ospf+PPPoE的技术实现
MIKROTIK官网的WIKI关于OSPF+PPPoE的配置有些问题,以下给出相对完整的说明、配置以及验证过程拓扑如下所述:
总部的core有3条链路:
1、wan通过222.222.222.222/24的地址与公网相连网关为222.222.222.221
2、down_to_br通过192.168.33.2/24与分支机构的up_to_core相连
3、co_office接总部办公网,地址为172.16.2.100/24
分支机构也有3条链路:
1、up_to_core通过192.168.33.1/24 与总部的 down_to_br相连
2、br_office接分支机构办公网,地址为172.16.1.99/24
3、pppoe_svr未分配接口IP,下面用户只能通过PPPoE拨号访问
技术实现要求:使用OSPF协议使全网互通,并且实现过程包含包括动态拨号的PPPoE用户
两台设备的接口和IP配置结果如下:
> ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.33.1/24 192.168.33.0 192.168.33.255up_to_core
1 172.16.1.99/24 172.16.1.0 172.16.1.255 br_office
>
> ip ad pr
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.33.2/24 192.168.33.0 192.168.33.255down_to_br
1 172.16.2.100/24 172.16.2.0 172.16.2.255 co_office
2 222.222.222.222/24 222.222.222.0 222.222.222.255 wan
>
分支机构OSPF配置:
> ro os ex
# sep/10/2008 22:54:18 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ routing ospf
set router-id=1.1.1.1 distribute-default=never redistribute-connected=as-type-1 redistribute-static=as-type-1 \
redistribute-rip=no redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20 metric-rip=20 \
metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate authentication=none prefix-list-import="" \
prefix-list-export="" disabled=no
/ routing ospf interface
set FIXME interface=up_to_core cost=10 priority=1 authentication-key="" network-type=broadcast retransmit-interval=5s \
transmit-delay=1s hello-interval=10s dead-interval=40s
/ routing ospf network
add network=192.168.33.0/24 area=backbone disabled=no
>
总部OSPF配置
> ro os ex
# sep/10/2008 23:10:12 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ routing ospf
set router-id=2.2.2.2 distribute-default=always-as-type-1 \
redistribute-connected=as-type-1 redistribute-static=as-type-1 \
redistribute-rip=no redistribute-bgp=no metric-default=1 \
metric-connected=20 metric-static=20 metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 type=default translator-role=translate-candidate \
authentication=none prefix-list-import="" prefix-list-export="" \
disabled=no
/ routing ospf interface
set FIXME interface=down_to_br cost=10 priority=1 authentication-key="" \
network-type=broadcast retransmit-interval=5s transmit-delay=1s \
hello-interval=10s dead-interval=40s
/ routing ospf network
add network=192.168.33.0/24 area=backbone disabled=no
>
通过以上配置即可达到技术实现的要求(pppoe配置的部分略,请参考本论坛其他精华贴)
下面,测试并验证配置的结果
1、先检查静态路由
> ip ro ex
# sep/10/2008 22:45:00 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ ip route
>
> ip ro ex
# sep/11/2008 01:03:02 by RouterOS 2.9.27
# software id = PL4E-P00
#
/ ip route
add dst-address=0.0.0.0/0 gateway=222.222.222.221 scope=255 target-scope=10 \
comment="" disabled=no
>
通过核对静态路由配置,可以看出除了总部的缺省网关外,两台路由器上没有其它的静态路由配置
2、检查无拨号的动态路由
> ip ro pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 172.16.1.0/24 172.16.1.99 br_office
1 ADo 172.16.2.0/24 r 192.168.33.2 up_to_core
2 ADC 192.168.33.0/24 192.168.33.1 up_to_core
3Do 192.168.33.0/24
4 ADo 222.222.222.0/24 r 192.168.33.2 up_to_core
5 ADo 0.0.0.0/0 r 192.168.33.2 up_to_core
>
通过显示分支机构的路由表可以看到,它从总部通过OSPF协议学习到了1、3、4、5这4条路由信息,并且由于直连路由级别高,导致3这条路由处于非激活状态,另外需要特别注意的是,它还学到了0.0.0.0/0这条重要的默认路由,并指明了是从up_to_core这个口出去的!
