CCNP闫辉老师讲解【递归路由】实验手册(课堂笔记)

递归路由实验手册

实验要求：

①R1能够R4的4个子网，并且实现路径的冗余备份

②实现非对称路由:R1的ICMP echo包和R4的ICMP reply包使用不同路径

分析：如果只在R2上配置静态路由：

ip route 10.0.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.1.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.2.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.3.1.0 255.255.255.0 f0/1 200.2.2.4

那么如果R2路由down掉，想切换到R3这条链路，必须在R3上进行同样的配置： ip route 10.0.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.1.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.2.1.0 255.255.255.0 f0/1 200.2.2.4 ip route 10.3.1.0 255.255.255.0 f0/1 200.2.2.4

如果网络中有成百上千条路由条目，进行这样的配置简直能让人疯掉。

------------------------------------------------------------------------------------------------------------------------------ 下面，我们来尝试在R1直接配置到目标网段的静态路由： ip route 10.0.1.0 255.255.255.0 f0/0 200.2.2.4 ip route 10.1.1.0 255.255.255.0 f0/0 200.2.2.4 ip route 10.2.1.0 255.255.255.0 f0/0 200.2.2.4 ip route 10.3.1.0 255.255.255.0 f0/0 200.2.2.4

此时来查看R1，R2，R3的路由表： R1(config)#do show ip route

-------------------------------------------------------------------------------------- Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0 100.0.0.0/24 is subnetted, 1 subnets

C 100.1.1.0 is directly connected, FastEthernet0/0 10.0.0.0/24 is subnetted, 4 subnets

S 10.3.1.0 [1/0] via 200.2.2.4, FastEthernet0/0 S 10.2.1.0 [1/0] via 200.2.2.4, FastEthernet0/0 S 10.1.1.0 [1/0] via 200.2.2.4, FastEthernet0/0 S 10.0.1.0 [1/0] via 200.2.2.4, FastEthernet0/0

R2(config)#do sh ip route

---------------------------------------------------------------------------------------- Gateway of last resort is not set

100.0.0.0/24 is subnetted, 1 subnets

C 100.1.1.0 is directly connected, FastEthernet0/0 C 200.2.2.0/24 is directly connected, FastEthernet0/1 10.0.0.0/24 is subnetted, 4 subnets

S 10.3.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.2.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.1.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.0.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 R3(config)#do show ip route

------------------------------------------------------------------------------------------- Gateway of last resort is not set

100.0.0.0/24 is subnetted, 1 subnets

C 100.1.1.0 is directly connected, FastEthernet0/0 C 200.2.2.0/24 is directly connected, FastEthernet0/1 10.0.0.0/24 is subnetted, 4 subnets

S 10.3.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.2.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.1.1.0 [1/0] via 200.2.2.4, FastEthernet0/1 S 10.0.1.0 [1/0] via 200.2.2.4, FastEthernet0/1

可以看出R1，R2，R3都有了去往目标网络的完整路由表

此时，如果ping目标网络可以通吗？当然不通，因为R1配置的静态路由只是告诉它去往4个目标网段要从f0/0接口发数据，到达R4的200.2.2.4。可是现在R1没有去往R4到达路由，因此无法ping通。 R1(config)#do ping 200.2.2.4 Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 200.2.2.4, timeout is 2 seconds: .....

Success rate is 0 percent (0/5)

此时，R1路由器会像一台PC一样，发送ARP请求200.2.2.24 对应的MAC，下面用debug命令来验证一下，在R1，R2，R3的特权模式下都开启debug arp，在R1上ping其中一个目标IP地址：10.0.1.4 R1#ping 10.0.1.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:

*Mar 1 01:16:11.251: IP ARP: sent req src 100.1.1.1 c001.27a4.0000, dst 200.2.2.4 0000.0000.0000 FastEthernet0/0

*Mar 1 01:16:11.267: IP ARP rep filtered src 200.2.2.4 c003.274c.0000, dst 100.1.1.1 c001.27a4.0000 wrong cable, interface FastEthernet0/0

此时，在R2和R3路由上会使用proxy arp（代理ARP），用自己的F0/0接口的MAC地址作为200.2.2.4的MAC地址reply给R1。R2和R3启用proxy arp的条件：①开启proxy arp（默认都是开启的）②源IP和目标IP在不同的网段③R2和R3分别都有去往源IP和目标IP的路由。由拓扑可以看出，它们满足上述三个条件。下面来看一下R2的debug arp的输出： R2#

*Mar 1 01:34:15.487: IP ARP: rcvd req src 100.1.1.1 c001.27a4.0000, dst 200.2.2.4 FastEthernet0/0 *Mar 1 01:34:15.487: IP ARP: sent rep src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 c001.27a4.0000 FastEthernet0/0

我们来验证一下： R2#show int f0/0

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is c002.271c.0000 (bia c002.271c.0000) Internet address is 100.1.1.2/24

可以看出的确是用R2的F0/0接口的MAC地址回复给R1的。同理，R3也会把自己的F0/0接口的MAC地址回复给R1。但R1不会接收R2和R3的ARP应答。 R1#ping 10.0.1.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:

*Mar 1 01:16:11.267: IP ARP rep filtered src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 c001.27a4.0000 wrong cable, interface FastEthernet0/0. 知识点：

由于，R1没有去往200.2.2.4的路由，因此会过滤掉R2和R3回应的arp包，不会收录进自己的arp cable。

假设此时，R1能够信任R2或R3发来的arp回应包，收录进自己的arp cable，由于R2和R3拥有去往目标网段的路由，这样R1就能够ping通目标网络了。然而，R1不能信任R2或R3的arp回应包的原因是什么呢？当然是R1没有去往200.2.2.0/24网段的路由。下面给R1配置一个去往该网段的静态路由。 R1(config)#ip route 200.2.2.0 255.255.255.0 f0/0 100.1.1.2

此时，R1收录R2和R3的两条回应包。再去ping 10.0.1.4，当然还是ping不通，因为R4没有echo reply包的路由。 R1#ping 10.0.1.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.0.1.4, timeout is 2 seconds:

*Mar 1 01:30:32.299: IP ARP: rcvd rep src 200.2.2.4 c002.271c.0000, dst 100.1.1.1 FastEthernet0/0 *Mar 1 01:30:32.303: IP ARP: rcvd rep src 200.2.2.4 c003.274c.0000, dst 100.1.1.1 FastEthernet0/0 查看R1的arp表： R1#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 100.1.1.1 - c001.27a4.0000 ARPA FastEthernet0/0 Internet 100.1.1.2 15 c002.271c.0000 ARPA FastEthernet0/0 Internet 200.2.2.4 14 c002.271c.0000 ARPA FastEthernet0/0

因此，此时ping10.0.1.4的时候，R1就能够把ICMP echo包发送给R4。再看一下R1的路由表： R1#show ip route

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Loopback0 100.0.0.0/24 is subnetted, 1 subnets

C 100.1.1.0 is directly connected, FastEthernet0/0 S 200.2.2.0/24 [1/0] via 100.1.1.2, FastEthernet0/0 10.0.0.0/24 is subnetted, 4 subnets

S 10.3.1.0 [1/0] via 200.2.2.4, FastEthernet0/0 S 10.2.1.0 [1/0] via 200.2.2.4, FastEthernet0/0 S 10.1.1.0 [1/0] via 200.2.2.4, FastEthernet0/0