20201209 cisco VRF & OSPF

課堂資料

Virtual Routing and Forwarding

Virtual Routing and Forwarding(VRF):虛擬路由和轉發,為第三層的網路虛擬化。

課堂練習

VRF

R1 ( Blue 01 )
R2 ( Red 01 )
R3 ( Blue 02 )
R4 ( Red 02 )
R5 ( ISP )
int e0/0
ip add 192.168.1.1 255.255.255.0
no shut
exit
int e0/0
ip add 192.168.2.1 255.255.255.0
no shut
exit
int e0/0
ip add 192.168.3.1 255.255.255.0
no shut
exit
int e0/0
ip add 192.168.4.1 255.255.255.0
no shut
exit
創建這些 VRF
ip vrf Blue
exit
ip vrf Red
exit
使用ip vrf forwarding命令將接口分配給正確的 VRF
int e0/0
ip vrf forwarding Blue
ip add 192.168.1.2 255.255.255.0
no shut
int e0/1
ip vrf forwarding Red
ip add 192.168.2.2 255.255.255.0
no shut
int e0/2
ip vrf forwarding Blue
ip add 192.168.3.2 255.255.255.0
no shut
int e0/3
ip vrf forwarding Red
ip add 192.168.4.2 255.255.255.0
no shut
看看 ISP 路由器的全局路由表
do sh ip ro connected
檢查 VRF 路由表
do sh ip ro vrf Blue
do sh ip ro vrf Red
do ping vrf Blue 192.168.1.1
配置靜態路由,則必須指定正確的 VRF。
R Blue 01有一個 IP 位址為 1.1.1.1 / 32 的環回接口。
我們在 ISP 路由器上創建一個靜態路由,以便我們可以訪問它
exit
ip route vrf Blue 1.1.1.1 255.255.255.255 192.168.1.1
do ping vrf Blue 1.1.1.1
ip route vrf Red 2.2.2.2 255.255.255.255 192.168.2.1
do ping vrf Red 2.2.2.2
ip route vrf Blue 3.3.3.3 255.255.255.255 192.168.3.1
do ping vrf Blue 3.3.3.3
ip route vrf Red 4.4.4.4 255.255.255.255 192.168.4.1
do ping vrf Red 4.4.4.4
do sh ip ro vrf Upper

OSPF

R1 ( Blue 01 )
R2 ( Red 01 )
R3 ( Blue 02 )
R4 ( Red 02 )
R5 ( ISP )
router ospf 1
network 192.168.1.0 0.0.0.255 area 0
network 1.1.1.1 0.0.0.0 area 0
router ospf 1
network 192.168.2.0 0.0.0.255 area 0
network 2.2.2.2 0.0.0.0 area 0
router ospf 1
network 192.168.3.0 0.0.0.255 area 0
network 3.3.3.3 0.0.0.0 area 0
router ospf 1
network 192.168.4.0 0.0.0.255 area 0
network 4.4.4.4 0.0.0.0 area 0
Blue
router ospf 1 vrf Blue
network 192.168.1.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
Red
router ospf 2 vrf Red
network 192.168.2.0 0.0.0.255 area 0
network 192.168.4.0 0.0.0.255 area 0
ISP 路由器上的 VRF 路由表現在的樣子
do sh ip ro vrf Blue ospf
do sh ip ro vrf Red ospf
  • Dynamic NAT ( DAT ):Many to Many Mopping
  • Port NAT ( PAT ) :Many to 1
  • Static NAT:1 to 1

Part 01.

R1
R2
R3
int e0/0
ip add 12.1.1.1 255.255.255.0
no shut
int lo1
ip add 192.168.1.1 255.255.255.0
no shut
int lo2
ip add 192.168.2.1 255.255.255.0
no shut
exit
ip route 0.0.0.0 0.0.0.0 12.1.1.2
do ping 12.1.1.2
do ping 23.1.1.3
do ping 23.1.1.3 source 192.168.1.1
do ping 23.1.1.3 source 192.168.2.1
ping 3.3.3.3 source 192.168.1.1
int e0/0
ip add 12.1.1.2 255.255.255.0
no shut
int e0/1
ip add 23.1.1.2 255.255.255.0
no shut
exit
ip route 192.168.1.0 255.255.255.0 12.1.1.1
ip route 192.168.2.0 255.255.255.0 12.1.1.1
ip route 0.0.0.0 0.0.0.0 23.1.1.3
do ping 23.1.1.3
do ping 3.3.3.3
do ping 8.8.8.8
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.2.0 0.0.0.255
ip nat pool DNAT 23.1.1.100 23.1.1.200 netmask 255.255.255.0
int e0/0
ip nat inside
int e0/1
ip nat outside
exit
ip nat inside source list 1 pool DNAT
ip nat inside source list 2 pool DNAT
exit
sh ip nat translations
sh ip nat statistics
conf t
no ip nat inside source list 1 pool DNAT
no ip nat inside source list 2 pool DNAT
ip nat pool PAT 23.1.1.2 23.1.1.2 netmask 255.255.255.0
ip nat inside source list 1 pool DNAT overload
ip nat inside source list 2 pool DNAT overload
exit
debug ip nat
int e0/0
ip add 23.1.1.3 255.255.255.0
no shut
int lo1
ip add 3.3.3.3 255.255.255.255
no shut
int lo2
ip add 8.8.8.8 255.255.255.255
no shut
exit
do sh ip ro
conf t
line vty 0 4
password cisco
login
transport input telnet

Part 02.

Linux
R1
R2
R3
ifconfig eth0 192.168.3.2/24
ip addr add 192.168.3.2/24 brd + dev eth0
ip route add default via 192.168.3.1
ping 192.168.3.1
ping 12.1.1.1
ping 12.1.1.2
ping 23.1.1.2
ip route add default 192.168.3.2/24 brd + dev eth0
wireshark
telnet 23.1.1.3
conf t
int e0/1
ip add 192.168.3.1 255.255.255.0
no shut
conf t
ip route 192.168.3.0 255.255.255.0 12.1.1.1
access-list 3 permit 192.168.3.0 0.0.0.255
ip nat inside source list 3 pool DNAT overload

Part 03.

R1
R2
R3
int e0/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
ip route 0.0.0.0 0.0.0.0 12.1.1.2
line vty 0 4
password cisco
login
transport input telnet
int e0/0
ip add 12.1.1.2 255.255.255.0
no shut
int e0/1
ip add 23.1.1.2 255.255.255.0
no shut
exit
ip route 0.0.0.0 0.0.0.0 23.1.1.3
telnet 12.1.1.1
exit
int e0/0
ip nat inside
int e0/1
ip nat outside
exit
ip nat inside source static 12.1.1.1 23.1.1.10
do sh ip nat translations
int e0/0
ip add 23.1.1.3 255.255.255.0
no shut
exit
do ping 23.1.1.2
telnet 23.1.1.10