《CISCO路由器高级培训(2).ppt》由会员分享,可在线阅读,更多相关《CISCO路由器高级培训(2).ppt(124页珍藏版)》请在三一办公上搜索。
1、1,Cisco路由器高级培训,2,目 录,Cisco路由器基本结构及原理路由协议基础路由协议配置案例分析,3,Cisco路由器基本结构及原理,路由器在七层中的位置路由器基本元素路由器启动顺序Cisco路由器产品线简介Virtual Configuration Register路由器性能-交换路径流量管理-队列机制拥塞控制-早期随机检测,4,路由器在七层中的位置,5,路由器在七层中的位置,集线器在物理层,没有寻址能力,发送广播到所有端口,交换机在链路层,用MAC地址来寻址,路由器在网络层,用逻辑地址来寻址,如IP、IPX;路由表,6,路由器基本结构元素,ROM-存放bootstrap启动程序、操
2、作系统软件映像和POSTFLASH-存放操作系统映像,低端路由器Flash在母板上,高端路由器的Flash在 GRP上的PCMCIA 卡上RAM-装入运行的操作系统、路由表、提供包缓存NVRAM-存放启动配置文件INTERFACE-LAN和WAN,7,路由器启动顺序,ROM,Flash,TFTP,ROM,NVRAM,TFTP sever,Console,Bootstrap,Cisco IOS,Configuration file,Load Bootstrap,Locate and load operating system,Locate and load configuration file
3、or enter“setup”mode,8,1、装入Bootstrap启动程序,寻找合法的Cisco IOS 映像。2、装入操作系统Cisco IOS,操作系统可以来自Flash、TFTP和ROM,和寄存器(Configuration Register)的值有关。3、操作系统装在底端内存,识别路由器的软件和硬件资源4、存放在NVRAM中的配置文件装入主内存,按行执行,启动路由进程、提供接口地址、设置媒体特征等。5、如果NVRAM中没有配置内容,路由器会启动“setup”会话框,路由器启动顺序,9,System Bootstrap,Version 4.14(8),SOFTWARE Copyrig
4、ht(c)1986-1995 by cisco Systems 2500 processor with 16384 Kbytes of main memory Loading igs-c-l.110-0.7 at 0 x3000040,size=3865444 bytes OK F3:3779532+85880+173868 at 0 x3000060 Restricted Rights Legend.Cisco Internetwork Operating System Software IOS(tm)3000 Software(IGS-C-L),Version 11.0(0.8),SOFT
5、WARE Copyright(c)1986-1995 by cisco Systems,Inc.Compiled Mon 19-Jun-95 23:22 by Image text-base:0 x030200E4,data-base:0 x00001000 cisco 2500(68030)processor(revision C)with 16380K/2048K bytes of memory.Processor board ID 2685538369.Authorized for Enterprise software set.(0 x0)1 Ethernet/IEEE 802.3 i
6、nterface.2 Serial network interfaces.8 terminal lines.32K bytes of non-volatile configuration memory.4096K bytes of processor board System flash(Read ONLY),路由器启动顺序,10,用户访问模式,EXEC-Cisco IOS命令解释器,类似与DOS中的,11,用户访问模式,路由器检测,12,路由器配置方式,手工配置 1、router#config terminal(console、telnet)2、router#config memory=co
7、py starup-config running-config 3、router#config net tftp server自动配置 1、“setup”会话框 2、“Autoinstall”,13,路由器配置方式,14,Cisco路由器产品线简介,一、Access Server and Access Router 2500系列、2600系列 3600系列 4000系列 5300,5800二、Core/High-end router 7500系列,Cisco 7505,Cisco 7507,Cisco 7513 12000系列,Cisco 12008,Cisco 12012,Cisco 120
8、16 VIP,GRP,Line Card,2600,3600,7500,12000,15,Cisco路由器具有16-bit的virtual Configuration Register,存放在NVRAM中。Router#show ver.Configuration register is 0 x2102.1、强迫系统进入ROM monitor或boot ROM状态2、选择系统文件启动源,flash、tftp server3、设置Console波特率4、密码恢复5、启动或禁止break功能,Virtual Configuration Register,16,Virtual Configurati
