温馨提示×

温馨提示×

您好,登录后才能下订单哦!

密码登录×
登录注册×
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》

RIP在Juniper上的配置

发布时间:2020-07-24 08:40:22 来源:网络 阅读:1366 作者:带刺的板栗 栏目:安全技术

RIP协议,路由信息协议,最简单的距离矢量协议,最大跳数15跳,16不可达,采用广播的方式进行路由表的扩散与更新,数据包中不包含子网掩码(2代中有),以及

外层协议的标记等等

在这里只在Juniper的设备上配置RIP协议,熟悉一下,原理不变

网络拓扑图下所示:

R1-------R2------R3

接口连接:

em1.12-----em2.12 192.168.1.1/24

em2.23-----em3.23 192.168.2.1/24

在每台路由器上创建相应的环回接口:

r1: 1.1.1.1/32

r2: 2.2.2.2/32

r3: 3.3.3.3/32

创建三个逻辑路由器;

logical-routers {

r1;

r2;

r3;

配置接口IP地址:

juniper@Olive# set interfaces em1.12 family inet address 192.168.1.1/24


[edit logical-routers r1]

juniper@Olive# set interfaces lo0.12 family inet address 1.1.1.1/24

在R2 和R3上作类似配置;

查看接口的配置情况:

juniper@Olive> show interfaces terse

Interface Admin Link Proto Local Remote

dsc up up

em0 up up

em0.0 up up inet 192.168.72.10/24

em1 up up

em1.12 up up inet 192.168.1.1/24

em1.32767 up up

em2 up up

em2.12 up up inet 192.168.1.2/24

em2.23 up up inet 192.168.2.1/24

em2.32767 up up

em3 up up

em3.23 up up inet 192.168.2.2/24

lo0 up up

lo0.12 up up inet 1.1.1.1/24

lo0.21 up up inet 2.2.2.2 --> 0/0

lo0.23 up up inet 3.3.3.3 --> 0/0

lo0.16384 up up inet 127.0.0.1 --> 0/0

测试通信:

在R1上去PING R2的接口IP地址:

juniper@Olive# run ping 192.168.1.2 logical-router r1

PING 192.168.1.2 (192.168.1.2): 56 data bytes

64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=0.387 ms

64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.351 ms

^C

--- 192.168.1.2 ping statistics ---

2 packets transmitted, 2 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.351/0.369/0.387/0.018 ms


[edit logical-routers r1]


在这之前有必要配置一下静态路由,虽然静态路由非常简单的,但是作为Juniper的配置来说,还是与思科华为的有些不同。

有配置的时候一定要指定掩码,你配置了192.168.1.0 next-hop 192.168.1.2 ,它不会报错,但是不通,在以后的配置时

养成良好的习惯。

配置如下所示:

routing-options {

static {

route 192.168.2.0/24 {

next-hop 192.168.1.2;

metric 2;

}

}

}


set routing-options static route 192.168.1.0/24 next-hop 192.168.1.0/24 next-hop 192.168.2.1 metric 2




配置RIP协议:

我们在思科、华为的设备上的时候,就直接Network了,宣告就行了,但在Juniper的配置的时候,即使你在接口上发送了

组播的数据包,但是邻居还是起不来,这时你必须配置策略,进行相关的宣告;

首先配置如下策略,将直连的宣告:


Applying Export Policy

policy-options {

policy-statement connected-routes {

term advertise-routes {

from protocol direct;

then accept;

}

}

具体的配置命令就不列出来了。

将来自RIP协议的路由进行宣告:

policy-statement transit-rip-routes {

term advretise-routes {

from protocol rip;

then accept;

}

}

}

在协议中再进行配置:

protocols {

rip {

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23;

}

}

}

在接口em3.23上将策略进行应用,将路由信息宣告出去。

查看邻居的信息:

[edit logical-routers r2]

juniper@Olive# run show rip neighbor logical-router r2

Source Destination Send Receive In

Neighbor State Address Address Mode Mode Met

-------- ----- ------- ----------- ---- ------- ---

em2.12 Up 192.168.1.2 224.0.0.9 mcast both 1

em2.23 Up 192.168.2.1 224.0.0.9 mcast both 1

查看路由表信息:

juniper@Olive# run show route protocol rip logical-router r2


inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


1.1.1.0/24 *[RIP/100] 00:30:08, metric 2, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 00:25:36, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:25:39, metric 1

MultiRecv


Applying Import Policy


The JUNOS software allows you to filter routes being imported by the local router from its neighbors. You can use import policies to reject unwanted routes or to alter the metric on routes received from certain neighbors. To accomplish these goals, you create a routing policy, which you then apply to the RIP configuration. If you specify more than one policy, they are evaluated in order (first to last) and the first matching policy is applied to the route. If no match is found, the local router imports all usable RIP routes from all neighbors.


在R2上配置如下所示:

policy-statement filter-riesling {

term filter-routes {

from {

protocol rip;

route-filter 192.168.100.0/24 orlonger;

}

then reject;

}

增加一条进入的过滤策略,将192.168.100.0 的过滤了,所在在R2和R1上就不再在有这样的一条路由信息了;

将在相应的接口进行配置,这是在协议上具体实现的。

protocols {

rip {

group neighbor-routers {

export [ transit-rip-routes connected-routes ];

neighbor em2.12;

neighbor em2.23 {

import filter-riesling;

}

}



Modifying the Incoming Metric


对于些配置我就不作过多的解释,它本意就是如此,只是应用到JUNOS软件中而已,不管你在怎样的设备上配置RIP,它的一些特性不是不会改变的,

RIP运行这么多年了,那个供应商也不会去改变的特性应用,只是在配置方面有所不一样而已;

在R1上作如下配置:

protocols {

rip {

group neihbor-routes {

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

metric-in 5;

}

}

}

}

查看相应的结果:

juniper@Olive# run show route protocol rip logical-router r1


inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


2.2.2.2/32 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/100] 01:03:13, metric 7, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/100] 01:07:45, metric 6, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:02:43, metric 1

MultiRecv


可以看出,度量值增加了;



Modifying the Outgoing Metric


配置命令只增加一小条而已;

protocols {

rip {

group neihbor-routes {

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

在其他的路由设备上查看相应的结果:

juniper@Olive# run show route protocol rip logical-router r2


inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


1.1.1.0/24 *[RIP/100] 01:19:41, metric 11, tag 0

> to 192.168.1.1 via em2.12

3.3.3.3/32 *[RIP/100] 01:15:09, metric 2, tag 0

> to 192.168.2.2 via em2.23

224.0.0.9/32 *[RIP/100] 00:01:40, metric 1

MultiRecv



Configuring Authentication


By default, authentication between RIP neighbors is disabled within the JUNOS software;You can configure it globally for all peers or on a peer-by-peer basis within the neighbor configuration hierarchy;


Simple authentication Uses a plain-text password that is included in the transmitted packet.


MD5 authentication Sends the result of a one-way hashing algorithm in the transmitted packet.


在配置认证的时候,有一个时间的缓冲时间,在这段时间里,虽然你可以看到路由信息,但是Ping不通的,网络还没有收敛完成;

简单配置如下所示:


protocols {

rip {

authentication-type md5;

authentication-key "$9$VMsgJikP36AGD6Ap0hcbs2"; ## SECRET-DATA

group neighbor-routers {

export [ connected-routes transit-rip-routes ];

neighbor em3.23



Controlling Route Preference


The JUNOS software default for the preference of RIP routes within the routing table is 100. The routing table uses the preference values to select the best route when multiple protocols are advertising the same destination prefix;

有些配置操作其实就在协议的全局模式下进行配置的,所应用到的就是启用了协议的接口;

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12;

}

}

}

路由设备上可以看到这一优先级,当网络拓扑图复杂点时,可以修改优先级进行相应的路由选择;


juniper@Olive# run show route protocol rip logical-router r1


inet.0: 8 destinations, 8 routes (8 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both


2.2.2.2/32 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

3.3.3.3/32 *[RIP/90] 01:48:29, metric 3, tag 0

> to 192.168.1.2 via em1.12

192.168.2.0/24 *[RIP/90] 01:48:16, metric 2, tag 0

> to 192.168.1.2 via em1.12

224.0.0.9/32 *[RIP/100] 00:04:10, metric 1



Configuring Update Messages


By default, all RIP routers will advertise RIPv2 messages via multicast to all configured neighbors. In addition, all routers are able to receive both RIPv1 and RIPv2 messages.;

The receive-options values are:

both Accept RIPv1 and v2 packets.

none Do not receive RIP packets.

version-1 Accept only RIPv1 packets.

version-2 Accept only RIPv2 packets.



配置也是比较简单的;

protocols {

rip {

authentication-type md5;

authentication-key "$9$d8w2ajHmFnCZUnCtuEhVwY"; ## SECRET-DATA

group neihbor-routes {

preference 90;

metric-out 10;

export [ connected-routes transit-rip-routes ];

neighbor em1.12 {

send version-1;

receive version-1



Configuring the Number of Route Entries in an Update Message


You can increase the default size of the RIP Response messages to include more than 25 route entries in each Update message. The maximum number of route entries you can advertise is 255 in a single message;


juniper@Olive# set protocols rip message-size 100

如此就行;



Accepting Packets Whose Reserved Fields Are Nonzero


Recall that the Request and Response messages for both RIPv1 and RIPv2 were identical. The difference between them was in the use of the message fields. RIPv1 viewed many fields as reserved, while the RIPv2 specification used those same fields for subnet mask, next hop, and so forth.


这一条命令的作用是因为RIPV1和RIPV2的数据包格式不一样,为不使检验出错,忽略检查 ;


juniper@Olive# set protocols rip no-check-zero


向AI问一下细节

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

AI