目录
- 实验条件
- 网络拓朴
- 路由器基础配置
- 开始排错, 要求R14访问R11的lo0时负载均衡
- 1. K值不匹配
- 2. R14和R13邻居关系没有起来,
- 3. 继续排查邻居关系,R13和R11关系没有起来
- 4. R13的R11邻居关系起来又关闭,关闭又起来(认证信息不匹配),
- 5. 分发列表中拦截了目标路由
- 6. 使用了偏移列表修改了metric值,修正。
实验条件
网络拓朴
逻辑拓扑图
要求输出以下数据
路由器基础配置
R11 4组以太网接口
!
hostname R11
!
enable secret 5 $1$ixiY$3Lw0yIdKtcQnWVtqnj8vq/
!
no aaa new-model
!
interface Loopback0ip address 145.11.11.11 255.255.255.255
!
interface Ethernet0/0ip address 145.67.89.1 255.255.255.252duplex auto
!
interface Ethernet1/0ip address 145.67.89.5 255.255.255.252ip authentication mode eigrp 145 md5duplex auto
!
interface Ethernet2/0ip address 145.67.89.9 255.255.255.252duplex auto
!
!
interface Ethernet3/0ip address 145.67.89.13 255.255.255.252duplex auto
!
router eigrp 145metric weights 0 1 1 1 1 1network 145.11.11.11 0.0.0.0network 145.67.89.1 0.0.0.0network 145.67.89.5 0.0.0.0
!
router bgp 14567bgp router-id 145.11.11.11bgp log-neighbor-changesnetwork 145.67.89.8 mask 255.255.255.252network 145.67.89.12 mask 255.255.255.252neighbor IBGP peer-groupneighbor IBGP remote-as 14567neighbor IBGP update-source Loopback0neighbor IBGP route-reflector-clientneighbor IBGP next-hop-selfneighbor 145.12.12.12 peer-group IBGPneighbor 145.13.13.13 peer-group IBGPneighbor 145.14.14.14 peer-group IBGPneighbor 145.67.89.10 remote-as 65200neighbor 145.67.89.10 default-originateneighbor 145.67.89.14 remote-as 65200
!
ip forward-protocol nd
!
line con 0logging synchronous
line aux 0
line vty 0 4logintransport input none
!
end
R12 3组以太网接口、4组串口
hostname R12
!
enable secret 5 $1$tM4m$6cO5WZCiuX8zfSzuSkiFd.
!
no aaa new-model
!
no ip domain lookup
!
username UberMarket_spoke_R17 password 0 ccie
!
bba-group pppoe CCIEvirtual-template 1
!
!
interface Loopback0ip address 145.12.12.12 255.255.255.255
!
interface Ethernet0/0ip address 145.67.89.2 255.255.255.252duplex auto
!
interface Ethernet1/0ip address 145.67.89.17 255.255.255.252duplex auto
!
!
interface Ethernet2/0ip address 123.45.67.44 255.255.255.248duplex auto
!
!
interface Serial4/0ip address 145.67.89.21 255.255.255.252encapsulation ppppeer default ip address pool SPOKE1ppp authentication chapserial restart-delay 0
!
router eigrp 145metric weights 0 1 1 1 1 1network 145.12.12.12 0.0.0.0network 145.67.89.2 0.0.0.0network 145.67.89.17 0.0.0.0network 145.67.89.21 0.0.0.0offset-list 1 in 1000 Ethernet1/0 passive-interface Ethernet2/0passive-interface Serial4/0
!
router bgp 14567bgp router-id 145.12.12.12bgp log-neighbor-changesnetwork 123.45.67.20 mask 255.255.255.252network 123.45.67.40 mask 255.255.255.248neighbor 123.45.67.45 remote-as 12345neighbor 123.45.67.45 shutdownneighbor 123.45.67.46 remote-as 12345neighbor 145.11.11.11 remote-as 14567neighbor 145.11.11.11 update-source Loopback0neighbor 145.11.11.11 next-hop-self
!
ip local pool SPOKE1 145.67.89.222
ip forward-protocol nd
!
!
line con 0logging synchronous
line aux 0
line vty 0 4logintransport input none
!
end
R13 2组以太网接口、4组串口
!
hostname R13
!
enable secret 5 $1$Hksu$3RrwGTLlPepcJNn5RMubO0
!
no aaa new-model
!
no ip domain lookup
!
!
username UberMarket_spoke_R19 password 0 CCIE
!
!
interface Loopback0ip address 145.13.13.13 255.255.255.255
!
interface Ethernet0/0ip address 145.67.89.66 255.255.255.252duplex auto
!
!
interface Ethernet1/0ip address 145.67.89.25 255.255.255.252duplex auto
!
interface Serial4/0ip address 145.67.89.33 255.255.255.252encapsulation ppppeer default ip address pool SPOKE3ppp authentication chapserial restart-delay 0
!
!
router eigrp 145metric weights 0 1 1 1 1 1network 145.13.13.13 0.0.0.0network 145.67.89.6 0.0.0.0network 145.67.89.25 0.0.0.0
!
router bgp 14567bgp router-id 145.13.13.13bgp log-neighbor-changesnetwork 145.67.89.32 mask 255.255.255.252neighbor 145.11.11.11 remote-as 14567neighbor 145.11.11.11 update-source Loopback0neighbor 145.11.11.11 next-hop-selfdistribute-list 10 out
!
ip local pool SPOKE3 145.67.89.34
ip forward-protocol nd
!
line con 0logging synchronous
line aux 0
line vty 0 4logintransport input none
!
end
R14 2组以太网接口、4组串口
hostname R14
!
enable secret 5 $1$FFk.$4COm8cggMSeUccrb8QSND.username UberMarket_spoke_R18 password 0 CCIE
!
!
!
interface Loopback0ip address 145.14.14.14 255.255.255.255
!
interface Ethernet0/0ip address 145.67.89.18 255.255.255.252duplex auto
!
interface Ethernet1/0ip address 145.67.89.26 255.255.255.252duplex auto
!
interface Serial4/0ip address 145.67.89.29 255.255.255.252encapsulation ppppeer default ip address pool SPOKE2ppp authentication chapppp chap hostname Router14serial restart-delay 0
!
!
router eigrp 145distribute-list prefix DENY out network 145.14.14.14 0.0.0.0network 145.67.89.18 0.0.0.0network 145.67.89.26 0.0.0.0passive-interface Ethernet1/0
!
router bgp 14567bgp router-id 145.14.14.14bgp log-neighbor-changesnetwork 145.67.89.28 mask 255.255.255.252neighbor 145.11.11.11 remote-as 14567neighbor 145.11.11.11 update-source Loopback0neighbor 145.11.11.11 next-hop-self
!
ip local pool SPOKE2 145.67.89.30
ip forward-protocol nd
!
!
ip prefix-list DENY seq 5 deny 145.14.14.14/32
ip prefix-list DENY seq 15 permit 0.0.0.0/0 le 32
ipv6 ioam timestamp
!
control-plane
!
line con 0logging synchronous
line aux 0
line vty 0 4logintransport input none
!
end
开始排错, 要求R14访问R11的lo0时负载均衡
开机、R12、R14报错:这两台机之间的K值不匹配
1. K值不匹配
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.17 (Ethernet0/0) is down: K-value mismatch
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.17 (Ethernet0/0) is down: K-value mismatch
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.17 (Ethernet0/0) is down: K-value mismatch
其它的路由EIGRP都配置了K值,所以把R14也配置上K值,而不是no掉所有的k值
R14(config)#router eigrp 145
R14(config-router)#metric weights 0 1 1 1 1 1
R14(config-router)#
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.17 (Ethernet0/0) is up: new adjacency
R14(config-router)#do show ip eigrp neighbor
EIGRP-IPv4 Neighbors for AS(145)
H Address Interface Hold Uptime SRTT RTO Q Seq(sec) (ms) Cnt Num
0 145.67.89.17 Et0/0 12 00:00:16 13 100 0 7
R14(config-router)#
R14和R12的邻居关系起来了,查了所有的路由配置发现在每台路由器都应该有两个邻居。因此。再继续查询R14和R13的邻居关系没有起来的原因
2. R14和R13邻居关系没有起来,
R14(config-router)#do show run | s router ei
router eigrp 145distribute-list prefix DENY out metric weights 0 1 1 1 1 1network 145.14.14.14 0.0.0.0network 145.67.89.18 0.0.0.0network 145.67.89.26 0.0.0.0passive-interface Ethernet1/0
R14(config-router)#
R14配置了被动接口, NO掉
R14(config-router)#no passive-interface e1/0
R14(config-router)#
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.25 (Ethernet1/0) is up: new adjacency
R14(config-router)#
起来了,OK
3. 继续排查邻居关系,R13和R11关系没有起来
R13#show run | s router
router eigrp 145metric weights 0 1 1 1 1 1network 145.13.13.13 0.0.0.0network 145.67.89.6 0.0.0.0network 145.67.89.25 0.0.0.0R11#show run | s router ei
router eigrp 145metric weights 0 1 1 1 1 1network 145.11.11.11 0.0.0.0network 145.67.89.1 0.0.0.0network 145.67.89.5 0.0.0.0
R11#
没有异常。继续查询接口IP配置
R13#debug ip eigrp
EIGRP-IPv4 Route Event debugging is on
R13#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 145.67.89.66 YES NVRAM up up
Ethernet0/1 unassigned YES NVRAM administratively down down
Ethernet0/2 unassigned YES NVRAM administratively down down
Ethernet0/3 unassigned YES NVRAM administratively down down
Ethernet1/0 145.67.89.25 YES NVRAM up up
Ethernet1/1 unassigned YES NVRAM administratively down down
配置了Debug ip eigrp ,并没有日志输出,所以又查询了ip接口
R11#show ip int br
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 145.67.89.1 YES TFTP up up
Ethernet0/1 unassigned YES TFTP administratively down down
Ethernet0/2 unassigned YES TFTP administratively down down
Ethernet0/3 unassigned YES TFTP administratively down down
Ethernet1/0 145.67.89.5 YES TFTP up up
Ethernet1/1 unassigned YES TFTP administratively down down
Ethernet1/2 unassigned YES TFTP administratively down down
接口状态都up了,R13的E0/0口IP:145.67.89.66 与 R14的E1/0口IP:145.67.89.5, 两个接口的IP差值较大,根据配置的一贯风格是有可疑的。(router eigrp 里的ip声明与接口不一样,所以再查询一下接口)
R11#show int e1/0
Ethernet1/0 is up, line protocol is up Hardware is AmdP2, address is aabb.cc00.f001 (bia aabb.cc00.f001)Internet address is 145.67.89.5/30MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not set......R13#show int e0/0
Ethernet0/0 is up, line protocol is up Hardware is AmdP2, address is aabb.cc00.3000 (bia aabb.cc00.3000)Internet address is 145.67.89.66/30MTU 1500 bytes, BW 10000 Kbit/sec, DLY 1000 usec, reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)
......
发现两个IP不是相同的IP网络,所以修改R13的IP配置
R13(config)#int e0/0
R13(config-if)#ip address 145.67.89.6 255.255.255.252
R13(config-if)#
EIGRP-IPv4(145): table(default): 145.67.89.4/30 - do advertise out Ethernet1/0
EIGRP-IPv4(145): Int 145.67.89.4/30 M 1403 - 10000 4000000000 SM 1303 - 1577058304 45776
EIGRP-IPv4(145): table(default): 145.67.89.4/30 routing table not updated thru 145.67.89.26
EIGRP-IPv4(145): table(default): 145.67.89.4/30 - do advertise out Ethernet1/0
EIGRP-IPv4(145): table(default): 145.67.89.4/30 - do advertise out Ethernet1/0
EIGRP-IPv4(145): Int 145.67.89.4/30 M 72057594037927935 - 10000 281474976710655 SM 72057594037927935 - 4294901760 4294967295
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.5 (Ethernet0/0) is up: new adjacency
R13(config-if)#
邻居关系起来了(前面有打开debug)
4. R13的R11邻居关系起来又关闭,关闭又起来(认证信息不匹配),
打开R13的debug调试,没什么更多的信息。在R11上开启调试,好像也没有日志输出。可能是命令不对。
查询一下接口配置。
R11#show run interface e1/0
Building configuration...Current configuration : 120 bytes
!
interface Ethernet1/0ip address 145.67.89.5 255.255.255.252ip authentication mode eigrp 145 md5duplex auto
endR13#show run interface e0/0
Building configuration...Current configuration : 82 bytes
!
interface Ethernet0/0ip address 145.67.89.6 255.255.255.252duplex auto
end
关闭认证
R11(config)#int e1/0
R11(config-if)#no ip authentication mode eigrp 145 md5
R11(config-if)#
%DUAL-5-NBRCHANGE: EIGRP-IPv4 145: Neighbor 145.67.89.6 (Ethernet1/0) is up: new adjacency
查询一下。所有的路由都有两个邻居了,
查询R11的路由,看看是否有学习到R14的接口路由
并没有R14的lo0路由
5. 分发列表中拦截了目标路由
查询到R14环回口的路由被拦截。
R14#show run | s router ei
router eigrp 145distribute-list prefix DENY out metric weights 0 1 1 1 1 1network 145.14.14.14 0.0.0.0network 145.67.89.18 0.0.0.0network 145.67.89.26 0.0.0.0
R14#show run | s prefixdistribute-list prefix DENY out
ip prefix-list DENY seq 5 deny 145.14.14.14/32
ip prefix-list DENY seq 15 permit 0.0.0.0/0 le 32
R14#**执行删除前缀列表的操作**
R14#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R14(config)#no ip prefix-list DENY seq 5 deny 145.14.14.14/32
R14(config)#
路由更新了, 再次查询R11的路由表
R11#show ip route
......145.13.0.0/32 is subnetted, 1 subnets
D 145.13.13.13 [90/1603] via 145.67.89.6, 00:06:28, Ethernet1/0145.14.0.0/32 is subnetted, 1 subnets
D 145.14.14.14 [90/1703] via 145.67.89.6, 00:01:16, Ethernet1/0145.67.0.0/16 is variably subnetted, 10 subnets, 2 masks
C 145.67.89.0/30 is directly connected, Ethernet0/0
并未出现等价负载均衡的路由。查询topology
R11#show ip eigrp topology 145.14.14.14/32
EIGRP-IPv4 Topology Entry for AS(145)/ID(145.11.11.11) for 145.14.14.14/32State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1703Descriptor Blocks:145.67.89.6 (Ethernet1/0), from 145.67.89.6, Send flag is 0x0Composite metric is (1703/1603), route is InternalVector metric:Minimum bandwidth is 10000 KbitTotal delay is 7000 microsecondsReliability is 255/255Load is 1/255Minimum MTU is 1500Hop count is 2Originating router is 145.14.14.14
R11#show ip route 145.14.14.14
Routing entry for 145.14.14.14/32Known via "eigrp 145", distance 90, metric 1703, type internalRedistributing via eigrp 145Last update from 145.67.89.6 on Ethernet1/0, 00:03:09 agoRouting Descriptor Blocks:* 145.67.89.6, from 145.67.89.6, 00:03:09 ago, via Ethernet1/0Route metric is 1703, traffic share count is 1Total delay is 7000 microseconds, minimum bandwidth is 10000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 2
R11#
不仅没有等价负载均衡,连不等价负载均衡也没有出现。因此肯定是另外一个路线不满足可行后续条件。从上表数据输出可以看到145.67.89.6(R13)是正确的那说明R12上的配置有问题。查询R12的配置
R12#show run | s router
router eigrp 145metric weights 0 1 1 1 1 1network 145.12.12.12 0.0.0.0network 145.67.89.2 0.0.0.0network 145.67.89.17 0.0.0.0network 145.67.89.21 0.0.0.0offset-list 1 in 1000 Ethernet1/0 passive-interface Ethernet2/0passive-interface Serial4/0
6. 使用了偏移列表修改了metric值,修正。
R12#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R12(config)#router eigrp 145
R12(config-router)#no offset-list 1 in 1000 Ethernet1/0
