题目:
AR27.AR28.AR29.AR32和AR33运行OSPF,AR28.AR30.AR31和AR34运行isis。
在AR28上做了双向路由引入,全SITE路由可达。
AR32的loopback0无法访问ISIS区域里的部分设备;请诊断其问题的原因。
1、故障根因:
1.1 AR28的G0/0/2接口的出方向有针对AR32的Loopback0流量过滤行为。
2、分析过程:
2.1 登录AR32,通过命令:display ip routing-table 查看AR32的路由表中是否有ISIS中全部路由条目。
显示信息如下:
-------------------------------------------------------------------------------------------
<AR32>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 21 Routes : 21
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.27/32 OSPF 10 2 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.28/32 OSPF 10 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.29/32 OSPF 10 2 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.30/32 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.31/32 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.32/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.1.33/32 OSPF 10 3 D 10.5.239.28 GigabitEthernet0/0/0
10.5.1.34/32 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.14.0/24 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.34.0/24 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.40.0/24 OSPF 10 3 D 10.5.239.28 GigabitEthernet0/0/0
10.5.128.0/24 OSPF 10 2 D 10.5.239.28 GigabitEthernet0/0/0
10.5.129.0/24 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.130.0/24 O_ASE 150 1 D 10.5.239.28 GigabitEthernet0/0/0
10.5.239.0/24 Direct 0 0 D 10.5.239.32 GigabitEthernet0/0/0
10.5.239.32/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.5.239.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
--------------------------------------------------------------------------------------------
如上测试结果所示AR32路由表中有ISIS全部的路由条目(3个Loopback0,4个互联网段)
2.2 在AR32上使用PING命令测试与ISIS区域中各地址的连通性:
(1)在AR32上使用命令:ping 10.5.X.X,直接PING测试ISIS中的地址,由于不知道哪些ISIS地址不能访问,
所以需逐个进行PING测试(3个Loopback0,4个互联网段)
显示信息如下:
--------------------------------------------------------------------------------------
<AR32>ping 10.5.129.28
PING 10.5.129.28: 56 data bytes, press CTRL_C to break
Reply from 10.5.129.28: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 10.5.129.28: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.5.129.28: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.129.28: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.5.129.28: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.5.129.28 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/22/30 ms
<AR32>ping 10.5.129.30
PING 10.5.129.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.129.30: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.5.129.30: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.5.129.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00 % packet loss
round-trip min/avg/max = 20/26/30 ms
<AR32>ping 10.5.34.30
PING 10.5.34.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.34.30: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.5.34.30: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 10.5.34.30: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.5.34.30: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.5.34.30: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.5.34.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/40 ms
<AR32>ping 10.5.34.34
PING 10.5.34.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.34.34: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=2 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=3 ttl=253 time=20 ms
Reply from 10.5.34.34: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 10.5.34.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/30 ms
<AR32>ping 10.5.130.28
PING 10.5.130.28: 56 data bytes, press CTRL_C to break
Reply from 10.5.130.28: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 10.5.130.28: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.5.130.28: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 10.5.130.28 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/22/30 ms
<AR32>ping 10.5.130.31
PING 10.5.130.31: 56 data bytes, press CTRL_C to break
Reply from 10.5.130.31: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.130.31: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 10.5.130.31: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.5.130.31: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.5.130.31: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.5.130.31 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
