免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 4852 | 回复: 1

关于网络两端网段重叠的处理方法 [复制链接]

论坛徽章:
5
IT运维版块每日发帖之星
日期:2015-08-06 06:20:00IT运维版块每日发帖之星
日期:2015-08-10 06:20:00IT运维版块每日发帖之星
日期:2015-08-23 06:20:00IT运维版块每日发帖之星
日期:2015-08-24 06:20:00IT运维版块每日发帖之星
日期:2015-11-12 06:20:00
发表于 2008-06-14 17:50 |显示全部楼层
应一个朋友所写,觉得实际工程中也可能要用到,因此发上来。

关于网络两端网段重叠的处理方法
                      ---由启迪提供的拓扑试验结论

一、        拓扑及网段分布如下:
备注:其中的S2016和S2008在此处是作为PC的功能使用的,S2016的IP是74.40.88.200/24缺省网关指向路由器A 74.40.88.254/24 。S2008的IP是74.40.88.1/28 缺省网关指向路由器C 74.40.88.1/28。此2机器的配置不再列出。图中S3100作为普通交换机使用,未任何配置。

二、        不用NAT双向映射的试验结果
备注:此时路由器A所在的网段不能是用74.40.88.1-74.40.88.16范围内的IP地址,因为该范围属于74.40.88.0/28。
配置如下:其中红色部分为关键配置
路由器A:
#
sysname AR2810-A
#
cpu-usage cycle 1min
#
router id 1.1.1.1
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.254 255.255.255.0
#
interface Serial0/0
clock DTECLK1                           
link-protocol ppp
ip address dhcp-alloc
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Serial3/0
clock DTECLK1
link-protocol ppp
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 74.40.88.0 255.255.255.240 74.40.88.253 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme               
#
return
路由器B:
#
sysname AR2810-B
#
cpu-usage cycle 1min
#
router id 2.2.2.2
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.253 255.255.255.0
arp-proxy enable
#
interface Serial0/0                       
link-protocol ppp
ip address 192.168.1.1 255.255.255.252
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 74.40.88.0 255.255.255.240 192.168.1.2 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
路由器C:
#
sysname AR1810-C
#
cpu-usage cycle 1min
#
router id 3.3.3.3
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.1 255.255.255.240
#
interface Serial0/0
clock DTECLK1                           
link-protocol ppp
ip address 192.168.1.2 255.255.255.252
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 74.40.88.0 255.255.255.0 192.168.1.1 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return

以上配置经测试可以互通:
S2016(PC1):
[S2016]ping 74.40.88.2
  PING 74.40.88.2: 56  data bytes, press CTRL+C to break
    Reply from 74.40.88.2: bytes=56 Sequence=1 ttl=253 time = 91 ms
    Reply from 74.40.88.2: bytes=56 Sequence=2 ttl=253 time = 103 ms
    Reply from 74.40.88.2: bytes=56 Sequence=3 ttl=253 time = 86 ms
    Reply from 74.40.88.2: bytes=56 Sequence=4 ttl=253 time = 91 ms
    Reply from 74.40.88.2: bytes=56 Sequence=5 ttl=253 time = 93 ms

  --- 74.40.88.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 86/92/103 ms

[S2016]
S2008(PC2):
[S2008]ping 74.40.88.200
  PING 74.40.88.200: 56  data bytes, press CTRL+C to break
    Reply from 74.40.88.200: bytes=56 Sequence=1 ttl=253 time = 91 ms
    Reply from 74.40.88.200: bytes=56 Sequence=2 ttl=253 time = 94 ms
    Reply from 74.40.88.200: bytes=56 Sequence=3 ttl=253 time = 87 ms
    Reply from 74.40.88.200: bytes=56 Sequence=4 ttl=253 time = 90 ms
    Reply from 74.40.88.200: bytes=56 Sequence=5 ttl=253 time = 94 ms

  --- 74.40.88.200 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 87/91/94 ms

