CCIE-10-IPv6-TS

目录

  • 实验条件
  • 环境配置
  • 开始Troubleshooting
    • [问题1. R25和R22邻居关系没有建立](#问题1. R25和R22邻居关系没有建立)
    • [问题2. 去往R25网络的下一跳地址不存在、不可用](#问题2. 去往R25网络的下一跳地址不存在、不可用)
    • [问题3. 去往目标网络的下一跳地址不存在、不可用](#问题3. 去往目标网络的下一跳地址不存在、不可用)

实验条件

网络拓朴



环境配置

在我的资源里可以下载(就在这篇文章的开头也可以下载)

开始Troubleshooting

检查所有接口的配置

java 复制代码
Phone#show ipv int br
Ethernet0/0            [up/up]
    FE80::A8BB:CCFF:FE02:3000
    2001:CC1E:BEEF:25::100
Ethernet0/1            [administratively down/down]
    unassigned
Ethernet0/2            [administratively down/down]
    unassigned
Ethernet0/3            [administratively down/down]
    unassigned

R25#show ipv int br
Ethernet0/0            [up/up]
    FE80::A8BB:CCFF:FE02:2000
    2001:CC1E:BEEF:25::1
Ethernet0/1            [up/up]
    FE80::A8BB:CCFF:FE02:2010
    2001:CC1E:BEEF:2225::18
Loopback0              [up/up]
    FE80::A8BB:CCFF:FE02:2000
    2001:CC1E:BEEF::2225
R25#

R22#show ipv int br
Ethernet0/0            [up/up]
    unassigned
Ethernet0/1            [up/up]
    FE80::A8BB:CCFF:FE01:F010
    2001:CC1E:BEEF:2225::17
Ethernet1/0            [up/up]
    FE80::A8BB:CCFF:FE01:F001
    2001:CC1E:ABCD:2622::13

其它的两台路由器没有密码,应该是不需要调整的,

直接ping Server4的IPv6地址

java 复制代码
Phone#ping 2001:BEEF:CAFE::26
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:BEEF:CAFE::26, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)
Phone#traceroute 2001:BEEF:CAFE::26
Type escape sequence to abort.
Tracing the route to 2001:BEEF:CAFE::26

  1 2001:CC1E:BEEF:25::1 !U  !U  !U 
Phone#

ping包出现U表示目标不可达的意思, 就是路由器在查询路由表的时候没有目标网络的路由表,而且也没有默认路由,这时就回给源路由器一个目标不可达,源路由器就显示一个U的标记;

数据包到达了网关R25之后就没有下一跳的路由了,查询R25的路由相关配置

java 复制代码
R25#show ipv route      
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
LC  2001:CC1E:BEEF::2225/128 [0/0]
     via Loopback0, receive
C   2001:CC1E:BEEF:25::/64 [0/0]
     via Ethernet0/0, directly connected
L   2001:CC1E:BEEF:25::1/128 [0/0]
     via Ethernet0/0, receive
C   2001:CC1E:BEEF:2225::/64 [0/0]
     via Ethernet0/1, directly connected
L   2001:CC1E:BEEF:2225::18/128 [0/0]
     via Ethernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
R25#show run | s router          
router bgp 65101
 bgp log-neighbor-changes
 neighbor 123.1.2.17 remote-as 12345
 !
 address-family ipv4
  neighbor 123.1.2.17 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:CC1E:BEEF::2225/128
  network 2001:CC1E:BEEF:25::/64
  neighbor 123.1.2.17 activate
 exit-address-family

没有目标的路由信息,路由协议采用的是BGP协议, 查看一下BGP邻居状态情况

java 复制代码
R25#show ip bgp summary
BGP router identifier 202.65.1.5, local AS number 65101
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.1.2.17      4        12345       0       0        1    0    0 never    Idle