<AR32>ping 10.5.14.31
PING 10.5.14.31: 56 data bytes, press CTRL_C to break
Reply from 10.5.14.31: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.14.31: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 10.5.14.31: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.5.14.31: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.5.14.31: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 10.5.14.31 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
<AR32>ping 10.5.14.34
PING 10.5.14.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.14.34: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 10.5.14.34: bytes=56 Sequence=2 ttl=253 time=20 ms
Reply from 10.5.14.34: bytes=56 Sequence=3 ttl=253 time=20 ms
Reply from 10.5.14.34: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 10.5.14.34: bytes=56 Sequence=5 ttl=253 time=20 ms
--- 10.5.14.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/24/30 ms
<AR32>ping 10.5.1.30
PING 10.5.1.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.1.30: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.1.30: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 10.5.1.30: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.5.1.30: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.5.1.30: bytes=56 Sequence=5 ttl=254 time=20 ms
--- 10.5.1.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/22/30 ms
<AR32>ping 10.5.1.31
PING 10.5.1.31: 56 data bytes, press CTRL_C to break
Reply from 10.5.1.31: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.1.31: bytes=56 Sequence=2 ttl=254 time=40 ms
Reply from 10.5.1.31: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.5.1.31: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.5.1.31: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 10.5.1.31 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/28/40 ms
<AR32>ping 10.5.1.34PING 10.5.1.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.1.34: bytes=56 Sequence=1 ttl=253 time=40 ms
Reply from 10.5.1.34: bytes=56 Sequence=2 ttl=253 time=30 ms
Reply from 10.5.1.34: bytes=56 Sequence=3 ttl=253 time=20 ms
Reply from 10.5.1.34: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 10.5.1.34: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 10.5.1.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/40 ms
--------------------------------------------------------------------------------------
如上测试结果表明:直接使用PING命令可以ping通ISIS区域中的所有地址(3个Loopback,4个互联网段 )。
(2)在AR32上使用命令:ping -a 10.5.1.32 10.5.X.X,以Loopback0作为源地址PING测试ISIS中的地址,
由于不知道哪些ISIS地址不能访问,所以需要逐个地址进行PING测试(3个Loopback0,4个互联网段)
显示信息如下:
-----------------------------------------------------------------------------------------
<AR32>ping -a 10.5.1.32 10.5.1.30PING 10.5.1.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.1.30: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.1.30: bytes=56 Sequence=2 ttl=254 time=20 ms
Reply from 10.5.1.30: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.5.1.30: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.5.1.30: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 10.5.1.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
PING 10.5.1.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.1.34: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 10.5.1.34: bytes=56 Sequence=2 ttl=253 time=30 ms
Reply from 10.5.1.34: bytes=56 Sequence=3 ttl=253 time=20 ms
Reply from 10.5.1.34: bytes=56 Sequence=4 ttl=253 time=50 ms
Reply from 10.5.1.34: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 10.5.1.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/50 ms
PING 10.5.129.28: 56 data bytes, press CTRL_C to break
Reply from 10.5.129.28: bytes=56 Sequence=1 ttl=255 time=40 ms
Reply from 10.5.129.28: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 10.5.129.28: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.129.28: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.5.129.28: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.5.129.28 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/40 ms
PING 10.5.129.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.129.30: bytes=56 Sequence=1 ttl=254 time=20 ms
Reply from 10.5.129.30: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=3 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=4 ttl=254 time=30 ms
