# 20201209 cisco VRF & OSPF ## 課堂資料 {% embed url="" %} {% embed url="" %} {% embed url="" %} ### Virtual Routing and Forwarding Virtual Routing and Forwarding(VRF):虛擬路由和轉發,為第三層的網路虛擬化。 ## 課堂練習 ### VRF ![](/files/-MO4UEui8D5jDKpif8LV) {% tabs %} {% tab title="R1 ( Blue 01 )" %} ``` int e0/0 ``` ``` ip add 192.168.1.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ![](/files/-MO4VaEwWrXEtxy5sKpu) {% endtab %} {% tab title="R2 ( Red 01 )" %} ``` int e0/0 ``` ``` ip add 192.168.2.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ![](/files/-MO4VxhhK0ySApOQX2_M) {% endtab %} {% tab title="R3 ( Blue 02 )" %} ``` int e0/0 ``` ``` ip add 192.168.3.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ![](/files/-MO4WQMlEyvE9ZvFrG7d) {% endtab %} {% tab title="R4 ( Red 02 )" %} ``` int e0/0 ``` ``` ip add 192.168.4.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ![](/files/-MO4WqMA4u8yYevmTljE) {% endtab %} {% tab title="R5 ( ISP )" %} > 創建這些 VRF ``` ip vrf Blue ``` ``` exit ``` ``` ip vrf Red ``` ``` exit ``` ![](/files/-MO4XCZjOU1nwP4I4X0L) > 使用`ip vrf forwarding`命令將接口分配給正確的 VRF ``` int e0/0 ``` ``` ip vrf forwarding Blue ``` ``` ip add 192.168.1.2 255.255.255.0 ``` ``` no shut ``` ``` int e0/1 ``` ``` ip vrf forwarding Red ``` ``` ip add 192.168.2.2 255.255.255.0 ``` ``` no shut ``` ``` int e0/2 ``` ``` ip vrf forwarding Blue ``` ``` ip add 192.168.3.2 255.255.255.0 ``` ``` no shut ``` ``` int e0/3 ``` ``` ip vrf forwarding Red ``` ``` ip add 192.168.4.2 255.255.255.0 ``` ``` no shut ``` ![](/files/-MO4XgWyTzXXKP6xkZjK) > 看看 ISP 路由器的全局路由表 ``` do sh ip ro connected ``` > 檢查 VRF 路由表 ``` do sh ip ro vrf Blue ``` ![](/files/-MO4_bSg3VgO82lGHjny) ``` do sh ip ro vrf Red ``` ![](/files/-MO4_SPnmT7ml64EXxI0) ``` do ping vrf Blue 192.168.1.1 ``` ![](/files/-MO4YyTfTreJzhtuYcSf) > 配置靜態路由,則必須指定正確的 VRF。 > > R Blue 01有一個 IP 位址為 1.1.1.1 / 32 的環回接口。 > > 我們在 ISP 路由器上創建一個靜態路由,以便我們可以訪問它 ``` exit ``` ``` ip route vrf Blue 1.1.1.1 255.255.255.255 192.168.1.1 ``` ``` do ping vrf Blue 1.1.1.1 ``` ``` ip route vrf Red 2.2.2.2 255.255.255.255 192.168.2.1 ``` ``` do ping vrf Red 2.2.2.2 ``` ``` ip route vrf Blue 3.3.3.3 255.255.255.255 192.168.3.1 ``` ``` do ping vrf Blue 3.3.3.3 ``` ``` ip route vrf Red 4.4.4.4 255.255.255.255 192.168.4.1 ``` ``` do ping vrf Red 4.4.4.4 ``` ``` do sh ip ro vrf Upper ``` {% endtab %} {% endtabs %} ### OSPF {% tabs %} {% tab title="R1 ( Blue 01 )" %} ``` router ospf 1 ``` ``` network 192.168.1.0 0.0.0.255 area 0 ``` ``` network 1.1.1.1 0.0.0.0 area 0 ``` ![](/files/-MO4bvOHtQt756s_-bgV) {% endtab %} {% tab title="R2 ( Red 01 )" %} ``` router ospf 1 ``` ``` network 192.168.2.0 0.0.0.255 area 0 ``` ``` network 2.2.2.2 0.0.0.0 area 0 ``` ![](/files/-MO4c67gqDqXjCzBI9vl) {% endtab %} {% tab title="R3 ( Blue 02 )" %} ``` router ospf 1 ``` ``` network 192.168.3.0 0.0.0.255 area 0 ``` ``` network 3.3.3.3 0.0.0.0 area 0 ``` ![](/files/-MO4cUREYSiVft2ZaRlg) {% endtab %} {% tab title="R4 ( Red 02 )" %} ``` router ospf 1 ``` ``` network 192.168.4.0 0.0.0.255 area 0 ``` ``` network 4.4.4.4 0.0.0.0 area 0 ``` ![](/files/-MO4ceYxvoLHaDaaTKGU) {% endtab %} {% tab title="R5 ( ISP )" %} > Blue ``` router ospf 1 vrf Blue ``` ``` network 192.168.1.0 0.0.0.255 area 0 ``` ``` network 192.168.3.0 0.0.0.255 area 0 ``` > Red ``` router ospf 2 vrf Red ``` ``` network 192.168.2.0 0.0.0.255 area 0 ``` ``` network 192.168.4.0 0.0.0.255 area 0 ``` > ISP 路由器上的 VRF 路由表現在的樣子 ``` do sh ip ro vrf Blue ospf ``` ``` do sh ip ro vrf Red ospf ``` {% endtab %} {% endtabs %} ![](/files/-MOyoiK0Nvp2YdOID4QO) * **Dynamic NAT ( DAT ):Many to Many Mopping** * **Port NAT ( PAT ) :Many to 1** * **Static NAT:1 to 1** ### Part 01. ![](/files/-MOyqUSY36lKSRGanJkF) {% tabs %} {% tab title="R1" %} ``` int e0/0 ``` ``` ip add 12.1.1.1 255.255.255.0 ``` ``` no shut ``` ``` int lo1 ``` ``` ip add 192.168.1.1 255.255.255.0 ``` ``` no shut ``` ``` int lo2 ``` ``` ip add 192.168.2.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ``` ip route 0.0.0.0 0.0.0.0 12.1.1.2 ``` ![](/files/-MP15uKyR9CD4G0wj-aF) ``` do ping 12.1.1.2 ``` ``` do ping 23.1.1.3 ``` ``` do ping 23.1.1.3 source 192.168.1.1 ``` ``` do ping 23.1.1.3 source 192.168.2.1 ``` ![](/files/-MPM7uo1k4HnfQ4mPdh0) ![](/files/-MPM70ll2-BP4u13SeaT) ``` ping 3.3.3.3 source 192.168.1.1 ``` ![](/files/-MPMCThmqEos7ORBdHUS) ![](/files/-MPMDpIznGeKQsfLZ4zk) {% endtab %} {% tab title="R2" %} ``` int e0/0 ``` ``` ip add 12.1.1.2 255.255.255.0 ``` ``` no shut ``` ``` int e0/1 ``` ``` ip add 23.1.1.2 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ``` ip route 192.168.1.0 255.255.255.0 12.1.1.1 ``` ``` ip route 192.168.2.0 255.255.255.0 12.1.1.1 ``` ``` ip route 0.0.0.0 0.0.0.0 23.1.1.3 ``` ![](/files/-MP16_l98zIr_5vX8pJ4) ``` do ping 23.1.1.3 ``` ``` do ping 3.3.3.3 ``` ``` do ping 8.8.8.8 ``` ``` access-list 1 permit 192.168.1.0 0.0.0.255 ``` ``` access-list 2 permit 192.168.2.0 0.0.0.255 ``` ``` ip nat pool DNAT 23.1.1.100 23.1.1.200 netmask 255.255.255.0 ``` ``` int e0/0 ``` ``` ip nat inside ``` ``` int e0/1 ``` ``` ip nat outside ``` ``` exit ``` ``` ip nat inside source list 1 pool DNAT ``` ``` ip nat inside source list 2 pool DNAT ``` ![](/files/-MP197JnvxXQd74fc1_5) ``` exit ``` ``` sh ip nat translations ``` ``` sh ip nat statistics ``` ![](/files/-MPM8sVn-N95g25l1_BW) ``` conf t ``` ``` no ip nat inside source list 1 pool DNAT ``` ``` no ip nat inside source list 2 pool DNAT ``` ``` ip nat pool PAT 23.1.1.2 23.1.1.2 netmask 255.255.255.0 ``` ``` ip nat inside source list 1 pool DNAT overload ``` ``` ip nat inside