Cisco
Cisco 和瞻博網路之間的 OSPF
以下是 Cisco 和 Juniper 設備之間的 ospf 配置片段。然而,並不是所有人都在“show ip ospf”中看到對方,尤其是重新分配到 ospf 中的路由。
我確定路由器 ID 是唯一的,並且都具有重疊區域。不在這些設備上使用任何專有功能(nssa、完全 nssa、完全粗短等)。誰能注意到我沒有看到的東西?還是 ospf 處於完全鄰接和收斂狀態,而我只是偏執?謝謝。
$$ 891 $$
! router ospf 1 router-id 8.8.8.8 ! interface FastEthernet8 description $ETH-WAN$ ip address 10.10.10.100 255.255.255.0 ip ospf 1 area 0 duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 !$$ 2911 - main gw $$
interface GigabitEthernet0/1.10 description $FW_INSIDE$ encapsulation dot1Q 10 ip address 10.10.20.10 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security in-zone ip ospf 1 area 2 ! interface GigabitEthernet0/1.50 description $FW_INSIDE$ encapsulation dot1Q 50 ip address 10.10.10.5 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security in-zone ip ospf 1 area 0 ! ! interface GigabitEthernet0/1.70 description $FW_INSIDE$ encapsulation dot1Q 70 ip address 10.10.70.10 255.255.255.0 ip nat inside ip virtual-reassembly in zone-member security in-zone ip ospf 1 area 7 ! router ospf 1 router-id 9.9.9.9 redistribute static metric 1000 subnets !$$ ASA $$
! router ospf 1 router-id 5.5.5.5 network 10.10.10.0 255.255.255.0 area 0 log-adj-changes !$$ Juniper SRX $$
set routing-options static route 0.0.0.0/0 next-hop 10.10.10.5 set routing-options router-id 2.2.2.2 set protocols ospf area 0.0.0.0 interface fe-0/0/0.0$$ show ospf(s) $$
sndlt2911#sho ip osp nei Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 128 2WAY/DROTHER 00:00:37 10.10.10.101 GigabitEthernet0/1.50 5.5.5.5 1 FULL/BDR 00:00:36 10.10.10.2 GigabitEthernet0/1.50 8.8.8.8 1 FULL/DR 00:00:36 10.10.10.100 GigabitEthernet0/1.50 sndlt2911#sho ip rou Gateway of last resort is 89.1.1.2 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 89.1.1.2, GigabitEthernet0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks C 10.10.10.0/24 is directly connected, GigabitEthernet0/1.50 L 10.10.10.5/32 is directly connected, GigabitEthernet0/1.50 C 10.10.20.0/24 is directly connected, GigabitEthernet0/1.10 L 10.10.20.10/32 is directly connected, GigabitEthernet0/1.10 S 10.10.30.1/32 [0/0], Virtual-Access2 C 10.10.70.0/24 is directly connected, GigabitEthernet0/1.70 L 10.10.70.10/32 is directly connected, GigabitEthernet0/1.70 88.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 89.1.1.2/22 is directly connected, GigabitEthernet0/0 L 89.1.1.2/32 is directly connected, GigabitEthernet0/0 172.16.0.0/32 is subnetted, 1 subnets S 172.16.0.1 [254/0] via 89.1.1.2, GigabitEthernet0/0 sndlt2911#show run | i redistribute redistribute static metric 1000 subnets sndlt2911# sndASA# sho osp nei Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 128 FULL/DROTHER 0:00:33 10.10.10.101 outside 9.9.9.9 1 FULL/DROTHER 0:00:36 10.10.10.5 outside 8.8.8.8 1 FULL/DR 0:00:36 10.10.10.100 outside sndASA# root@srx> show ospf neighbor Address Interface State ID Pri Dead 10.10.10.2 fe-0/0/0.0 Full 5.5.5.5 1 39 10.10.10.100 fe-0/0/0.0 Full 8.8.8.8 1 35 10.10.10.5 fe-0/0/0.0 2Way 9.9.9.9 1 35 SndLt891#sho ip osp nei Neighbor ID Pri State Dead Time Address Interface 2.2.2.2 128 FULL/DROTHER 00:00:38 10.10.10.101 FastEthernet8 5.5.5.5 1 FULL/BDR 00:00:39 10.10.10.2 FastEthernet8 9.9.9.9 1 FULL/DROTHER 00:00:36 10.10.10.5 FastEthernet8
您的 Juniper 介面需要在 routing-options 節中定義,但由於這是一個 SRX,您需要允許主機入站流量以允許 OSPF 協議進行通信。
例子:
routing-options { static { route 0.0.0.0/0 next-hop 1.2.3.4; } } protocols { ospf { apply-groups ospf-bfd; traceoptions { file ospf-log; flag hello detail; flag error detail; flag database-description detail; flag all; flag event; } export export-statics; reference-bandwidth 100g; area 0.0.0.0 { interface lo0.0 { passive; } interface reth0.0 { priority 0; } interface st0.30; interface st0.31; } } bfd { traceoptions { file bfd.log size 1m files 10 world-readable; flag error; flag adjacency; } } } zones { security-zone trust { host-inbound-traffic { system-services { ssh; ping; } protocols { ospf; }