Reply from 10.5.129.30: bytes=56 Sequence=5 ttl=254 time=10 ms
--- 10.5.129.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/24/30 ms
PING 10.5.34.30: 56 data bytes, press CTRL_C to break
Reply from 10.5.34.30: bytes=56 Sequence=1 ttl=254 time=30 ms
Reply from 10.5.34.30: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.5.34.30: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.5.34.30: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.5.34.30: bytes=56 Sequence=5 ttl=254 time=30 ms
--- 10.5.34.30 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/26/30 ms
PING 10.5.34.34: 56 data bytes, press CTRL_C to break
Reply from 10.5.34.34: bytes=56 Sequence=1 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=2 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=3 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=4 ttl=253 time=30 ms
Reply from 10.5.34.34: bytes=56 Sequence=5 ttl=253 time=30 ms
--- 10.5.34.34 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/30/30 ms
PING 10.5.130.28: 56 data bytes, press CTRL_C to break
Reply from 10.5.130.28: bytes=56 Sequence=1 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 10.5.130.28 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/22/30 ms
PING 10.5.130.31: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.130.31 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PING 10.5.14.31: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.14.31 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PING 10.5.14.34: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.14.34 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
PING 10.5.1.31: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.5.1.31 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
------------------------------------------------------------------------------
结果表明,以AR32的Loopback0作为源地址,不能PING通AR34的G0/0/1接口以及AR31的所有接口
其余ISIS中的地址都能PING通。
(3)经过以上两步测试可发现,以AR32的Loopback0作为源地址访问ISIS区域路由时候出现了问题,
所以可以初步判断环境中存在针对AR32上的Loopback0地址的过滤,下一步需要排查是针对AR32的Loopback0地址
的路由过滤(控制层面)还是流量过滤(转发平面)
2.3 检查AR31与AR34是否存在针对AR32的Loopback0地址的路由过滤
(1)登录AR34,通过命令:display ip routing-table查看路由表
------------------------------------------------------------------------------
<AR34>display ip routing-table Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations : 16 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 ISIS-L1 15 10 D 10.5.34.30 GigabitEthernet0/0/0
ISIS-L1 15 10 D 10.5.14.31 GigabitEthernet
0/0/1
10.5.1.30/32 ISIS-L1 15 10 D 10.5.34.30 GigabitEthernet
0/0/0
10.5.1.31/32 ISIS-L1 15 10 D 10.5.14.31 GigabitEthernet
0/0/1
10.5.1.34/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.14.0/24 Direct 0 0 D 10.5.14.34 GigabitEthernet
0/0/1
10.5.14.34/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.5.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.5.34.0/24 Direct 0 0 D 10.5.34.34 GigabitEthernet
0/0/0
10.5.34.34/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.5.34.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.5.129.0/24 ISIS-L1 15 20 D 10.5.34.30 GigabitEthernet
0/0/0
10.5.130.0/24 ISIS-L1 15 20 D 10.5.14.31 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
------------------------------------------------------------------------------
结果表明。AR34的路由显示正常,存在两条等价的缺省路由。
(2)登录AR31,通过命令:display ip routing-table查看路由表
-----------------------------------------------------------------------------------------------------------------------------------------
<AR31>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 23 Routes : 23
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.5.1.27/32 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.1.28/32 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.1.29/32 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.1.30/32 ISIS-L1 15 20 D 10.5.14.34 GigabitEthernet0/0/1
10.5.1.31/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.5.1.32/32 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.1.33/32 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.1.34/32 ISIS-L1 15 10 D 10.5.14.34 GigabitEthernet0/0/1
10.5.14.0/24 Direct 0 0 D 10.5.14.31 GigabitEthernet0/0/1
10.5.14.31/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.14.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.5.34.0/24 ISIS-L1 15 20 D 10.5.14.34 GigabitEthernet0/0/1
10.5.40.0/24 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.128.0/24 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
10.5.129.0/24 ISIS-L1 15 30 D 10.5.14.34 GigabitEthernet0/0/1
10.5.130.0/24 Direct 0 0 D 10.5.130.31 GigabitEthernet0/0/2
10.5.130.31/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.5.130.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.5.239.0/24 ISIS-L2 15 74 D 10.5.130.28 GigabitEthernet0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
-----------------------------------------------------------------------------------------------------------------------------------------
结果表明AR31上面存在AR32的Loopback0地址以及其他所有路由,所以AR31上面也并未配置路由的过滤。
(3)如上测试结果所示,由于AR32、AR31、AR34均无路由缺失,所以说明在AR28上的单点双向引入操作均无故障,
由于AR32的Loopback0能PING通AR30的Loopback0接口,所以判断在AR30上也不存在路由过滤行为。下一步确认
是否针对AR32做了流量过滤。
2.4 使用 tracert工具观察路径走向
(1)在AR32上分别不带源地址和带Loopback0作为源地址,以10.5.1.34作为目标地址做路由跟踪,观察数据包的走向。
显示信息如下:
---------------------------------------------------------------------------------------
tracert 10.5.1.34
traceroute to 10.5.1.34(10.5.1.34), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.5.239.28 20 ms 20 ms 20 ms
2 10.5.130.31 20 ms 10.5.129.30 20 ms 10.5.130.31 30 ms
3 10.5.34.34 20 ms 10.5.14.34 20 ms 10.5.34.34 20 ms
<AR32>tracert -a 10.5.1.32 10.5.1.34
traceroute to 10.5.1.34(10.5.1.34), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.5.239.28 30 ms 10 ms 20 ms
2 * 10.5.129.30 30 ms *
3 10.5.34.34 30 ms * 40 ms
---------------------------------------------------------------------------------------
如上测试及输出结果表明,在AR32上带源地址,在第二跳中显示为*的地址为10.5.130.31(AR31的G0/0/2),在第三跳中显示为*
地址为10.5.14.34(AR34的G0/0/1口),下一步以10.5.1.31作为目的地址再次验证:
(2)在AR32上面分别不带源地址和带Loopback0作为源地址,以10.5.1.31作为目标地址做路由跟踪,观察数据包的走向。
显示信息如下:
------------------------------------------------------------------------------------------
<AR32>tracert 10.5.1.31
traceroute to 10.5.1.31(10.5.1.31), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.5.239.28 20 ms 20 ms 10 ms
2 10.5.130.31 20 ms 20 ms 30 ms
<AR32>tracert -a 10.5.1.32 10.5.1.31
traceroute to 10.5.1.31(10.5.1.31), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.5.239.28 40 ms 20 ms 20 ms
2 * * *
3 * * *
------------------------------------------------------------------------------------------
由输出结果表明,AR32上不带源地址tracert AR31时走的路径为AR32--AR28--AR31,
但当携带源地址tracert AR31时数据包转发至AR28后就产生了丢包,与上一步结论一致,下一步需要
判断过滤行为具体发生在哪台设备上。
2.5 在AR32上以Loopback0作为源地址,10.5.130.31作为目标地址做路由跟踪。同时在AR31查看G0/0/2接口的
相关信息做前后比对。
------------------------------------------------------------------------------------------
<AR32>tracert -a 10.5.1.32 10.5.130.31
traceroute to 10.5.130.31(10.5.130.31), max hops: 30 ,packet length: 40,press CTRL_C to break
1 10.5.239.28 10 ms 10 ms 10 ms
2 * * *
<AR31>display interface GigabitEthernet 0/0/2
Input: 404 packets, 513974 bytes
Unicast: 41, Multicast: 360
Broadcast: 3, Jumbo: 0
Discard: 0, Total Error:
------------------------------------------------------------------------------------------
根据以上测试方法,经过多次观察AR31的G0/0/2接口信息,发现接口上Input方向收到的Unicast单播报文数量始终
没有增加,又因为数据包到达AR28后丢包,所以可以判断流量的过滤是在AR28的G0/0/2接口的出方向。
2.6 综合分析
首先通过前四步测试排除了所有设备上存在路由过滤的可能,第四步路由跟踪结果显示:数据包能通过
AR28经过AR30后可以到达AR34,所以能排除在AR30上做流量过滤的可能,也可以排除AR28的G0/0/1和
AR34的G0/0/0口流量过滤的可能,但通过AR28后无法到达AR31,能够得出结论为数据包是在AR28和AR31之间
发生了丢包。经过第五步的测试,发现AR31的G0/0/2口的Inpunt方向始终没有收到AR32发出的单播数据包,
说明AR32发出的数据包没有到达AR31的G0/0/2口。
所以能够得出结论:在AR28的G0/0/2口的outbound方向做了针对AR32的Loopback地址的流量过滤。3、解决方案
3.1 在AR28的G0/0/2接口下查看相关配置,并删除流量过滤命令
system-view //进入系统视图模式
interface GigabitEthernet0/0/2 //进入接口视图下
display this //查看接口下是否有过滤行为
undo traffic-filter outbound //删除针对AR32Loopback0口的流量过滤命令
undo traffic-policy outbound //删除针对AR32Loopback0口的流量过滤命令
做完上述步骤后,在AR32上执行命令:ping -a 10.5.1.32 10.5.1.31和 ping -a 10.5.1.32 10.5.14.34,PING通表示故障
已全部排除,如不通请参考以下高可能性。
高可能性1:在AR31的G0/0/1和G0/0/2口存在流量过滤的命令。
system-view //进入系统视图模式
interface GigabitEthernet0/0/1(G0/0/2) //进入相关接口视图下
display this //查看接口下配置
undo traffic-filter outbound(inbound) //删除针对AR32的Loopback0口的流量过滤命令
undo traffic-policy outbound(inbound) //删除针对AR32的Loopback0口的流量过滤命令
高可能性2:在AR34的G0/0/1口存在流量过滤命令
解决方法如下:
system-view //进入配置修改模式
interface GigabitEthernet0/0/1 //进入相关接口视图下
display this //查看接口下配置
undo traffic-filter outbound(inbound) //删除针对AR32的Loopback0口的流量过滤命令
undo traffic-policy outbound(inbound) //删除针对AR32的Loopback0口的流量过滤命令
最后在所有设备上保存配置:
quit //退到<HUAWEI>模式下
save //所有设备保存配置,防止掉电后故障重现