source list 2 pool DNAT overload ``` ``` exit ``` ``` debug ip nat ``` ![](/files/-MPMAwgpJ370C90Z13cc) ![](/files/-MPMCY8Tsetl38BypRGk) {% endtab %} {% tab title="R3" %} ``` int e0/0 ``` ``` ip add 23.1.1.3 255.255.255.0 ``` ``` no shut ``` ``` int lo1 ``` ``` ip add 3.3.3.3 255.255.255.255 ``` ``` no shut ``` ``` int lo2 ``` ``` ip add 8.8.8.8 255.255.255.255 ``` ``` no shut ``` ``` exit ``` ``` do sh ip ro ``` ![](/files/-MP18-j5V7meybTMZfga) ``` conf t ``` ``` line vty 0 4 ``` ``` password cisco ``` ``` login ``` ``` transport input telnet ``` ![](/files/-MPMDE9zGAt16NZoFTMT) {% endtab %} {% endtabs %} ### Part 02. ![](/files/-MPMKii0F0wcYE2Uznl6) {% tabs %} {% tab title="Linux" %} ``` ifconfig eth0 192.168.3.2/24 ``` ``` ip addr add 192.168.3.2/24 brd + dev eth0 ``` ``` ip route add default via 192.168.3.1 ``` ``` ping 192.168.3.1 ``` ``` ping 12.1.1.1 ``` ``` ping 12.1.1.2 ``` ![](/files/-MPMPaU-37wVGgEh4V_w) ``` ping 23.1.1.2 ``` ![](/files/-MPMPgTmgTKbGD-daasF) ``` ip route add default 192.168.3.2/24 brd + dev eth0 ``` ``` wireshark ``` ``` telnet 23.1.1.3 ``` {% endtab %} {% tab title="R1" %} ``` conf t ``` ``` int e0/1 ``` ``` ip add 192.168.3.1 255.255.255.0 ``` ``` no shut ``` ![](/files/-MPMOLgUzY9t6r6J3TK8) {% endtab %} {% tab title="R2" %} ``` conf t ``` ``` ip route 192.168.3.0 255.255.255.0 12.1.1.1 ``` ``` access-list 3 permit 192.168.3.0 0.0.0.255 ``` ``` ip nat inside source list 3 pool DNAT overload ``` ![](/files/-MPMOgI2HjDpISExDdgI) {% endtab %} {% tab title="R3" %} ![](/files/-MPMSUHJIHA1_rNlw5KH) {% endtab %} {% endtabs %} ### Part 03. ![](/files/-MPMZqG_FC4oXKPPh3VN) {% tabs %} {% tab title="R1" %} ``` int e0/0 ``` ``` ip add 12.1.1.1 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ``` ip route 0.0.0.0 0.0.0.0 12.1.1.2 ``` ``` line vty 0 4 ``` ``` password cisco ``` ``` login ``` ``` transport input telnet ``` ![](/files/-MPM_nkDdDi2OlhshXNJ) {% endtab %} {% tab title="R2" %} ``` int e0/0 ``` ``` ip add 12.1.1.2 255.255.255.0 ``` ``` no shut ``` ``` int e0/1 ``` ``` ip add 23.1.1.2 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ``` ip route 0.0.0.0 0.0.0.0 23.1.1.3 ``` ``` telnet 12.1.1.1 ``` ``` exit ``` ``` int e0/0 ``` ``` ip nat inside ``` ``` int e0/1 ``` ``` ip nat outside ``` ``` exit ``` ``` ip nat inside source static 12.1.1.1 23.1.1.10 ``` ``` do sh ip nat translations ``` ![](/files/-MPMcJ54Ii9VbEAI328Q) {% endtab %} {% tab title="R3" %} ``` int e0/0 ``` ``` ip add 23.1.1.3 255.255.255.0 ``` ``` no shut ``` ``` exit ``` ``` do ping 23.1.1.2 ``` ``` telnet 23.1.1.10 ``` ![](/files/-MPMd7Ru1PJfsXtFZlkk) {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://anida-huang.gitbook.io/computer-network/qi-mo/20201209-vrf.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.