诊断二
AR29的loopback0口无法访问AR33的loopback0口
TAC2-1:变种1
解答
一、故障根因
AR29与AR33之间的ospf的hello时间不一致、ospf的区域类型不一致导致AR29与AR33之间无法建立ospf邻居,从而AR29与AR33之间的loopback0接口无法正常通信。
二、故障分析
2.1 故障重现
在AR29上,测试AR29和AR33的loopback0接口之间的通信情况,结果如下:
"""
<AR29>ping -a 10.5.1.29 10.5.1.33
PING 10.5.1.33: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.1.33 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
"""
结果显示,AR29无法访问AR33的loopback0接口,故障确实存在。
2.2 检查路由表
AR29想要访问AR33的loopback0接口,首先需要在路由表中存在对方的路由,查看AR29的路由表,结果如下:
"""
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.29/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.128.0/24 Direct 0 0 D 10.5.128.29 GigabitEthernet
0/0/0
10.5.128.29/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.5.128.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.5.233.0/24 Direct 0 0 D 10.5.233.29 GigabitEthernet
0/0/1
10.5.233.29/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.5.233.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
"""
结果显示,AR29的路由表中并不存在AR33的loopback0接口地址的路由。
2.3 检查ospf邻居
由于AR33之间运行ospf路由协议,查看AR29与AR33的ospf邻居是否正常,结果如下:
"""
<AR29>display ospf peer brief
OSPF Process 1 with Router ID 10.5.1.29
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
----------------------------------------------------------------------------
"""
结果显示,AR29上并不存在AR33的ospf邻居。
2.4 检查接口宣告情况
查看AR29是否将相关接口宣告进ospf区域2中,结果如下:
"""
<AR29>display ospf interface all
OSPF Process 1 with Router ID 10.5.1.29
Interfaces
Area: 0.0.0.0 (MPLS TE not enabled)
Interface: 10.5.128.29 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.128.29
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Area: 0.0.0.2 (MPLS TE not enabled)
Interface: 10.5.233.29 (GigabitEthernet0/0/1)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.233.29
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Interface: 10.5.1.29 (LoopBack0)
Cost: 0 State: P-2-P Type: P2P MTU: 1500
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
"""
结果显示,AR29已经将与AR33的互联接口GigabitEthernet0/0/1宣告进ospf区域2中,同时也将LoopBack0接口宣告进区域2中。
2.5 获取AR33三层地址
ospf邻居的建立依赖三层的正常通信,检查AR33与AR29之间的三层通信是否正常,检查三层的连通性首先需要回去对方的三层地址,查看ARP列表中是否存在或者查看lldp邻居,结果如下:
"""
<AR29>display arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE
VLAN/CEVLAN PVC
------------------------------------------------------------------------------
10.5.128.29 00e0-fcc1-1b22 I - GE0/0/0
10.5.233.29 00e0-fcc1-1b23 I - GE0/0/1
------------------------------------------------------------------------------
Total:3 Dynamic:1 Static:0 Interface:2
<AR29>display lldp neighbor
Error: Global LLDP is not enabled.
"""
结果显示,ARP列表中并不存在AR33的三层地址,AR29上也并未开启LLDP。
2.6 检查ospf错误情况
在AR29上查看AR29与AR33互联接口下的ospf报错情况,结果如下:
"""
<AR29>display ospf error interface GigabitEthernet 0/0/1
OSPF Process 1 with Router ID 10.5.1.29
OSPF error statistics
Interface: GigabitEthernet0/0/1 (10.5.233.29)
General packet errors:
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Bad authentication type
0 : Bad authentication key 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion
HELLO packet errors:
0 : Netmask mismatch 56 : Hello timer mismatch
0 : Dead timer mismatch 0 : Invalid Source Address
DD packet errors:
0 : MTU option mismatch
LS REQ packet errors:
0 : Bad request
LS UPD packet errors:
0 : LSA checksum bad
Receive Grace LSA errors:
0 : Number of invalid LSAs 0 : Number of policy failed LSAs
0 : Number of wrong period LSAs
"""
结果显示,“56 : Hello timer mismatch”表明AR29与AR33的ospf的hello时间不一致。
2.7 查看调试信息
由于AR33无法登陆,只能在AR29上查看调试信息来确认AR33与AR29之间的ospf的hello时间是否一致,结果如下:
"""
# 开启调试模式
<AR29>terminal monitor
Info: Current terminal monitor is on.
<AR29>terminal debugging
Info: Current terminal debugging is on.
