靜態(tài)路由指定下一跳為出站接口和ip地址在ethernet和點(diǎn)對點(diǎn)鏈路中的異同

1、- -靜態(tài)路由指定下一跳為出站接口和ip地址在ethernet和點(diǎn)對點(diǎn)鏈路中的異同原創(chuàng)仲萬江我們探討一下兩種不同的配置其通信的過程，我們先討論下一跳為自己出站接口的情況：當(dāng)R1嘗試去ping通2.2.2.2的時(shí)候,需要封裝ICMP數(shù)據(jù)包，但是不知道2.2.2.2的MAC地址的話就無法完成封裝，會(huì)出現(xiàn)encapsulation failed！此時(shí)需要通過arp(同一個(gè)子網(wǎng))或者代理arp跨網(wǎng)段獲取2.2.2.2的MAC地址，由于把2.2.2.0/24 看做一個(gè)直聯(lián)網(wǎng)段，所以會(huì)直接封裝一個(gè)目的地址為2.2.2.2/24，目的MAC為全F的arp數(shù)據(jù)幀，R2接收到此arp播送幀，由于目的ip是跨網(wǎng)段

2、而且路由器關(guān)閉了代理arp，那么此幀解封裝后被丟棄。R1沒能獲取2.2.2.2的mac地址，所以一直都是encapsulation failed！自然不會(huì)ping通。此時(shí)如果從R2ping1.1.1.1卻是能通的，與上面類似，第一個(gè)icmp包封裝失敗，然后R2發(fā)arp播送，由于R1未關(guān)閉代理arp,所以arp播送幀被解封裝后R1發(fā)現(xiàn)目的ip在自己路由表中的loopback0，于是重新封裝發(fā)送給1.1.1.1，但是由于此時(shí)不知道1.1.1.1的MAC地址，所以R1會(huì)向loopback 0發(fā)送一個(gè)目的MAC為全F目的ip為 1.1.1.1的arp播送，1.1.1.1收到后會(huì)發(fā)送給R1一個(gè)單播告訴它

3、自己的Mac地址，然后R1就可以根據(jù)得到的MAC地址和1.1.1.1，把前面arp播送幀解封裝后的數(shù)據(jù)進(jìn)展封裝發(fā)送給1.1.1.1,1.1.1.1.收到后再對R2作出回應(yīng)，這樣R2就知道了1.1.1.1的MAC地址和ip地址，就可以正常封裝ICMP數(shù)據(jù)包，從而可以ping 通。下面我們驗(yàn)證一下根本配置：R1(config)#interface Loopback0 ip address 1.1.1.1 255.255.255.0interface FastEthernet0/0 ip address 10.1.1.1 255.255.255.0R1(config)#ip route 2.2.2.

4、0 255.255.255.0 FastEthernet0/0R2(config)#interface Loopback0 ip address 2.2.2.2 255.255.255.0interface FastEthernet0/0 ip address 10.1.1.2 255.255.255.0R2(config)#ip route 1.1.1.0 255.255.255.0 10.1.1.1R2(config)#int f0/0R2(config-if)#no ip pro測試：R1#sh ip route Codes: C - connected, S - static, R -

5、 RIP, M - mobile, B - BGP Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsC 1.1.1.0 is directly connected, Loopback0 2.0.0.0/24 is subnetted, 1 subnetsS 2.2.2.0 is directly connected, FastEthernet0/0 10.0.0.0/24 is subnetted, 1 subnetsC 10.1.1.0 is directly connected, FastEtherne

6、t0/0可以看出R1把2.2.2.0看做的是直連的網(wǎng)段R1#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 - c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 25 c002.1148.0000 ARPA FastEthernet0/0可以看到R1未學(xué)習(xí)到2.2.2.2的MAC地址R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos

7、 to 2.2.2.2, timeout is 2 seconds:.Success rate is 0 percent (0/5)不通，正如我們的猜想下面切換到R2：R2#sh ip routeCodes: C - connected, S - static, R - RIP, M - mobile, B - BGP Gateway of last resort is not set 1.0.0.0/24 is subnetted, 1 subnetsS 1.1.1.0 1/0 via 10.1.1.1 2.0.0.0/24 is subnetted, 1 subnetsC 2.2.2.0

8、is directly connected, Loopback0 10.0.0.0/24 is subnetted, 1 subnetsC 10.1.1.0 is directly connected, FastEthernet0/0R2#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 1 c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 - c002.1148.0000 ARPA FastEthernet0/0R2#ping 1

9、.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/56/128 ms發(fā)現(xiàn)R1->2.2.2.2不通，但是R2->1.1.1.1卻是通的，進(jìn)一步驗(yàn)證我們的想法R2#下面我們在R2 的f0/0翻開代理arpR2(config)#int f0/0R2(config-if)#ip proR2(config-if)#i

10、p proxy-arp R2(config-if)#endR2#*Mar 1 00:59:58.691: %SYS-5-CONFIG_I: Configured from console by consoleR2#ping 1.1.1.1Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/67/124 msR2#sh arpProto

11、col Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 21 c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 - c002.1148.0000 ARPA FastEthernet0/0翻開代理arp之后R2根本沒什么可見的變化下面在R1上測試：R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:

12、.!Success rate is 80 percent (4/5), round-trip min/avg/max = 16/52/76 ms發(fā)現(xiàn)R1 ping 2.2.2.2.的時(shí)候第一幀封裝失敗，后面全通，和我們分析的是一致的R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/53/100 ms再查

13、看R1 的arp 表，發(fā)現(xiàn)有了變化，R1已經(jīng)學(xué)習(xí)到了2.2.2.2的MAC地址，證實(shí)了我們的猜想是正確的。R1#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 2.2.2.2 21 c002.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.1 - c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 53 c002.1148.0000 ARPA FastEthernet0/0其實(shí)以上過程全程都是可以抓包的，做

14、實(shí)驗(yàn)測試的時(shí)候我也都是親自試過的，wireshark上可以看到進(jìn)出的情況：關(guān)掉R2代理arp之后在R1 ping 2.2.2.2在R2 f0/0抓包：開啟R2代理arp之后在R1 ping 2.2.2.2在R2 f0/0抓包：接下來我們看一下下一跳為下一跳路由器的接口地址的情況：依然是上面的拓?fù)鋱D，我們把配置做稍微的改動(dòng)，R1(config)#no ip route 2.2.2.0 255.255.255.0 f0/0R1(config)#no ip route 2.2.2.0 255.255.255.0 10.1.1.2同時(shí)我們翻開R2的代理arp功能R2(config-if)#ip pro

15、在R1 ping 2.2.2.2 ：R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:.!Success rate is 80 percent (4/5), round-trip min/avg/max = 24/42/76 msR1#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 - c003.1148.0000 AR

16、PA FastEthernet0/0Internet 10.1.1.2 1 c002.1148.0000 ARPA FastEthernet0/0下面關(guān)掉R2的代理arp，然后在R1 ping 2.2.2.2：R1#sh arp Protocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 - c003.1148.0000 ARPA FastEthernet0/0R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos

17、 to 2.2.2.2, timeout is 2 seconds:.!Success rate is 80 percent (4/5), round-trip min/avg/max = 20/60/96 msR1#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 - c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 0 c002.1148.0000 ARPA FastEthernet0/0抓包發(fā)現(xiàn)：以上可以看出，R1->2

18、.2.2.2,目的ip是2.2.2.2，目的MAC卻是R2的f0/0接口的MACR1#sh arpProtocol Address Age (min) Hardware Addr Type InterfaceInternet 10.1.1.1 - c003.1148.0000 ARPA FastEthernet0/0Internet 10.1.1.2 7 c002.1148.0000 ARPA FastEthernet0/0比較兩個(gè)過程，發(fā)現(xiàn)當(dāng)下一跳為下一跳路由器接口ip地址的時(shí)候，關(guān)不關(guān)代理arp都一樣，因?yàn)楦揪蜎]用到，目的ip是2.2.2.2 目的MAC是R2 f0/0的Mac，R2的f

19、0/0作為了2.2.2.2的網(wǎng)關(guān)，全權(quán)代理了所有到2.2.2.2的數(shù)據(jù)。自始至終R1都沒有學(xué)習(xí)到2.2.2.2.MAC地址。Cisco路由器默認(rèn)是開啟代理arp的，但是為了平安，往往在出口路由器上，代理arp都是被關(guān)掉的，所以局域網(wǎng)內(nèi)配置靜態(tài)路由如果采用下一跳為自己出站接口，就可能導(dǎo)致不能通信，所以在以太網(wǎng)中，我們推薦以下一跳路由器接口ip地址作為下一跳，這樣可以防止了關(guān)閉掉代理arp之后不能通信的情況。備注：想要自己做實(shí)驗(yàn)測試的同學(xué)，注意更改一下arp的aging timer，或者重啟路由器。下面我們討論一下點(diǎn)對點(diǎn)，把路由器配置做一下改動(dòng)：R1(config) #default int f0

20、/0R1(config)#int s1/1R1(config-if)#ip add 10.1.1.1 255.255.255.0R2(config) #default int f0/0R2(config)#int s1/1R2(config-if)#ip add 10.1.1.2 255.255.255.0R1 ping R2：R1#ping 2.2.2.2Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:!Success rate is 100 perce

21、nt (5/5), round-trip min/avg/max = 28/44/76 msR1#關(guān)掉R2 arp代理，在R2 ping 1.1.1.1：R2(config)#int s1/1R2(config-if)#no ip proR2(config-if)#no ip proxy-arp R2(config-if)#endR2#*Mar 1 00:04:37.343: %SYS-5-CONFIG_I: Configured from console by consoleR2#ping 1.1.1.1Type escape sequence to abort.Sending 5, 100

22、-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:!Success rate is 100 percent (5/5), round-trip min/avg/max = 20/46/72 ms可以看到不涉及arp看數(shù)據(jù)包內(nèi)容，發(fā)現(xiàn)沒有源MAC和目的MAC，只有源IP和目的IP，下面將下一跳設(shè)置為自己的出接口：R1#conf tEnter configuration mands, one per line. End with TL/Z.R1(config)#ip route 2.2.2.0 255.255.255.0 s1/1R1(config)#no ip route 2.2.2.0 255.255.255.0 10.1.1.2R1(config)#R1(config)#R1(config)#endR2#conf tEn