题目:AR29 Loopback0无法访问 AR28 Loopback0,请诊断其原因。
故障模拟:
在LSW10(考试是LSW6)设备上执行以下命令:
vlan 2
interface Ethernet 0/0/3
port link-type access
port default vlan 2
一、故障根因判断
AR29 Loopback0 地址无法访问 AR28 Loopback0 地址的根本原因是AR28与AR29用于建立OSPF邻居关系的接口不在同一个广播域,即LSW6上连接AR28与AR29的接口的vlan划分错误。
二、故障分析
2.1、故障现象重现,在AR29上执行 ping -a 10.5.1.29 10.5.1.28 命令,测试AR29与AR28 Loopback0 地址的连通性,测试结果如下:
<AR29>ping -a 10.5.1.29 10.5.1.28
PING 10.5.1.28: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
由测试结果得知,确实存在AR28与AR29 Loopack0地址无法连通的故障,需要检查AR29的路由表中是否存在AR28的loopback 0的路由信息。
2.2、在AR29上执行 display ip routing-table 命令,输出结果如下:
<AR29>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 12 Routes : 12
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.29/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.1.33/32 OSPF 10 1 D 10.5.40.34 GigabitEthernet0/0/1
10.5.40.0/24 Direct 0 0 D 10.5.40.30 GigabitEthernet0/0/1
10.5.40.30/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.40.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.128.0/24 Direct 0 0 D 10.5.128.30 GigabitEthernet0/0/0
10.5.128.30/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.5.128.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
由以上输出结果得知,AR29的路由表中确实没有AR28 的路由信息。因为AR28与AR29之间运行OSPF协议,所以需要进一步检查OSPF邻居关系是否正常建立。
2.3、在AR29上执行 display ospf peer brief 命令查看是否存在与AR28的邻居关系,输出结果如下:
<AR29>dis ospf peer brief
OSPF Process 1 with Router ID 10.5.1.29
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.2 GigabitEthernet0/0/1 10.5.1.33 Full
----------------------------------------------------------------------------
由以上输出结果得知,AR29没有与AR28建立OSPF邻居关系,初步判断是OSPF配置错误,需进一步检查。
2.4、由于AR27与AR28、AR29都在同一个广播域中,且都通告告到了OSPF Area 0中,所以可以通过AR27的测试结果来判断AR28的OSPF配置是否正确。测试结果如下:
<AR27>dis ospf peer brief
OSPF Process 1 with Router ID 10.5.1.27
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.5.1.28 Full
==============================================================================
<AR27>dis ip routing-table | in 10.5.1.28
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 26 Routes : 26
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.28/32 OSPF 10 1 D 10.5.128.28 GigabitEthernet0/0/0
由测试结果得知,AR27与AR28建立了OSPF邻居关系,并且AR27的路由表中存在AR28 的loopback0的路由信息,说明AR28的OSPF配置正确且loopback0也通告到了Area 0中。但AR27没有与AR29建立OSPF邻居关系,需要比较AR27与AR29的OSPF配置以此来判断AR29的OSPF配置是否正确。
2.5、在AR27和AR29上执行display ospf brief 命令,输出结果如下:
<AR27>dis ospf brief
OSPF Process 1 with Router ID 10.5.1.27
OSPF Protocol Information
RouterID: 10.5.1.27 Border Router: AS
……
Area: 0.0.0.0 (MPLS TE not enabled)
Authtype: MD5 Area flag: Normal
SPF scheduled Count: 13
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 2
Interface: 10.5.128.27 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.128.27
Backup Designated Router: 10.5.128.28
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Interface: 10.5.1.27 (LoopBack0)
Cost: 0 State: P-2-P Type: P2P MTU: 1500
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
========================================================================================
<AR29>dis ospf brief
OSPF Process 1 with Router ID 10.5.1.29
OSPF Protocol Information
RouterID: 10.5.1.29 Border Router: AREA AS NSSA
……
Area: 0.0.0.0 (MPLS TE not enabled)
Authtype: MD5 Area flag: Normal
SPF scheduled Count: 11
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 1
Interface: 10.5.128.30 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.128.30
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Area: 0.0.0.2 (MPLS TE not enabled)
Authtype: MD5 Area flag: NSSA
SPF scheduled Count: 10
ExChange/Loading Neighbors: 0
NSSA Translator State: Disabled
Router ID conflict state: Normal
Area interface up count: 2
NSSA LSA count: 0
Interface: 10.5.40.30 (GigabitEthernet0/0/1)
Cost: 1 State: BDR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.40.34
Backup Designated Router: 10.5.40.30
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Interface: 10.5.1.29 (LoopBack0)
Cost: 0 State: P-2-P Type: P2P MTU: 1500
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
由输出结果得知,AR27与AR29的OSPF配置参数均为默认值,且AR29的loopback0 也通告到了Area 0中,说明AR29的OSPF配置正确。需要检查AR29是否收到OSPF错误消息报文。
2.6、在AR29上执行 display ospf error int g0/0/0 命令,输出结果如下:
<AR29>display ospf error int g0/0/0
OSPF Process 1 with Router ID 10.5.1.29
OSPF error statistics
Interface: GigabitEthernet0/0/0 (10.5.128.30)
General packet errors:
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Bad authentication type
0 : Bad authentication key 2 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion
HELLO packet errors:
0 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Invalid Source Address
DD packet errors:
0 : MTU option mismatch
LS REQ packet errors:
0 : Bad request
LS UPD packet errors:
0 : LSA checksum bad
Receive Grace LSA errors:
0 : Number of invalid LSAs 0 : Number of policy failed LSAs
0 : Number of wrong period LSAs
由输出结果得知AR29的g0/0/0接口没有收到任何OSPF错误消息报文,出现这种现象的原因有两种。
1、AR29的g0/0/0接口没有收到任何ospf报文;
2、AR29的OSPF邻居关系正常建立;
由于AR29的OSPF邻居关系没有正常建立,所以是第一种情况。
2.7、在AR29上执行ping -a 10.5.128.29 10.5.128.28 命令,测试与AR28互联接口的网络层的连通性,测试结果如下:
<AR29>ping -a 10.5.128.29 10.5.128.28
Warning: The specified source address is not a local address, the ping command will not
check the network connection.
