簡單的說distribution-list就是一個控制工具,主要運用於各路由協議來跟路由打交道,可執行在出方向或是入方向來控制發送或是接收路由時包含那些路由或是不包含那些路由。
但這個distribution-list運用於OSPF時需要注意它的工作方式!
對於OSPF來說它是鏈路狀態路由協議,所以它傳送flooding的資訊並不是路由條目,而是一條一條的LSA(鏈路狀態通告),所以也就是說我們要使用distribution-list去抓出路由並控制它是有一些限制的,在OSFP工作下distribution-list僅能工作在二個地方。
- 路由器自身加載路由表時加以控制(僅能控制自己,無法控制neighbor加載該路由)
- 過濾 Type 5 / Type 7 LSA (必需在ASBR上控制,在引入OSPF時加以控制)
本文只討論第1種狀況
說明LAB架構
目的:distribution-list對OSPF控制行為
狀況:使R1無去往R2 lo0 2.2.2.2/32路由
查看R1路由表
R1#sh ip route
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 12.1.1.2, 00:24:17, FastEthernet0/0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.1.1.0/24 is directly connected, FastEthernet0/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.1.1.0/24 is directly connected, FastEthernet1/0
查看R3路由表
R3#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 13.1.1.1, 00:28:55, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 13.1.1.1, 00:28:34, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O 12.1.1.0 [110/2] via 13.1.1.1, 00:28:44, FastEthernet1/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.1.1.0/24 is directly connected, FastEthernet1/0
配置ACL
R1(config)#access-list 10 deny 2.2.2.2
R1(config)#access-list 10 permit any
套用distribution-list
R1(config)#router ospf 110
R1(config-router)#distribute-list 10 in fastEthernet 0/0
配置後查看R1路由,目前2.2.2.2/32己無加載入路由表。
R1#sh ip route
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, Loopback0
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.1.1.0/24 is directly connected, FastEthernet0/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.1.1.0/24 is directly connected, FastEthernet1/0
如何確認R1只影響了自身的路由表呢?可以確認二個地方。確認R1的LSDB
1.確認R1的LSDB是否有收到R2的Type 1 LSA,很明顯可以看到這個LSA是有收到R1的LSDB中,並經過自身計算後,路由器抑制該路由進到路由表中。
R1#sh ip ospf database
OSPF Router with ID (1.1.1.1) (Process ID 110)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 44 0x80000004 0x00BE03 3
2.2.2.2 2.2.2.2 44 0x80000003 0x00C91E 2
3.3.3.3 3.3.3.3 94 0x80000003 0x006094 1
2.查看R3路由表,確認該路由還是有進到R3路由表中,這表示該LSA R3從R1接收到,並放進LSDB計算後加載進路由表。
R3#sh ip route
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 13.1.1.1, 00:28:55, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 13.1.1.1, 00:28:34, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O 12.1.1.0 [110/2] via 13.1.1.1, 00:28:44, FastEthernet1/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.1.1.0/24 is directly connected, FastEthernet1/0
總結:OSPF做為一個LS路由協議,傳送的並不是路由條目,而是透過LSB傳送路由訊息及拓扑訊息,在同一區域中所有LSA必需要同步,經由自身的計算產生路由表,所以distribution-list在介面中只能使用in的方向,來影響自身路由表加載,如下所示。
R2(config)#access-list 10 deny 2.2.2.2
R2(config)#access-list 10 permit any
R2(config-router)#distribute-list 10 out fastEthernet 0/0
% Interface not allowed with OUT for OSPF
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 13.1.1.1, 00:28:55, FastEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 13.1.1.1, 00:28:34, FastEthernet1/0
12.0.0.0/24 is subnetted, 1 subnets
O 12.1.1.0 [110/2] via 13.1.1.1, 00:28:44, FastEthernet1/0
13.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 13.1.1.0/24 is directly connected, FastEthernet1/0
總結:OSPF做為一個LS路由協議,傳送的並不是路由條目,而是透過LSB傳送路由訊息及拓扑訊息,在同一區域中所有LSA必需要同步,經由自身的計算產生路由表,所以distribution-list在介面中只能使用in的方向,來影響自身路由表加載,如下所示。
R2(config)#access-list 10 deny 2.2.2.2
R2(config)#access-list 10 permit any
R2(config-router)#distribute-list 10 out fastEthernet 0/0
% Interface not allowed with OUT for OSPF
沒有留言:
張貼留言