[S2008]
三、        采用NAT方式的配置:
备注:此时2端的地址使用无试验2的限制。但是需要额外的地址池。这样分配给74.40.88.0/24段的地址池是;172.16.0.0/24;分配给74.40.88.0/28网段的地址池是10.0.0.0/28;。
这样当PC1访问PC2的时候用10.0.0.2(最后一个IP字节相对应),同理PC2访问PC1的时候用172.16.0.200(最后一个IP字节相对应)。
配置如下:其中红色部分为关键配置
路由器A:
#
sysname AR2810-A
#
cpu-usage cycle 1min
#
router id 1.1.1.1
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.254 255.255.255.0
#
interface Serial0/0
clock DTECLK1                           
link-protocol ppp
ip address dhcp-alloc
#
interface Serial2/0
clock DTECLK1
link-protocol ppp
#
interface Serial3/0
clock DTECLK1
link-protocol ppp
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 10.0.0.0 255.255.255.240 74.40.88.253 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme               
#
return
路由器B:
#
sysname AR2810-B
#
cpu-usage cycle 1min
#
router id 2.2.2.2
#
nat static inside ip 74.40.88.1 74.40.88.254 global ip 172.16.0.0 255.255.255.0
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.253 255.255.255.0
#                                         
interface Serial0/0
link-protocol ppp
ip address 192.168.1.1 255.255.255.252
nat outbound static
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 10.0.0.0 255.255.255.240 192.168.1.2 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
路由器C:
#
sysname AR1810-C
#
cpu-usage cycle 1min
#
router id 3.3.3.3
#
nat static inside ip 74.40.88.1 74.40.88.15 global ip 10.0.0.0 255.255.255.240
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 74.40.88.1 255.255.255.240
#                                         
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address 192.168.1.2 255.255.255.252
nat outbound static
#
interface NULL0
#
info-center synchronous
#
FTP server enable
#
ip route-static 172.16.0.0 255.255.255.0 192.168.1.1 preference 60
#
user-interface con 0
idle-timeout 0 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
互通结果验证:
S2016(PC1):
<S2016>ping 10.0.0.2
  PING 10.0.0.2: 56  data bytes, press CTRL+C to break
    Reply from 10.0.0.2: bytes=56 Sequence=1 ttl=253 time = 91 ms
    Reply from 10.0.0.2: bytes=56 Sequence=2 ttl=253 time = 100 ms
    Reply from 10.0.0.2: bytes=56 Sequence=3 ttl=253 time = 88 ms
    Reply from 10.0.0.2: bytes=56 Sequence=4 ttl=253 time = 91 ms
    Reply from 10.0.0.2: bytes=56 Sequence=5 ttl=253 time = 93 ms

  --- 10.0.0.2 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 88/92/100 ms

<S2016>
S2008(PC2):
<S2008>ping 172.16.0.200
  PING 172.16.0.200: 56  data bytes, press CTRL+C to break
    Reply from 172.16.0.200: bytes=56 Sequence=1 ttl=252 time = 90 ms
    Reply from 172.16.0.200: bytes=56 Sequence=2 ttl=252 time = 93 ms
    Reply from 172.16.0.200: bytes=56 Sequence=3 ttl=252 time = 111 ms
    Reply from 172.16.0.200: bytes=56 Sequence=4 ttl=252 time = 112 ms
    Reply from 172.16.0.200: bytes=56 Sequence=5 ttl=252 time = 108 ms

  --- 172.16.0.200 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 90/102/112 ms

<S2008>
四、        采用主机路由条目指定
备注:此方法即在PC,及经过的所有路径上配置相应的主机路由,因配置较点较多工作量大,也容易出问题并且不利于排错,此处不做研究。
tu.jpg

论坛徽章:
0
发表于 2008-06-14 19:45 |显示全部楼层
更少的人为干预,较快的部署,可靠和可预测 我的首选是基于地址池的NAT

[ 本帖最后由 justcustom 于 2008-6-14 19:52 编辑 ]
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP