CCIE-09-BGP-TS

烈火蜓蜻2024-04-05 8:55

目录

  • 实验条件
  • 环境配置
  • 开始Troubleshooting
    • [问题1. R5路由器直连口没有开启](#问题1. R5路由器直连口没有开启)
    • [问题2. R21路由器直连口没有开启](#问题2. R21路由器直连口没有开启)
    • [问题3. R12路由器直连口没有开启](#问题3. R12路由器直连口没有开启)
    • [问题4. R21的直连接口被配置成了被动接口](#问题4. R21的直连接口被配置成了被动接口)
    • [问题5. R21路由器的hello时间与R3的不一致](#问题5. R21路由器的hello时间与R3的不一致)
    • [问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同)](#问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同))
    • [问题7. R22与R5接口的OSPF网络类型不一致](#问题7. R22与R5接口的OSPF网络类型不一致)
    • [问题8. R5上BGP的配置没有激活与R4的邻居状态](#问题8. R5上BGP的配置没有激活与R4的邻居状态)
    • [问题9. R12上BGP的配置关闭了与R4的邻居状态](#问题9. R12上BGP的配置关闭了与R4的邻居状态)
    • [问题10. R2的接口没有开启MPLS](#问题10. R2的接口没有开启MPLS)
    • [问题11. R12上没有开启负载均衡](#问题11. R12上没有开启负载均衡)
    • [问题12. R21上关于194.1.1.1的路由捕获异常](#问题12. R21上关于194.1.1.1的路由捕获异常)
    • [问题13. R12上的134.21.21.21路由metric不正确](#问题13. R12上的134.21.21.21路由metric不正确)
    • [问题14. R21配置了max-metric值、导致路由无效](#问题14. R21配置了max-metric值、导致路由无效)
    • [问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题](#问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题)
    • 问题16:R21的BGP配置,没有将路由的下一跳设置为自己

实验条件

网络拓朴


目标输出




环境配置

在我的资源里可以下载(就在这篇文章的开头也可以下载)

开始Troubleshooting

整体排错的思路如下:

  1. 检查所有的直连口是否双UP
  2. 检查所有的IGP启动情况,邻居状态
  3. 检查所有的BGP的状态(已经配置的邻居是否有起来)
  4. 根据输出,调整BGP选路参数

第一步检查所有的直连接口是否正常UP,所有可以配置 的路由的特权密码都是"cisco",

问题1. R5路由器直连口没有开启

问题2. R21路由器直连口没有开启

问题3. R12路由器直连口没有开启

第二步 确保拓扑图中的OSPF都能正常的起邻居

从R1开始排查

1. 根据拓扑图,先确保OSPF协议邻居有关系先起来 所有路由器的密码都是cisco, 除了不允许配置的路由器外

从R1开始

java 复制代码 
R3#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
123.1.1.1         1   FULL/BDR        00:00:37    123.45.67.5     Ethernet0/0

发现R3与R21路由并没有建立邻居关系。查询配置后并无异常

java 复制代码 
R3#show run | s router ospf 
router ospf 12345
 router-id 123.3.3.3
 area 1 range 134.56.78.0 255.255.255.0
 network 123.3.3.3 0.0.0.0 area 0
 network 123.45.67.6 0.0.0.0 area 0
 network 134.56.78.37 0.0.0.0 area 1
R3#

// 查询R21的路由器
R21(config-if)#do show run | s router
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3

问题4. R21的直连接口被配置成了被动接口

ospf下配置了被动接口,这样的话,他不会发出hello包也无法接收路由和hello报文(其它的IGP中的被动接口行为也有所不同,有些可以接收,但无法发出,有些是无法接收也无法发出)

配置R21的OSPF

java 复制代码 
R21#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R21(config)#router ospf 12345
R21(config-router)#no passive-interface Ethernet1/0 
R21(config-router)#no passive-interface Ethernet0/0
R21(config-router)#do show run | s router ospf
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet1/0
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3

再次查询R21邻居,发现邻居关系依然没有起来,开启Debug

java 复制代码 
R21#debug ip ospf hello      
OSPF hello debugging is on
R21#
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252
OSPF-12345 HELLO Et0/0: Send hello to 224.0.0.5 area 1 from 134.56.78.38
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252

问题5. R21路由器的hello时间与R3的不一致

问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同)

在R3上查询配置得到以下内容

java 复制代码 
R3(config-if)#do show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.37 255.255.255.252
 ip ospf hello-interval 11
 duplex auto
end
......
// 修改这个配置
R3#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int e2/0
R3(config-if)#no ip ospf he
R3(config-if)#no ip ospf hello-interval  
R3(config-if)#do show ip    
%BGP-5-ADJCHANGE: neighbor 134.21.21.21 Up ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
123.1.1.1         1   FULL/BDR        00:00:38    123.45.67.5     Ethernet0/0
134.21.21.21      1   FULL/DR         00:00:39    134.56.78.38    Ethernet2/0
R3(config-if)#

R3与R21邻居关系正常了

再回头检查R22和R21的子网掩码配置

java 复制代码 
R21#show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.50 255.255.255.248
 duplex auto
end
R21#show run | s router ospf 
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet1/0
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3
R21#

R22#show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.49 255.255.255.252
 duplex auto
end
R22#show run | s router ospf 
router ospf 12345
 router-id 134.22.22.22
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet2/0
 network 134.22.22.22 0.0.0.0 area 1
 network 134.56.78.42 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
R22#

根据OSPF网络的宣告内容,可以确定的是R22的E2/0本意是配置子网掩码长度为29位

因此修改R22的接口IP

java 复制代码 
R22#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R22(config)#int e2/0 
R22(config-if)#ip address 134.56.78.49 255.255.255.248

R21#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
123.3.3.3         1   FULL/BDR        00:00:30    134.56.78.37    Ethernet0/0
134.22.22.22      1   FULL/BDR        00:00:34    134.56.78.49    Ethernet2/0

R22(config-if)#do show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
134.21.21.21      1   FULL/DR         00:00:38    134.56.78.50    Ethernet2/0
123.5.5.5         0   FULL/  -        00:00:32    134.56.78.41    Ethernet0/0

至此R21的OSPF邻居关系也都建立了,也正常了,继续排查BGP的邻居关系

此时发现R22的与R5的邻居关系报错,

java 复制代码 
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch

提示网络类型不一致

问题7. R22与R5接口的OSPF网络类型不一致

java 复制代码 
R22#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R22(config)#do show run interface e0/0
Building configuration...

Current configuration : 115 bytes
!
interface Ethernet0/0
 ip address 134.56.78.42 255.255.255.252
 ip ospf network point-to-point
 duplex auto
end

R22(config)#int e0/0
R22(config-if)#no ip ospf network point-to-point

查看路由表,正常学到R22的路由,继续排查BGP邻居状态

R4与R5和R12的邻居状态不正常

java 复制代码 
R4#show ip bgp summary
......
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.5.5.5       4        12345       0       0        1    0    0 never    Idle
123.6.6.6       4        12345     535     535        3    0    0 08:03:26        1
123.45.67.44    4        14567       0       0        1    0    0 never    Idle
R4#show run | s router bgp
router bgp 12345
 bgp router-id 123.4.4.4
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 123.3.3.3 remote-as 12345
 neighbor 123.3.3.3 update-source Loopback0
 neighbor 123.5.5.5 remote-as 12345
 neighbor 123.5.5.5 update-source Loopback0
 neighbor 123.6.6.6 remote-as 12345
 neighbor 123.6.6.6 update-source Loopback0
 neighbor 123.45.67.44 remote-as 14567
 !
 address-family ipv4
  network 125.45.67.24 mask 255.255.255.252
  neighbor 123.5.5.5 activate
  neighbor 123.5.5.5 next-hop-self
  neighbor 123.6.6.6 activate
  neighbor 123.6.6.6 next-hop-self
  neighbor 123.45.67.44 activate
  neighbor 123.45.67.44 route-map MED out
 exit-address-family
 !
 address-family vpnv4
  neighbor 123.3.3.3 activate
  neighbor 123.3.3.3 send-community extended
  neighbor 123.5.5.5 activate
  neighbor 123.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BancoBank_ToHub
  neighbor 124.45.67.26 remote-as 65100
  neighbor 124.45.67.26 activate
 exit-address-family
 !
 address-family ipv4 vrf BancoBank_ToSpoke
  neighbor 123.45.67.26 remote-as 65100
  neighbor 123.45.67.26 activate
 exit-address-family

查询R5的BGP配置

java 复制代码 
R5#show run | s router bgp 
router bgp 12345
 bgp router-id 123.5.5.5
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 12345
 neighbor IBGP update-source Loopback0
 neighbor 123.3.3.3 peer-group IBGP
 neighbor 123.4.4.4 peer-group IBGP
 neighbor 134.21.21.21 peer-group IBGP
 neighbor 134.22.22.22 peer-group IBGP
 !
 address-family ipv4
  neighbor IBGP route-reflector-client
  neighbor IBGP next-hop-self
  neighbor 123.3.3.3 activate
  no neighbor 123.4.4.4 activate
  neighbor 134.21.21.21 activate
  neighbor 134.22.22.22 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 123.3.3.3 activate
  neighbor 123.4.4.4 activate
 exit-address-family
 !
 address-family ipv4 vrf BancBank
  neighbor 123.65.1.30 remote-as 65101
  neighbor 123.65.1.30 activate
 exit-address-family

问题8. R5上BGP的配置没有激活与R4的邻居状态

发现R5与R4的邻居状态没有激活 "no neighbor 123.4.4.4 activate",激活一下

java 复制代码 
R5#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R5(config)#router bgp 12345
R5(config-router)# address-family ipv4
R5(config-router-af)#neighbor 123.4.4.4 activate

R4与R5的邻居关系起来了,继续查看R4与R12的邻居关系

java 复制代码 
R12#show run | s router bgp
router bgp 14567
 bgp router-id 145.12.12.12
 bgp log-neighbor-changes
 network 123.45.67.20 mask 255.255.255.252
 network 123.45.67.40 mask 255.255.255.248
 neighbor 123.45.67.45 remote-as 12345
 neighbor 123.45.67.45 shutdown
 neighbor 123.45.67.46 remote-as 12345
 neighbor 145.11.11.11 remote-as 14567
 neighbor 145.11.11.11 update-source Loopback0
 neighbor 145.11.11.11 next-hop-self
R12#

问题9. R12上BGP的配置关闭了与R4的邻居状态

java 复制代码 
R12#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R12(config)#router bgp 14567
R12(config-router)#no neighbor 123.45.67.45 shutdown

R12(config-router)#do show ip bgp summary
BGP router identifier 145.12.12.12, local AS number 14567
BGP table version is 15, main routing table version 15
11 network entries using 1584 bytes of memory
21 path entries using 1764 bytes of memory
9/6 BGP path/bestpath attribute entries using 1440 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4836 total bytes of memory
BGP activity 11/0 prefixes, 21/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.45.67.45    4        12345      11      14       15    0    0 00:00:15       10
123.45.67.46    4        12345     593     588       15    0    0 08:49:52       10
145.11.11.11    4        14567       0       0        1    0    0 never    Idle
R12(config-router)#

与R4的邻居关系正常了,145.11.11.11的邻居关系应该是与区域外的路由配置有关。 这里并未涉及,就不作处理了

继续排查邻居BGP邻居关系

java 复制代码 
R22#show ip bgp summary
BGP router identifier 134.22.22.22, local AS number 12345
BGP table version is 20, main routing table version 20
11 network entries using 1584 bytes of memory
34 path entries using 2856 bytes of memory
7/5 BGP path/bestpath attribute entries using 1120 bytes of memory
5 BGP rrinfo entries using 120 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 5728 total bytes of memory
BGP activity 12/0 prefixes, 35/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.1.2.18      4        65101       0       0        1    0    0 never    Idle (Admin)
123.3.3.3       4        12345     572     573       20    0    0 08:33:05       11
123.5.5.5       4        12345     576     572       20    0    0 08:33:00       11
134.21.21.21    4        12345     572     573       20    0    0 08:33:00        7
134.56.78.14    4        10001     603     608       20    0    0 09:03:31        5
R22#

123.1.2.18的邻居关系应该也是与区域外的路由配置有关。 这里并未涉及,也不作处理了

经过排查所有的邻居关系都起来了,现在开始实现路由选路

java 复制代码 
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.46 0 msec 0 msec
  2 123.45.67.13 0 msec 1 msec
  3 123.45.67.13 !H  * 
R12#

问题10. R2的接口没有开启MPLS

R2上主机路由不可达,这里是因为IBGP的路由黑洞。所以在R2查询配置,并未发现有配置BGP,只有OSPF,通常是用MPLS来解决路由的黑洞问题,查看一下是否有开启MPLS,通过查询发现R2是有开启MPLS的

java 复制代码 
R2#show run | s mpls
mpls label protocol ldp
 mpls ip
mpls ldp router-id Loopback0
R2#

根据拓扑结构,可以确定MPLS域的范围应该是R3、R5、R1、R2、R4、R6,所以检查所有路由器相关接口的MPLS配置,最终发现只有R2上的E1/0和E2/0接口下没有开启MPLS

java 复制代码 
R2#show run | s interface
interface Ethernet0/0
 ip address 123.45.67.2 255.255.255.252
 duplex auto
 mpls ip
......
interface Ethernet1/0
 ip address 123.45.67.9 255.255.255.252
 duplex auto
......
interface Ethernet2/0
 ip address 123.45.67.13 255.255.255.252
 duplex auto
......
R2#

开启MPLS

java 复制代码 
R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#int e1/0 
R2(config-if)#mpls ip 
R2(config-if)#
%LDP-5-NBRCHG: LDP Neighbor 123.4.4.4:0 (2) is UP
R2(config-if)#int e2/0 
R2(config-if)#mpls ip 
R2(config-if)#
%LDP-5-NBRCHG: LDP Neighbor 123.6.6.6:0 (3) is UP
R2(config-if)#

问题11. R12上没有开启负载均衡

java 复制代码 
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.46 1 msec 0 msec
  2 123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec 0 msec
  3 123.45.67.1 [MPLS: Label 23 Exp 0] 1 msec 0 msec
  4 123.45.67.6 0 msec 1 msec
  5 123.45.67.6 !H  * 
R12#

对比输出,发现首跳没有出现负载均衡。

java 复制代码 
R12#show ip bgp
BGP table version is 15, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *    8.8.8.8/32       123.45.67.45                           0 12345 10001 ?
 *>                    123.45.67.46                           0 12345 10001 ?
 *>   123.3.3.3/32     123.45.67.45           100             0 12345 i
 *                     123.45.67.46           150             0 12345 i
 *>   123.45.67.40/29  0.0.0.0                  0         32768 i
 *    125.45.67.20/30  123.45.67.45                           0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *    125.45.67.24/30  123.45.67.45             0             0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *>   134.21.21.21/32  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
 *>   134.56.78.48/29  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
     Network          Next Hop            Metric LocPrf Weight Path
 *    194.1.0.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *    194.1.1.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *    194.1.2.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *    194.1.3.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
R12#conf t
R12(config)#router bgp 14567 
R12(config-router)#maximum-paths 2			// 开启负载均衡
R12(config-router)#do show ip bgp 
BGP table version is 22, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *m   8.8.8.8/32       123.45.67.45                           0 12345 10001 ?
 *>                    123.45.67.46                           0 12345 10001 ?
 *>   123.3.3.3/32     123.45.67.45           100             0 12345 i
 *                     123.45.67.46           150             0 12345 i
 *>   123.45.67.40/29  0.0.0.0                  0         32768 i
 *m   125.45.67.20/30  123.45.67.45                           0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *m   125.45.67.24/30  123.45.67.45             0             0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *>   134.21.21.21/32  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
 *>   134.56.78.48/29  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
     Network          Next Hop            Metric LocPrf Weight Path
 *m   194.1.0.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.1.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.2.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.3.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec
    123.45.67.46 0 msec
  2 123.45.67.9 [MPLS: Label 23 Exp 0] 1 msec
    123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec
  3 123.45.67.1 [MPLS: Label 23 Exp 0] 0 msec 0 msec
  4 123.45.67.6 1 msec 1 msec
  5 123.45.67.6 !H  * 
R12#

根据输出判断,R1并没有按照期望的选择R5走。而是选择了从R3走,从OSPF边缘分析

java 复制代码 
R21#show ip bgp
BGP table version is 13, local router ID is 134.21.21.21
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   8.8.8.8/32       134.56.78.6              0             0 10001 ?
 r i  123.3.3.3/32     123.3.3.3                0    100      0 i
 r>i                   123.3.3.3                0    100      0 i
 r>i  123.45.67.40/29  123.4.4.4                0    100      0 14567 i
 r i                   123.4.4.4                0    100      0 14567 i
 * i  125.45.67.20/30  123.3.3.3                0    100      0 i
 *>i                   123.3.3.3                0    100      0 i
 * i  125.45.67.24/30  123.4.4.4                0    100      0 i
 *>i                   123.4.4.4                0    100      0 i
 *>   134.21.21.21/32  0.0.0.0                  0         32768 i
 *>   134.56.78.48/29  0.0.0.0                  0         32768 i
 *>   194.1.0.0        134.56.78.6              0             0 10001 i
 *>   194.1.1.0        134.56.78.6              0             0 10001 i
     Network          Next Hop            Metric LocPrf Weight Path
 *>   194.1.2.0        134.56.78.6              0             0 10001 i
 *>   194.1.3.0        134.56.78.6              0             0 10001 i


R22#show ip bgp
......
 * i  194.1.0.0        134.56.78.6              0    101      0 10001 i
 *>i                   134.56.78.6              0    101      0 10001 i
 * i                   134.56.78.6              0    101      0 10001 i
 *                     134.56.78.14             0             0 10001 i
 * i  194.1.1.0        134.56.78.6              0    101      0 10001 i
 *>i                   134.56.78.6              0    101      0 10001 i
 * i                   134.56.78.6              0    101      0 10001 i
 *                     134.56.78.14             0             0 10001 i
 * i  194.1.2.0        134.56.78.6              0    101      0 10001 i
 *>i                   134.56.78.6              0    101      0 10001 i
 * i                   134.56.78.6              0    101      0 10001 i
 *                     134.56.78.14             0             0 10001 i
 * i  194.1.3.0        134.56.78.6              0    101      0 10001 i
 *>i                   134.56.78.6              0    101      0 10001 i
 * i                   134.56.78.6              0    101      0 10001 i
 *                     134.56.78.14             0             0 10001 i

发现最优的路线是往134.56.78.6走的。根据路由表可以看出。134.56.78.0/24的网络走的是134.56.78.41的接口。也就是往R5走

java 复制代码 
R22# show ip route 
......
      134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA     134.56.78.0/24 [110/31] via 134.56.78.41, 01:54:40, Ethernet0/0
C        134.56.78.12/30 is directly connected, Ethernet1/0
L        134.56.78.13/32 is directly connected, Ethernet1/0
O        134.56.78.36/30 [110/65545] via 134.56.78.50, 09:24:45, Ethernet2/0
C        134.56.78.40/30 is directly connected, Ethernet0/0
L        134.56.78.42/32 is directly connected, Ethernet0/0
C        134.56.78.48/29 is directly connected, Ethernet2/0
L        134.56.78.49/32 is directly connected, Ethernet2/0
B     194.1.0.0/24 [200/0] via 134.56.78.6, 01:54:35
B     194.1.1.0/24 [200/0] via 134.56.78.6, 01:54:35
B     194.1.2.0/24 [200/0] via 134.56.78.6, 01:54:35
B     194.1.3.0/24 [200/0] via 134.56.78.6, 01:54:35

R5#show ip route 
......
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA     134.56.78.0/24 [110/21] via 123.45.67.17, 09:54:55, Ethernet0/0
O        134.56.78.36/30 [110/65555] via 134.56.78.42, 02:03:19, Ethernet1/0
C        134.56.78.40/30 is directly connected, Ethernet1/0
L        134.56.78.41/32 is directly connected, Ethernet1/0
O        134.56.78.48/29 [110/20] via 134.56.78.42, 02:03:19, Ethernet1/0
B     194.1.0.0/24 [200/0] via 134.56.78.6, 09:37:50
B     194.1.1.0/24 [200/0] via 134.56.78.6, 09:37:50
B     194.1.2.0/24 [200/0] via 134.56.78.6, 09:37:50
B     194.1.3.0/24 [200/0] via 134.56.78.6, 09:37:50
R5#

R1#show ip route
......
      134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
O IA     134.56.78.0/24 [110/11] via 123.45.67.6, 10:04:46, Ethernet1/0
O IA     134.56.78.36/30 [110/65565] via 123.45.67.18, 02:04:55, Ethernet2/0
O IA     134.56.78.40/30 [110/20] via 123.45.67.18, 02:04:55, Ethernet2/0
O IA     134.56.78.48/29 [110/30] via 123.45.67.18, 02:04:55, Ethernet2/0
R1#

R3#show ip route
......
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O        134.56.78.0/24 is a summary, 10:05:53, Null0
C        134.56.78.36/30 is directly connected, Ethernet2/0
L        134.56.78.37/32 is directly connected, Ethernet2/0
O        134.56.78.40/30 [110/65555] via 134.56.78.38, 02:05:27, Ethernet2/0
O        134.56.78.48/29 [110/65545] via 134.56.78.38, 09:35:29, Ethernet2/0
B     194.1.0.0/24 [200/0] via 134.56.78.6, 09:39:59
B     194.1.1.0/24 [200/0] via 134.56.78.6, 09:39:59
B     194.1.2.0/24 [200/0] via 134.56.78.6, 09:39:59
B     194.1.3.0/24 [200/0] via 134.56.78.6, 09:39:59

由此可以看到,R22、R5去往194.1.1.1的路由都是要从R1、走到R3,但是R3上却没有去往194.1.1.1的下一跳134.56.78.6的路由。因此到这里路就不通了。按照拓扑上的需求。路径应该是R1->R5->R22->R26, 因此需要调整R22上最优的路径应该是往R26而不是R5的方向,

java 复制代码 
R22#show ip bgp 194.1.1.0/24
BGP routing table entry for 194.1.1.0/24, version 16
Paths: (4 available, best #2, table default)
  Advertised to update-groups:
     1         
  Refresh Epoch 2
  10001
    134.56.78.6 (metric 31) from 123.5.5.5 (123.5.5.5)
      Origin IGP, metric 0, localpref 101, valid, internal
      Originator: 134.21.21.21, Cluster list: 123.5.5.5
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 2
  10001
    134.56.78.6 (metric 31) from 134.21.21.21 (134.21.21.21)
      Origin IGP, metric 0, localpref 101, valid, internal, best
      rx pathid: 0, tx pathid: 0x0
  Refresh Epoch 2
  10001
    134.56.78.6 (metric 31) from 123.3.3.3 (123.3.3.3)
      Origin IGP, metric 0, localpref 101, valid, internal
      Originator: 134.21.21.21, Cluster list: 123.3.3.3
      rx pathid: 0, tx pathid: 0
  Refresh Epoch 1
  10001   
    134.56.78.14 from 134.56.78.14 (194.1.1.1)
      Origin IGP, metric 0, localpref 100, valid, external
      rx pathid: 0, tx pathid: 0
R22#

查询R22上接收到的路由信息发现。从R21上接收到的路由是101的LP值。先调小该路由的LP值,看看对路由的优先级是否能启效,查询配置发现有两个配置

java 复制代码 
R21#show run | s router bgp
router bgp 12345
 bgp router-id 134.21.21.21
 bgp log-neighbor-changes
 bgp default local-preference 101
 network 134.21.21.21 mask 255.255.255.255
 network 134.56.78.8 mask 255.255.255.252
 network 134.56.78.48 mask 255.255.255.248
 neighbor PEER peer-group
 neighbor PEER remote-as 12345
 neighbor PEER update-source Loopback0
 neighbor PEER route-map LP out
 neighbor 123.3.3.3 peer-group PEER
 neighbor 123.5.5.5 peer-group PEER
 neighbor 134.22.22.22 peer-group PEER
 neighbor 134.56.78.6 remote-as 10001
 neighbor 134.56.78.6 route-map MED out
R21#show route-map LP
route-map LP, permit, sequence 10
  Match clauses:
    ip address prefix-lists: 194 
  Set clauses:
    local-preference 99
  Policy routing matches: 0 packets, 0 bytes
route-map LP, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
R21#show ip prefix 194
ip prefix-list 194: 1 entries
   seq 5 permit 128.0.0.0/1 le 16
R21#

问题12. R21上关于194.1.1.1的路由捕获异常

从上面的配置可以看出,有两个地方可以调整194.1.1.1的LP值。

  1. 删除 bgp default local-preference 101, 但是这个配置可能会影响其它的路由策略,调整的原则应该是最小影响的,最好只针对我们需要操作的路由,
  2. 修改前缀列表194的(从这里可以看出,他本意也是配置194的路由LP值为99,但是没有生效)
    前缀列表的配置捕获的路由是16位子网掩码,我们要求的194并不在此之列,因此增加一条匹配194的配置
java 复制代码 
R21#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R21(config)#ip prefix-list 194 permit 194.1.0.0/16 le 24     
R21(config)#do show ip prefix   
ip prefix-list 194: 2 entries
   seq 5 permit 128.0.0.0/1 le 16
   seq 10 permit 194.1.0.0/16 le 24
ip prefix-list 8: 1 entries
   seq 5 permit 8.8.8.8/32
R21(config)#

重新检查R22的配置

java 复制代码 
R22#show ip bgp
......
 * i  194.1.0.0        134.56.78.6              0     99      0 10001 i
 *>                    134.56.78.14             0             0 10001 i
 * i  194.1.1.0        134.56.78.6              0     99      0 10001 i
 *>                    134.56.78.14             0             0 10001 i
 * i  194.1.2.0        134.56.78.6              0     99      0 10001 i
 *>                    134.56.78.14             0             0 10001 i
 * i  194.1.3.0        134.56.78.6              0     99      0 10001 i
 *>                    134.56.78.14             0             0 10001 i
R22#

发现目的达到了,从R26走的路由成为了最优。继续检查R5、R4、R6是否也从R22走了

java 复制代码 
R5#show ip bgp 
......
 *>i  194.1.1.0        134.22.22.22             0    100      0 10001 i
 * i                   134.22.22.22             0    100      0 10001 i
 * i                   134.56.78.6              0     99      0 10001 i
 *>i  194.1.2.0        134.22.22.22             0    100      0 10001 i
 * i                   134.22.22.22             0    100      0 10001 i
 * i                   134.56.78.6              0     99      0 10001 i
 *>i  194.1.3.0        134.22.22.22             0    100      0 10001 i
 * i                   134.22.22.22             0    100      0 10001 i
 * i                   134.56.78.6              0     99      0 10001 i
R5#show ip route 
......
      134.22.0.0/32 is subnetted, 1 subnets
O        134.22.22.22 [110/11] via 134.56.78.42, 02:25:11, Ethernet1/0
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA     134.56.78.0/24 [110/21] via 123.45.67.17, 10:16:47, Ethernet0/0
O        134.56.78.36/30 [110/65555] via 134.56.78.42, 02:25:11, Ethernet1/0
C        134.56.78.40/30 is directly connected, Ethernet1/0
L        134.56.78.41/32 is directly connected, Ethernet1/0
O        134.56.78.48/29 [110/20] via 134.56.78.42, 02:25:11, Ethernet1/0
B     194.1.0.0/24 [200/0] via 134.22.22.22, 00:02:48
B     194.1.1.0/24 [200/0] via 134.22.22.22, 00:02:48
B     194.1.2.0/24 [200/0] via 134.22.22.22, 00:02:48
B     194.1.3.0/24 [200/0] via 134.22.22.22, 00:02:48


R4# show ip bgp 
......
 *>i  194.1.0.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.1.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.2.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.3.0        134.22.22.22             0    100      0 10001 i
// R4上收到的路由也是从R22走的

R6#show ip bgp
......
 *>i  194.1.0.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.1.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.2.0        134.22.22.22             0    100      0 10001 i
 *>i  194.1.3.0        134.22.22.22             0    100      0 10001 i
// R6上收到的路由也是从R22走的

看起来都OK,现在在R12上traceroute 194.1.1.1的路径。看看是否达到目的

java 复制代码 
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 0 msec
    123.45.67.46 0 msec
  2 123.45.67.9 [MPLS: Label 26 Exp 0] 0 msec
    123.45.67.13 [MPLS: Label 26 Exp 0] 0 msec
  3 123.45.67.1 [MPLS: Label 26 Exp 0] 0 msec 1 msec
  4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 1 msec
  5 134.56.78.42 0 msec 0 msec
  6 134.56.78.14 1 msec * 
R12#

与OUTPUT1一致,目标达到,继续调试下一下输出

java 复制代码 
R12#traceroute 134.21.21.21 probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec 0 msec
  2 123.45.67.9 [MPLS: Label 25 Exp 0] 1 msec 1 msec
  3 123.45.67.1 [MPLS: Label 25 Exp 0] 0 msec 0 msec
  4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 1 msec
  5 134.56.78.38 0 msec * 
R12#

发现除了第一跳,其它的都满足条件了。查询BGP表得以下内容

java 复制代码 
R12#show ip bgp
BGP table version is 22, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *m   8.8.8.8/32       123.45.67.45                           0 12345 10001 ?
 *>                    123.45.67.46                           0 12345 10001 ?
 *>   123.3.3.3/32     123.45.67.45           100             0 12345 i
 *                     123.45.67.46           150             0 12345 i
 *>   123.45.67.40/29  0.0.0.0                  0         32768 i
 *m   125.45.67.20/30  123.45.67.45                           0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *m   125.45.67.24/30  123.45.67.45             0             0 12345 i
 *>                    123.45.67.46                           0 12345 i
 *>   134.21.21.21/32  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
 *>   134.56.78.48/29  123.45.67.45           200             0 12345 i
 *                     123.45.67.46           500             0 12345 i
     Network          Next Hop            Metric LocPrf Weight Path
 *m   194.1.0.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.1.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.2.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
 *m   194.1.3.0        123.45.67.45           200             0 12345 10001 i
 *>                    123.45.67.46           200             0 12345 10001 i
R12#

问题13. R12上的134.21.21.21路由metric不正确

发现去往134.21.21.21的路由优先走R6,不满足要求。需要调整,可以增大R4上的MED大过500,或者调小R6上的MED值小于200。

决定调小R6上该路由的MED值

java 复制代码 
R6#show run | s router bgp
router bgp 12345
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 123.3.3.3 remote-as 12345
 neighbor 123.3.3.3 update-source Loopback0
 neighbor 123.4.4.4 remote-as 12345
 neighbor 123.4.4.4 update-source Loopback0
 neighbor 123.45.67.44 remote-as 14567
 !
 address-family ipv4
  neighbor 123.3.3.3 activate
  neighbor 123.3.3.3 next-hop-self
  neighbor 123.4.4.4 activate
  neighbor 123.45.67.44 activate
  neighbor 123.45.67.44 route-map MED out
 exit-address-family
 !
 address-family vpnv4
  neighbor 123.3.3.3 activate
  neighbor 123.3.3.3 send-community extended
  neighbor 123.3.3.3 next-hop-self
 exit-address-family
 !
 address-family ipv4 vrf BancBank
  neighbor 123.65.2.34 remote-as 65102
  neighbor 123.65.2.34 activate
 exit-address-family
R6#show route-map MED
route-map MED, permit, sequence 10
  Match clauses:
    ip address prefix-lists: 123 
  Set clauses:
    metric 150
  Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 20
  Match clauses:
    ip address prefix-lists: 134 
  Set clauses:
    metric 500
  Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 30
  Match clauses:
    ip address prefix-lists: 194 
  Set clauses:
    metric 200
  Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 40
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
R6(config)#route-map MED permit 20
R6(config-route-map)#set me
R6(config-route-map)#set metric 199

// 调整完成。clear ip bgp * so 刷新BGP路由表
R12#clear ip bgp * so
R12#show ip bgp 
......
 *    134.21.21.21/32  123.45.67.45           200             0 12345 i
 *>                    123.45.67.46           199             0 12345 i
 *    134.56.78.48/29  123.45.67.45           200             0 12345 i
 *>                    123.45.67.46           199             0 12345 i

调整完成。继续traceroute 134.21.21.21

java 复制代码 
R12#traceroute 134.21.21.21 probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.46 0 msec 0 msec
  2 123.45.67.13 [MPLS: Label 25 Exp 0] 2 msec 1 msec
  3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
  4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 0 msec
  5 134.56.78.38 1 msec * 
R12#

目标达到,继续Output3 输出, 满足要求不做调整

继续Output4验证

java 复制代码 
R12#traceroute 8.8.8.8 probe 2     
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec
    123.45.67.46 1 msec
  2 123.45.67.9 [MPLS: Label 23 Exp 0] 1 msec
    123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec
  3 123.45.67.1 [MPLS: Label 23 Exp 0] 1 msec 1 msec
  4 123.45.67.6 0 msec 0 msec
  5 123.45.67.6 !H  * 
R12#

发现与需求不同,且在到R3之后去往8.8.8.8路由不通。

java 复制代码 
R3#show ip route 
......
      8.0.0.0/32 is subnetted, 1 subnets
B        8.8.8.8 [200/0] via 134.56.78.6, 10:19:32
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O        134.56.78.0/24 is a summary, 10:45:26, Null0
C        134.56.78.36/30 is directly connected, Ethernet2/0
L        134.56.78.37/32 is directly connected, Ethernet2/0
O        134.56.78.40/30 [110/65555] via 134.56.78.38, 02:45:00, Ethernet2/0
O        134.56.78.48/29 [110/65545] via 134.56.78.38, 10:15:02, Ethernet2/0
B     194.1.0.0/24 [200/0] via 134.22.22.22, 00:22:37
B     194.1.1.0/24 [200/0] via 134.22.22.22, 00:22:37
B     194.1.2.0/24 [200/0] via 134.22.22.22, 00:22:37
B     194.1.3.0/24 [200/0] via 134.22.22.22, 00:22:37
......

发现去往134.56.78.0/24的路由是本地址汇总的,而本地又没有去往134.56.78.6的路由,因此路由不通。从拓扑上可以看到134.56.78.0/24应该在R21上可以学到,并且通告给R3的,因此在R21查询路由表得到:

java 复制代码 
R21#show ip route 
......
      134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA     134.56.78.0/24 [110/65566] via 134.56.78.49, 02:50:04, Ethernet2/0
C        134.56.78.4/30 is directly connected, Ethernet1/0
L        134.56.78.5/32 is directly connected, Ethernet1/0
C        134.56.78.36/30 is directly connected, Ethernet0/0
L        134.56.78.38/32 is directly connected, Ethernet0/0
O        134.56.78.40/30 [110/65545] via 134.56.78.49, 02:50:04, Ethernet2/0
C        134.56.78.48/29 is directly connected, Ethernet2/0
L        134.56.78.50/32 is directly connected, Ethernet2/0
B     194.1.0.0/24 [20/0] via 134.56.78.6, 10:40:49
B     194.1.1.0/24 [20/0] via 134.56.78.6, 10:40:49
B     194.1.2.0/24 [20/0] via 134.56.78.6, 10:40:49
B     194.1.3.0/24 [20/0] via 134.56.78.6, 10:40:49

问题14. R21配置了max-metric值、导致路由无效

发现了在R21的所有router-LSA都被配置了max-metric值,在OSPF中,度量值有一个上限,即65535,这个值被称为"最大度量值"或"最大度量"。如果一个路径的度量值大于最大度量值,则该路径被认为是无效的,并被排除在最短路径计算之外,因此该路径没有被通告给邻居,因此需要将此项配置去除掉。

java 复制代码 
R21#show run | s router ospf
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet1/0
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3
R21#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R21(config)#router ospf 12345
R21(config-router)#no max-metric router-lsa 
R21(config-router)#do show ip route  
......
      8.0.0.0/32 is subnetted, 1 subnets
B        8.8.8.8 [20/0] via 134.56.78.6, 10:47:35
......
      134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA     134.56.78.0/24 [110/41] via 134.56.78.49, 00:00:39, Ethernet2/0
C        134.56.78.4/30 is directly connected, Ethernet1/0
L        134.56.78.5/32 is directly connected, Ethernet1/0
C        134.56.78.36/30 is directly connected, Ethernet0/0
L        134.56.78.38/32 is directly connected, Ethernet0/0
O        134.56.78.40/30 [110/20] via 134.56.78.49, 00:00:39, Ethernet2/0
C        134.56.78.48/29 is directly connected, Ethernet2/0
L        134.56.78.50/32 is directly connected, Ethernet2/0
B     194.1.0.0/24 [20/0] via 134.56.78.6, 10:47:35
B     194.1.1.0/24 [20/0] via 134.56.78.6, 10:47:35
B     194.1.2.0/24 [20/0] via 134.56.78.6, 10:47:35
B     194.1.3.0/24 [20/0] via 134.56.78.6, 10:47:35
R21(config-router)#

此时发现有另外一个问题。去往 134.56.78.0/24居然是从R22走。这个明显不正常,他应该直接走R26,继续检查R22路由

java 复制代码 
R22#show ip route 
......
      134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA     134.56.78.0/24 [110/31] via 134.56.78.41, 03:01:59, Ethernet0/0
C        134.56.78.12/30 is directly connected, Ethernet1/0
L        134.56.78.13/32 is directly connected, Ethernet1/0
O        134.56.78.36/30 [110/20] via 134.56.78.50, 00:05:48, Ethernet2/0
......


R5#show ip route 
......
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA     134.56.78.0/24 [110/21] via 123.45.67.17, 10:54:00, Ethernet0/0
O        134.56.78.36/30 [110/30] via 134.56.78.42, 00:06:13, Ethernet1/0
C        134.56.78.40/30 is directly connected, Ethernet1/0
L        134.56.78.41/32 is directly connected, Ethernet1/0
O        134.56.78.48/29 [110/20] via 134.56.78.42, 03:02:24, Ethernet1/0
......

R1#show ip route 
......
      134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
O IA     134.56.78.0/24 [110/11] via 123.45.67.6, 11:02:27, Ethernet1/0
O IA     134.56.78.36/30 [110/40] via 123.45.67.18, 00:06:24, Ethernet2/0
O IA     134.56.78.40/30 [110/20] via 123.45.67.18, 03:02:36, Ethernet2/0
O IA     134.56.78.48/29 [110/30] via 123.45.67.18, 03:02:36, Ethernet2/0

R3#show ip route 
......
      134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O        134.56.78.0/24 is a summary, 11:03:15, Null0
C        134.56.78.36/30 is directly connected, Ethernet2/0
L        134.56.78.37/32 is directly connected, Ethernet2/0
O        134.56.78.40/30 [110/30] via 134.56.78.38, 00:06:38, Ethernet2/0
O        134.56.78.48/29 [110/20] via 134.56.78.38, 00:06:38, Ethernet2/0
......

问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题

发现最终又回到了R3上,而R3上还是原来产生的那条汇总路由,因为他是本地产生,邻近的路由到R3肯定是最近的,这样会导致真正的134.56.78.0网段无法到达,因此需要删除该汇总路由。

java 复制代码 
R3#conf t
R3(config)#router ospf 12345
R3(config-router)#no area 1 range 134.56.78.0 255.255.255.0
R3(config-router)#do show ip route 
......
      8.0.0.0/32 is subnetted, 1 subnets
B        8.8.8.8 [200/0] via 134.22.22.22, 00:01:26
......
      134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
C        134.56.78.36/30 is directly connected, Ethernet2/0
L        134.56.78.37/32 is directly connected, Ethernet2/0
O        134.56.78.40/30 [110/30] via 134.56.78.38, 00:00:28, Ethernet2/0
O        134.56.78.48/29 [110/20] via 134.56.78.38, 00:00:28, Ethernet2/0
......
R3(config-router)#

这下去往8.8.8.8的网络变成往134.22.22.22走了,不再是134.56.78.6网段,调用Traceroute重新验证

java 复制代码 
R12#traceroute 8.8.8.8 probe 2
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 0 msec
    123.45.67.46 1 msec
  2 123.45.67.9 [MPLS: Label 26 Exp 0] 1 msec
    123.45.67.13 [MPLS: Label 26 Exp 0] 0 msec
  3 123.45.67.1 [MPLS: Label 26 Exp 0] 1 msec 0 msec
  4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 0 msec
  5 134.56.78.42 1 msec 1 msec
  6 134.56.78.14 1 msec 1 msec
  7 194.1.1.2 [AS 10001] 1 msec * 
R12#

结果发现:中间R1应该要往R3走,结果变成了往R5走,不满足需求,继续排查。由R4和R6上的8.8.8.8路由的下一跳可以发现、都是134.22.22.22,需要调整为从134.21.21.21走。

java 复制代码 
R22#show ip bgp 
......
     Network          Next Hop            Metric LocPrf Weight Path
 * i  8.8.8.8/32       134.56.78.6              0    101      0 10001 ?
 *>                    134.56.78.14             0             0 10001 ?
......

