CCIE-09-BGP-TS

烈火蜓蜻

已于 2024-04-16 11:15:03 修改

阅读量771

点赞数 8

CC 4.0 BY-SA版权

文章标签：网络智能路由器 Troubleshooting BGP MPLS OSPF

于 2024-03-31 12:32:29 首次发布

本文链接：https://blog.youkuaiyun.com/Linux7985/article/details/136920719

实验条件

网络拓朴

在这里插入图片描述

目标输出

在这里插入图片描述

环境配置

在我的资源里可以下载（就在这篇文章的开头也可以下载）
在这里插入图片描述

开始Troubleshooting

整体排错的思路如下：

检查所有的直连口是否双UP
检查所有的IGP启动情况，邻居状态
检查所有的BGP的状态（已经配置的邻居是否有起来）
根据输出，调整BGP选路参数

第一步检查所有的直连接口是否正常UP，所有可以配置的路由的特权密码都是“cisco”，

问题1. R5路由器直连口没有开启

问题2. R21路由器直连口没有开启

问题3. R12路由器直连口没有开启

第二步确保拓扑图中的OSPF都能正常的起邻居
从R1开始排查

1. 根据拓扑图，先确保OSPF协议邻居有关系先起来所有路由器的密码都是cisco, 除了不允许配置的路由器外
从R1开始

R3#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
123.1.1.1         1   FULL/BDR        00:00:37    123.45.67.5     Ethernet0/0

发现R3与R21路由并没有建立邻居关系。查询配置后并无异常

R3#show run | s router ospf 
router ospf 12345
 router-id 123.3.3.3
 area 1 range 134.56.78.0 255.255.255.0
 network 123.3.3.3 0.0.0.0 area 0
 network 123.45.67.6 0.0.0.0 area 0
 network 134.56.78.37 0.0.0.0 area 1
R3#

// 查询R21的路由器
R21(config-if)#do show run | s router
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3

问题4. R21的直连接口被配置成了被动接口

ospf下配置了被动接口，这样的话，他不会发出hello包也无法接收路由和hello报文（其它的IGP中的被动接口行为也有所不同，有些可以接收，但无法发出，有些是无法接收也无法发出）
配置R21的OSPF

R21#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R21(config)#router ospf 12345
R21(config-router)#no passive-interface Ethernet1/0 
R21(config-router)#no passive-interface Ethernet0/0
R21(config-router)#do show run | s router ospf
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet1/0
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3

再次查询R21邻居，发现邻居关系依然没有起来，开启Debug

R21#debug ip ospf hello      
OSPF hello debugging is on
R21#
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252
OSPF-12345 HELLO Et0/0: Send hello to 224.0.0.5 area 1 from 134.56.78.38
OSPF-12345 HELLO Et2/0: Send hello to 224.0.0.5 area 1 from 134.56.78.50
OSPF-12345 HELLO Et2/0: Rcv hello from 134.22.22.22 area 1 134.56.78.49
OSPF-12345 HELLO Et2/0: Mismatched hello parameters from 134.56.78.49
OSPF-12345 HELLO Et2/0: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.252 C 255.255.255.248
OSPF-12345 HELLO Et0/0: Rcv hello from 123.3.3.3 area 1 134.56.78.37
OSPF-12345 HELLO Et0/0: Mismatched hello parameters from 134.56.78.37
OSPF-12345 HELLO Et0/0: Dead R 44 C 40, Hello R 11 C 10 Mask R 255.255.255.252 C 255.255.255.252