# 查看调试信息
<AR29>debugging ospf packet hello interface GigabitEthernet 0/0/1
# AR29给发送的hello报文
<AR29>
Jan 2 2021 12:04:51.856.1-08:00 AR29 RM/6/RMDEBUG:
FileID: 0xd0178025 Line: 559 Level: 0x20
OSPF 1: SEND Packet. Interface: GigabitEthernet0/0/1
<AR29>
Jan 2 2021 12:04:51.856.2-08:00 AR29 RM/6/RMDEBUG: Source Address: 10.5.233.29
<AR29>
Jan 2 2021 12:04:51.856.3-08:00 AR29 RM/6/RMDEBUG: Destination Address: 224.0.
0.5
<AR29>
Jan 2 2021 12:04:51.856.4-08:00 AR29 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
<AR29>
Jan 2 2021 12:04:51.856.5-08:00 AR29 RM/6/RMDEBUG: Length: 44, Router: 10.5.1.
29
<AR29>
Jan 2 2021 12:04:51.856.6-08:00 AR29 RM/6/RMDEBUG: Area: 0.0.0.2, Chksum: 0
<AR29>
Jan 2 2021 12:04:51.856.7-08:00 AR29 RM/6/RMDEBUG: AuType: 02
<AR29>
Jan 2 2021 12:04:51.856.8-08:00 AR29 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
<AR29>
Jan 2 2021 12:04:51.856.9-08:00 AR29 RM/6/RMDEBUG: Net Mask: 255.255.255.0
<AR29>
Jan 2 2021 12:04:51.856.10-08:00 AR29 RM/6/RMDEBUG: Hello Int: 10, Option: _E_
<AR29>
Jan 2 2021 12:04:51.856.11-08:00 AR29 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int:
40
<AR29>
Jan 2 2021 12:04:51.856.12-08:00 AR29 RM/6/RMDEBUG: DR: 10.5.233.29
<AR29>
Jan 2 2021 12:04:51.856.13-08:00 AR29 RM/6/RMDEBUG: BDR: 0.0.0.0
<AR29>
Jan 2 2021 12:04:51.856.14-08:00 AR29 RM/6/RMDEBUG: # Attached Neighbors: 0
# AR33给发送的hello报文
<AR29>
Jan 2 2021 12:05:00.626.1-08:00 AR29 RM/6/RMDEBUG:
FileID: 0xd0178024 Line: 2236 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/1
<AR29>
Jan 2 2021 12:05:00.626.2-08:00 AR29 RM/6/RMDEBUG: Source Address: 10.5.233.33
<AR29>
Jan 2 2021 12:05:00.626.3-08:00 AR29 RM/6/RMDEBUG: Destination Address: 224.0.
0.5
<AR29>
Jan 2 2021 12:05:00.626.4-08:00 AR29 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
<AR29>
Jan 2 2021 12:05:00.626.5-08:00 AR29 RM/6/RMDEBUG: Length: 44, Router: 10.5.1.
33
<AR29>
Jan 2 2021 12:05:00.626.6-08:00 AR29 RM/6/RMDEBUG: Area: 0.0.0.2, Chksum: 0
<AR29>
Jan 2 2021 12:05:00.626.7-08:00 AR29 RM/6/RMDEBUG: AuType: 02
<AR29>
Jan 2 2021 12:05:00.626.8-08:00 AR29 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
<AR29>
Jan 2 2021 12:05:00.626.9-08:00 AR29 RM/6/RMDEBUG: Net Mask: 255.255.255.0
<AR29>
Jan 2 2021 12:05:00.626.10-08:00 AR29 RM/6/RMDEBUG: Hello Int: 15, Option: _N_
<AR29>
Jan 2 2021 12:05:00.626.11-08:00 AR29 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int:
60
<AR29>
Jan 2 2021 12:05:00.626.12-08:00 AR29 RM/6/RMDEBUG: DR: 10.5.233.33
<AR29>
Jan 2 2021 12:05:00.626.13-08:00 AR29 RM/6/RMDEBUG: BDR: 0.0.0.0
<AR29>
Jan 2 2021 12:05:00.626.14-08:00 AR29 RM/6/RMDEBUG: # Attached Neighbors: 0
#关闭调试信息输出
<AR29>undo terminal debugging
Info: Current terminal debugging is off.
