目录
- 实验条件
- 环境配置
- 开始Troubleshooting
-
- [问题1. R5路由器直连口没有开启](#问题1. R5路由器直连口没有开启)
- [问题2. R21路由器直连口没有开启](#问题2. R21路由器直连口没有开启)
- [问题3. R12路由器直连口没有开启](#问题3. R12路由器直连口没有开启)
- [问题4. R21的直连接口被配置成了被动接口](#问题4. R21的直连接口被配置成了被动接口)
- [问题5. R21路由器的hello时间与R3的不一致](#问题5. R21路由器的hello时间与R3的不一致)
- [问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同)](#问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同))
- [问题7. R22与R5接口的OSPF网络类型不一致](#问题7. R22与R5接口的OSPF网络类型不一致)
- [问题8. R5上BGP的配置没有激活与R4的邻居状态](#问题8. R5上BGP的配置没有激活与R4的邻居状态)
- [问题9. R12上BGP的配置关闭了与R4的邻居状态](#问题9. R12上BGP的配置关闭了与R4的邻居状态)
- [问题10. R2的接口没有开启MPLS](#问题10. R2的接口没有开启MPLS)
- [问题11. R12上没有开启负载均衡](#问题11. R12上没有开启负载均衡)
- [问题12. R21上关于194.1.1.1的路由捕获异常](#问题12. R21上关于194.1.1.1的路由捕获异常)
- [问题13. R12上的134.21.21.21路由metric不正确](#问题13. R12上的134.21.21.21路由metric不正确)
- [问题14. R21配置了max-metric值、导致路由无效](#问题14. R21配置了max-metric值、导致路由无效)
- [问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题](#问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题)
- 问题16:R21的BGP配置,没有将路由的下一跳设置为自己
实验条件
网络拓朴
目标输出
环境配置
在我的资源里可以下载(就在这篇文章的开头也可以下载)
开始Troubleshooting
整体排错的思路如下:
- 检查所有的直连口是否双UP
- 检查所有的IGP启动情况,邻居状态
- 检查所有的BGP的状态(已经配置的邻居是否有起来)
- 根据输出,调整BGP选路参数
第一步检查所有的直连接口是否正常UP,所有可以配置 的路由的特权密码都是"cisco
",
问题1. R5路由器直连口没有开启
问题2. R21路由器直连口没有开启
问题3. R12路由器直连口没有开启
第二步 确保拓扑图中的OSPF都能正常的起邻居
从R1开始排查
1. 根据拓扑图,先确保OSPF协议邻居有关系先起来 所有路由器的密码都是cisco, 除了不允许配置的路由器外
从R1开始
java
R3#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
123.1.1.1 1 FULL/BDR 00:00:37 123.45.67.5 Ethernet0/0
发现R3与R21路由并没有建立邻居关系。查询配置后并无异常
java
R3#show run | s router ospf
router ospf 12345
router-id 123.3.3.3
area 1 range 134.56.78.0 255.255.255.0
network 123.3.3.3 0.0.0.0 area 0
network 123.45.67.6 0.0.0.0 area 0
network 134.56.78.37 0.0.0.0 area 1
R3#
// 查询R21的路由器
R21(config-if)#do show run | s router
router ospf 12345
router-id 134.21.21.21
max-metric router-lsa
passive-interface default
no passive-interface Ethernet2/0
network 134.21.21.21 0.0.0.0 area 1
network 134.56.78.38 0.0.0.0 area 1
network 134.56.78.48 0.0.0.7 area 1
neighbor 123.3.3.3
问题4. R21的直连接口被配置成了被动接口
ospf下配置了被动接口,这样的话,他不会发出hello包也无法接收路由和hello报文(其它的IGP中的被动接口行为也有所不同,有些可以接收,但无法发出,有些是无法接收也无法发出)
配置R21的OSPF
java
R21#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R21(config)#router ospf 12345
R21(config-router)#no passive-interface Ethernet1/0
R21(config-router)#no passive-interface Ethernet0/0
R21(config-router)#do show run | s router ospf
router ospf 12345
router-id 134.21.21.21
max-metric router-lsa
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet1/0
no passive-interface Ethernet2/0
network 134.21.21.21 0.0.0.0 area 1
network 134.56.78.38 0.0.0.0 area 1
network 134.56.78.48 0.0.0.7 area 1
neighbor 123.3.3.3
再次查询R21邻居,发现邻居关系依然没有起来,开启Debug
java
R21#debug ip ospf hello
OSPF hello debugging is on
R21#
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252
OSPF-12345 HELLO Et0/0: Send hello to 224.0.0.5 area 1 from 134.56.78.38
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252
问题5. R21路由器的hello时间与R3的不一致
问题6. R21路由器与R22的直接接口的IP地址网络不一样(子网掩码不同)
在R3上查询配置得到以下内容
java
R3(config-if)#do show run interface e2/0
Building configuration...
Current configuration : 83 bytes
!
interface Ethernet2/0
ip address 134.56.78.37 255.255.255.252
ip ospf hello-interval 11
duplex auto
end
......
// 修改这个配置
R3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int e2/0
R3(config-if)#no ip ospf he
R3(config-if)#no ip ospf hello-interval
R3(config-if)#do show ip
%BGP-5-ADJCHANGE: neighbor 134.21.21.21 Up ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
123.1.1.1 1 FULL/BDR 00:00:38 123.45.67.5 Ethernet0/0
134.21.21.21 1 FULL/DR 00:00:39 134.56.78.38 Ethernet2/0
R3(config-if)#
R3与R21邻居关系正常了
再回头检查R22和R21的子网掩码配置
java
R21#show run interface e2/0
Building configuration...
Current configuration : 83 bytes
!
interface Ethernet2/0
ip address 134.56.78.50 255.255.255.248
duplex auto
end
R21#show run | s router ospf
router ospf 12345
router-id 134.21.21.21
max-metric router-lsa
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet1/0
no passive-interface Ethernet2/0
network 134.21.21.21 0.0.0.0 area 1
network 134.56.78.38 0.0.0.0 area 1
network 134.56.78.48 0.0.0.7 area 1
neighbor 123.3.3.3
R21#
R22#show run interface e2/0
Building configuration...
Current configuration : 83 bytes
!
interface Ethernet2/0
ip address 134.56.78.49 255.255.255.252
duplex auto
end
R22#show run | s router ospf
router ospf 12345
router-id 134.22.22.22
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet2/0
network 134.22.22.22 0.0.0.0 area 1
network 134.56.78.42 0.0.0.0 area 1
network 134.56.78.48 0.0.0.7 area 1
R22#
根据OSPF网络的宣告内容,可以确定的是R22的E2/0本意是配置子网掩码长度为29位
因此修改R22的接口IP
java
R22#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R22(config)#int e2/0
R22(config-if)#ip address 134.56.78.49 255.255.255.248
R21#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
123.3.3.3 1 FULL/BDR 00:00:30 134.56.78.37 Ethernet0/0
134.22.22.22 1 FULL/BDR 00:00:34 134.56.78.49 Ethernet2/0
R22(config-if)#do show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
134.21.21.21 1 FULL/DR 00:00:38 134.56.78.50 Ethernet2/0
123.5.5.5 0 FULL/ - 00:00:32 134.56.78.41 Ethernet0/0
至此R21的OSPF邻居关系也都建立了,也正常了,继续排查BGP的邻居关系
此时发现R22的与R5的邻居关系报错,
java
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a potential
network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a potential
network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a potential
network type mismatch
提示网络类型不一致
问题7. R22与R5接口的OSPF网络类型不一致
java
R22#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R22(config)#do show run interface e0/0
Building configuration...
Current configuration : 115 bytes
!
interface Ethernet0/0
ip address 134.56.78.42 255.255.255.252
ip ospf network point-to-point
duplex auto
end
R22(config)#int e0/0
R22(config-if)#no ip ospf network point-to-point
查看路由表,正常学到R22的路由,继续排查BGP邻居状态
R4与R5和R12的邻居状态不正常
java
R4#show ip bgp summary
......
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
123.5.5.5 4 12345 0 0 1 0 0 never Idle
123.6.6.6 4 12345 535 535 3 0 0 08:03:26 1
123.45.67.44 4 14567 0 0 1 0 0 never Idle
R4#show run | s router bgp
router bgp 12345
bgp router-id 123.4.4.4
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 123.3.3.3 remote-as 12345
neighbor 123.3.3.3 update-source Loopback0
neighbor 123.5.5.5 remote-as 12345
neighbor 123.5.5.5 update-source Loopback0
neighbor 123.6.6.6 remote-as 12345
neighbor 123.6.6.6 update-source Loopback0
neighbor 123.45.67.44 remote-as 14567
!
address-family ipv4
network 125.45.67.24 mask 255.255.255.252
neighbor 123.5.5.5 activate
neighbor 123.5.5.5 next-hop-self
neighbor 123.6.6.6 activate
neighbor 123.6.6.6 next-hop-self
neighbor 123.45.67.44 activate
neighbor 123.45.67.44 route-map MED out
exit-address-family
!
address-family vpnv4
neighbor 123.3.3.3 activate
neighbor 123.3.3.3 send-community extended
neighbor 123.5.5.5 activate
neighbor 123.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf BancoBank_ToHub
neighbor 124.45.67.26 remote-as 65100
neighbor 124.45.67.26 activate
exit-address-family
!
address-family ipv4 vrf BancoBank_ToSpoke
neighbor 123.45.67.26 remote-as 65100
neighbor 123.45.67.26 activate
exit-address-family
查询R5的BGP配置
java
R5#show run | s router bgp
router bgp 12345
bgp router-id 123.5.5.5
bgp log-neighbor-changes
neighbor IBGP peer-group
neighbor IBGP remote-as 12345
neighbor IBGP update-source Loopback0
neighbor 123.3.3.3 peer-group IBGP
neighbor 123.4.4.4 peer-group IBGP
neighbor 134.21.21.21 peer-group IBGP
neighbor 134.22.22.22 peer-group IBGP
!
address-family ipv4
neighbor IBGP route-reflector-client
neighbor IBGP next-hop-self
neighbor 123.3.3.3 activate
no neighbor 123.4.4.4 activate
neighbor 134.21.21.21 activate
neighbor 134.22.22.22 activate
exit-address-family
!
address-family vpnv4
neighbor IBGP send-community extended
neighbor IBGP route-reflector-client
neighbor 123.3.3.3 activate
neighbor 123.4.4.4 activate
exit-address-family
!
address-family ipv4 vrf BancBank
neighbor 123.65.1.30 remote-as 65101
neighbor 123.65.1.30 activate
exit-address-family
问题8. R5上BGP的配置没有激活与R4的邻居状态
发现R5与R4的邻居状态没有激活 "no neighbor 123.4.4.4 activate",激活一下
java
R5#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R5(config)#router bgp 12345
R5(config-router)# address-family ipv4
R5(config-router-af)#neighbor 123.4.4.4 activate
R4与R5的邻居关系起来了,继续查看R4与R12的邻居关系
java
R12#show run | s router bgp
router bgp 14567
bgp router-id 145.12.12.12
bgp log-neighbor-changes
network 123.45.67.20 mask 255.255.255.252
network 123.45.67.40 mask 255.255.255.248
neighbor 123.45.67.45 remote-as 12345
neighbor 123.45.67.45 shutdown
neighbor 123.45.67.46 remote-as 12345
neighbor 145.11.11.11 remote-as 14567
neighbor 145.11.11.11 update-source Loopback0
neighbor 145.11.11.11 next-hop-self
R12#
问题9. R12上BGP的配置关闭了与R4的邻居状态
java
R12#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R12(config)#router bgp 14567
R12(config-router)#no neighbor 123.45.67.45 shutdown
R12(config-router)#do show ip bgp summary
BGP router identifier 145.12.12.12, local AS number 14567
BGP table version is 15, main routing table version 15
11 network entries using 1584 bytes of memory
21 path entries using 1764 bytes of memory
9/6 BGP path/bestpath attribute entries using 1440 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4836 total bytes of memory
BGP activity 11/0 prefixes, 21/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
123.45.67.45 4 12345 11 14 15 0 0 00:00:15 10
123.45.67.46 4 12345 593 588 15 0 0 08:49:52 10
145.11.11.11 4 14567 0 0 1 0 0 never Idle
R12(config-router)#
与R4的邻居关系正常了,145.11.11.11的邻居关系应该是与区域外的路由配置有关。 这里并未涉及,就不作处理了
继续排查邻居BGP邻居关系
java
R22#show ip bgp summary
BGP router identifier 134.22.22.22, local AS number 12345
BGP table version is 20, main routing table version 20
11 network entries using 1584 bytes of memory
34 path entries using 2856 bytes of memory
7/5 BGP path/bestpath attribute entries using 1120 bytes of memory
5 BGP rrinfo entries using 120 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 5728 total bytes of memory
BGP activity 12/0 prefixes, 35/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
123.1.2.18 4 65101 0 0 1 0 0 never Idle (Admin)
123.3.3.3 4 12345 572 573 20 0 0 08:33:05 11
123.5.5.5 4 12345 576 572 20 0 0 08:33:00 11
134.21.21.21 4 12345 572 573 20 0 0 08:33:00 7
134.56.78.14 4 10001 603 608 20 0 0 09:03:31 5
R22#
123.1.2.18的邻居关系应该也是与区域外的路由配置有关。 这里并未涉及,也不作处理了
经过排查所有的邻居关系都起来了,现在开始实现路由选路
java
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.46 0 msec 0 msec
2 123.45.67.13 0 msec 1 msec
3 123.45.67.13 !H *
R12#
问题10. R2的接口没有开启MPLS
R2上主机路由不可达,这里是因为IBGP的路由黑洞。所以在R2查询配置,并未发现有配置BGP,只有OSPF,通常是用MPLS来解决路由的黑洞问题,查看一下是否有开启MPLS,通过查询发现R2是有开启MPLS的
java
R2#show run | s mpls
mpls label protocol ldp
mpls ip
mpls ldp router-id Loopback0
R2#
根据拓扑结构,可以确定MPLS域的范围应该是R3、R5、R1、R2、R4、R6,所以检查所有路由器相关接口的MPLS配置,最终发现只有R2上的E1/0和E2/0接口下没有开启MPLS
java
R2#show run | s interface
interface Ethernet0/0
ip address 123.45.67.2 255.255.255.252
duplex auto
mpls ip
......
interface Ethernet1/0
ip address 123.45.67.9 255.255.255.252
duplex auto
......
interface Ethernet2/0
ip address 123.45.67.13 255.255.255.252
duplex auto
......
R2#
开启MPLS
java
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int e1/0
R2(config-if)#mpls ip
R2(config-if)#
%LDP-5-NBRCHG: LDP Neighbor 123.4.4.4:0 (2) is UP
R2(config-if)#int e2/0
R2(config-if)#mpls ip
R2(config-if)#
%LDP-5-NBRCHG: LDP Neighbor 123.6.6.6:0 (3) is UP
R2(config-if)#
问题11. R12上没有开启负载均衡
java
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.46 1 msec 0 msec
2 123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec 0 msec
3 123.45.67.1 [MPLS: Label 23 Exp 0] 1 msec 0 msec
4 123.45.67.6 0 msec 1 msec
5 123.45.67.6 !H *
R12#
对比输出,发现首跳没有出现负载均衡。
java
R12#show ip bgp
BGP table version is 15, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* 8.8.8.8/32 123.45.67.45 0 12345 10001 ?
*> 123.45.67.46 0 12345 10001 ?
*> 123.3.3.3/32 123.45.67.45 100 0 12345 i
* 123.45.67.46 150 0 12345 i
*> 123.45.67.40/29 0.0.0.0 0 32768 i
* 125.45.67.20/30 123.45.67.45 0 12345 i
*> 123.45.67.46 0 12345 i
* 125.45.67.24/30 123.45.67.45 0 0 12345 i
*> 123.45.67.46 0 12345 i
*> 134.21.21.21/32 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
*> 134.56.78.48/29 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
Network Next Hop Metric LocPrf Weight Path
* 194.1.0.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
* 194.1.1.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
* 194.1.2.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
* 194.1.3.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
R12#conf t
R12(config)#router bgp 14567
R12(config-router)#maximum-paths 2 // 开启负载均衡
R12(config-router)#do show ip bgp
BGP table version is 22, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*m 8.8.8.8/32 123.45.67.45 0 12345 10001 ?
*> 123.45.67.46 0 12345 10001 ?
*> 123.3.3.3/32 123.45.67.45 100 0 12345 i
* 123.45.67.46 150 0 12345 i
*> 123.45.67.40/29 0.0.0.0 0 32768 i
*m 125.45.67.20/30 123.45.67.45 0 12345 i
*> 123.45.67.46 0 12345 i
*m 125.45.67.24/30 123.45.67.45 0 0 12345 i
*> 123.45.67.46 0 12345 i
*> 134.21.21.21/32 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
*> 134.56.78.48/29 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
Network Next Hop Metric LocPrf Weight Path
*m 194.1.0.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.1.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.2.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.3.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec
123.45.67.46 0 msec
2 123.45.67.9 [MPLS: Label 23 Exp 0] 1 msec
123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec
3 123.45.67.1 [MPLS: Label 23 Exp 0] 0 msec 0 msec
4 123.45.67.6 1 msec 1 msec
5 123.45.67.6 !H *
R12#
根据输出判断,R1并没有按照期望的选择R5走。而是选择了从R3走,从OSPF边缘分析
java
R21#show ip bgp
BGP table version is 13, local router ID is 134.21.21.21
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*> 8.8.8.8/32 134.56.78.6 0 0 10001 ?
