外部路由的Cisco IOS和NXOS之间的OSPF路由环路/次优路由配置示例
目录
简介
本文档介绍Nexus和Cisco IOS®功能之间的开放最短路径优先(OSPF)协议如何在Cisco IOS和Nexus操作系统(NXOS)中实施。
先决条件
要求
Cisco建议您了解OSPF协议。
使用的组件
本文档中的信息基于以下软件和硬件版本:
- NXOS版本6.2(6a)
- 思科IOS版本15.1(4)M1
背景信息
Cisco IOS设备支持RFC 1583。但是,NXOS支持RFC 2328,并且有一些设计,其中当网络中有外部OSPF路由时,这种差异会在网络中造成路由环路。
重要信息
RFC 1583和RFC 2328在如何在多个外部路由中选择最佳路由方面的区别在本节中讨论。
摘自RFC 1583第16.4.6节
要比较第1类外部路径,请查看到转发地址的距离和通告的第1类度量(X+Y)之和。 要比较第2类外部路径,请查看通告的第2类度量,然后根据需要查看到转发地址的距离。
如果新路径较短,则替换路由表条目中的当前路径。 如果新路径的开销相同,则会将其添加到路由表条目的路径列表中。
摘自RFC 2328第16.4.1节
使用非主干区域的区域内路径始终是首选路径。其他路径(区域内主干路径和区域间路径)的优先级相同。
配置
场景 1
网络图
R3和R4使用与OSPF外部类型E2路由相同的度量重分布同一网络172.16.1.0/24。R6首选R3通告的路由,因为到ASBR R3的转发度量比到R4的转发度量低,而172.16.1.0/24的下一跳是R1。(根据RFC 1583,路径选择仅基于开销。)
R6#sh ip ospf border-routers
OSPF Router with ID (192.168.6.6) (Process ID 1)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 192.168.4.4 [51] via 192.168.56.5, GigabitEthernet0/0, ASBR, Area 2, SPF 17
>>>> Cost is 51 to reach R4 ASBR.
i 192.168.1.1 [1] via 192.168.16.1, GigabitEthernet0/1, ABR, Area 2, SPF 17
I 192.168.3.3 [42] via 192.168.16.1, GigabitEthernet0/1, ASBR, Area 2, SPF 17
>>>> Cost is 42 to reach R3 ASBR
R6#sh ip route 172.16.1.0
Routing entry for 172.16.1.0/24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 42
Last update from 192.168.16.1 on GigabitEthernet0/1, 00:02:13 ago
Routing Descriptor Blocks:
* 192.168.16.1, from 192.168.3.3, 00:02:13 ago, via GigabitEthernet0/1
Route metric is 20, traffic share count is 1
R1首选由R4通告的路由,尽管开销较高,因为它是到ASBR的区域内路由。路由不通过主干区域,下一跳是R6(根据RFC 2328)。
R1-NXOS# sh ip ospf border-routers
OSPF Process ID 1 VRF default, Internal Routing Table
Codes: i - Intra-area route, I - Inter-area route
intra 192.168.2.2 [40], ABR, Area 0.0.0.0, SPF 18
via 192.168.12.2, Eth4/43
inter 192.168.3.3 [41], ASBR, Area 0.0.0.0, SPF 18 >>>> Cost is 41
via 192.168.12.2, Eth4/43
intra 192.168.4.4 [91], ASBR, Area 0.0.0.2, SPF 18 >>>> Cost is 91
via 192.168.16.6, Eth4/44
switch-R1-NXOS# sh ip route 172.16.1.0
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
172.16.1.0/24, ubest/mbest: 1/0
*via 192.168.16.6, Eth4/44, [110/20], 00:10:41, ospf-1, type-2
当R6将数据包发送到R1,而R1将数据包发送回R6时,这会导致网络出现环路。
R5#traceroute 172.16.1.1 numeric
Type escape sequence to abort.
