目录
第一章 OSPF协议特性与配置
实验 1-6 OSPF 故障排除
学习目的
·掌握对单区域OSPF中区域号码不匹配进行故障排除的方法
·掌握对单区域OSPF中掩码不匹配进行故障排除的方法
·掌握对单区域OSPF中Hello时间不匹配进行故障排除的方法
·掌握对单区域OSPF中Router-id冲突进行故障排除的方法
·掌握OSPF认证相关的故障排除方法
·掌握OSPF汇总相关的故障排除方法
·掌握虚电路相关的故障排除方法
拓扑图
图1-6 OSPF 故障排除
场景
你是公司的网络管理员。公司的网络采用了OSPF协议作为路由协议。OSPF协议功能强大,但是相应的配置也较为复杂。并且在网络规划中,你使用了OSPF的各种特性,同时也使用了虚链路。在实施过程中,你碰到很多的网络通讯问题。不过庆幸的是,通过使用故障排除的思想和方法,你成功的找到了各种错误,并实现了网络的恢复。
学习任务
步骤一.基础配置与IP编址
给所有路由器配置IP地址和掩码。配置时注意所有的Loopback接口配置掩码均为24位,模拟成一个单独的网段。
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 10.1.1.1 24
[R1-LoopBack0]quit
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
[R2-Serial1/0/0]quit
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]ip address 10.0.23.2 24
[R2-Serial2/0/0]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 24
[R2-LoopBack0]quit
为模拟相应的错误,R3的G0/0/0接口配置IP地址为10.0.75.3/25,其余接口地址按照拓扑图中的标识进行配置。
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 24
[R3-Serial2/0/0]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.75.3 25
[R3-GigabitEthernet0/0/0]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.0.3.3 24
[R3-LoopBack0]quit
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.75.4 24
[R4-GigabitEthernet0/0/0]quit
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.1.4.4 24
[R4-LoopBack0]quit
<R5>system-view
Enter system view, return user view with Ctrl+Z.
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.75.5 24
[R5-GigabitEthernet0/0/0]quit
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 10.0.5.5 24
[R5-LoopBack0]quit
配置完成后,测试直连链路的连通性。
[R3]ping -c 1 10.0.75.4
PING 10.0.75.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.75.4: bytes=56 Sequence=1 ttl=255 time=5 ms
--- 10.0.75.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/5/5 ms
[R3]ping -c 1 10.0.75.5
PING 10.0.75.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.75.5: bytes=56 Sequence=1 ttl=255 time=5 ms
--- 10.0.75.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/5/5 ms
[R3]ping -c 1 10.0.23.2
PING 10.0.23.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.2: bytes=56 Sequence=1 ttl=255 time=41 ms
--- 10.0.23.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 41/41/41 ms
[R1]ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=37 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 37/37/37 ms
步骤二.配置多区域OSPF
配置R1的接口Serial 1/0/0和Loopback 0属于区域2,使用接口Loopback 0的地址作为Router ID。注意对所有OSPF区域的Loopback接口,修改其OSPF网络类型为Broadcast类型,以便于OSPF发布Loopback口的真实掩码信息。
[R1]ospf 1 router-id 10.1.1.1
[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2]network 10.0.12.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2]network 10.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2]quit
[R1-ospf-1]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ospf network-type broadcast
[R1-LoopBack0]quit
在R2上配置接口Serial 2/0/0及Loopback 0属于区域1,接口Serial 1/0/0属于区域2,在启用OSPF时没有静态指定Router ID。
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.2]quit
[R2-ospf-1]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ospf network-type broadcast
[R2-LoopBack0]quit
在R3上配置接口Serial 2/0/0及Loopback 0属于区域1,接口GigabitEthernet 0/0/0属于区域0。
[R3]ospf 1 router-id 10.0.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]quit
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.75.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]quit
[R3-ospf-1]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ospf network-type broadcast
[R3-LoopBack0]quit
在R4上配置接口GigabitEthernet 0/0/0属于区域1,接口Loopback 0不属于任何区域。在配置OSPF进程时使用ospf 1 router-id指定R4的Router ID为10.0.5.5。
[R4]ospf 1 router-id 10.0.5.5
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]quit
[R4-ospf-1]quit
在R5上配置接口GigabitEthernet 0/0/0和Loopback 0属于区域0。
[R5]ospf 1 router-id 10.0.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.75.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 10.0.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit
[R5]interface LoopBack 0
[R5-LoopBack0]ospf network-type broadcast
[R5-LoopBack0]quit
步骤三.在区域内排除OSPF故障
查看R4邻居列表,发现R4没有与其他路由器建立邻居关系。
[R4]display ospf peer
OSPF Process 1 with Router ID 10.0.5.5
在R3、R4、R5上分别运行display ospf error查看OSPF发生的错误。
[R3]display ospf error
OSPF Process 1 with Router ID 10.0.3.3
OSPF error statistics
General packet errors:
0 : IP: received my own packet 11 : Bad packet
0 : Bad version 0 : Bad checksum
41 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
2 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
227 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
[R4]display ospf error
OSPF Process 1 with Router ID 10.0.5.5
OSPF error statistics
General packet errors:
0 : IP: received my own packet 0 : Bad packet
0 : Bad version 0 : Bad checksum
245 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
2 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
235 : Router id confusion 0 : Bad authentication sequence number
[R5]display ospf error
OSPF Process 1 with Router ID 10.0.5.5
OSPF error statistics
General packet errors:
0 : IP: received my own packet 260 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
286 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
260 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
从上面的输出中,我们可以看到,在R3、R4、R5这三台路由器之间一共发生了五种错误:Router ID冲突(Router id confusion)、子网掩码不匹配(Netmask mismatch)、错误的区域号(Bad area id)、错误的数据包(Bad packet)、错误的虚电路(Bad virtual link)。
在这里我们并没有配置虚电路,在这种情况下错误的虚电路其实就是区域号错误。对于R4来说,它在一个区域号为1的接口上收到了一个区域号为0的OSPF数据包,它会认为这是一个通过虚电路发送过来的数据包。路由器本身没有配置虚电路,就发生了这种错误。
子网掩码错误也是错误的数据包的一部分,我们可以先修正子网掩码的问题再观察是否还有错误的数据包。
首先排除Router ID冲突的问题。我们可以依次查看每台路由器的Router ID来手工找出发生冲突的路由器,也可以通过系统日志来查找。通过display logbuffer翻阅路由器当前的系统日志。
[R5]display logbuffer
Logging buffer configuration and contents: enabled
Allowed max buffer size: 1024
Actual buffer size: 512
Channel number: 4, Channel name: logbuffer
Dropped messages: 0
Overwritten messages: 0
Current messages: 66
Oct 26 2016 12:34:51+00:00 R5 %%01OSPF/4/CONFLICT_ROUTERID_INTF(l)[12]:OSPF Router id conflict is detected on interface. (ProcessId=1, RouterId=10.0.5.5, AreaId=0.0.0.0, InterfaceName=GigabitEthernet0/0/0, IpAddr=10.0.75.5, PacketSrcIp=10.0.75.4)
从上面可以看到,与R5发生冲突的路由器接口的IP地址是10.0.75.4。查看拓扑,发现10.0.75.4是R4的接口地址。然后查看R4的Router ID,可以看到该路由器的Router ID和R5是一样的。同时还发现R4的区域号配置也有误。
[R4]display ospf brief
OSPF Process 1 with Router ID 10.0.5.5
OSPF Protocol Information
RouterID: 10.0.5.5 Border Router:
Multi-VPN-Instance is not enabled
Global DS-TE Mode: Non-Standard IETF Mode
Graceful-restart capability: disabled
Helper support capability : not configured
Applications Supported: MPLS Traffic-Engineering
Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 2
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 1 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Process total up interface count: 1
Process valid up interface count: 1
Area: 0.0.0.1 (MPLS TE not enabled)
Authtype: None Area flag: Normal
SPF scheduled Count: 2
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 1
Interface: 10.0.75.4 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.0.75.4
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
修改R4的Router ID和区域号。
[R4]ospf 1 router-id 10.1.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]undo network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]quit
[R4-ospf-1]undo area 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit
<R4>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
修改完成以后通过命令reset ospf counter清空OSPF计数器。
注意reset命令需在用户视图下运行。
<R4>reset ospf counters
重置后,稍等片刻,再运行display ospf error检查该问题是否消失。
<R4>display ospf error
OSPF Process 1 with Router ID 10.1.4.4
OSPF error statistics
General packet errors:
0 : IP: received my own packet 13 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
13 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
可以看到在修改完配置以后,Route ID冲突和区域号错误的问题消失了,还剩下子网掩码不匹配的问题。为了找出是哪台路由器配置了错误的子网掩码,我们在R4上查看Debug信息。
<R4>terminal debugging
Info: Current terminal debugging is on.
<R4>debugging ospf packet hello
Oct 26 2016 14:30:08.350.1+00:00 R4 RM/6/RMDEBUG:
FileID: 0xd0178024 Line: 2271 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/0
<R4>
Oct 26 2016 14:30:08.360.1+00:00 R4 RM/6/RMDEBUG: Source Address: 10.0.75.3
Oct 26 2016 14:30:08.360.2+00:00 R4 RM/6/RMDEBUG: Destination Address: 224.0.0.5
Oct 26 2016 14:30:08.360.3+00:00 R4 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
Oct 26 2016 14:30:08.360.4+00:00 R4 RM/6/RMDEBUG: Length: 44, Router: 10.0.3.3
Oct 26 2016 14:30:08.360.5+00:00 R4 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: 9a18
Oct 26 2016 14:30:08.360.6+00:00 R4 RM/6/RMDEBUG: AuType: 00
Oct 26 2016 14:30:08.360.7+00:00 R4 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
Oct 26 2016 14:30:08.360.8+00:00 R4 RM/6/RMDEBUG: Net Mask: 255.255.255.128
Oct 26 2016 14:30:08.360.9+00:00 R4 RM/6/RMDEBUG: Hello Int: 10, Option: _E_
Oct 26 2016 14:30:08.360.10+00:00 R4 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 40
Oct 26 2016 14:30:08.360.11+00:00 R4 RM/6/RMDEBUG: DR: 10.0.75.3
Oct 26 2016 14:30:08.360.12+00:00 R4 RM/6/RMDEBUG: BDR: 0.0.0.0
Oct 26 2016 14:30:08.360.13+00:00 R4 RM/6/RMDEBUG: # Attached Neighbors: 0
从上面的信息我们可以看出,从10.0.75.3发来的Hello包中子网掩码是255.255.255.128。查看拓扑,发现R3的对应接口配置错误。
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]display this
[V200R007C00SPC600]
#
interface GigabitEthernet0/0/0
ip address 10.0.75.3 255.255.255.128
#
return
[R3-GigabitEthernet0/0/0]ip address 10.0.75.3 24
[R3-GigabitEthernet0/0/0]quit
再次清空OSPF计数器,查看是否还存在错误。
<R3>reset ospf counters
<R3>display ospf error
OSPF Process 1 with Router ID 10.0.3.3
OSPF error statistics
General packet errors:
0 : IP: received my own packet 0 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
0 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
在R3上检查邻居列表,发现各邻居的状态已正常。
[R3]display ospf peer brief
OSPF Process 1 with Router ID 10.0.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.1.4.4 Full
0.0.0.0 GigabitEthernet0/0/0 10.0.5.5 Full
0.0.0.1 Serial2/0/0 10.0.2.2 Full
----------------------------------------------------------------------------
接下来我们修改R4的GigabitEthernet 0/0/0接口的Hello间隔为5秒,观察邻居关系是否可以形成。
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ospf timer hello 5
[R4-GigabitEthernet0/0/0]quit
经过约半分钟以后,可以观察到R4的邻居都消失了。
[R4]display ospf peer brief
OSPF Process 1 with Router ID 10.1.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
----------------------------------------------------------------------------
清空R4 OSPF计数器,查看OSPF的错误。
<R4>reset ospf counters
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]display ospf error
OSPF Process 1 with Router ID 10.1.4.4
OSPF error statistics
General packet errors:
0 : IP: received my own packet 4 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
0 : Netmask mismatch 4 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
可以看到有Hello时间不匹配的错误出现,说明OSPF要求邻居间Hello间隔一样。
取消Hello间隔的修改。再次检查邻居列表。
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]undo ospf timer hello
[R4-GigabitEthernet0/0/0]quit
[R4]display ospf peer brief
OSPF Process 1 with Router ID 10.1.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/0 10.0.5.5 Full
----------------------------------------------------------------------------
发现邻居关系已恢复正常。
步骤四.OSPF认证故障排除
在R1和R2上配置基于接口的认证。
其中R1采用simple方式,密钥为123。
R2采用MD5方式,密钥为huawei。
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode simple plain 123
[R1-Serial1/0/0]quit
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ospf authentication-mode md5 1 plain huawei
[R2-Serial1/0/0]quit
配置完成以后在R1上清空OSPF计数器,可以查看到OSPF的错误。
<R1>reset ospf counters
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]display ospf error
OSPF Process 1 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0 : IP: received my own packet 3 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 3 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
将R1的认证方式配置为MD5后,查看是否还存在错误。
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode md5 1 plain 123
[R1-Serial1/0/0]return
<R1>reset ospf counters
<R1>display ospf error
OSPF Process 1 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0 : IP: received my own packet 9 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
9 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
可以看到该问题还存在。
将R1的密钥也改成huawei,观察邻居关系。
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode md5 1 plain huawei
[R1-Serial1/0/0]quit
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.2 Serial1/0/0 10.0.2.2 Full
----------------------------------------------------------------------------
可见,R1与R2已建立邻接关系。
步骤五.虚电路故障排除
为保证区域2与区域0之间的连通性,在R2和R3之间创建虚电路。
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]vlink-peer 10.0.3.3
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]quit
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]vlink-peer 10.0.2.2
[R3-ospf-1-area-0.0.0.1]quit
[R3-ospf-1]quit
观察虚电路建立是否正常,以及R1是否学习到了全网路由。
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
[R1]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1562 D 10.0.12.2 Serial1/0/0
10.0.3.0/24 OSPF 10 3124 D 10.0.12.2 Serial1/0/0
10.0.5.0/24 OSPF 10 3125 D 10.0.12.2 Serial1/0/0
10.0.23.0/24 OSPF 10 3124 D 10.0.12.2 Serial1/0/0
10.0.75.0/24 OSPF 10 3125 D 10.0.12.2 Serial1/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
在R1上测试连通性,证实可以到达R5。
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.5.5: bytes=56 Sequence=1 ttl=253 time=81 ms
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 81/81/81 ms
由于测试的需要,删除R2的loopback0接口。
[R2]undo interface LoopBack 0
后来由于一次偶然的事故,路由器重启了。在这里我们通过重启OSPF进程的方法模拟路由器重启。
<R2>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
这时连接到R1的用户发现自己无法访问区域外的地址。管理员登录到R1上发现无法与R5的Loopback地址通讯。
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
检查R2和R3之间的虚电路之后发现状态不正常,同时发现R2的Router ID发生了变化。
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.23.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Down
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
由于虚电路的建立是基于对端设备的Router ID的。R2的Router ID发生了变化,所以虚电路发生了故障。
通常我们在启动OSPF进程时指定该进程的Router ID,就是为了防止路由器在运行过程中Router ID发生变化。
下面我们将R2的Router ID固定为10.0.2.2,并将Loopback地址添加回去,然后重启OSPF进程。
[R2]ospf 1 router-id 10.0.2.2
Info: The configuration succeeded. You need to restart the OSPF process to validate the new router ID.
[R2-ospf-1]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 24
[R2-LoopBack0]quit
<R2>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
再次查看虚电路状态。
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
此时虚电路已恢复正常。
管理员出于安全的考虑,在区域0使用了基于区域的认证,启用了MD5对报文进行加密,密钥为huawei。
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R3-ospf-1-area-0.0.0.0]quit
[R3-ospf-1]quit
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit
这时,管理员再次发现区域2中的用户无法访问区域外的网络,检查虚电路后发现虚电路又出于故障的状态。
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Down
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
检查OSPF的错误发现有认证错误发生。
<R2>reset ospf counters
<R2>display ospf error
OSPF Process 1 with Router ID 10.0.2.2
OSPF error statistics
General packet errors:
0 : IP: received my own packet 7 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 7 : Bad authentication type
9 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
OSPF的虚电路属于区域0。区域0打开了基于区域的认证,虚电路上也需要打开认证。
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]quit
这时虚电路的状态恢复了正常,R1也能正常访问其他区域了。
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.5.5: bytes=56 Sequence=1 ttl=253 time=73 ms
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 73/73/73 ms
步骤六.OSPF路由汇总故障排除
首先在R4上以外部路由的形式引入Loopback 0接口地址,并进行地址汇总,汇总后的子网掩码为16位。
[R4]ospf 1
[R4-ospf-1]import-route direct
[R4-ospf-1]asbr-summary 10.1.0.0 255.255.0.0
[R4-ospf-1]quit
一段时间之后,管理员在R2上配置了区域间汇总,将R1的Loopback 0接口连接的网段汇总成16位掩码的路由。
[R2]ospf 1
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]abr-summary 10.1.0.0 255.255.0.0
[R2-ospf-1-area-0.0.0.2]quit
[R2-ospf-1]quit
这时,除了连接到R4的用户以外,全网所有用户均反馈不能访问R4的Loopback地址10.1.4.4。
检查与R4同一区域的路由器R5的路由表发现,若要到达10.1.4.4,匹配到路由条目10.1.0.0/16,而该路由的下一跳是10.0.75.3。
为何会产生这样一个错误的条目呢?
[R5]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.0.3.0/24 OSPF 10 1 D 10.0.75.3 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.0.23.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.1.0.0/16 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
我们先来观察一下R5的LSDB。
[R5]display ospf lsdb
OSPF Process 1 with Router ID 10.0.5.5
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.5.5 10.0.5.5 214 48 80000025 0
Router 10.0.3.3 10.0.3.3 1246 48 80000024 1
Router 10.0.2.2 10.0.2.2 1247 36 80000005 1562
Router 10.1.4.4 10.1.4.4 648 36 8000000D 1
Network 10.0.75.4 10.1.4.4 206 36 80000004 0
Sum-Net 10.0.12.0 10.0.2.2 916 28 80000002 1562
Sum-Net 10.0.3.0 10.0.3.3 893 28 80000008 0
Sum-Net 10.0.3.0 10.0.2.2 916 28 80000002 1562
Sum-Net 10.0.2.0 10.0.3.3 919 28 80000003 1562
Sum-Net 10.0.2.0 10.0.2.2 916 28 80000002 0
Sum-Net 10.1.0.0 10.0.2.2 538 28 80000001 1562
Sum-Net 10.0.23.0 10.0.3.3 893 28 80000008 1562
Sum-Net 10.0.23.0 10.0.2.2 917 28 80000002 1562
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.0.75.0 10.1.4.4 649 36 80000001 1
External 10.1.0.0 10.1.4.4 620 36 80000001 2
在LSDB中我们看到有2条描述10.1.0.0的路由,接下来查看LSA的详细信息。下面这条第三类LSA是由R2始发的,而这条第五类LSA是由R5始发的。这两条LSA描述了一个完全相同的网段信息。