问题5. R21路由器的hello时间与R3的不一致

问题6. R21路由器与R22的直接接口的IP地址网络不一样（子网掩码不同）

在R3上查询配置得到以下内容

R3(config-if)#do show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.37 255.255.255.252
 ip ospf hello-interval 11
 duplex auto
end
......
// 修改这个配置
R3#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int e2/0
R3(config-if)#no ip ospf he
R3(config-if)#no ip ospf hello-interval  
R3(config-if)#do show ip    
%BGP-5-ADJCHANGE: neighbor 134.21.21.21 Up ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
123.1.1.1         1   FULL/BDR        00:00:38    123.45.67.5     Ethernet0/0
134.21.21.21      1   FULL/DR         00:00:39    134.56.78.38    Ethernet2/0
R3(config-if)#

R3与R21邻居关系正常了
再回头检查R22和R21的子网掩码配置

R21#show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.50 255.255.255.248
 duplex auto
end
R21#show run | s router ospf 
router ospf 12345
 router-id 134.21.21.21
 max-metric router-lsa
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet1/0
 no passive-interface Ethernet2/0
 network 134.21.21.21 0.0.0.0 area 1
 network 134.56.78.38 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
 neighbor 123.3.3.3
R21#

R22#show run interface e2/0
Building configuration...

Current configuration : 83 bytes
!
interface Ethernet2/0
 ip address 134.56.78.49 255.255.255.252
 duplex auto
end
R22#show run | s router ospf 
router ospf 12345
 router-id 134.22.22.22
 passive-interface default
 no passive-interface Ethernet0/0
 no passive-interface Ethernet2/0
 network 134.22.22.22 0.0.0.0 area 1
 network 134.56.78.42 0.0.0.0 area 1
 network 134.56.78.48 0.0.0.7 area 1
R22#

根据OSPF网络的宣告内容，可以确定的是R22的E2/0本意是配置子网掩码长度为29位
因此修改R22的接口IP

R22#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R22(config)#int e2/0 
R22(config-if)#ip address 134.56.78.49 255.255.255.248

R21#show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
123.3.3.3         1   FULL/BDR        00:00:30    134.56.78.37    Ethernet0/0
134.22.22.22      1   FULL/BDR        00:00:34    134.56.78.49    Ethernet2/0

R22(config-if)#do show ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
134.21.21.21      1   FULL/DR         00:00:38    134.56.78.50    Ethernet2/0
123.5.5.5         0   FULL/  -        00:00:32    134.56.78.41    Ethernet0/0

至此R21的OSPF邻居关系也都建立了，也正常了，继续排查BGP的邻居关系
此时发现R22的与R5的邻居关系报错，

%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch
%OSPF-4-NET_TYPE_MISMATCH: Received Hello from 123.5.5.5 on Ethernet0/0 indicating a  potential 
             network type mismatch

提示网络类型不一致

问题7. R22与R5接口的OSPF网络类型不一致

R22#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R22(config)#do show run interface e0/0
Building configuration...

Current configuration : 115 bytes
!
interface Ethernet0/0
 ip address 134.56.78.42 255.255.255.252
 ip ospf network point-to-point
 duplex auto
end

R22(config)#int e0/0
R22(config-if)#no ip ospf network point-to-point

查看路由表，正常学到R22的路由，继续排查BGP邻居状态
R4与R5和R12的邻居状态不正常

R4#show ip bgp summary
......
Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.5.5.5       4        12345       0       0        1    0    0 never    Idle
123.6.6.6       4        12345     535     535        3    0    0 08:03:26        1
123.45.67.44    4        14567       0       0        1    0    0 never    Idle
R4#show run | s router bgp
router bgp 12345
 bgp router-id 123.4.4.4
 bgp log-neighbor-changes
 no bgp default ipv4-unicast
 neighbor 123.3.3.3 remote-as 12345
 neighbor 123.3.3.3 update-source Loopback0
 neighbor 123.5.5.5 remote-as 12345
 neighbor 123.5.5.5 update-source Loopback0
 neighbor 123.6.6.6 remote-as 12345
 neighbor 123.6.6.6 update-source Loopback0
 neighbor 123.45.67.44 remote-as 14567
 !
 address-family ipv4
  network 125.45.67.24 mask 255.255.255.252
  neighbor 123.5.5.5 activate
  neighbor 123.5.5.5 next-hop-self
  neighbor 123.6.6.6 activate
  neighbor 123.6.6.6 next-hop-self
  neighbor 123.45.67.44 activate
  neighbor 123.45.67.44 route-map MED out
 exit-address-family
 !
 address-family vpnv4
  neighbor 123.3.3.3 activate
  neighbor 123.3.3.3 send-community extended
  neighbor 123.5.5.5 activate
  neighbor 123.5.5.5 send-community extended
 exit-address-family
 !
 address-family ipv4 vrf BancoBank_ToHub
  neighbor 124.45.67.26 remote-as 65100
  neighbor 124.45.67.26 activate
 exit-address-family
 !
 address-family ipv4 vrf BancoBank_ToSpoke
  neighbor 123.45.67.26 remote-as 65100
  neighbor 123.45.67.26 activate
 exit-address-family

查询R5的BGP配置

R5#show run | s router bgp 
router bgp 12345
 bgp router-id 123.5.5.5
 bgp log-neighbor-changes
 neighbor IBGP peer-group
 neighbor IBGP remote-as 12345
 neighbor IBGP update-source Loopback0
 neighbor 123.3.3.3 peer-group IBGP
 neighbor 123.4.4.4 peer-group IBGP
 neighbor 134.21.21.21 peer-group IBGP
 neighbor 134.22.22.22 peer-group IBGP
 !
 address-family ipv4
  neighbor IBGP route-reflector-client
  neighbor IBGP next-hop-self
  neighbor 123.3.3.3 activate
  no neighbor 123.4.4.4 activate
  neighbor 134.21.21.21 activate
  neighbor 134.22.22.22 activate
 exit-address-family
 !
 address-family vpnv4
  neighbor IBGP send-community extended
  neighbor IBGP route-reflector-client
  neighbor 123.3.3.3 activate
  neighbor 123.4.4.4 activate
 exit-address-family
 !
 address-family ipv4 vrf BancBank
  neighbor 123.65.1.30 remote-as 65101
  neighbor 123.65.1.30 activate
 exit-address-family

问题8. R5上BGP的配置没有激活与R4的邻居状态

发现R5与R4的邻居状态没有激活 “no neighbor 123.4.4.4 activate”，激活一下

R5#conf t 
Enter configuration commands, one per line.  End with CNTL/Z.
R5(config)#router bgp 12345
R5(config-router)# address-family ipv4
R5(config-router-af)#neighbor 123.4.4.4 activate

R4与R5的邻居关系起来了，继续查看R4与R12的邻居关系

R12#show run | s router bgp
router bgp 14567
 bgp router-id 145.12.12.12
 bgp log-neighbor-changes
 network 123.45.67.20 mask 255.255.255.252
 network 123.45.67.40 mask 255.255.255.248
 neighbor 123.45.67.45 remote-as 12345
 neighbor 123.45.67.45 shutdown
 neighbor 123.45.67.46 remote-as 12345
 neighbor 145.11.11.11 remote-as 14567
 neighbor 145.11.11.11 update-source Loopback0
 neighbor 145.11.11.11 next-hop-self
R12#

问题9. R12上BGP的配置关闭了与R4的邻居状态

R12#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R12(config)#router bgp 14567
R12(config-router)#no neighbor 123.45.67.45 shutdown

R12(config-router)#do show ip bgp summary
BGP router identifier 145.12.12.12, local AS number 14567
BGP table version is 15, main routing table version 15
11 network entries using 1584 bytes of memory
21 path entries using 1764 bytes of memory
9/6 BGP path/bestpath attribute entries using 1440 bytes of memory
2 BGP AS-PATH entries using 48 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 4836 total bytes of memory
BGP activity 11/0 prefixes, 21/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
123.45.67.45    4        12345      11      14       15    0    0 00:00:15