AR29与AR28的接口VLAN划分错误

一、故障根因判断
AR29的LOOPBACK0地址无法访问AR28的LOOPBACK0地址的根本原因是因为AR29与AR28用于建立ospf邻居关系的接口不在同一个广播域中,LSW6上连接AR29与AR28的接口VLAN划分错误
二、故障分析
2.1故障重现,在AR29上以自身LOOPBACK0接口的地址为源地址,去PINGAR28的LOOPBACK0接口的地址,测试结果如下输出所示:
ping -a 10.5.1.29 10.5.1.28
PING 10.5.1.28: 56 data bytes, press CTRL_C to break

Request time out
Request time out
Request time out
Request time out
Request time out

由以上输出结果可知确实存在此故障,由于AR29与AR28之间运行OSPF路由协议,所以在AR29上进一步查看路由表以确定是否存在AR28的LOOPBACK0接口地址的路由信息。
2.2在AR29上检查路由表,看是否存在到AR28的LOOPBACK0接口地址的路由,测试输出结果如下所示:
dis ip routing-table

Route Flags: R - relay, D - download to fib

Routing Tables: Public

     Destinations : 12       Routes : 12       

Destination/Mask Proto Pre Cost Flags NextHop Interface

  10.5.1.29/32  Direct  0    0           D   127.0.0.1       LoopBack0
  10.5.1.33/32  OSPF    10   1           D   10.5.40.34      GigabitEthernet0/0/1
  10.5.40.0/24  Direct  0    0           D   10.5.40.30      GigabitEthernet0/0/1
 10.5.40.30/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
10.5.40.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
 10.5.128.0/24  Direct  0    0           D   10.5.128.30     GigabitEthernet0/0/0
10.5.128.30/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0

10.5.128.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
由以上输出可知AR29并没有到工AR28LOOPBACK0接口地址的路由,所以需要检查工AR29与AR28的OSPF邻居关系是否正常。
2.3在AR29上检查OSPf邻居关系是否正常,输出结果如下所示:
dis ospf peer brief

 OSPF Process 1 with Router ID 10.5.1.29
      Peer Statistic Information

----------------------------------------------------------------------------
Area Id Interface Neighbor id State

0.0.0.2 GigabitEthernet0/0/1 10.5.1.33 Full

如上输出可知AR29在区域0没有与AR28 AR27建立OSPF的邻居关系,所以初步判断OSPF配置错误,需要进一步检查。
2.4由于AR27与AR28 AR29处于同一个OSPF域中,所以可以通过AR27的测试结果来判断AR28配置是否正确,测试及输出结果如下:
dis ospf peer brie

 OSPF Process 1 with Router ID 10.5.1.27
      Peer Statistic Information

----------------------------------------------------------------------------
Area Id Interface Neighbor id State

0.0.0.0 GigabitEthernet0/0/0 10.5.1.28 Full

dis ip routing-table

Route Flags: R - relay, D - download to fib

Routing Tables: Public

     Destinations : 26       Routes : 26       

Destination/Mask Proto Pre Cost Flags NextHop Interface

  10.5.1.27/32  Direct  0    0           D   127.0.0.1       LoopBack0
  10.5.1.28/32  OSPF    10   1           D   10.5.128.28     GigabitEthernet0

/0/0

由以上输出可知AR27与AR28能正常建立OSPF邻居关系,并且AR27能够学习到AR28的LOOPBACK0地址,说明AR28 OSPF 配置正确,此时需要对比AR27与AR29的OSPF配置是否一致来判断AR29的OSPF是否配置正确。
2.5在AR27/AR29上分别用
dis ospf brie

 OSPF Process 1 with Router ID 10.5.1.27
     OSPF Protocol Information

RouterID: 10.5.1.27 Border Router: AS
Multi-VPN-Instance is not enabled
Global DS-TE Mode: Non-Standard IETF Mode
Graceful-restart capability: disabled
Helper support capability : not configured
Applications Supported: MPLS Traffic-Engineering
Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 7
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 1 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Process total up interface count: 2
Process valid up interface count: 1

Area: 0.0.0.0 (MPLS TE not enabled)
Authtype: MD5 Area flag: Normal
SPF scheduled Count: 7
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 2

Interface: 10.5.128.27 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.5.128.27
Backup Designated Router: 10.5.128.28
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1

Interface: 10.5.1.27 (LoopBack0)
Cost: 0 State: P-2-P Type: P2P MTU: 1500
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1

dis ospf brief

 OSPF Process 1 with Router ID 10.5.1.29
     OSPF Protocol Information

RouterID: 10.5.1.29 Border Router: AREA AS NSSA
Multi-VPN-Instance is not enabled
Global DS-TE Mode: Non-Standard IETF Mode
Graceful-restart capability: disabled
Helper support capability : not configured
Applications Supported: MPLS Traffic-Engineering
Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 6
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 2 Nssa Area Count: 1
ExChange/Loading Neighbors: 0
Process total up interface count: 3
Process valid up interface count: 2

Area: 0.0.0.0 (MPLS TE not enabled)
Authtype: MD5 Area flag: Normal
SPF scheduled Count: 6
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 1
通过以上输出可以看AR29的OSPF配置正确,并且把LOOPBACK0也加入了区域0中,所以需要进一步检查OSPF邻居建立是滞出现了其他错误。
2.6**在AR29上使用
dis ospf error interface GigabitEthernet 0/0/0

