

r5:

r6:

r7:

The missing routing information between area4 and rip requires us to manually import the routing information of rip and area4 by republishing

[R12]ospf 1
[R12-ospf-1]import-route rip 1
 
[R9]ospf 1
[R9-ospf-1]import-route ospf 2

There will be no other routing information in R10. At this time, we can send a default route to our R9

5, In order to reduce the update amount of LSA, we need to do summary and special areas

Note: in order to avoid loops, we also need to configure empty interface routes during summarization.

<r3>sys
Enter system view, return user view with Ctrl+Z.
[r3]os
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]ab
[r3-ospf-1-area-0.0.0.1]abr-summary 172.16.32.0 255.255.224.0
[r3-ospf-1-area-0.0.0.1]q
[r3-ospf-1]q     
[r3]ip route-static 172.16.32.0 19 NULL 0


<r6>sys
Enter system view, return user view with Ctrl+Z.
[r6]os
[r6]ospf 1
[r6-ospf-1]ar 2
[r6-ospf-1-area-0.0.0.2]abr-summary 172.16.64.0 255.255.224.0
[r6-ospf-1-area-0.0.0.2]q
[r6-ospf-1]q
[r6]ip route-static 172.16.64.0 19 NULL 0
[r6]

<r7>sys
Enter system view, return user view with Ctrl+Z.
[r7]os
[r7]ospf 1
[r7-ospf-1]area 3
[r7-ospf-1-area-0.0.0.3]abr-summary 172.16.96.0 255.255.224.0
[r7-ospf-1-area-0.0.0.3]q
[r7-ospf-1]q
[r7]ip route-static 172.16.96.0 19 NULL 0


<r9>sys
Enter system view, return user view with Ctrl+Z.
[r9]os
[r9]ospf 1
[r9-ospf-1]asbr-summary 172.16.128.0 255.255.224.0
[r9-ospf-1]q
[r9]q
[r9]ip route-static 172.16.128.0 19 NULL 0


<r12>sys
Enter system view, return user view with Ctrl+Z.
[r12]os
[r12]ospf 1
[r12-ospf-1]asbr-summary 172.16.160.0 255.255.224.0
[r12-ospf-1]q
[r12]ip route-static 172.16.160.0 19 NULL 0
[r12]

Special areas:

area 0: 

[r1]os
[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]stub


[r2]ospf 1
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]stub 
 
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]stub no-summary

 

 

 area 2

[r6]ospf 1
[r6-ospf-1]area 2
[r6-ospf-1-area-0.0.0.2]nssa no-summary
 
[r11]ospf 1
[r11-ospf-1]area 2
[r11-ospf-1-area-0.0.0.2]nssa 
 
[r12]ospf 1
[r12-ospf-1]area 2
[r12-ospf-1-area-0.0.0.2]nssa

:

Check the results on r5:

Vi. configure NET so that it can access R4 loopback.

R3
 
[r3]acl 2000
[r3-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r3-acl-basic-2000]q
[r3]int Serial 4/0/0
[r3-Serial4/0/0]nat outbound 2000
 
R7
 
[r7]acl 2000
[r7-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r7-acl-basic-2000]q
[r7]int g 0/0/0
[r7-GigabitEthernet0/0/0]nat outbound 2000
 
R6
 
[r6]acl 2000
[r6-acl-basic-2000]rule permit source 172.16.0.0 0.0.255.255
[r6-acl-basic-2000]q
[r6]int s 4/0/0
[r6-Serial4/0/0]nat outbound 2000

7: To speed up convergence, you need to change the Hello time. If you change the Hello time, the death time will also change automatically.

 
[r3]int t 0/0/0
[r3-Tunnel0/0/0]ospf timer hello 5
 
[r5]int t 0/0/0
[r5-Tunnel0/0/0]ospf timer hello 5
 
[r6]int t 0/0/0
[r6-Tunnel0/0/0]ospf timer hello 5
 
[r7]int t 0/0/0
[r7-Tunnel0/0/0]ospf timer hello 5

8: Manual authentication and regional authentication (in fact, interface authentication) are carried out for the purpose of updating security.

[r1]ospf 1
[r1-ospf-1]area 1
[r1-ospf-1-area-0.0.0.1]authentication-mode md5 1 000000
 
[r2]ospf 1
[r2-ospf-1]area 1
[r2-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 000000
 
[r3]ospf 1
[r3-ospf-1]area 1
[r3-ospf-1-area-0.0.0.1]authentication-mode md5 1 cipher 000000

Done!

Tags: server network Network Protocol p2p

Posted by thesimon on Fri, 15 Jul 2022 06:45:50 +0530

Hot Tags

©2023 Programs Team