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.56.6 4 msec 0 msec 0 msec
2 192.168.16.1 4 msec 0 msec 4 msec
3 192.168.16.6 0 msec 4 msec 0 msec
4 192.168.16.1 4 msec 0 msec 4 msec
5 192.168.16.6 0 msec 4 msec 0 msec
如您所见,数据包在R1和R6之间循环。要解决此问题,您需要更改NXOS上的RFC兼容性。
R1-NXOS(config)# router ospf 1
R1-NXOS(config-router)# rfc1583compatibility
switch-R1-NXOS# sh ip route 172.16.1.0
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
172.16.1.0/24, ubest/mbest: 1/0
*via 192.168.12.2, Eth4/43, [110/20], 00:00:40, ospf-1, type-2
现在,R1将其正确指向R2,并从网络中去除环路。
R5#traceroute 172.16.1.1 numeric
Type escape sequence to abort.
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.56.6 0 msec 4 msec 0 msec
2 192.168.16.1 0 msec 0 msec 0 msec
3 192.168.12.2 4 msec 0 msec 0 msec
4 192.168.23.3 4 msec 0 msec 4 msec
5 192.168.23.3 4 msec 0 msec 4 msec
场景 2
网络图
R1从R6接收NSSA外部(类型7)路由,从R2接收相同前缀172.16.1.0/24的外部(类型5)路由。R1首选类型7,但通常在OSPF类型5中优先于类型7。
R1-NXOS# sh ip ospf database nssa-external 172.16.1.0 detail
OSPF Router with ID (192.168.1.1) (Process ID 1 VRF default)
Type-7 AS External Link States (Area 0.0.0.2)
LS age: 914
Options: 0x28 (No TOS-capability, Type 7/5 translation, DC)
LS Type: Type-7 AS-External
Link State ID: 172.16.1.0 (Network address)
Advertising Router: 192.168.4.4 >>>>> Type 7 originated by R4
and installed in the RIB.
LS Seq Number: 0x80000001
Checksum: 0x3696
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 192.168.45.4
External Route Tag: 0>
R1-NXOS# sh ip ospf database external 172.16.1.0 detail
OSPF Router with ID (192.168.1.1) (Process ID 1 VRF default)
Type-5 AS External Link States
LS age: 853
Options: 0x2 (No TOS-capability, No DC)
LS Type: Type-5 AS-External
Link State ID: 172.16.1.0 (Network address)
Advertising Router: 192.168.1.1 >>>>> Since Type 7 is installed
in the RIB, it was converted to type 5
LS Seq Number: 0x80000001
Checksum: 0xb545
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0<
Metric: 20
Forward Address: 192.168.45.4
External Route Tag: 0<
LS age: 596
Options: 0x20 (No TOS-capability, DC)
LS Type: Type-5 AS-External
Link State ID: 172.16.1.0 (Network address)
Advertising Router: 192.168.3.3 >>>>>> Type 5 is also received from R3
LS Seq Number: 0x80000002
Checksum: 0x2250
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)>
TOS: 0
Metric: 20<>
Forward Address: 0.0.0.0
External Route Tag: 0
R1-NXOS# sh ip route 172.16.1.0
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.1.0/24, ubest/mbest: 1/0
*via 192.168.16.6, Eth4/44, [110/20], 00:16:54, ospf-1, nssa type-2 >>>> Type 7
route is installed in RIB.
由于R1在OSPF路由器进程下未配置rfc1583compatibility命令,并且路由的第5类链路状态通告(LSA)adv-router-id在区域0(主干路由器)中可到达,因此OSPF始终通过非主干区域获取路由的路径。在本例中,下一跳在区域2中选择(根据RFC 2328)。
R1-NXOS(config)# router ospf 1
R1-NXOS(config-router)# rfc1583compatibility
R1-NXOS# sh ip route 172.16.1.0
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.1.0/24, ubest/mbest: 1/0
*via 192.168.12.2, Eth4/43, [110/20], 00:00:04, ospf-1, type-2 >>>> Type 5
route is installed in RIB.
建议
如果网络具有与OSPFv2一起运行的NXOS和Cisco IOS,则还存在其它设计或网络方案,其中此兼容性问题可能导致网络出现环路或次优路由。
如果网络包含仅支持RFC1583(即Cisco IOS)的设备,则思科建议在NXOS OSPF路由器配置模式下使用RFC 1583兼容性命令。
验证
当前没有可用于此配置的验证过程。
故障排除
目前没有针对此配置的故障排除信息。
反馈