非同一子网问题,是在尝试建立 EIGRP 邻居关系时,所遇到的最常见故障之一。而在因为子网不一致造成 EIGRP 无法建立邻居关系时,将有下面的消息在控制台上打印出来,或是被路由器、交换机所记录(Uncommon subnet issues are one of the most common problems experienced when attempting to establish EIGRP neighbour relationships. When EIGRP cannot establish a neighbour relationship because of an uncommon subnet, the following error message will be printed on the console, or will be logged by the router or switch):
而 EIGRP 的那些 K 值,则是用于给路径的不同方面,比如带宽、延迟等可能包含在 EIGRP 复合度量值中的参数,进行权重分配的。这里再度说明一下,默认的 K 值为:`K1=K3=1`及`K2=K4=K5=0`。如在某台路由器或交换机上对这些 K 值进行了修改,那么就必须对自治系统中所有其它路由器或交换机上的 K 值做同样修改。使用`show ip protocols`命令,就可查看到默认 EIGRP 的那些 K 值,如下所示:
与 OSPF 使用到**本地意义上的进程ID**不同, 在与其它路由器建立邻居关系时, EIGRP 要求同样的自治系统编号(除开其它变量之外)。对此方面故障的排除,是通过对设备配置进行比较,并确保那些将要建立邻居关系的路由器之间的自治系统编号(除开其它变量)一致即可。作为邻居处于不同自治系统的一个良好指标,就是即使路由器之间有着基本的 IP 连通性的情况下,仍然缺少双向 Hello 数据包。这一点可通过使用`show ip eigrp traffic`命令予以验证,该命令的输出在接下来的小节中有演示(unlike OSPF, which uses **a locally significant process ID**, EIGRP requires the same ASN(among other variables) when establishing neighbour relationships with other routers. Troubleshoot such issues by comparing configurations of devices and ensuring that the ASN(among other variables) is consistent between routers that should establish neighbour relationships. A good indicator that neighbours are in a different AS would be a lack of bidirectional Hellos, even in the presence of basic IP connectivity between the routers. This can be validated using the `show ip eigrp traffic` command, the output of which is illustrated in the section that follows)。
最后,一些常见的认证配置错误,包括在配置密钥链时使用了不同密钥 ID ,以及指定了不同或不匹配的口令等(Finally, common authentication configuration mistakes include using different key IDs when configuring key chains and specifying different or mismatched password)。在某个接口下开启了认证时, EIGRP 邻居关系将被重置并被重新初始化。如在部署认证之后,原本已建立的邻居关系未能再度建立,那么就要通过在路由器上观察运行配置,或使用`show key chain`及`show ip eigrp interfaces detail [name]`命令,来对各项认证参数进行检查。下面是由`show key chain`命令所打印出来的示例输出:
在一些故障实例中,可能会注意到 EIGRP 未有将某些路由安装到路由表中。造成此类问题的主要原因,就是某些与协议失败相对应的错误配置(For the most part, this is typically due to some misconfigurations versus a protocol failure)。路由安装失败的一些常见原因如下:
管理距离这一概念,被用于确定出路由源的可靠性(The administrative distance(AD) concept is used to determine how reliable the route source is)。较低的管理距离,就意味着路由源更为可靠。假如从三种不同协议接收到同一条路由,那么有着最低管理距离的那条路由,将被安装到路由表中。在使用 EIGRP 时,要记住对于汇总、内部及外部三种路由(summary, internal, and external routes), EIGRP 分别使用了不同的管理距离值。而假如同时运行着多种路由协议,这时就要确保对各种路由协议的管理距离数值,以及它们对路由表的生成有何种影响有所掌握。这在进行多种路由协议之间路由重分发时,尤其要加以关注(If you are running multiple routing protocols, it is important to ensure that you understand AD values and how they impact routing table population. This is especially of concern when you are Redistributing routes between multiple routing protocols)。
默认情况下, EIGRP 在有类边界上进行自动汇总,并创建出一条指向`Null0`接口的汇总路由。由于该汇总是以默认的管理距离数值`5`安装到路由表中的,因此所有其它类似的动态接收到的路由,就都不会被安装到路由表中了(By default, EIGRP automatically summarises at classful boundaries and creates a summary route pointing to the `Null0` interface. Because the summary is installed with a default AD value of `5`, any other similar dynamically received routes will not be installed into the routing table)。比如考虑下图37.1中所演示的拓扑:
EIGRP路由器 ID ( RID )的主要用途,就是阻止路由环回的形成。 RID 用于识别外部路由的始发路由器(The RID is used to identify the originating router for external routes)。假如接收到一条有着与本地路由器相同 RID 的外部路由,该路由将被丢弃。不过重复的路由器 ID ,却并不会影响到任何内部 EIGRP 路由。设计此特性的目的,就是降低那些有着多台自治系统边界路由器(AS Boundary Router, ASBR)进行路由重分发的网络出现路由环回的可能性。在`show ip eigrp topology`命令的输出中,便可查看到始发路由器 ID (The primary use of the EIGRP router ID(RID) is to prevent routing loops. The RID is used to identify the originating router for external routes. If an external route is received with the same RID as the local router, the route will be discarded. However, duplicate RIDs do not affect any internal EIGRP routes. This feature is designed to reduce the possibility of routing loops in networks where route redistribution is being performed on more than on ASBR. The originating RID can be viewed in the output of the `show ip eigrp topology` command),如下所示:
如怀疑存在潜在的 RID 重复故障,就可以对 EIGRP 事件日志中的事件进行检查,看看是否有任何路由因为 RID 重复而被拒绝。下面的示例演示了该 EIGRP 事件日志的输出样例,显示出一些因为从某台与本地路由器有着相同 RID 的路由器接收,而被弹回的路由(If you suspect a potential duplicate RID issue, you can check the events in the EIGRP event log to see if any routes have been rejected because of a duplicate RID. The following illustrates a sample output of the EIGRP event log, showing routes that have been rejected because they were received from a router with the same RID as the local router):
上述问题的可能解决办法,就是修改邻居路由器`10.0.0.1`上的 RID ,或本地路由器的 RID ,这取决于到底哪一个是不被正确配置的(The resolution for the solution above would be to change the RID on neighbour router `10.0.0.1` or on the local router, depending upon which one of the two has been incorrectly configured)。
最后,重要的是记住 EIGRP 不会将那些未能满足可行条件的路由,安装到路由表中。就算在本地路由器上配置了`variance`命令,这一点也是适用的。作为一个常见误解,就是执行`variance`命令,就会令到 EIGRP 在那些路由度量值为后继路由度量值`x`倍的路径上进行负载分配了(Finally, it is important to remember that EIGRP will not install routes into the routing table if they do not meet the Feasibility Condition. This is true even if the `variance` command has been configured on the local router. It is a common misconception that issuing the `variance` command will allow EIGRP to load share over any paths whose route metric is `x` times that of the successor metric)。比如请考虑下图37.2中所演示的拓扑:
`R1`已被配置为在所有路径上进行负载均衡,同时命令`variance 2`被加入到路由器配置。这就令到 EIGRP 在至多两倍于后继路由度量值的路径上进行负载均衡,给予默认的度量值计算,这将包含到所有三条的路径。但尽管有着此配置,仍只有两条路径将被安装及使用(`R1` has been configured to load share across all paths and the `variance 2` command is added to the router configuration. This allow EIGRP to load share across paths with up to twice the metric of the Successor route, which would include all three paths based on the default metric calculation. However, despite this configuration, only two paths will be installed and used)。
但邻居`R2`到`192.168.100.0/24`网络的度量值却是`30`。该值要比可行距离`25`要高。那么该路由就不满足可行条件,而不被当作是一条可行后继。但该路由仍将被放入到 EIGRP 的拓扑表。不过就算该路径的度量值是处于由 EIGRP 路由器配置命令`variance 2`所指定的范围中,其也不会被用于负载分配。在这类情形中,可考虑使用**EIGRP的偏移清单**,来确保所有路由都被加以考虑(In such situations, consider using **EIGRP offset lists** to ensure that all routes are considered)。
总是会出现看起来 EIGRP 要么没有对其配置的那些进行通告的网络加以通告,要么通告出其未配置为进行通告的那些网络的情形。对于这些大部分情况来说,此类故障都是由于路由器或交换机的不当配置造成的。而至于 EIGRP 没有对其已配置为加以通告的某个网络进行通告的原因,有好几种。一些原因如下所示(There are times when it may seem that EIGRP is either not advertising the networks that is has been configured to advertise or is advertising networks that it has not been configured to advertise. For the most part, such issues are typically due to router and switch misconfigurations. Thare are several reasons why EIGRP might not advertise a network that it has been configured to advertise. Some of these reasons include the following):
未正确配置的投送清单,是 EIGRP 没有对某个已被配置为加以通告的网络进行通告的一个原因。在配置同送清单时,要确保所有应被通告的网络,都是为所引用的**IP访问控制清单**或**IP前缀清单放行**的(Incorrectly configured distribute lists are one reason why EIGRP might not advertise a network that it has been configured to advertise. When configuring distribute lists, ensure that all networks that should be advertised are permitted by the referenced **IP ACL** or **IP Prefix List**)。
另一个采用 EIGRP 时与网络通告有关的常见故障,就是水平分割的默认行为了。水平分割是一项强制路由信息无法从其被接收到的接口,再发送出去的一项距离矢量协议特性。此特性阻止了路由信息再度通告到学习到该信息的来源,从而有效地阻止了路由环回(Another common issue pertaining to network advertisement when using EIGRP is the default behaviour of split horizon. Split horizon is a Distance Vector protocol feature that mandates that routing information cannot be sent back out of the same interface through which it was received. This prevents the re-advertising of information back to the source from which it was learned, effectively preventing routing loops)。此概念在下图37.3中进行了演示:
图37.3中的拓扑演示了**一个经典的中心与分支网络**,其中路由器`HQ`作为**中心路由器**,而路由器`S1`与`S2`作为两台**分支路由器**。在该帧中继的 WAN 上,每台分支路由器都有着**局部网状网络**中、单独的在各自自身与中心路由器之间所提供的 DLCI 。默认情况下,对于连接到**包交换网络**,比如这里的帧中继的 WAN 接口, EIGRP 的水平分割是开启的。这就意味着该中心路由器将不会对接口`Serial0/0`上学习到的路由信息,再在该相同接口上通告出去(The topology in Figure 37.3 illustrates **a classic hub-and-spoke network**, with router `HQ` as **the hub router** and routers `S1` and `S2` as **the two spoke routers**. On the Frame Relay WAN, each spoke router has a single DLCI provisioned between itself and the `HQ` router in **a partial-mesh topology**. By default, EIGRP split horizon is enabled for WAN interfaces connected to **packet-switched networks**, such as Frame Relay. This means that the `HQ` router will not advertise routing information learned on `Serial0/0` out of the same interface)。
该默认行为的影响,就是中心路由器不会将自`S1`接收到的`10.1.1.0/24`前缀通告给`S2`, 因为该路由是通过`Serial0/0`接口接收到,而水平分割特性阻止了该路由器对在那个接口上所学习到的信息从该相同接口通告出去。同样的情形对于中心路由器从`S2`上所接收到的`10.2.2.0/24`前缀也是适用的。此问题的推荐解决办法,就是在中心路由器的该 WAN 接口上,使用接口配置命令`no ip split-horizon eigrp [asn]`关闭水平分割特性了。
而对于 EIGRP 来说,自动汇总则是在**有类边界**(the classful boundary)上默认是开启的。这一点可使用`show ip protocols`命令予以验证到。除开自动汇总, EIGRP 还支持接口级别的手动汇总。不管采用何种方式,汇总都将阻止由汇总路由所涵盖到的那些更具体路由条目,被通告给邻居路由器(Regardless of the method implemented, summarisation prevents the more specific route entries that are encompassed by the summary from being advertised to neighbour routers)。如果汇总是被不当配置的,那就可能出现 EIGRP 没有通告出某些网络的情况。比如请考虑下图37.4中所演示的基本网络拓扑:
参考图37.4, 所有路由器都位于 EIGRP 自治系统`150`中。`R2`正经由 EIGRP 对`10.1.1.0/24`、`10.1.2.0/24`与`10.1.3.0/24`子网进行通告。而`R1`也有着一个分配给子网`10.1.0.0/24`的接口,其就应相应地将这些子网通告给`R3`(`R1`, which also has an interface assigned to the `10.1.0.0/24` subnet, should in turn advertise these subnets to `R3`)。路由器`R2`上的 EIGRP 配置已作如下部署:
因为在`R1`上汇总是开启的,就出现了 EIGRP 不再通告由**汇总路由**`10.0.0.0/8`所包含的那些具体子网的情况了(Because summarisation is enabled on `R1`, it appears that the EIGRP is no longer advertising the specific subnets encompassed by the `10.0.0.0/8`**summary**)。而要允许这些具体子网通过 EIGRP 得以通告,就应在`R1`上将汇总关闭,如下所示:
在前面这些小节中我们把主要强调的方面放在那些`show`命令上的同时,此最后的小节将介绍一些还可以用于 EIGRP 故障排除的调试命令。不过还是要始终记住,调试是甚为处理器密集,而应作为随后手段加以应用的(也就是在应用并尝试了所有`show`命令及其它故障排除方法和工具之后。While primary emphasis has been placed on the use of `show` commands in the previous sections, this final section descibes some of the debugging commands that can also be used to troubleshoot EIGRP. Keep in mind, however, that debugging is very processor intensive and should be used only as a last resort(i.e., after all `show` commands and other troubleshooting methods and tools have been applied or attempted))。
可与某条访问控制清单结合使用此命令,来查看有关在那个访问控制清单中所引用到某条路由或某几条路由的信息。此外,同样的命令也可以用于本地设备上静态路由事件的调试。作为附注,在运行 EIGRP 时,作为使用此命令的替代,请考虑使用`show ip eigrp events`命令而不是此命令,因为`show ip eigrp events`提供到 EIGRP 内部事件的历史记录,且可用于对活动粘滞故障,以及路由抖动及其它事件进行排除(You can use this command in conjunction with an ACL to view information about the route or routes referenced in the ACL. Additionally, the same command can also be used for troubleshooting static route events on the local device. As a side note, instead of using this command, if you are running EIGRP, consider using the `show ip eigrp events` command instead, as it provides a history of EIGRP internal events and can be used to troubleshoot SIA issues, as well as route flaps and other events)。下面是`show ip eigrp events`命令所打印信息的一个示例:
除开`debug ip routing`命令,思科 IOS 软件里还有额外可用的两个 EIGRP 专用调试命令。命令`debug eigrp`可用于提供到有关弥散更新算法的有限状态机、 EIGRP 邻居关系、非停止转发事件、数据包及传输事件等的相关实时信息(In addition to the `debug ip routing` command, two additional EIGRP-specific debugging commands are also available in Cisco IOS software. The `debug eigrp` command can be used to provide real-time information on the DUAL Finite State Machine, EIGRP neighbour relationships, Non-Stop Forwarding events, packets, and transimission events)。下面演示了此命令可用的参数:
1. The neighbour routers are not on a common subnet; mismatched primary and secondary subnets; mismatched K values; mismatched ASN; ACLs are filtering EIGRP packets; Physical Layer issues; Data Link Layer issues; and mismatched authentication parameters.
2. The `show ip protocols` command.
3. The `show ip eigrp traffic` command.
4. The same route is received via another protocol with a lower administrative distance;EIGRP summarisation; duplicate router IDs are present within the EIGRP domain; and the routes do not meet the Feasibility Condition.
5. True.
6. True.
7. The `debug eigrp fsm` command.
8. The `show ip eigrp topology x.x.x.x y.y.y.y` command.
- 针对已通告的路由测试`show ip eigrp topology`命令,并留意起源 RID ;在远端路由器上修改 RID ,并再次执行该命令(Test the `show ip eigrp topology` command for the advertised route and notice the originating RID; change the RID on the remote router and issue the command again)