"""
结果显示,AR29的hello时间为10秒( Hello Int: 10),AR33的hello时间为15秒(Hello Int: 15);AR29的ospf区域类型为普通区域(Option: _E_),AR33的ospf区域为nssa区域(Option: _N_)。AR33与AR29的RouterID不冲突、均为ospf区域2、认证通过、网段一致。即AR29与AR33之间无法建立ospf邻居的因素有两个,一是hello时间不一致,二是ospf区域类型以一致。同时获取到AR33的三层地址为10.5.233.33。
2.8 测试三层的连通性
ospf邻居建立的前提为三层通信正常,测试AR29与AR33的三层通信是否正常,结果如下:
"""
<AR29>ping 10.5.233.33
PING 10.5.233.33: 56 data bytes, press CTRL_C to break
Reply from 10.5.233.33: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 10.5.233.33: bytes=56 Sequence=2 ttl=255 time=30 ms
Reply from 10.5.233.33: bytes=56 Sequence=3 ttl=255 time=10 ms
Reply from 10.5.233.33: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.5.233.33: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.5.233.33 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/30 ms
"""
结果显示,AR29与AR33的三层通信正常。
2.9 结论
通过上述分析,故障的根本原因为AR29与AR33之间的ospf的hello时间不一致、ospf的区域类型不一致导致AR29与AR33之间无法建立ospf邻居,从而AR29与AR33之间的loopback0接口无法正常通信。
三、故障解决
3.1 AR29与AR33之间的ospf的hello时间不一致、ospf的区域类型不一致,需要在AR33上执行以下命令:
system-view //进入系统视图
ospf {ospf进程ID} //进入ospf进程下
area 2 //进入区域2
undo nssa //删除nssa无语配置
interface GigabitEthernet 0/0/1 //进入接口视图
undo ospf timer hello //删除ospf的hello时间配置
执行完以上命令之后需要在AR29上执行以下命令进行检查:
display ospf peer brief //检查AR33与AR29之间的ospf邻居是否正常
display ip routing-table //检查A29的路由表中是否存在AR33的loopback0接口地址的路由
ping -a 10.5.1.29 10.5.1.33 //查看故障是否解决
3.2 如果执行以上命令未能排除故障,则存在以下高可能性故障:
3.2.1 AR33的loopback0接口没有宣告进区域2,需要在AR33上执行以下命令:
system-view //进入系统视图
ospf {ospf进程ID} //进入ospf进程下
area 2 //进入区域2
network 10.5.1.33 0.0.0.0 //将loopback0接口地址宣告进区域2
3.2.2 AR29与AR33的ospf区域认证不一致,需要在AR29上执行以下命令:
system-view //进入系统视图
interface GigabitEthernet 0/0/1 //进入接口视图
undo ospf authentication-mode //接口认证优先于区域认证,删除接口认证
ospf {ospf进程ID} //进入ospf进程下
area 2 //进入区域2
authentication-mode MD5 1 cipher {与AR33相同的密码} //修改区域认证密码
3.2.3 AR29与AR33互联接口的mtu不一致,需要在AR33上执行以下命令:
system-view //进入系统视图
interface GigabitEthernet 0/0/1 //进入接口视图
mtu 1500 //修改mtu值
3.2.4 AR29与AR33的ospf进程下表存在路由过滤策略,需要在AR33和AR29上执行以下命令:
system-view //进入系统视图
ospf {ospf进程ID} //进入ospf进程下
display this //查看当前配置
undo filter-policy import //删除路由过滤策略
undo filter-policy export
3.2.5 AR29与AR33的互联接口下存在流量过滤策略,需要在AR33和AR29上执行以下命令:
system-view //进入系统视图
interface GigabitEthernet 0/0/1 //进入接口视图
display this //查看当前配置
undo traffic-policy inbound //删除流量过滤策略
undo traffic-policy outbound
undo traffic-filter inbound
undo traffic-filter outbound
执行完以上命令之后需要在AR29上执行以下命令进行检查:
display ospf peer brief //检查AR33与AR29之间的ospf邻居是否正常
display ip routing-table //检查A29的路由表中是否存在AR33的loopback0接口地址的路由
ping -a 10.5.1.29 10.5.1.33 //查看故障是否解决
3.3 如果执行以上命令成功排除故障,则需要在执行过命令的设备上继续执行以下命令:
return //返回用户视图
save //保存修改之后的配置
3.4 如果执行以上命令未能排除故障,则需要用户提供完整的设备配置信息或者派遣一线工程师到达用户现场进行现场排障,同时拨打华为400服务热线请求华为专家的协助,谢谢!
TAC2-2:变种2
解答
# 排障步骤和变种3相同,都是通过最后的调试信息找到错点
TAC2-3:变种3
解答
# 排障步骤和变种3相同,都是通过最后的调试信息找到错点