> ip ro pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADo 172.16.1.0/24 r 192.168.33.1 down_to_br
1 ADC 172.16.2.0/24 172.16.2.100 co_office
2 ADC 192.168.33.0/24 192.168.33.2 down_to_br
3Do 192.168.33.0/24
4 ADC 222.222.222.0/24 222.222.222.222 wan
5 A S 0.0.0.0/0 r 222.222.222.221 wan
>
通过显示总部的路由表可以看到,通过OSPF协议,它从分支机构学习到了0、3这两条路由信息
3、拨号以后,检查动态拨号路由在动态路由中的表现
> ip ro pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADC 172.16.1.0/24 172.16.1.99 br_office
1 ADo 172.16.2.0/24 r 192.168.33.2 up_to_core
2 ADC 172.16.51.255/32 1.1.1.1 <pppoe-123>
3 ADC 192.168.33.0/24 192.168.33.1 up_to_core
4Do 192.168.33.0/24
5 ADo 222.222.222.0/24 r 192.168.33.2 up_to_core
6 ADo 0.0.0.0/0 r 192.168.33.2 up_to_core
>
通过branch的路由表项2可以看到有一个账号为123的PPPoE的用户拨号成功后获得了172.16.51.255/32这个地址
> ip ro pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADo 172.16.1.0/24 r 192.168.33.1 down_to_br
1 ADC 172.16.2.0/24 172.16.2.100 co_office
2 ADo 172.16.51.255/32 r 192.168.33.1 down_to_br
3 ADC 192.168.33.0/24 192.168.33.2 down_to_br
4Do 192.168.33.0/24
5 ADC 222.222.222.0/24 222.222.222.222 wan
6 A S 0.0.0.0/0 r 222.222.222.221 wan
>
通过core的路由表项2可以看到它学到了PPPoE用户的路由信息。
现在将拨号断开检查路由信息更新的情况
> ip ro pr
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf
# DST-ADDRESS PREF-SRC G GATEWAY DISTANCE INTERFACE
0 ADo 172.16.1.0/24 r 192.168.33.1 down_to_br
1 ADC 172.16.2.0/24 172.16.2.100 co_office
2 ADC 192.168.33.0/24 192.168.33.2 down_to_br
3Do 192.168.33.0/24
4 ADC 222.222.222.0/24 222.222.222.222 wan
5 A S 0.0.0.0/0 r 222.222.222.221 wan
>
现在,从总部的core中,可以看到,172.16.51.255/32这条路由信息因断开拨号连接自动从新学到的路由表里消失了。
注:pppoe配置的部分,请参考本论坛其他精华贴
[ 本帖最后由 parphy 于 2008-9-10 18:07 编辑 ] 这个帖子要顶下 我靠,收藏了。 想学习:) 看不懂,回来在学习吧, 有心人阿,,,分享的更是好样的.....得支持一下!!!不经常上来.来了,上来就看精品!!:lol 学习下,哈哈 这么厉害新手完全看不懂支持一下才重要 谢谢。。 收藏了。 好高深。。 一模一样的用2个虚拟机试了一下 怎么没有成功呢
比如 我在总部路由器上ping分支下面的172.16.1.0/24的地址段的ip地址,是不通的
[ 本帖最后由 红烧排骨 于 2008-12-8 16:08 编辑 ] 原帖由 红烧排骨 于 2008-12-8 16:04 发表 http://bbs.routerclub.com/images/common/back.gif
一模一样的用2个虚拟机试了一下 怎么没有成功呢
比如 我在总部路由器上ping分支下面的172.16.1.0/24的地址段的ip地址,是不通的
两台机器上用:
ip ro pr
看下路由表
[ 本帖最后由 parphy 于 2008-12-8 16:58 编辑 ] 我是菜鸟,看不太懂,但也顶楼主一下。 纯顶一下。