R12(config-router)#
再次查询R11路由
R11#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISPa - application route+ - replicated route, % - next hop override, p - overrides from PfRGateway of last resort is not set123.0.0.0/29 is subnetted, 1 subnets
B 123.45.67.40 [200/0] via 145.12.12.12, 02:19:40145.11.0.0/32 is subnetted, 1 subnets
C 145.11.11.11 is directly connected, Loopback0145.12.0.0/32 is subnetted, 1 subnets
D 145.12.12.12 [90/1603] via 145.67.89.2, 00:11:56, Ethernet0/0145.13.0.0/32 is subnetted, 1 subnets
D 145.13.13.13 [90/1603] via 145.67.89.6, 00:12:01, Ethernet1/0145.14.0.0/32 is subnetted, 1 subnets
D 145.14.14.14 [90/1703] via 145.67.89.6, 00:00:26, Ethernet1/0[90/1703] via 145.67.89.2, 00:00:26, Ethernet0/0145.67.0.0/16 is variably subnetted, 10 subnets, 2 masks
C 145.67.89.0/30 is directly connected, Ethernet0/0
L 145.67.89.1/32 is directly connected, Ethernet0/0
C 145.67.89.4/30 is directly connected, Ethernet1/0
L 145.67.89.5/32 is directly connected, Ethernet1/0
C 145.67.89.8/30 is directly connected, Ethernet2/0
L 145.67.89.9/32 is directly connected, Ethernet2/0
C 145.67.89.12/30 is directly connected, Ethernet3/0
L 145.67.89.13/32 is directly connected, Ethernet3/0
D 145.67.89.16/30 [90/1203] via 145.67.89.2, 00:12:01, Ethernet0/0
D 145.67.89.24/30 [90/1203] via 145.67.89.6, 00:00:26, Ethernet1/0
R11#
出现了等价的负载均衡。目标实现。
输出两条路由详细信息
R11#show ip route 145.14.14.14
Routing entry for 145.14.14.14/32Known via "eigrp 145", distance 90, metric 1703, type internalRedistributing via eigrp 145Last update from 145.67.89.2 on Ethernet0/0, 00:01:14 agoRouting Descriptor Blocks:* 145.67.89.6, from 145.67.89.6, 00:01:14 ago, via Ethernet1/0Route metric is 1703, traffic share count is 1Total delay is 7000 microseconds, minimum bandwidth is 10000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 2145.67.89.2, from 145.67.89.2, 00:01:14 ago, via Ethernet0/0Route metric is 1703, traffic share count is 1Total delay is 7000 microseconds, minimum bandwidth is 10000 KbitReliability 255/255, minimum MTU 1500 bytesLoading 1/255, Hops 2
R11#show ip eigrp topology 145.14.14.14/32
EIGRP-IPv4 Topology Entry for AS(145)/ID(145.11.11.11) for 145.14.14.14/32State is Passive, Query origin flag is 1, 2 Successor(s), FD is 1703Descriptor Blocks:145.67.89.2 (Ethernet0/0), from 145.67.89.2, Send flag is 0x0Composite metric is (1703/1603), route is InternalVector metric:Minimum bandwidth is 10000 KbitTotal delay is 7000 microsecondsReliability is 255/255Load is 1/255Minimum MTU is 1500Hop count is 2Originating router is 145.14.14.14145.67.89.6 (Ethernet1/0), from 145.67.89.6, Send flag is 0x0Composite metric is (1703/1603), route is InternalVector metric:Minimum bandwidth is 10000 KbitTotal delay is 7000 microsecondsReliability is 255/255Load is 1/255Minimum MTU is 1500Hop count is 2Originating router is 145.14.14.14
与图片输出结果一致, 目标达到。