r i 123.3.3.3/32 123.3.3.3 0 100 0 i
r>i 123.3.3.3 0 100 0 i
r>i 123.45.67.40/29 123.4.4.4 0 100 0 14567 i
r i 123.4.4.4 0 100 0 14567 i
* i 125.45.67.20/30 123.3.3.3 0 100 0 i
*>i 123.3.3.3 0 100 0 i
* i 125.45.67.24/30 123.4.4.4 0 100 0 i
*>i 123.4.4.4 0 100 0 i
*> 134.21.21.21/32 0.0.0.0 0 32768 i
*> 134.56.78.48/29 0.0.0.0 0 32768 i
*> 194.1.0.0 134.56.78.6 0 0 10001 i
*> 194.1.1.0 134.56.78.6 0 0 10001 i
Network Next Hop Metric LocPrf Weight Path
*> 194.1.2.0 134.56.78.6 0 0 10001 i
*> 194.1.3.0 134.56.78.6 0 0 10001 i
R22#show ip bgp
......
* i 194.1.0.0 134.56.78.6 0 101 0 10001 i
*>i 134.56.78.6 0 101 0 10001 i
* i 134.56.78.6 0 101 0 10001 i
* 134.56.78.14 0 0 10001 i
* i 194.1.1.0 134.56.78.6 0 101 0 10001 i
*>i 134.56.78.6 0 101 0 10001 i
* i 134.56.78.6 0 101 0 10001 i
* 134.56.78.14 0 0 10001 i
* i 194.1.2.0 134.56.78.6 0 101 0 10001 i
*>i 134.56.78.6 0 101 0 10001 i
* i 134.56.78.6 0 101 0 10001 i
* 134.56.78.14 0 0 10001 i
* i 194.1.3.0 134.56.78.6 0 101 0 10001 i
*>i 134.56.78.6 0 101 0 10001 i
* i 134.56.78.6 0 101 0 10001 i
* 134.56.78.14 0 0 10001 i
发现最优的路线是往134.56.78.6走的。根据路由表可以看出。134.56.78.0/24的网络走的是134.56.78.41的接口。也就是往R5走
java
R22# show ip route
......
134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA 134.56.78.0/24 [110/31] via 134.56.78.41, 01:54:40, Ethernet0/0
C 134.56.78.12/30 is directly connected, Ethernet1/0
L 134.56.78.13/32 is directly connected, Ethernet1/0
O 134.56.78.36/30 [110/65545] via 134.56.78.50, 09:24:45, Ethernet2/0
C 134.56.78.40/30 is directly connected, Ethernet0/0
L 134.56.78.42/32 is directly connected, Ethernet0/0
C 134.56.78.48/29 is directly connected, Ethernet2/0
L 134.56.78.49/32 is directly connected, Ethernet2/0
B 194.1.0.0/24 [200/0] via 134.56.78.6, 01:54:35
B 194.1.1.0/24 [200/0] via 134.56.78.6, 01:54:35
B 194.1.2.0/24 [200/0] via 134.56.78.6, 01:54:35
B 194.1.3.0/24 [200/0] via 134.56.78.6, 01:54:35
R5#show ip route
......
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA 134.56.78.0/24 [110/21] via 123.45.67.17, 09:54:55, Ethernet0/0
O 134.56.78.36/30 [110/65555] via 134.56.78.42, 02:03:19, Ethernet1/0
C 134.56.78.40/30 is directly connected, Ethernet1/0
L 134.56.78.41/32 is directly connected, Ethernet1/0
O 134.56.78.48/29 [110/20] via 134.56.78.42, 02:03:19, Ethernet1/0
B 194.1.0.0/24 [200/0] via 134.56.78.6, 09:37:50
B 194.1.1.0/24 [200/0] via 134.56.78.6, 09:37:50
B 194.1.2.0/24 [200/0] via 134.56.78.6, 09:37:50
B 194.1.3.0/24 [200/0] via 134.56.78.6, 09:37:50
R5#
R1#show ip route
......
134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
O IA 134.56.78.0/24 [110/11] via 123.45.67.6, 10:04:46, Ethernet1/0
O IA 134.56.78.36/30 [110/65565] via 123.45.67.18, 02:04:55, Ethernet2/0
O IA 134.56.78.40/30 [110/20] via 123.45.67.18, 02:04:55, Ethernet2/0
O IA 134.56.78.48/29 [110/30] via 123.45.67.18, 02:04:55, Ethernet2/0
R1#
R3#show ip route
......
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O 134.56.78.0/24 is a summary, 10:05:53, Null0
C 134.56.78.36/30 is directly connected, Ethernet2/0
L 134.56.78.37/32 is directly connected, Ethernet2/0
O 134.56.78.40/30 [110/65555] via 134.56.78.38, 02:05:27, Ethernet2/0
O 134.56.78.48/29 [110/65545] via 134.56.78.38, 09:35:29, Ethernet2/0
B 194.1.0.0/24 [200/0] via 134.56.78.6, 09:39:59
B 194.1.1.0/24 [200/0] via 134.56.78.6, 09:39:59
B 194.1.2.0/24 [200/0] via 134.56.78.6, 09:39:59
B 194.1.3.0/24 [200/0] via 134.56.78.6, 09:39:59
由此可以看到,R22、R5去往194.1.1.1的路由都是要从R1、走到R3,但是R3上却没有去往194.1.1.1的下一跳134.56.78.6的路由。因此到这里路就不通了。按照拓扑上的需求。路径应该是R1->R5->R22->R26, 因此需要调整R22上最优的路径应该是往R26而不是R5的方向,
java
R22#show ip bgp 194.1.1.0/24
BGP routing table entry for 194.1.1.0/24, version 16
Paths: (4 available, best #2, table default)
Advertised to update-groups:
1
Refresh Epoch 2
10001
134.56.78.6 (metric 31) from 123.5.5.5 (123.5.5.5)
Origin IGP, metric 0, localpref 101, valid, internal
Originator: 134.21.21.21, Cluster list: 123.5.5.5
rx pathid: 0, tx pathid: 0
Refresh Epoch 2
10001
134.56.78.6 (metric 31) from 134.21.21.21 (134.21.21.21)
Origin IGP, metric 0, localpref 101, valid, internal, best
rx pathid: 0, tx pathid: 0x0
Refresh Epoch 2
10001
134.56.78.6 (metric 31) from 123.3.3.3 (123.3.3.3)
Origin IGP, metric 0, localpref 101, valid, internal
Originator: 134.21.21.21, Cluster list: 123.3.3.3
rx pathid: 0, tx pathid: 0
Refresh Epoch 1
10001
134.56.78.14 from 134.56.78.14 (194.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external
rx pathid: 0, tx pathid: 0
R22#
查询R22上接收到的路由信息发现。从R21上接收到的路由是101的LP值。先调小该路由的LP值,看看对路由的优先级是否能启效,查询配置发现有两个配置
java
R21#show run | s router bgp
router bgp 12345
bgp router-id 134.21.21.21
bgp log-neighbor-changes
bgp default local-preference 101
network 134.21.21.21 mask 255.255.255.255
network 134.56.78.8 mask 255.255.255.252
network 134.56.78.48 mask 255.255.255.248
neighbor PEER peer-group
neighbor PEER remote-as 12345
neighbor PEER update-source Loopback0
neighbor PEER route-map LP out
neighbor 123.3.3.3 peer-group PEER
neighbor 123.5.5.5 peer-group PEER
neighbor 134.22.22.22 peer-group PEER
neighbor 134.56.78.6 remote-as 10001
neighbor 134.56.78.6 route-map MED out
R21#show route-map LP
route-map LP, permit, sequence 10
Match clauses:
ip address prefix-lists: 194
Set clauses:
local-preference 99
Policy routing matches: 0 packets, 0 bytes
route-map LP, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R21#show ip prefix 194
ip prefix-list 194: 1 entries
seq 5 permit 128.0.0.0/1 le 16
R21#
问题12. R21上关于194.1.1.1的路由捕获异常
从上面的配置可以看出,有两个地方可以调整194.1.1.1的LP值。
- 删除 bgp default local-preference 101, 但是这个配置可能会影响其它的路由策略,调整的原则应该是最小影响的,最好只针对我们需要操作的路由,
- 修改前缀列表194的(从这里可以看出,他本意也是配置194的路由LP值为99,但是没有生效)
前缀列表的配置捕获的路由是16位子网掩码,我们要求的194并不在此之列,因此增加一条匹配194的配置
java
R21#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R21(config)#ip prefix-list 194 permit 194.1.0.0/16 le 24
R21(config)#do show ip prefix
ip prefix-list 194: 2 entries
seq 5 permit 128.0.0.0/1 le 16
seq 10 permit 194.1.0.0/16 le 24
ip prefix-list 8: 1 entries
seq 5 permit 8.8.8.8/32
R21(config)#
重新检查R22的配置
java
R22#show ip bgp
......
* i 194.1.0.0 134.56.78.6 0 99 0 10001 i
*> 134.56.78.14 0 0 10001 i
* i 194.1.1.0 134.56.78.6 0 99 0 10001 i
*> 134.56.78.14 0 0 10001 i
* i 194.1.2.0 134.56.78.6 0 99 0 10001 i
*> 134.56.78.14 0 0 10001 i
* i 194.1.3.0 134.56.78.6 0 99 0 10001 i
*> 134.56.78.14 0 0 10001 i
R22#
发现目的达到了,从R26走的路由成为了最优。继续检查R5、R4、R6是否也从R22走了
java
R5#show ip bgp
......
*>i 194.1.1.0 134.22.22.22 0 100 0 10001 i
* i 134.22.22.22 0 100 0 10001 i
* i 134.56.78.6 0 99 0 10001 i
*>i 194.1.2.0 134.22.22.22 0 100 0 10001 i
* i 134.22.22.22 0 100 0 10001 i
* i 134.56.78.6 0 99 0 10001 i
*>i 194.1.3.0 134.22.22.22 0 100 0 10001 i
* i 134.22.22.22 0 100 0 10001 i
* i 134.56.78.6 0 99 0 10001 i
R5#show ip route
......
134.22.0.0/32 is subnetted, 1 subnets
O 134.22.22.22 [110/11] via 134.56.78.42, 02:25:11, Ethernet1/0
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA 134.56.78.0/24 [110/21] via 123.45.67.17, 10:16:47, Ethernet0/0
O 134.56.78.36/30 [110/65555] via 134.56.78.42, 02:25:11, Ethernet1/0
C 134.56.78.40/30 is directly connected, Ethernet1/0
L 134.56.78.41/32 is directly connected, Ethernet1/0
O 134.56.78.48/29 [110/20] via 134.56.78.42, 02:25:11, Ethernet1/0
B 194.1.0.0/24 [200/0] via 134.22.22.22, 00:02:48
B 194.1.1.0/24 [200/0] via 134.22.22.22, 00:02:48
B 194.1.2.0/24 [200/0] via 134.22.22.22, 00:02:48
B 194.1.3.0/24 [200/0] via 134.22.22.22, 00:02:48
R4# show ip bgp
......
*>i 194.1.0.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.1.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.2.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.3.0 134.22.22.22 0 100 0 10001 i
// R4上收到的路由也是从R22走的
R6#show ip bgp
......
*>i 194.1.0.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.1.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.2.0 134.22.22.22 0 100 0 10001 i
*>i 194.1.3.0 134.22.22.22 0 100 0 10001 i
// R6上收到的路由也是从R22走的
看起来都OK,现在在R12上traceroute 194.1.1.1的路径。看看是否达到目的
java
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 0 msec
123.45.67.46 0 msec
2 123.45.67.9 [MPLS: Label 26 Exp 0] 0 msec
123.45.67.13 [MPLS: Label 26 Exp 0] 0 msec
3 123.45.67.1 [MPLS: Label 26 Exp 0] 0 msec 1 msec
4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 1 msec
5 134.56.78.42 0 msec 0 msec
6 134.56.78.14 1 msec *
R12#
与OUTPUT1一致,目标达到,继续调试下一下输出
java
R12#traceroute 134.21.21.21 probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec 0 msec
2 123.45.67.9 [MPLS: Label 25 Exp 0] 1 msec 1 msec
3 123.45.67.1 [MPLS: Label 25 Exp 0] 0 msec 0 msec
4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 1 msec
5 134.56.78.38 0 msec *
R12#
发现除了第一跳,其它的都满足条件了。查询BGP表得以下内容
java
R12#show ip bgp
BGP table version is 22, local router ID is 145.12.12.12
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
*m 8.8.8.8/32 123.45.67.45 0 12345 10001 ?
*> 123.45.67.46 0 12345 10001 ?
*> 123.3.3.3/32 123.45.67.45 100 0 12345 i
* 123.45.67.46 150 0 12345 i
*> 123.45.67.40/29 0.0.0.0 0 32768 i
*m 125.45.67.20/30 123.45.67.45 0 12345 i
*> 123.45.67.46 0 12345 i
*m 125.45.67.24/30 123.45.67.45 0 0 12345 i
*> 123.45.67.46 0 12345 i
*> 134.21.21.21/32 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
*> 134.56.78.48/29 123.45.67.45 200 0 12345 i
* 123.45.67.46 500 0 12345 i
Network Next Hop Metric LocPrf Weight Path
*m 194.1.0.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.1.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.2.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
*m 194.1.3.0 123.45.67.45 200 0 12345 10001 i
*> 123.45.67.46 200 0 12345 10001 i
R12#
问题13. R12上的134.21.21.21路由metric不正确
发现去往134.21.21.21的路由优先走R6,不满足要求。需要调整,可以增大R4上的MED大过500,或者调小R6上的MED值小于200。
决定调小R6上该路由的MED值
java
R6#show run | s router bgp
router bgp 12345
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 123.3.3.3 remote-as 12345
neighbor 123.3.3.3 update-source Loopback0
neighbor 123.4.4.4 remote-as 12345
neighbor 123.4.4.4 update-source Loopback0
neighbor 123.45.67.44 remote-as 14567
!
address-family ipv4
neighbor 123.3.3.3 activate
neighbor 123.3.3.3 next-hop-self
neighbor 123.4.4.4 activate
neighbor 123.45.67.44 activate
neighbor 123.45.67.44 route-map MED out
exit-address-family
!
address-family vpnv4
neighbor 123.3.3.3 activate
neighbor 123.3.3.3 send-community extended
neighbor 123.3.3.3 next-hop-self
exit-address-family
!
address-family ipv4 vrf BancBank
neighbor 123.65.2.34 remote-as 65102
neighbor 123.65.2.34 activate
exit-address-family
R6#show route-map MED
route-map MED, permit, sequence 10
Match clauses:
ip address prefix-lists: 123
Set clauses:
metric 150
Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 20
Match clauses:
ip address prefix-lists: 134
Set clauses:
metric 500
Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 30
Match clauses:
ip address prefix-lists: 194
Set clauses:
metric 200
Policy routing matches: 0 packets, 0 bytes
route-map MED, permit, sequence 40
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R6(config)#route-map MED permit 20
R6(config-route-map)#set me
R6(config-route-map)#set metric 199
// 调整完成。clear ip bgp * so 刷新BGP路由表
R12#clear ip bgp * so
R12#show ip bgp
......
* 134.21.21.21/32 123.45.67.45 200 0 12345 i
*> 123.45.67.46 199 0 12345 i
* 134.56.78.48/29 123.45.67.45 200 0 12345 i
*> 123.45.67.46 199 0 12345 i
调整完成。继续traceroute 134.21.21.21
java
R12#traceroute 134.21.21.21 probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.46 0 msec 0 msec
2 123.45.67.13 [MPLS: Label 25 Exp 0] 2 msec 1 msec
3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 0 msec
5 134.56.78.38 1 msec *
R12#
目标达到,继续Output3 输出, 满足要求不做调整
继续Output4验证
java
R12#traceroute 8.8.8.8 probe 2
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec
123.45.67.46 1 msec
2 123.45.67.9 [MPLS: Label 23 Exp 0] 1 msec
123.45.67.13 [MPLS: Label 23 Exp 0] 1 msec
3 123.45.67.1 [MPLS: Label 23 Exp 0] 1 msec 1 msec
4 123.45.67.6 0 msec 0 msec
5 123.45.67.6 !H *
R12#
发现与需求不同,且在到R3之后去往8.8.8.8路由不通。
java
R3#show ip route
......
8.0.0.0/32 is subnetted, 1 subnets
B 8.8.8.8 [200/0] via 134.56.78.6, 10:19:32
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O 134.56.78.0/24 is a summary, 10:45:26, Null0
C 134.56.78.36/30 is directly connected, Ethernet2/0
L 134.56.78.37/32 is directly connected, Ethernet2/0
O 134.56.78.40/30 [110/65555] via 134.56.78.38, 02:45:00, Ethernet2/0
O 134.56.78.48/29 [110/65545] via 134.56.78.38, 10:15:02, Ethernet2/0
B 194.1.0.0/24 [200/0] via 134.22.22.22, 00:22:37
B 194.1.1.0/24 [200/0] via 134.22.22.22, 00:22:37
B 194.1.2.0/24 [200/0] via 134.22.22.22, 00:22:37
B 194.1.3.0/24 [200/0] via 134.22.22.22, 00:22:37
......
发现去往134.56.78.0/24的路由是本地址汇总的,而本地又没有去往134.56.78.6的路由,因此路由不通。从拓扑上可以看到134.56.78.0/24应该在R21上可以学到,并且通告给R3的,因此在R21查询路由表得到:
java
R21#show ip route
......
134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA 134.56.78.0/24 [110/65566] via 134.56.78.49, 02:50:04, Ethernet2/0
C 134.56.78.4/30 is directly connected, Ethernet1/0
L 134.56.78.5/32 is directly connected, Ethernet1/0
C 134.56.78.36/30 is directly connected, Ethernet0/0
L 134.56.78.38/32 is directly connected, Ethernet0/0
O 134.56.78.40/30 [110/65545] via 134.56.78.49, 02:50:04, Ethernet2/0
C 134.56.78.48/29 is directly connected, Ethernet2/0
L 134.56.78.50/32 is directly connected, Ethernet2/0
B 194.1.0.0/24 [20/0] via 134.56.78.6, 10:40:49
B 194.1.1.0/24 [20/0] via 134.56.78.6, 10:40:49
B 194.1.2.0/24 [20/0] via 134.56.78.6, 10:40:49
B 194.1.3.0/24 [20/0] via 134.56.78.6, 10:40:49
问题14. R21配置了max-metric值、导致路由无效
发现了在R21的所有router-LSA都被配置了max-metric值,在OSPF中,度量值有一个上限,即65535,这个值被称为"最大度量值"或"最大度量"。如果一个路径的度量值大于最大度量值,则该路径被认为是无效的,并被排除在最短路径计算之外,因此该路径没有被通告给邻居,因此需要将此项配置去除掉。
java
R21#show run | s router ospf
router ospf 12345
router-id 134.21.21.21
max-metric router-lsa
passive-interface default
no passive-interface Ethernet0/0
no passive-interface Ethernet1/0
no passive-interface Ethernet2/0
network 134.21.21.21 0.0.0.0 area 1
network 134.56.78.38 0.0.0.0 area 1
network 134.56.78.48 0.0.0.7 area 1
neighbor 123.3.3.3
R21#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R21(config)#router ospf 12345
R21(config-router)#no max-metric router-lsa
R21(config-router)#do show ip route
......
8.0.0.0/32 is subnetted, 1 subnets
B 8.8.8.8 [20/0] via 134.56.78.6, 10:47:35
......
134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA 134.56.78.0/24 [110/41] via 134.56.78.49, 00:00:39, Ethernet2/0
C 134.56.78.4/30 is directly connected, Ethernet1/0
L 134.56.78.5/32 is directly connected, Ethernet1/0
C 134.56.78.36/30 is directly connected, Ethernet0/0
L 134.56.78.38/32 is directly connected, Ethernet0/0
O 134.56.78.40/30 [110/20] via 134.56.78.49, 00:00:39, Ethernet2/0
C 134.56.78.48/29 is directly connected, Ethernet2/0
L 134.56.78.50/32 is directly connected, Ethernet2/0
B 194.1.0.0/24 [20/0] via 134.56.78.6, 10:47:35
B 194.1.1.0/24 [20/0] via 134.56.78.6, 10:47:35
B 194.1.2.0/24 [20/0] via 134.56.78.6, 10:47:35
B 194.1.3.0/24 [20/0] via 134.56.78.6, 10:47:35
R21(config-router)#
此时发现有另外一个问题。去往 134.56.78.0/24居然是从R22走。这个明显不正常,他应该直接走R26,继续检查R22路由
java
R22#show ip route
......
134.56.0.0/16 is variably subnetted, 8 subnets, 4 masks
O IA 134.56.78.0/24 [110/31] via 134.56.78.41, 03:01:59, Ethernet0/0
C 134.56.78.12/30 is directly connected, Ethernet1/0
L 134.56.78.13/32 is directly connected, Ethernet1/0
O 134.56.78.36/30 [110/20] via 134.56.78.50, 00:05:48, Ethernet2/0
......
R5#show ip route
......
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O IA 134.56.78.0/24 [110/21] via 123.45.67.17, 10:54:00, Ethernet0/0
O 134.56.78.36/30 [110/30] via 134.56.78.42, 00:06:13, Ethernet1/0
C 134.56.78.40/30 is directly connected, Ethernet1/0
L 134.56.78.41/32 is directly connected, Ethernet1/0
O 134.56.78.48/29 [110/20] via 134.56.78.42, 03:02:24, Ethernet1/0
......
R1#show ip route
......
134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
O IA 134.56.78.0/24 [110/11] via 123.45.67.6, 11:02:27, Ethernet1/0
O IA 134.56.78.36/30 [110/40] via 123.45.67.18, 00:06:24, Ethernet2/0
O IA 134.56.78.40/30 [110/20] via 123.45.67.18, 03:02:36, Ethernet2/0
O IA 134.56.78.48/29 [110/30] via 123.45.67.18, 03:02:36, Ethernet2/0
R3#show ip route
......
134.56.0.0/16 is variably subnetted, 5 subnets, 4 masks
O 134.56.78.0/24 is a summary, 11:03:15, Null0
C 134.56.78.36/30 is directly connected, Ethernet2/0
L 134.56.78.37/32 is directly connected, Ethernet2/0
O 134.56.78.40/30 [110/30] via 134.56.78.38, 00:06:38, Ethernet2/0
O 134.56.78.48/29 [110/20] via 134.56.78.38, 00:06:38, Ethernet2/0
......
问题15. R3配置了汇总域外的路由且因为他不是ASBR,所以产生了问题
发现最终又回到了R3上,而R3上还是原来产生的那条汇总路由,因为他是本地产生,邻近的路由到R3肯定是最近的,这样会导致真正的134.56.78.0网段无法到达,因此需要删除该汇总路由。
java
R3#conf t
R3(config)#router ospf 12345
R3(config-router)#no area 1 range 134.56.78.0 255.255.255.0
R3(config-router)#do show ip route
......
8.0.0.0/32 is subnetted, 1 subnets
B 8.8.8.8 [200/0] via 134.22.22.22, 00:01:26
......
134.56.0.0/16 is variably subnetted, 4 subnets, 3 masks
C 134.56.78.36/30 is directly connected, Ethernet2/0
L 134.56.78.37/32 is directly connected, Ethernet2/0
O 134.56.78.40/30 [110/30] via 134.56.78.38, 00:00:28, Ethernet2/0
O 134.56.78.48/29 [110/20] via 134.56.78.38, 00:00:28, Ethernet2/0
......
