题目:AR29的loopback0 无法访问AR33 loopback0.
一、故障根因判断
AR29与AR33的loopback0不能正常通行的根本原因是OSPF配置存在两处错误。
1、AR29与AR33的 OSPF Hello时间不匹配,AR29的Hello为默认10s,AR33的Hello被修改为15s。
2、AR29与AR33的OSPF 区域类型不一致,AR29配置为普通区域,AR33配置为NSSA区域。
二、故障分析
2.1、故障现象重现,在AR29上执行ping -a 10.5.1.29 10.5.1.33 命令,测试AR29与AR33 loopback0 的连通性。输出结果如下:
<AR29>ping -a 10.5.1.29 10.5.1.33
PING 10.5.1.33: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.1.33 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss由输出结果可知,故障现象确实存在,需要检查AR29的路由表中是否存在AR33的loopback0 接口的路由信息。
2.2、在AR29上执行display ip routing-table 命令,查看路由表中是否存在AR33的路由信息,输出结果如下:
<AR29>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.27/2 OSP 10 1 D 10.5.128.27 GigabitEthernet0/0/0
10.5.1.28/3 OSPF 10 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.1.29/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.1.30/32 O_ASE 150 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.1.31/32 O_ASE 150 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.1.32/32 OSPF 10 2 D 10.5.128.28 GigabitEthernet0/0/0
10.5.1.34/32 O_ASE 150 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.14.0/24 O_ASE 150 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.34.0/24 O_ASE 150 1 D 10.5.128.28 GigabitEthernet0/0/0
10.5.40.0/24 Direct 0 0 D 10.5.40.30 GigabitEthernet0/0/1
10.5.40.30/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.40.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.128.0/24 Direct 0 0 D 10.5.128.30 GigabitEthernet0/0/0
10.5.128.30/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.5.128.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.5.129.0/24 O_ASE 150 1 D 10.5.128.28 GigabitEthernet 0/0/0
10.5.130.0/24 O_ASE 150 1 D 10.5.128.28 GigabitEthernet 0/0/0
10.5.239.0/24 OSPF 10 2 D 10.5.128.28 GigabitEthernet 0/0/0由输出结果可知,AR29的路由表中没有到AR33 loopback0 接口的路由信息,需要查看AR29与AR33的OSPF邻居关系是否正常建立。
2.3、在AR29上执行display ospf peer brief 命令,查看AR29的OSPF邻居关系建立情况,输出结果如下:
<AR29>display ospf peer brief
OSPF Process 1 with Router ID 10.5.1.29
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.5.1.27 Full
0.0.0.0 GigabitEthernet0/0/0 10.5.1.28 Full
----------------------------------------------------------------------------由输出结果得知,AR29没有与AR33建立OSPF邻居关系,需要进一步判断OSPF邻居建立是否存在错误,先排查接口是否发布到了OSPF进程中。
2.4、在AR29上执行display ospf interface g0/0/1 命令,查看接口是否发布到了OSPF进程中,输出结果如下:
<AR29>display ospf interface all
OSPF Process 1 with Router ID 10.5.1.29
Interfaces
Area: 0.0.0.0 (MPLS TE not enabled)
Interface: 10.5.128.30 (GigabitEthernet0/0/0)
Cost: 1 State: BDR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.128.27
Backup Designated Router: 10.5.128.30
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Area: 0.0.0.1 (MPLS TE not enabled)
Area: 0.0.0.2 (MPLS TE not enabled)
Interface: 10.5.40.30 (GigabitEthernet0/0/1)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.40.30
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Interface: 10.5.1.29 (LoopBack0)
Cost: 0 State: P-2-P Type: P2P MTU: 1500
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1由输出结果得知,AR29的loopback0 和 g0/0/1 接口均发布到了OSPF Area 2中,由于邻居关系的建立依赖于底层的连通性,所以需要进一步检查互联接口的网络层连通性。
2.5、在AR29上执行ping 10.5.40.34 命令,测试与AR33互联接口的网络层连通性,输出结果如下:
<AR29>ping 10.5.40.34
PING 10.5.40.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.40.34: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.5.40.34: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.5.40.34: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.40.34: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.5.40.34: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 10.5.40.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/40 ms由输出结果得知,AR29与AR33的互联接口网络层正常连通,需要检查AR29与AR33的OSPF配置参数是否存在错误。
2.6、在AR29上执行display ospf error int g0/0/1 命令,查看是否收到OSPF错误消息报文,输出结果如下:
<AR29>display ospf error int g0/0/1
OSPF Process 1 with Router ID 10.5.1.29
OSPF error statistics
Interface: GigabitEthernet0/0/1 (10.5.40.30)
General packet errors:
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Bad authentication type
0 : Bad authentication key 1 : Unknown neighbor
0 : Bad net segment 4 : Extern option mismatch
0 : Router id confusion
HELLO packet errors:
0 : Netmask mismatch 342 : Hello timer mismatch
0 : Dead timer mismatch 0 : Invalid Source Address
DD packet errors:
0 : MTU option mismatch
LS REQ packet errors:
0 : Bad request
LS UPD packet errors:
0 : LSA checksum bad
Receive Grace LSA errors:
0 : Number of invalid LSAs 0 : Number of policy failed LSAs
0 : Number of wrong period LSAs有输出结果得知,AR29收到(Hello timer mismatch)错误消息报文即AR29与AR33的 Hello 时间不匹配,是否存在其他影响OSPF邻居关系建立的因素,还需要使用debug 调试功能进一步排查。
2.7、在AR29上使用 terminal debug 命令开启调试功能,并执行 debugging ospf packet hello int g0/0/1 命令,查看是否存在其他影响OSPF邻居建立的因素,输出结果如下:
<AR29>debugging ospf packet hello interface g0/0/1
<AR29>
Feb 9 2022 15:31:55.274.1-08:00 AR29 RM/6/RMDEBUG:
FileID: 0xd0178025 Line: 559 Level: 0x20
OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
<AR29>Feb 9 2022 15:31:55.274.2-08:00 AR29 RM/6/RMDEBUG: Source Address:10.5.40.30
<AR29>Feb 9 2022 15:31:55.274.3-08:00 AR29 RM/6/RMDEBUG: Destination Addres224.0.0.5
<AR29>Feb 9 2022 15:31:55.274.4-08:00 AR29 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
<AR29>Feb 9 2022 15:31:55.274.5-08:00 AR29 RM/6/RMDEBUG: Length: 44, Router: 10.5.1.29
<AR29>Feb 9 2022 15:31:55.274.6-08:00 AR29 RM/6/RMDEBUG: Area: 0.0.0.2, Chksum: 0
<AR29>Feb 9 2022 15:31:55.274.7-08:00 AR29 RM/6/RMDEBUG: AuType: 02
<AR29>Feb 9 2022 15:31:55.274.8-08:00 AR29 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
<AR29>Feb 9 2022 15:31:55.274.9-08:00 AR29 RM/6/RMDEBUG: Net Mask: 255.255.255.0
<AR29>Feb 9 2022 15:31:55.274.10-08:00 AR29 RM/6/RMDEBUG: Hello Int: 10, Option: _E_
<AR29>Feb 9 2022 15:31:55.274.11-08:00 AR29 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 40
<AR29>Feb 9 2022 15:31:55.274.12-08:00 AR29 RM/6/RMDEBUG: DR: 10.5.40.30
<AR29>Feb 9 2022 15:31:55.274.13-08:00 AR29 RM/6/RMDEBUG: BDR: 0.0.0.0
<AR29>Feb 9 2022 15:31:55.274.14-08:00 AR29 RM/6/RMDEBUG: # Attached Neighbors: 0
----------------------------------------------------------------------------------------