[R5]display ospf lsdb summary 10.1.0.0
OSPF Process 1 with Router ID 10.0.5.5
Area: 0.0.0.0
Link State Database
Type : Sum-Net
Ls id : 10.1.0.0
Adv rtr : 10.0.2.2
Ls age : 767
Len : 28
Options : E
seq# : 80000001
chksum : 0xa380
Net mask : 255.255.0.0
Tos 0 metric: 1562
Priority : Low
[R5]display ospf lsdb ase 10.1.0.0
OSPF Process 1 with Router ID 10.0.5.5
Link State Database
Type : External
Ls id : 10.1.0.0
Adv rtr : 10.1.4.4
Ls age : 871
Len : 36
Options : E
seq# : 80000001
chksum : 0xe3cd
Net mask : 255.255.0.0
TOS 0 Metric: 2
E type : 2
Forwarding Address : 0.0.0.0
Tag : 1
Priority : Low
在OSPF中,第三类LSA始终优于第五类LSA,所以在R5路由表里出现的10.1.0.0/16这条路由的下一跳会是R3。
为了避免这类问题的发生,我们在R4上取消原来对外部路由的汇总,这样这条路由就会再次在其他路由器的路由表中出现。
[R4]ospf 1
[R4-ospf-1]undo asbr-summary 10.1.0.0 255.255.0.0
[R4-ospf-1]quit
[R5]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 6 Routes : 6
OSPF routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.0.3.0/24 OSPF 10 1 D 10.0.75.3 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.0.23.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.1.0.0/16 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.1.4.4/24 O_ASE 150 1 D 10.0.75.4 GigabitEthernet0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
这时我们可以看到,在R5上已学习到了一条关于10.1.4.4/24正确的路由。这时我们在R1上测试连通性。
[R1]ping -c 1 10.1.4.4
PING 10.1.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.4.4: bytes=56 Sequence=1 ttl=253 time=71 ms
--- 10.1.4.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 71/71/71 ms
可见,网络恢复正常。
附加实验: 思考并验证
可否在一个区域中即打开基于区域的认证,又打开基于接口的认证?
非骨干区域的区域号可否一样?
最终设备配置
<R1>display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
ospf authentication-mode md5 1 plain huawei
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.1.1.1
area 0.0.0.2
network 10.0.12.1 0.0.0.0
network 10.1.1.1 0.0.0.0
#
return
<R2>display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
ospf authentication-mode md5 1 plain huawei
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
authentication-mode md5 1 plain huawei
area 0.0.0.1
network 10.0.23.2 0.0.0.0
network 10.0.2.2 0.0.0.0
vlink-peer 10.0.3.3
area 0.0.0.2
abr-summary 10.1.0.0 255.255.0.0
network 10.0.12.2 0.0.0.0
#
return
<R3>display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.75.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.3 0.0.0.0
area 0.0.0.1
network 10.0.23.3 0.0.0.0
network 10.0.3.3 0.0.0.0
vlink-peer 10.0.2.2
#
return
<R4>display current-configuration
[V200R007C00SPC600]
#
sysname R4
#
interface GigabitEthernet0/0/0
ip address 10.0.75.4 255.255.255.0
#
interface LoopBack0
ip address 10.1.4.4 255.255.255.0
#
ospf 1 router-id 10.1.4.4
import-route direct
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.4 0.0.0.0
#
return
<R5>display current-configuration
[V200R007C00SPC600]
#
sysname R5
#
interface GigabitEthernet0/0/0
ip address 10.0.75.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.5 0.0.0.0
network 10.0.5.5 0.0.0.0
#
Return