R3(config-router)#
这下去往8.8.8.8的网络变成往134.22.22.22走了,不再是134.56.78.6网段,调用Traceroute重新验证
java
R12#traceroute 8.8.8.8 probe 2
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 0 msec
123.45.67.46 1 msec
2 123.45.67.9 [MPLS: Label 26 Exp 0] 1 msec
123.45.67.13 [MPLS: Label 26 Exp 0] 0 msec
3 123.45.67.1 [MPLS: Label 26 Exp 0] 1 msec 0 msec
4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 0 msec
5 134.56.78.42 1 msec 1 msec
6 134.56.78.14 1 msec 1 msec
7 194.1.1.2 [AS 10001] 1 msec *
R12#
结果发现:中间R1应该要往R3走,结果变成了往R5走,不满足需求,继续排查。由R4和R6上的8.8.8.8路由的下一跳可以发现、都是134.22.22.22,需要调整为从134.21.21.21走。
java
R22#show ip bgp
......
Network Next Hop Metric LocPrf Weight Path
* i 8.8.8.8/32 134.56.78.6 0 101 0 10001 ?
*> 134.56.78.14 0 0 10001 ?
......
R21#show ip bgp
......
Network Next Hop Metric LocPrf Weight Path
* i 8.8.8.8/32 134.22.22.22 0 100 0 10001 ?
* i 134.22.22.22 0 100 0 10001 ?
* i 134.22.22.22 0 100 0 10001 ?
*> 134.56.78.6 0 0 10001 ?
......
// 上面这两个最优路由没有问题。都是直接到R26上
R3#show ip bgp
......
Network Next Hop Metric LocPrf Weight Path
* i 8.8.8.8/32 134.22.22.22 0 100 0 10001 ?
*>i 134.22.22.22 0 100 0 10001 ?
* i 134.56.78.6 0 101 0 10001 ?
......
// R3因为没有直达134.56.78.6的路由所以 134.22.22.22才会成为最优。
R5#show ip bgp
......
Network Next Hop Metric LocPrf Weight Path
* i 8.8.8.8/32 134.22.22.22 0 100 0 10001 ?
*>i 134.22.22.22 0 100 0 10001 ?
* i 134.56.78.6 0 101 0 10001 ?
......
// R3和R5两个路由要确保,R3的路由是最优的。不过R3和R5去往8.8.8.8的路由下一跳中并没有R21的地址
R21#show run | s router bgp
router bgp 12345
bgp router-id 134.21.21.21
bgp log-neighbor-changes
bgp default local-preference 101
network 134.21.21.21 mask 255.255.255.255
network 134.56.78.8 mask 255.255.255.252
network 134.56.78.48 mask 255.255.255.248
neighbor PEER peer-group
neighbor PEER remote-as 12345
neighbor PEER update-source Loopback0
neighbor PEER route-map LP out
neighbor 123.3.3.3 peer-group PEER
neighbor 123.5.5.5 peer-group PEER
neighbor 134.22.22.22 peer-group PEER
neighbor 134.56.78.6 remote-as 10001
neighbor 134.56.78.6 route-map MED out
R21#
问题16:R21的BGP配置,没有将路由的下一跳设置为自己
发现没有将路由的下一跳设置为自己。添加配置
java
R21#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R21(config)#router bgp 12345
R21(config-router)#neighbor PEER next-hop-self
R21(config-router)#
再次查询R3的BGP表
java
R3#show ip bgp
BGP table version is 28, local router ID is 123.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 8.8.8.8/32 134.21.21.21 0 101 0 10001 ?
*>i 134.21.21.21 0 101 0 10001 ?
......
因为去134.21.21.21的LP值为101,所以R3反射器并没有把其它不是最优的路径接收进路由表。所以这里没有了下一跳为R22的路由。
重新Traceroute
java
R12#traceroute 8.8.8.8 probe 2
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec
123.45.67.46 6 msec
2 123.45.67.9 [MPLS: Label 25 Exp 0] 1 msec
123.45.67.13 [MPLS: Label 25 Exp 0] 1 msec
3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
4 123.45.67.6 [MPLS: Label 26 Exp 0] 0 msec 0 msec
5 134.56.78.38 1 msec 1 msec
6 134.56.78.6 0 msec 0 msec
7 194.1.1.2 [AS 10001] 1 msec *
R12#
达到目标、实现了所有的需求。因为最后一个需求有调整参数、因此需要再全部再次traceroute一次,保证所有的需求都同时满足。
java
R12#traceroute 123.3.3.3 probe 2
Type escape sequence to abort.
Tracing the route to 123.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec 0 msec
2 123.45.67.9 [MPLS: Label 19 Exp 0] 1 msec 1 msec
3 123.45.67.1 [MPLS: Label 18 Exp 0] 0 msec 0 msec
4 123.45.67.6 1 msec *
R12#traceroute 134.21.21.21 probe 2
Type escape sequence to abort.
Tracing the route to 134.21.21.21
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.46 0 msec 1 msec
2 123.45.67.13 [MPLS: Label 25 Exp 0] 1 msec 1 msec
3 123.45.67.1 [MPLS: Label 25 Exp 0] 1 msec 1 msec
4 123.45.67.6 [MPLS: Label 26 Exp 0] 1 msec 0 msec
5 134.56.78.38 1 msec *
R12#traceroute 194.1.1.1 probe 2
Type escape sequence to abort.
Tracing the route to 194.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.45.67.45 1 msec
123.45.67.46 0 msec
2 123.45.67.9 [MPLS: Label 26 Exp 0] 1 msec
123.45.67.13 [MPLS: Label 26 Exp 0] 1 msec
3 123.45.67.1 [MPLS: Label 26 Exp 0] 1 msec 1 msec
4 123.45.67.18 [MPLS: Label 28 Exp 0] 0 msec 1 msec
5 134.56.78.42 1 msec 1 msec
6 134.56.78.14 1 msec *
R12#
所有的目标都达成, 实验完成。