<AR29>Feb 9 2022 15:32:00.464.1-08:00 AR29 RM/6/RMDEBUG:
FileID: 0xd0178024 Line: 2236 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
<AR29>Feb 9 2022 15:32:00.464.2-08:00 AR29 RM/6/RMDEBUG: Source Address: 10.5.40.34
<AR29>Feb 9 2022 15:32:00.464.3-08:00 AR29 RM/6/RMDEBUG: Destination Address: 224.0.0.5
<AR29>Feb 9 2022 15:32:00.464.4-08:00 AR29 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
<AR29>Feb 9 2022 15:32:00.464.5-08:00 AR29 RM/6/RMDEBUG: Length: 44, Router: 10.5.1.33
<AR29>Feb 9 2022 15:32:00.464.6-08:00 AR29 RM/6/RMDEBUG: Area: 0.0.0.2, Chksum: 0
<AR29>Feb 9 2022 15:32:00.464.7-08:00 AR29 RM/6/RMDEBUG: AuType: 02
<AR29>Feb 9 2022 15:32:00.464.8-08:00 AR29 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
<AR29>Feb 9 2022 15:32:00.464.9-08:00 AR29 RM/6/RMDEBUG: Net Mask: 255.255.255.0
<AR29>Feb 9 2022 15:32:00.464.10-08:00 AR29 RM/6/RMDEBUG: Hello Int: 15, Option: _N_
<AR29>Feb 9 2022 15:32:00.464.11-08:00 AR29 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int:60
<AR29>Feb 9 2022 15:32:00.464.12-08:00 AR29 RM/6/RMDEBUG: DR: 10.5.40.34
<AR29>Feb 9 2022 15:32:00.464.13-08:00 AR29 RM/6/RMDEBUG: BDR: 0.0.0.0
<AR29>Feb 9 2022 15:32:00.464.14-08:00 AR29 RM/6/RMDEBUG: # Attached Neighbors: 0
<AR29>Feb 9 2022 15:32:00.464.15-08:00 AR29 RM/6/RMDEBUG:由输出结果得知,AR29和AR33除了Hello时间不匹配外(Hello int:10 Hello int 15),还存在区域类型也不一致(Option_E_ Option_N_),AR29被配置为普通区域类型,AR33被配置为NSSA区域类型。
综上所述:产生此故障的根本原因是因为AR29和AR33的区域类型不一致和Hello时间不一致,导致无法形成邻接关系造成的。
三、故障处理
3.1、AR29与AR33的区域类型不一致和Hello时间不匹配,需要再AR29上执行以下命令以解决故障:
system view #进入系统视图
ospf 1 #进入OSPF进程视图
area 2 #进入区域视图
nssa #将区域类型修改为NSSA区域
int g0/0/1 #进入接口视图
ospf timer hell0 15 #修改接口Hello时间为15s
执行完上述命令后执行以下命令,测试故障是否已解决
display ospf peer brief #查看OSPF邻居关系
display ip routing-table #查看路由表中是否存在AR33的路由信息
ping -a 10.5.1.29 10.5.1.33 #测试AR29与AR33的loopback的连通性3.2、其他高可能性故障——AR33的loopback0 接口地址没有通告到OSPF Area2中,需要再AR33上执行以下命令以解决故障:
system view #进入系统视图
ospf 1 #进入OSPF进程视图
area 2 #进入区域视图
network 10.5.1.33 0.0.0.0 #将loopback0 通告到Area2中
执行完上述命令后执行以下命令,测试故障是否已解决
display ospf peer brief #查看OSPF邻居关系
display ip routing-table #查看路由表中是否存在AR33的路由信息
ping -a 10.5.1.29 10.5.1.33 #测试AR29与AR33的loopback的连通性3.3、其他高可能性故障——AR33上存在流量过滤策略,需要在AR33上执行以下命令以解决故障:
display traffic-filter applied-record #查看是否存在流量过滤
display traffic-policy applied-record #查看是否存在流量策略
system view #进入系统视图
undo traffic-filter inbound/outbound #删除流量过滤
undo traffic-policy inbound/outbound #删除流量策略
执行完上述命令后执行以下命令,测试故障是否已解决
display ospf peer brief #查看OSPF邻居关系
display ip routing-table #查看路由表中是否存在AR33的路由信息
ping -a 10.5.1.29 10.5.1.33 #测试AR29与AR33的loopback的连通性3.4、其他高可能性故障——AR33的OSPF进程下存在filter-policy 路由过滤策略,需要再AR33上执行以下命令以解决故障。
display ospf brief #查看是否做了区域策略
system view #进入系统视图
ospf 1 #进入OSPF进程视图
undo filter-policy import #删除路由过滤策略
执行完上述命令后执行以下命令,测试故障是否已解决
display ospf peer brief #查看OSPF邻居关系
display ip routing-table #查看路由表中是否存在AR33的路由信息
ping -a 10.5.1.29 10.5.1.33 #测试AR29与AR33的loopback的连通性如果执行完上述命令后,故障依然存在,请派遣一线工程师前往现场进行排障,或提供完整的设备配置信息,并拨打华为400热线,请华为专家进行远程协助。
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