9、on Register,最低4位指定系统文件IOS启动的源,0 x2102,从flash启动IOS,禁止break功能,从tftp server启动5次失败,启动boot ROM monitor,Rommon,Router(boot)#,Router#,17,路由器交换路径,一、低端路由器的交换 1、进程交换(Process-Switching)第一个Packet复制到系统缓冲,查找routing table并启动快速交换,帧被重写并发送该目的地的出口,随后到同一目的的包通过同一交换路径,路由处理器完成CRC。2、快速交换(Fast-switching)第一个Packet复制到memory内,
10、目的地在快速缓存中查找,帧被重写并发送该目的地的出口,随后到同一目的的包通过同一交换路径,接口处理器完成CRC。Router#ip route-cache(默认打开),18,路由器交换路径,二、高端路由器交换 1、优化交换(Optimum-switching)第一个Packet进入接口,目的地在优化缓存中查找,帧被重写并发送该目的地的出口,随后到同一目的的包通过同一交换路径,接口处理器完成CRC。在Cisco 7500上默认打开 2、分布交换(Distributed-switching)多功能接口处理器VIP(Versatile Interface Processor),拥有路由器路由缓存的拷
11、贝。3、Netflow交换(Netflow-switching)收集记帐和管理信息 4、CEF交换(Cisco Express Forwarding switching)不依靠缓存,FIB拥有路由表的拷贝,CEF adjacency table存储相邻路由器的第二层MAC地址。在Cisco 12000上默认打开,19,队列机制(Queuing Methods),流量通过路由器之前划分不同的优先级Cisco IOS 提供加权公平排队(weighted fair queuing),优先排队(priority queuing),和自定义排队(custom queuing),Queuing Overv
12、iew,IPX,IP,SNA,SNA,IP,IPX,20,FIFO Queuing,队列机制(Queuing Methods),21,消息存放在不同的会话中,包按照不同的顺序到达路由器,6,4,1,5,2,3,Fair Queuing Operation,队列机制(Queuing Methods),22,Fair Queuing Operation,会话被分配一个通道按照最后一位经过通道的顺序将队列排队,Packets fair queued,312456,Fair queue,6,4,1,5,2,3,队列机制(Queuing Methods),23,Messages are transmit
13、ted in a fair order High-volume conversations share the link,Fair Queuing Operation,Fair queuing order,3,5,1,2,4,6,队列机制(Queuing Methods),24,Weighted Fair Queue Example,S1,Frame Relay Network,Appears in outputonly if congestivediscard threshold is modified.,interface Serial 1encapsulation frame-relay
14、fair-queue 128bandwidth 56,队列机制(Queuing Methods),25,Priority Queuing Overview,Selects one of these,LOW,MEDIUM,NORMAL,HIGH,Priority List for S0,S0,Packet arrives,队列机制(Queuing Methods),26,Queue selection,IncomingPacket,SelectQueue,Place inQueue,Yes,No,QueueFull?,Priority Queuing Operation,队列机制(Queuing
15、 Methods),27,Queue selection,Queue service,To WAN,IncomingPacket,SelectQueue,Place inQueue,Yes,No,QueueFull?,Yes,No,Yes,Yes,Yes,Yes,No,No,No,No,DispatchPacket,HIGH Packet?,MEDIUMPacket?,NORMALPacket?,LOWPacket?,Timeout?,More?,Priority Queuing Operation,队列机制(Queuing Methods),28,Priority Queuing 配置步骤,
16、1.创建基于协议或接口 的priority list 2.分配一个默认队列3.定制队列的长度(optional)4.分配priority list 到接口,priority queuing配置步骤:,LOW,MEDIUM,NORMAL,HIGH,TCP,IPX/AppleTalk,IP,Default,Priority List for S0,队列机制(Queuing Methods),29,利用协议类型设置队列的优先级利用接收端口类型设置优先级,Router(config)#,priority-list list-number protocol protocol-name high|medi
17、um|normal|low queue-keyword keyword-value,priority-list list-number interface interface-type interface-number high|medium|normal|low,Priority List 配置命令,队列机制(Queuing Methods),30,分配一个默认队列指定队列大小把 priority list 接口相关联,Priority List 配置命令,队列机制(Queuing Methods),31,Priority Queuing Example 1,LOW,MEDIUM,NORMA
18、L,HIGH,priority-list 1 protocol ip high tcp 23priority-list 1 protocol appletalk mediumpriority-list 1 protocol ipx mediumpriority-list 1 protocol ip normalpriority-list 1 default low!interface serial 0priority-group 1,S0,队列机制(Queuing Methods),32,Priority Queuing Example 2,LOW,MEDIUM,NORMAL,HIGH,S0,
19、E0,priority-list 2 protocol ip high tcp 23priority-list 2 ip high list 1priority-list 2 interface ethernet 0 mediumpriority-list 2 protocol ip normalpriority-list 2 default lowpriority-list 2 queue-limit 15 20 20 30!access-list 1 permit 131.108.0.0 0.0.255.255!interface serial 0priority-group 2,队列机制
20、(Queuing Methods),33,Custom Queuing,队列被循环处理,16,S0,1,2,3,14,15,0(System),Deliver x number of bytes per cycle,20 entries,Custom QueueList for S0,High priority(keepalives),Default,队列机制(Queuing Methods),34,Custom Queuing Operation,Custom QueueList for S0,S0,流量过滤,16,1,2,3,14,15,队列机制(Queuing Methods),35,C
21、ustom Queuing Operation,Queued Message Forwarding,Custom QueueList for S0,S0,Traffic Filtering,Yes,No,DispatchPacket,CurrentQueue,To WAN,NextQueue,OverServiceThreshold?,More?,16,1,2,3,14,15,队列机制(Queuing Methods),36,1,.,5,16,15,.,4,3,2,9,1.为协议或接口 custom queuing 过滤2.分配一个默认的队列3.修改队列容量(optional)4.设置每个队列
22、转移率 5.分配 custom queue-list到一个接口,custom queuing配置步骤:,Default Queue,S0,14,Custom Queuing 配置步骤,队列机制(Queuing Methods),37,利用协议类型设置队列的优先级利用接收端口类型设置优先级,Router(config)#,queue-list list-number protocol protocol-name queue-number queue-keyword keyword-value,Router(config)#,queue-list list-number interface int
23、erface-type interface-number queue-number,Custom Queue Configuration Commands,队列机制(Queuing Methods),38,为不匹配priory list中其它规则的包分配一个优先队列.改变队列的容量,queue-list list-number default queue-number,Custom Queue 配置命令,队列机制(Queuing Methods),39,Custom Queue 配置命令,分配队列每次传输时的字节数的阈值向接口分配一个queue list,Router(config)#,队列机
24、制(Queuing Methods),40,Custom Queuing Example 1,1,2,3,4,5,queue-list 1 interface E0 1queue-list 1 protocol ip 2queue-list 1 protocol ipx 3queue-list 1 protocol appletalk 4queue-list 1 default 5!interface serial 0custom-queue-list 1,SO,Default Queue,EO,E1,SNA Network,Multiprotocol Network,队列机制(Queuing
25、 Methods),41,Custom Queuing Example 2,SO,3 datagramsper cycle,1 datagram percycle,1,2,3,4,5,queue-list 1 protocol ip 1 tcp 20queue-list 1 protocol ip 2queue-list 1 protocol ipx 3queue-list 1 protocol appletalk 4queue-list 1 default 5queue-list 1 queue 1 byte-count 4500!interface serial 0custom-queue
26、-list 1,Default Queue,队列机制(Queuing Methods),42,Verifying Queuing Operation,Displays queuing status on all interfaces,队列机制(Queuing Methods),43,Verifying Queuing Operation,Router#show queueing custom Current custom queue configuration:List Queue Args3 5 default3 1 interface Serial 33 3 protocol ip3 3
27、byte-count 1518,查看 custom queue list 3,队列机制(Queuing Methods),44,队列比较,队列机制(Queuing Methods),45,Choosing a Cisco IOS Queuing Option,WAN congested?,No,No need for queuing,Step 1,队列机制(Queuing Methods),46,Choosing a Cisco IOS Queuing Option,WAN congested?,No,No need for queuing,Use weighted fair queuing,
28、No,Yes,Strict control needed?,Step 1,Step 2,队列机制(Queuing Methods),47,Choosing a Cisco IOS Queuing Option,WAN congested?,No,No need for queuing,Use weighted fair queuing,No,Yes,Strict control needed?,Determine traffic priorities,Yes,Queuing policy?,No,Step 1,Step 2,Step 3,队列机制(Queuing Methods),48,Cho
29、osing a Cisco IOS Queuing Option,WAN congested?,No,No need for queuing,Use weighted fair queuing,No,Yes,Strict control needed?,Determine traffic priorities,Yes,Queuing policy?,No,Use priority queuing,Yes,Delay OK?,Step 1,Step 2,Step 3,Step 4,No,队列机制(Queuing Methods),49,Choosing a Cisco IOS Queuing O
30、ption,WAN congested?,No,No need for queuing,Use weighted fair queuing,No,Yes,Strict control needed?,Determine traffic priorities,Yes,Queuing policy?,No,Use priority queuing,Yes,Delay OK?,Step 1,Step 2,Step 3,Step 4,No,Yes,Custom Queuing,队列机制(Queuing Methods),50,总结,Cisco routers 提供队列技术队列技术适合应用在大型网络中在
31、拥塞的串行链路上有用需要路由器上的缓存队列选择Weighted fair queuingPriority queuingCustom queuing,队列机制(Queuing Methods),51,随机早期检测,Tail DropREDWREDDWRED,52,随机早期检测,RED Packet Drop Probability,53,随机早期检测,Weighted Random Early Detection,54,The following example enables WRED or DWRED with default parameter values:router(config)
32、#interface Serial5/0router(config-if)#description to qos1-75arouter(config-if)#ip address 200.200.14.250 255.255.255.252router(config-if)#random-detect,随机早期检测,基本配置,55,router#show interfaces serial 5/0Serial5/0 is up,line protocol is up.Input queue:0/75/0(size/max/drops);Total output drops:1036 Queue
33、ing strategy:random early detection(RED)mean queue depth:28 drops:class random tail min-th max-th mark-prob 0 330 0 20 40 1/10 1 267 0 22 40 1/10 2 217 0 24 40 1/10 3 156 0 26 40 1/10 4 61 0 28 40 1/10 5 6 0 31 40 1/10 6 0 0 33 40 1/10 7 0 0 35 40 1/10 rsvp 0 0 37 40 1/10 30 second input rate 0 bits
34、/sec,2 packets/sec 30 second output rate 119000 bits/sec,126 packets/sec 594 packets input,37115 bytes,0 no buffer Received 5 broadcasts,0 runts,0 giants,0 throttles 0 input errors,0 CRC,0 frame,0 overrun,0 ignored,0 abort 37525 packets output,4428684 bytes,0 underruns.,随机早期检测,56,router#show queue s
35、erial 5/0Output queue for Serial5/0 is 5/0 Packet 1,linktype:ip,length:118,flags:0 x288 source:190.1.3.4,destination:190.1.2.2,id:0 x0001,ttl:254,TOS:128 prot:17,source port 11111,destination port 22222 data:0 x2B67 0 x56CE 0 x005E 0 xE89A 0 xCBA9 0 x8765 0 x4321 0 x0FED 0 xCBA9 0 x8765 0 x4321 0 x0
36、FED 0 xCBA9 0 x8765 Packet 2,linktype:ip,length:118,flags:0 x288 source:190.1.3.5,destination:190.1.2.2,id:0 x0001,ttl:254,TOS:160 prot:17,source port 11111,destination port 22222 data:0 x2B67 0 x56CE 0 x005E 0 xE89A 0 xCBA9 0 x8765 0 x4321 0 x0FED 0 xCBA9 0 x8765 0 x4321 0 x0FED 0 xCBA9 0 x8765 Pac
37、ket 3,linktype:ip,length:118,flags:0 x280 source:190.1.3.6,destination:190.1.2.2,id:0 x0001,ttl:254,TOS:192 prot:17,source port 11111,destination port 22222 data:0 x2B67 0 x56CE 0 x005E 0 xE89A 0 xCBA9 0 x8765 0 x4321 0 x0FED 0 xCBA9 0 x8765 0 x4321 0 x0FED 0 xCBA9 0 x8765 Packet 4,linktype:ip,lengt
38、h:118,flags:0 x280 source:190.1.3.7,destination:190.1.2.2,id:0 x0001,ttl:254,.,随机早期检测,57,router#show queueingCurrent RED queue configuration:Interface:Serial5/0 Exp-weight-constant:9 Class Min-th Max-th Mark-prob 0 20 40 1/10 1 22 40 1/10 2 24 40 1/10 3 26 40 1/10 4 28 40 1/10 5 31 40 1/10 6 33 40 1
39、/10 7 35 40 1/10 rsvp 37 40 1/10,随机早期检测,58,路由协议基础,IP地址和子网掩码路由协议(DV和LS)静态路由无类路由和有类路由路由汇聚访问列表,59,IP地址和子网掩码,MAC地址:48位,前4位代表制造商,唯一规定IP地址:32位,分ABCDE五类,有缺省的掩码掩码的作用:32位,区分IP地址中网络地址和主机地址网络地址的计算:IP地址和掩码进行“与”运算网络数和主机数的计算公式:2N-2(2?)下一代地址-IPV6,60,路由协议,距离向量(Distance Vector)?链路状态(Link State)?内部网关和边界网关协议的区别Distanc
40、e Vector和Link State的比较比较混合路由协议路由尺度(metric)Routing table何谓最佳路径管辖距离(administrative distance)路由收敛,61,静态路由,应用的最佳场合利/弊?,62,缺省路由,应用的场合利?路径重新分配(route redistribution)的概念,63,有类别路由 无类别路由IP RIPv1 EIGRPIGRP OSPFIPX RIP(Novell)IS-ISRTMP(Apple)NLSP(Novell)IP RIPv2,有类别和无类别路由,有类别路由:跨越主网时不携带submask信息,有两个重要原则:地址连续和系统
41、网络掩码。RIP V1,IGRP属于有类别路由无类别路由:在跨越主网时携带了submask信息,Ethernet Line,Ethernet Line,10.0.4.0,10.0.1.0,10.0.3.0,A,B,127.0.3.0?,64,接上页,VLSM(可变长子网掩码)概念及应用利:地址空间的充分应用比较:孰好孰坏?实践:路由表的错误可能是所选择的路由协议的本质决定的。,Ethernet Line,Ethernet Line,10.0.4.0,10.0.3.0,A,B,127.0.3.0?,65,路由汇聚,概念:允许路由器使用路由表中的单个条目指向不同网络路径的技术(类似邮政系统分发信件
42、)。利:减少路由表的大小,减少路由转发的处理过程要求:地址连续,172.16.1.4/30,10.1.0.010.1.7.0,A2,C1,C2,B,A,A1,C,10.1.16.010.1.23.0,10.1.8.010.1.15.0,10.1.24.010.1.31.0,172.16.1.8/30,66,访问列表,1.Cisco路由器具备的最简单的防火墙的功能2.控制数据流的方向.3.特殊的掩码类型4.具体在端口实现,IN or OUT?,67,NAT(地址翻译),作用:扩大地址使用范围,合法和非法转换几个原因。NAT能提供的功能。NAT不能提供的功能。几个重要概念:内部局部地址,内部全局地
43、址,外部全局地址,外部局部地址静态地址转换,动态地址转换,复用地址转换,68,路由协议配置,RIPIGRPEIGRPOSPF协议,69,RIP,RIP是一种距离向量协议,最大步跳为16;update 30s,invalid 180,hold time 240RIP1不支持VLSM、CIDR、Address Summary;RIP2支持路由循环的控制,Split-Horizon、Reverse Poinson算法简单,没有层次性,不适合大型网络,70,19.2 kbps,T1,T1,T1,用跳数量度来选路,RIP,71,启动RIP进程,router rip,Router(config)#,net
44、work network-number,Router(config-router)#,发布直连的网络,RIP Configuration,RIP,72,3.3.0.0,2.6.0.0,2.5.0.0,Cisco A,Cisco B,Cisco C,Cisco D,S0,T0,S1,S2,Cisco E,2.4.0.0,1.4.0.0,2.1.0.0,TokenRing,TokenRing,1.2.0.0,1.1.0.0,2.3.0.0,2.2.0.0,2.7.0.0,Cisco A,RIP Configuration Example,RIP,73,查看RIP状态,Routershow ip p
45、rotocolRouting Protocol is rip Sending updates every 30 seconds,next due in 13 seconds Invalid after 180 seconds,hold down 180,flushed after 240 Outgoing update filter list for all interfaces is not set Incoming update filter list for all interfaces is not set Redistributing:rip Routing for Networks
46、:183.8.0.0 144.253.0.0 Routing Information Sources:Gateway Distance Last Update 183.8.128.12 120 0:00:14 183.8.64.130 120 0:00:19 183.8.128.130 120 0:00:03 Distance:(default is 120),RIP,74,查看RIP路由表,Routershow ip routeCodes:C-connected,S-static,I-IGRP,R-RIP,M-mobile,B-BGP D-EIGRP,EX-EIGRP external,O-
47、OSPF,IA-OSPF inter area E1-OSPF external type 1,E2-OSPF external type 2,E-EGP i-IS-IS,L1-IS-IS level-1,L2-IS-IS level-2,*-candidate defaultGateway of last resort is not set 144.253.0.0 is subnetted(mask is 255.255.255.0),1 subnetsC 144.253.100.0 is directly connected,Ethernet1R 153.50.0.0 120/1 via
48、183.8.128.12,00:00:09,Ethernet0 183.8.0.0 is subnetted(mask is 255.255.255.128),4 subnetsR 183.8.0.128 120/1 via 183.8.128.130,00:00:17,Serial0 120/1 via 183.8.64.130,00:00:17,Serial1C 183.8.128.0 is directly connected,Ethernet0C 183.8.64.128 is directly connected,Serial1C 183.8.128.128 is directly
49、connected,Serial0,RIP,75,支持大型网络对网络变化反应迅速灵活的metric多链路支持,Introduction to IGRP,IGRP,IGRP,76,IGRP Operation,90 second broadcast,IGRP,77,IGRP Operation,Flash updates,Network 10.3.0.0 Fails,Flash Update,IGRP,78,Network 10.3.0.0 Fails,Flash updatesPoison reverse updates,IGRP,79,IGRP Operation,Holddown Time
50、r,Network 10.3.0.0 Fails,Flash updatesPoison reverse updates Holdown timers,IGRP,80,Split Horizon,Flash updatesPoison reverse updates Holdown timersSplit horizon,Holddown Timer,Network 10.3.0.0 Fails,IGRP,81,BandwidthDelayReliabilityLoadingMTU,IGRP Composite Metric,19.2 kbps,19.2 kbps,Source,Destina