发现R25和R22的邻居关系没有起来、查询R22的路由表信息,发现在R22上有和R26的邻居关系且有目标网络的路由信息且能ping通到目标网络。

java 复制代码
R22#show ipv route
IPv6 Routing Table - default - 6 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
B   2001:BEEF:CAFE::/64 [20/0]
     via FE80::A8BB:CCFF:FE02:10, Ethernet1/0
C   2001:CC1E:ABCD:2622::/64 [0/0]
     via Ethernet1/0, directly connected
L   2001:CC1E:ABCD:2622::13/128 [0/0]
     via Ethernet1/0, receive
C   2001:CC1E:BEEF:2225::/64 [0/0]
     via Ethernet0/1, directly connected
L   2001:CC1E:BEEF:2225::17/128 [0/0]
     via Ethernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
R22#show ip bgp summary
BGP router identifier 134.22.22.22, local AS number 12345
BGP table version is 6, main routing table version 6
5 network entries using 720 bytes of memory
5 path entries using 420 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1484 total bytes of memory
BGP activity 6/0 prefixes, 6/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.1.2.18      4        65101       0       0        1    0    0 never    Idle (Admin)
123.3.3.3       4        12345       0       0        1    0    0 never    Idle
123.5.5.5       4        12345       0       0        1    0    0 never    Idle
134.21.21.21    4        12345       0       0        1    0    0 never    Idle
134.56.78.14    4        10001      22      19        6    0    0 00:15:40        5
R22#ping 2001:BEEF:CAFE::26
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:BEEF:CAFE::26, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R22#

那么只需要解决R22和R25的邻居关系且把目标的网络让R25接收就可以达到我们的目标。

问题1. R25和R22邻居关系没有建立

之前看了R25的BGP配置没有发现异常、继续检查R22的BGP配置

java 复制代码
R22#show run | s router bgp
router bgp 12345
 bgp router-id 134.22.22.22
 bgp log-neighbor-changes
 neighbor PEER peer-group
 neighbor PEER remote-as 12345
 neighbor 2001:CC1E:ABCD:2622::12 remote-as 10001
 neighbor 123.1.2.18 remote-as 65101
 neighbor 123.1.2.18 shutdown
 neighbor 123.3.3.3 peer-group PEER
 neighbor 123.5.5.5 peer-group PEER
 neighbor 134.21.21.21 peer-group PEER
 neighbor 134.56.78.14 remote-as 10001
 !
 address-family ipv4
  neighbor PEER next-hop-self
  no neighbor 2001:CC1E:ABCD:2622::12 activate
  neighbor 123.1.2.18 activate
  neighbor 123.3.3.3 activate
  neighbor 123.5.5.5 activate
  neighbor 134.21.21.21 activate
  neighbor 134.56.78.14 activate
  neighbor 134.56.78.14 route-map MED out
 exit-address-family
 !        
 address-family ipv6
  neighbor 2001:CC1E:ABCD:2622::12 activate
  neighbor 123.1.2.18 activate
  neighbor 123.1.2.18 route-map NEXT-HOP out
 exit-address-family
R22#

发现邻居关系被 Shutdown了,no shutdown就可以了

java 复制代码
R22#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R22(config)#router bgp 12345
R22(config-router)#no neighbor 123.1.2.18 shutdown
R22(config-router)#
%BGP-5-ADJCHANGE: neighbor 123.1.2.18 Up 
R22(config-router)#do show ip bgp summary
BGP router identifier 134.22.22.22, local AS number 12345
BGP table version is 6, main routing table version 6
5 network entries using 720 bytes of memory
5 path entries using 420 bytes of memory
2/2 BGP path/bestpath attribute entries using 320 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 1508 total bytes of memory
BGP activity 8/0 prefixes, 8/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.1.2.18      4        65101       6       8        6    0    0 00:00:10        0
123.3.3.3       4        12345       0       0        1    0    0 never    Idle
123.5.5.5       4        12345       0       0        1    0    0 never    Idle
134.21.21.21    4        12345       0       0        1    0    0 never    Idle
134.56.78.14    4        10001      27      25        6    0    0 00:20:47        5
R22(config-router)#

发现R22和R25的邻居关系已经正常,查看BGP路由信息

java 复制代码
R22(config-router)#do show bgp ipv6 unicast        
BGP table version is 2, local router ID is 134.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   2001:BEEF:CAFE::/64
                       2001:CC1E:ABCD:2622::12
                                                              0 10001 i
 *    2001:CC1E:BEEF::2225/128
                       ::FFFF:123.1.2.18
                                                0             0 65101 i
 *    2001:CC1E:BEEF:25::/64
                       ::FFFF:123.1.2.18
                                                0             0 65101 i
java 复制代码
R25#show bgp ipv6 unicast 
BGP table version is 3, local router ID is 202.65.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *    2001:BEEF:CAFE::/64
                       ::FFFF:123.1.2.17
                                                              0 12345 10001 i
 *>   2001:CC1E:BEEF::2225/128
                       ::                       0         32768 i
 *>   2001:CC1E:BEEF:25::/64
                       ::                       0         32768 i
R25#

问题2. 去往R25网络的下一跳地址不存在、不可用

修改去往R25网络的下一跳地址,查询到R25上有配置了一个route-map 下一跳地址是R25的E0/1

java 复制代码
R25#show run | s router
router bgp 65101
 bgp log-neighbor-changes
 neighbor 123.1.2.17 remote-as 12345
 !
 address-family ipv4
  neighbor 123.1.2.17 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:CC1E:BEEF::2225/128
  network 2001:CC1E:BEEF:25::/64
  neighbor 123.1.2.17 activate
 exit-address-family
R25#show route-map
route-map NEXT-HOP, permit, sequence 10
  Match clauses:
  Set clauses:
     ipv6 next-hop 2001:CC1E:BEEF:2225::18
  Policy routing matches: 0 packets, 0 bytes
R25#

next-hop 2001:CC1E:BEEF:2225::18 这个IP地址是R25的 e0/1口,那说明这个route-map是为了修改BGP邻居访问network 2001:CC1E:BEEF::2225/128network 2001:CC1E:BEEF:25::/64时指定下一跳为自己的e0/1口,那说明这个route-map应该配置在out的方向上

java 复制代码
R25#conf t
R25(config)#router bgp 65101
R25(config-router-af)#address-family ipv6
R25(config-router-af)#neighbor 123.1.2.17 route-map NEXT-HOP out
R25(config-router-af)#do show run | s router bgp
router bgp 65101
 bgp log-neighbor-changes
 neighbor 123.1.2.17 remote-as 12345
 !
 address-family ipv4
  neighbor 123.1.2.17 activate
 exit-address-family
 !
 address-family ipv6
  network 2001:CC1E:BEEF::2225/128
  network 2001:CC1E:BEEF:25::/64
  neighbor 123.1.2.17 activate
  neighbor 123.1.2.17 route-map NEXT-HOP out
 exit-address-family
R25(config-router-af)#

在R22的路由器上,查询BGP表

java 复制代码
R22#show bgp ipv6 unicast
BGP table version is 4, local router ID is 134.22.22.22
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   2001:BEEF:CAFE::/64
                       2001:CC1E:ABCD:2622::12
                                                              0 10001 i
 *>   2001:CC1E:BEEF::2225/128
                       2001:CC1E:BEEF:2225::18
                                                0             0 65101 i
 *>   2001:CC1E:BEEF:25::/64
                       2001:CC1E:BEEF:2225::18
                                                0             0 65101 i
R22#show ipv route
IPv6 Routing Table - default - 8 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
B   2001:BEEF:CAFE::/64 [20/0]
     via FE80::A8BB:CCFF:FE02:10, Ethernet1/0
C   2001:CC1E:ABCD:2622::/64 [0/0]
     via Ethernet1/0, directly connected
L   2001:CC1E:ABCD:2622::13/128 [0/0]
     via Ethernet1/0, receive
B   2001:CC1E:BEEF::2225/128 [20/0]
     via FE80::A8BB:CCFF:FE02:2010, Ethernet0/1
B   2001:CC1E:BEEF:25::/64 [20/0]
     via FE80::A8BB:CCFF:FE02:2010, Ethernet0/1
C   2001:CC1E:BEEF:2225::/64 [0/0]
     via Ethernet0/1, directly connected
L   2001:CC1E:BEEF:2225::17/128 [0/0]
     via Ethernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive

下一跳已经正常,且已经加进路由表中

问题3. 去往目标网络的下一跳地址不存在、不可用

修改去往目标网络的下一跳地址,查询到R22上的BGP有配置了一个route-map NEXT-HOP

java 复制代码
R22#show run | s router bgp
router bgp 12345
 bgp router-id 134.22.22.22
 bgp log-neighbor-changes
......
 !
 address-family ipv6
 ......
  neighbor 123.1.2.18 route-map NEXT-HOP out
 exit-address-family
R22#show route-map NEXT-HOP
route-map NEXT-HOP, permit, sequence 10
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
R22#

却是什么都没有配置、这导致R25去往目标网络时的下跳变成了::FFFF:123.1.2.17这个无效地址,因此配置一下set next-hop解决这个问题(ipv4建邻居,传ipv6路由和ipv6建邻居,传ipv4路由的下一跳都会出现问题需要手动修改)

java 复制代码
R22#conf t
R22(config)#route-map NEXT-HOP permit 10
R22(config-route-map)#set ipv next-hop 2001:CC1E:BEEF:2225::17
R22(config-route-map)#do show route-map NEXT-HOP
route-map NEXT-HOP, permit, sequence 10
  Match clauses:
  Set clauses:
     ipv6 next-hop 2001:CC1E:BEEF:2225::17
  Policy routing matches: 0 packets, 0 bytes
R22(config-route-map)#

在R25上查看BGP路由表

java 复制代码
R25#show bgp ipv6 unicast        
BGP table version is 4, local router ID is 202.65.1.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
              x best-external, a additional-path, c RIB-compressed, 
              t secondary path, 
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>   2001:BEEF:CAFE::/64
                       2001:CC1E:BEEF:2225::17
                                                              0 12345 10001 i
 *>   2001:CC1E:BEEF::2225/128
                       ::                       0         32768 i
 *>   2001:CC1E:BEEF:25::/64
                       ::                       0         32768 i
R25#show ipv route 
IPv6 Routing Table - default - 7 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
       B - BGP, HA - Home Agent, MR - Mobile Router, R - RIP
       H - NHRP, I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea
       IS - ISIS summary, D - EIGRP, EX - EIGRP external, NM - NEMO
       ND - ND Default, NDp - ND Prefix, DCE - Destination, NDr - Redirect
       RL - RPL, O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF ext 1
       OE2 - OSPF ext 2, ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2
       la - LISP alt, lr - LISP site-registrations, ld - LISP dyn-eid
       lA - LISP away, a - Application
B   2001:BEEF:CAFE::/64 [20/0]
     via FE80::A8BB:CCFF:FE01:F010, Ethernet0/1
LC  2001:CC1E:BEEF::2225/128 [0/0]
     via Loopback0, receive
C   2001:CC1E:BEEF:25::/64 [0/0]
     via Ethernet0/0, directly connected
L   2001:CC1E:BEEF:25::1/128 [0/0]
     via Ethernet0/0, receive
C   2001:CC1E:BEEF:2225::/64 [0/0]
     via Ethernet0/1, directly connected
L   2001:CC1E:BEEF:2225::18/128 [0/0]
     via Ethernet0/1, receive
L   FF00::/8 [0/0]
     via Null0, receive
R25#

去往目标网络的下一跳已经正常,现在测试一下网络是否连通

java 复制代码
Phone#ping 2001:BEEF:CAFE::26
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:BEEF:CAFE::26, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Phone#traceroute 2001:BEEF:CAFE::26
Type escape sequence to abort.
Tracing the route to 2001:BEEF:CAFE::26

  1 2001:CC1E:BEEF:25::1 0 msec 0 msec 1 msec
  2 2001:CC1E:BEEF:2225::17 0 msec 0 msec 1 msec
  3 2001:CC1E:ABCD:2622::12 0 msec 1 msec 0 msec
  4 2001:BEEF:CAFE::26 1 msec 1 msec 0 msec
Phone#

网络通了,目标达成。

相关推荐
vortex539 分钟前
Burp与其他安全工具联动及代理设置教程
网络·安全
xserver22 小时前
ensp 基于端口安全的财务部网络组建
网络·安全
从后端到QT3 小时前
boost asio 异步服务器
服务器·网络·tcp/ip
Blankspace学3 小时前
Wireshark软件下载安装及基础
网络·学习·测试工具·网络安全·wireshark
墨水\\3 小时前
Ansible部署及基础模块
服务器·网络·ansible
手心里的白日梦3 小时前
网络计算器的实现:TCP、守护进程、Json、序列化与反序列化
网络·tcp/ip·json
不吃鱼的羊4 小时前
Excel生成DBC脚本源文件
服务器·网络·excel
敲代码娶不了六花4 小时前
对计算机网络中“层”的理解
网络·网络协议·tcp/ip·计算机网络
Graceful_scenery4 小时前
https双向认证
服务器·网络·网络协议·http·https
FBI78098045944 小时前
API接口在电商行业中的创新应用与趋势
运维·网络·人工智能·爬虫·python