PING 10.5.128.28: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
由测试结果得知,AR29与AR28互联接口的网络层存在问题,需要检查数据链路层是否也存在问题。
2.8、在AR29上执行display arp 命令,查看arp表中是否存在与AR28对应的IP-MAC映射关系,输出结果如下:
<AR29>dis arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.5.128.30 00e0-fca0-04f8 I - GE0/0/0
10.5.40.30 00e0-fca0-04f9 I - GE0/0/1
10.5.40.34 00e0-fcbd-4f8e 11 D-0 GE0/0/1
------------------------------------------------------------------------------
Total:3 Dynamic:1 Static:0 Interface:2
由输出结果得知,AR29的arp表中不存在与AR28对应的IP-MAC映射关系,需要进一步检查物理层是否存在故障。
2.9、在AR29上多次执行display int g0/0/0 命令,观察接口入方向的报文有无增长,输出结果如下:
<AR29>dis int g0/0/0
GigabitEthernet0/0/0 current state : UP
……
Input: 2043 packets, 243101 bytes
Unicast: 11, Multicast: 2030
Broadcast: 2, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 495 packets, 47142 bytes
Unicast: 10, Multicast: 471
Broadcast: 14, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
———————————————————————————————————————————
<AR29>dis int g0/0/0
GigabitEthernet0/0/0 current state : UP
……
Input: 2064 packets, 245600 bytes
Unicast: 11, Multicast: 2051
Broadcast: 2, Jumbo: 0
Discard: 0, Total Error: 0
CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
Output: 500 packets, 47612 bytes
Unicast: 10, Multicast: 476
Broadcast: 14, Jumbo: 0
Discard: 0, Total Error: 0
Collisions: 0, ExcessiveCollisions: 0
Late Collisions: 0, Deferreds: 0
由输出结果得知,AR29 g0/0/0 接口的 multicast(组播报文)在增加,说明物理层正常连通。
综上所述:AR29 与AR28 的 loopback 0 地址无法互访的根本原因是因为AR28与AR29互联的接口不在同一个广播域中,LSW6上连接AR28与AR29的接口vlan 划分不一致导致的故障。
三、故障处理:
3.1、LSW6上连接AR28与AR29的接口valn划分错误,需要在AR29上执行以下命令:
system view #进入系统视图
display port vlan #查看接口vlan划分
int e0/0/0 #进入接口视图
port link-type access #修改接口模式为access
port default vlan {连接AR28接口的vlan-id} #修改所属的vlan
配置完成后执行以下命令,测试故障是否已解决:
ping -a 10.5.128.29 10.5.128.28 #测试与AR28互联接口的网络层连通性
display ospf peer brief #检查与AR28的ospf邻居关系
display ip routing-table #查看路由表是否存在AR28的路由信息
ping -a 10.5.1.29 10.5.1.28 #测试loopback0 的连通性
3.2、其他高可能性故障——LSW6上配置了mux-vlan ,需在LSW6上执行以下命令:
system view #进入系统视图
display mux-vlan #查看是否存在mux-vlan配置
int {配置了mux-vlan的接口} #进入接口视图
undo port mux-vlan enabe #删除mux-vlan 配置
配置完成后执行以下命令,测试故障是否已解决:
ping -a 10.5.128.29 10.5.128.28 #测试与AR28互联接口的网络层连通性
display ospf peer brief #检查与AR28的ospf邻居关系
display ip routing-table #查看路由表是否存在AR28的路由信息
ping -a 10.5.1.29 10.5.1.28 #测试loopback0 的连通性
3.3、其他高可能性故障——LSW6和AR28上可能存在流量过滤策略,需执行以下命令:
display traffic-filter applied-record #查看是否存在流量过滤
display traffic-policy applied-record #查看是否存在流量策略
system view #进入系统视图
undo traffic-filter inbound/outbound #删除流量过滤
undo traffic-policy inbound/outbound #删除流量策略
配置完成后执行以下命令,测试故障是否已解决:
ping -a 10.5.128.29 10.5.128.28 #测试与AR28互联接口的网络层连通性
display ospf peer brief #检查与AR28的ospf邻居关系
display ip routing-table #查看路由表是否存在AR28的路由信息
ping -a 10.5.1.29 10.5.1.28 #测试loopback0 的连通性
3.4、其他高可能性故障——AR29的ospf进程视图下存在filter-policy 策略,需在AR29上执行以下命令:
system view #进入系统视图
ospf 1 #进入OSPF进程视图
undo filter-policy import #删除路由过滤策略
配置完成后执行以下命令,测试故障是否已解决:
ping -a 10.5.128.29 10.5.128.28 #测试与AR28互联接口的网络层连通性
display ospf peer brief #检查与AR28的ospf邻居关系
display ip routing-table #查看路由表是否存在AR28的路由信息
ping -a 10.5.1.29 10.5.1.28 #测试loopback0 的连通性
如果执行完上述命令后,故障依然存在,请派遣一线工程师前往现场进行排障,或提供完整的设备配置,并拨打华为400热线,请华为专家进行远处协助。