R21#show ip bgp 
......
     Network          Next Hop            Metric LocPrf Weight Path
 * i  8.8.8.8/32       134.22.22.22             0    100      0 10001 ?
 * i                   134.22.22.22             0    100      0 10001 ?
 * i                   134.22.22.22             0    100      0 10001 ?
 *>                    134.56.78.6              0             0 10001 ?
......
// 上面这两个最优路由没有问题。都是直接到R26上

R3#show ip bgp
......
     Network          Next Hop            Metric LocPrf Weight Path
 * i  8.8.8.8/32       134.22.22.22             0    100      0 10001 ?
 *>i                   134.22.22.22             0    100      0 10001 ?
 * i                   134.56.78.6              0    101      0 10001 ?
......
// R3因为没有直达134.56.78.6的路由所以 134.22.22.22才会成为最优。 

R5#show ip bgp
......
     Network          Next Hop            Metric LocPrf Weight Path
 * i  8.8.8.8/32       134.22.22.22             0    100      0 10001 ?
 *>i                   134.22.22.22             0    100      0 10001 ?
 * i                   134.56.78.6              0    101      0 10001 ?
......

// R3和R5两个路由要确保,R3的路由是最优的。不过R3和R5去往8.8.8.8的路由下一跳中并没有R21的地址
R21#show run | s router bgp
router bgp 12345
 bgp router-id 134.21.21.21
 bgp log-neighbor-changes
 bgp default local-preference 101
 network 134.21.21.21 mask 255.255.255.255
 network 134.56.78.8 mask 255.255.255.252
 network 134.56.78.48 mask 255.255.255.248
 neighbor PEER peer-group
 neighbor PEER remote-as 12345
 neighbor PEER update-source Loopback0
 neighbor PEER route-map LP out
 neighbor 123.3.3.3 peer-group PEER
 neighbor 123.5.5.5 peer-group PEER
 neighbor 134.22.22.22 peer-group PEER
 neighbor 134.56.78.6 remote-as 10001
 neighbor 134.56.78.6 route-map MED out
R21#

问题16:R21的BGP配置,没有将路由的下一跳设置为自己

发现没有将路由的下一跳设置为自己。添加配置

java 复制代码 
R21#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R21(config)#router bgp 12345
R21(config-router)#neighbor PEER next-hop-self
R21(config-router)#

再次查询R3的BGP表

java 复制代码 
R3#show ip bgp
BGP table version is 28, local router ID is 123.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 * i  8.8.8.8/32       134.21.21.21             0    101      0 10001 ?
 *>i                   134.21.21.21             0    101      0 10001 ?
......

因为去134.21.21.21的LP值为101,所以R3反射器并没有把其它不是最优的路径接收进路由表。所以这里没有了下一跳为R22的路由。

重新Traceroute

java 复制代码 
R12#traceroute 8.8.8.8 probe 2
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec
    123.45.67.46 6 msec
  2 123.45.67.9 [MPLS: Label 25 Exp 0] 1 msec
    123.45.67.13 [MPLS: Label 25 Exp 0] 1 msec
  3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
  4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 0 msec
  5 134.56.78.38 1 msec 1 msec
  6 134.56.78.6 0 msec 0 msec
  7 194.1.1.2 [AS 10001] 1 msec * 
R12#

达到目标、实现了所有的需求。因为最后一个需求有调整参数、因此需要再全部再次traceroute一次,保证所有的需求都同时满足。

java 复制代码 
R12#traceroute 123.3.3.3 probe 2
Type escape sequence to abort.
Tracing the route to 123.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec 0 msec
  2 123.45.67.9 [MPLS: Label 19 Exp 0] 1 msec 1 msec
  3 123.45.67.1 [MPLS: Label 18 Exp 0] 0 msec 0 msec
  4 123.45.67.6 1 msec * 

R12#traceroute 134.21.21.21  probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.46 0 msec 1 msec
  2 123.45.67.13 [MPLS: Label 25 Exp 0] 1 msec 1 msec
  3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
  4 123.45.67.6 [MPLS: Label 26 Exp 0] 1 msec 0 msec
  5 134.56.78.38 1 msec * 

R12#traceroute 194.1.1.1  probe 2   
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
  1 123.45.67.45 1 msec
    123.45.67.46 0 msec
  2 123.45.67.9 [MPLS: Label 26 Exp 0] 1 msec
    123.45.67.13 [MPLS: Label 26 Exp 0] 1 msec
  3 123.45.67.1 [MPLS: Label 26 Exp 0] 1 msec 1 msec
  4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 1 msec
  5 134.56.78.42 1 msec 1 msec
  6 134.56.78.14 1 msec * 
R12#

所有的目标都达成, 实验完成。

相关推荐
黑客Ash38 分钟前
【D01】网络安全概论
网络·安全·web安全·php
->yjy39 分钟前
计算机网络(第一章)
网络·计算机网络·php
摘星星ʕ•̫͡•ʔ2 小时前
计算机网络 第三章:数据链路层(关于争用期的超详细内容)
网络·计算机网络
.Ayang2 小时前
SSRF漏洞利用
网络·安全·web安全·网络安全·系统安全·网络攻击模型·安全架构
好想打kuo碎3 小时前
1、HCIP之RSTP协议与STP相关安全配置
网络·安全
虚拟网络工程师4 小时前
【网络系统管理】Centos7——配置主从mariadb服务器案例(下半部分)
运维·服务器·网络·数据库·mariadb
JosieBook5 小时前
【网络工程】查看自己电脑网络IP,检查网络是否连通
服务器·网络·tcp/ip
黑客Ash6 小时前
计算机中的网络安全
网络·安全·web安全
PersistJiao6 小时前
Spark 分布式计算中网络传输和序列化的关系(二)
大数据·网络·spark·序列化·分布式计算
热门推荐
01(欧拉)openEuler系统添加网卡文件配置流程、(欧拉)openEuler系统手动配置ipv6地址流程、(欧拉)openEuler系统网络管理说明02PyTorch机器学习实现液态神经网络03【HarmonyOS】HUAWEI DevEco Studio 下载地址汇总04玄机平台应急响应—webshell查杀05Coze扣子平台完整体验和实践(附国内和国际版对比)06RAG 实践- Ollama+RagFlow 部署本地知识库07【目标跟踪】相机运动补偿08Unity中PICO实现 隔空取物 和 接触抓取物体09Ubuntu 20.04使用Livox mid 360 测试 FAST_LIO10量化方法怎么选?如何评估量化后的大模型LLM?