 OSPF Process 1 with Router ID 10.5.1.29
     OSPF error statistics 

Interface: GigabitEthernet0/0/0 (10.5.128.30)
General packet errors:
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Bad authentication type
0 : Bad authentication key 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion

HELLO packet errors:
0 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Invalid Source Address

DD packet errors:
0 : MTU option mismatch

LS REQ packet errors:
0 : Bad request

LS UPD packet errors:
0 : LSA checksum bad

Receive Grace LSA errors:
0 : Number of invalid LSAs 0 : Number of policy failed LSAs
0 : Number of wrong period LSAs
由以上输可知OSPF并没有接收到任何错误 的报文信息,因为只有两种情奖品会造成此现像,一是OSPF邻居正常建立,二是OSPF完全没有接收到任何报文。由到OSPF邻居没有正常建立,所以可以判断OSPF没有正常接收到任何报文,初步判断为AR29与AR28用户建立OSPF的三层地址不通,需进一步判断。
2.7在AR29上命令ping
ping -a 10.5.128.29 10.5.128.28
Warning: The specified source address is not a local address, the ping command wi
ll not check the network connection.
PING 10.5.128.28: 56 data bytes, press CTRL_C to break

Request time out
Request time out
Request time out
Request time out
Request time out

由以上输出结果可知,AR29与AR28之间用于建立的ospf邻居关系的三层地址IP不可达,进一步判断二层是否互通。
2.8在AR29上检查ARP表,看是否有AR28的IP-MAC的映射关系,输出结果如下所示:
dis arp
IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE

VLAN/CEVLAN PVC

10.5.128.30 00e0-fca0-04f8 I - GE0/0/0
10.5.40.30 00e0-fca0-04f9 I - GE0/0/1

10.5.40.34 00e0-fcbd-4f8e 9 D-0 GE0/0/1

Total:3 Dynamic:1 Static:0 Interface:2
由以上输出可知AR29的ARP表中并没有AR28 10.5.128.28地址的IP-MAC映射关系,所以初步判断AR29连接LSW6接口DOWN,需进一步检查。
2.9在AR上采用两次dis int g0/0/0
dis int g0/0/0
Input: 917 packets, 109123 bytes
Unicast: 0, Multicast: 917
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
dis int g0/0/0
Input: 948 packets, 112812 bytes
Unicast: 0, Multicast: 948
Broadcast: 0, Jumbo: 0
Discard: 0, Total Error: 0

CRC: 0, Giants: 0
Jabbers: 0, Throttles: 0
Runts: 0, Symbols: 0
Ignoreds: 0, Frames: 0
由以上输出可以看AR29连接LSW6接口的物理和协议正常,并且能够两次输出结果中的组播报文在增长,所以可以判断端口正常。
结论:通过以上测试结果可以发现,AR29的OSPF配置正常,AR29与LSW6直连的接口正常,AR28 OSPF配置正常,但是AR29与AR28用于建立OSPF邻居关系的三层及二层地址不可达。所以可以判断故障的根本原因为AR29与AR28用于建立OSPF邻居关系的IP地址不在同一个广播域,LSW上用于连接AR29与AR28接口VLAN划分错误。
三、故障处理
3.1LSW VLAN划分错误的故障需在LSW6上执行以下命令:
dis port vlan
sys
int 连接AR29的接口
port link-type access
port default vlan 与AR27 28相同的VLANID
执行完成以上命令后在AR29采用以后命令进行测试:
ping -a 10.5.128.29 10.5.128.28
3.2其他高可能性故障-LSW6上配置了muxvlan 则需要在LSW6上执行以下命令:
dis muxvlan
sys
int 连接AR29的接口
undo port muxvlan en
执行完成以上命令后,在AR29上采用以下命令进行测试:

ping -a  10.5.128.29 10.5.128.28                    /*AR29与AR28用于建立OSPF邻居关系的IPV4地址三层应该可达*/
display ospf peer brief                             /*AR29与AR28的ospf邻居关系应该正常建立*/
display ip routing-table | include 10.5.1.28        /*AR29能够正常学习到AR28的loopback0 IPV4地址*/
ping -a 10.5.1.29 10.5.1.28                         /*AR29的loopback0 IPV4地址能够与AR28的loopback0 IPV4地址互通,故障解决*/

3.3.其他高可能性故障——LSW6和AR28上配置了过滤策略则需要在AR28LSW6上执行以下命令
dis traffic-policy applied-record
sys
int 所有相关接口
undo traffic-filter inbound /out

执行完成以上命令后在AR29上采用以下命令进行测试:
ping -a  10.5.128.29 10.5.128.28                    /*AR29与AR28用于建立OSPF邻居关系的IPV4地址三层应该可达*/
display ospf peer brief                             /*AR29与AR28的ospf邻居关系应该正常建立*/
display ip routing-table | include 10.5.1.28        /*AR29能够正常学习到AR28的loopback0 IPV4地址*/
ping -a 10.5.1.29 10.5.1.28                         /*AR29的loopback0 IPV4地址能够与AR28的loopback0 IPV4地址互通,故障解决*/        

3.4如果执行以上命令都无法解决问题,则需要用户提供完整的设备配置联系华为TAC专家到场协助。或者播打华为400售后电话。

标签: 无

发表评论: