- 积分
- 73
- 鸿鹄币
- 个
- 好评度
- 点
- 精华
- 注册时间
- 2013-1-22
- 最后登录
- 1970-1-1
- 阅读权限
- 20
- 听众
- 收听
助理工程师
|
最近在做一下实验,遇到一个路由问题,望求各位高手指教。如题,是一个Hub-and-Spoke的环境,这个环境是建立在GRE over IPsec VPN的基础,c2691-1作为hub,c2691-2和c2691-3作为spoke,spoke分别与hub建立一条Tunnel , 当然Tunnel 是Point to Point的。 现在,我需要实现的是spoke与spoke之间在不建立p2p的vpn情况下能够直接通信,即使数据从hub转发而行。
我做了这样的测试,如果使用IGP的路由协议,例如ospf , eigrp 等,是spoke与spoke之间是能够正常通信的,spoke从hub学到的路由,下一跳是指向hub的tunnel隧道,也就是通过hub转发的。
而当我使用的BGP路由协议的时候,问题就来了。spoke从hub学到的路由,每条路由下一跳网关都不一样。
c2691-1 ---> Hub
c2691-2 ---> Spoke-1
c2691-3 ---> Spoke-2
拓扑图如下:
===============================================
Hub 的部分信息
===============================================
Hub#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 202.96.128.1 YES manual up up
FastEthernet0/1 192.168.0.254 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
NVI0 unassigned NO unset up up
Loopback1 10.1.1.1 YES manual up up
Tunnel1 172.17.1.1 YES manual up up
Tunnel2 172.17.1.5 YES manual up up
Hub#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 202.96.128.254 to network 0.0.0.0
172.17.0.0/30 is subnetted, 2 subnets
C 172.17.1.4 is directly connected, Tunnel2
C 172.17.1.0 is directly connected, Tunnel1
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.1 is directly connected, Loopback1
C 192.168.0.0/24 is directly connected, FastEthernet0/1
B 192.168.1.0/24 [200/0] via 172.17.1.2, 03:35:51
B 192.168.2.0/24 [200/0] via 172.17.1.6, 03:35:35
C 202.96.128.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 202.96.128.254
Hub#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/25/36 ms
Hub#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/28 ms
===============================================
Spoke-1 的部分信息
===============================================
Spoke-1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 202.96.128.254 to network 0.0.0.0
172.17.0.0/30 is subnetted, 1 subnets
C 172.17.1.0 is directly connected, Tunnel1
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.2 is directly connected, Loopback1
B 192.168.0.0/24 [200/0] via 172.17.1.1, 03:34:03
C 192.168.1.0/24 is directly connected, FastEthernet0/1
B 192.168.2.0/24 [200/0] via 172.17.1.6, 03:33:47
C 202.96.128.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 202.96.128.254
Spoke-1#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 202.96.128.2 YES manual up up
FastEthernet0/1 192.168.1.254 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
NVI0 unassigned NO unset up up
Loopback1 10.1.1.2 YES manual up up
Tunnel1 172.17.1.2 YES manual up up
Spoke-1#ping 192.168.0.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/52 ms
Spoke-1#
Spoke-1#ping 192.168.2.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
===============================================
Spoke-2 的部分信息
===============================================
Spoke-2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 202.96.128.254 to network 0.0.0.0
172.17.0.0/30 is subnetted, 1 subnets
C 172.17.1.4 is directly connected, Tunnel1
10.0.0.0/32 is subnetted, 1 subnets
C 10.1.1.3 is directly connected, Loopback1
B 192.168.0.0/24 [200/0] via 172.17.1.5, 03:40:09
B 192.168.1.0/24 [200/0] via 172.17.1.2, 03:40:09
C 192.168.2.0/24 is directly connected, FastEthernet0/1
C 202.96.128.0/24 is directly connected, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 202.96.128.254
Spoke-2#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 202.96.128.3 YES manual up up
FastEthernet0/1 192.168.2.254 YES manual up up
FastEthernet1/0 unassigned YES unset administratively down down
NVI0 unassigned NO unset up up
Loopback1 10.1.1.3 YES manual up up
Tunnel1 172.17.1.6 YES manual up up
Spoke-2#ping 192.168.0.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/24/36 ms
Spoke-2#
Spoke-2#
Spoke-2#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2017-3-16 15:15:13
置顶卡
喧嚣卡
变色卡
千斤顶