ccna60d/d37-Troubleshooting-EIGRP.md
2020-12-29 17:37:48 +08:00

45 KiB
Raw Blame History

第37天 EIGRP故障排除

Troubleshooting EIGRP


Gitbookccna60d.xfoss.com

你可以在 https://github.com/gnu4cn/ccna60d 上 fork 本项目,并提交你的修正。

本书结合了学习技巧,包括阅读、复习、背书、测试以及 hands-on 实验。

本书译者用其业余时间完成本书的翻译工作,并将其公布到网上,以方便你对网络技术的学习掌握,为使译者更有动力改进翻译及完成剩下章节,你可以 捐赠译者


第37天任务

  • 阅读今天的课文
  • 复习昨天的课文

增强的内部网关路由协议是一种思科专有的高级距离矢量路由协议。因为EIGRP是一种广泛使用的路由协议而作为一名思科网络工程师掌握如何来支持EIGRP就尤为重要。在具备了本教程前面讲到的那些技术下为了对运行着EIGRP的网络进行鼓掌排除与支持就必须对EIGRP协议本身内部工作原理有扎实掌握。

尽管无法深入到所有潜在的EIGRP故障场景本课程模块还是将就那些在把EIGRP选作内部网关协议进行部署时一些最常见的故障场景进行讨论。

今天将学习以下内容:

  • 邻居关系的故障排除, Troubleshooting neighbour relationships
  • 路由安装的故障排除Troubleshooting route installation
  • 路由通告的故障排除, Troubleshooting route advertisement
  • EIGRP路由故障的调试Debugging EIGRP routing issues

本课程对应了以下CCNA大纲要求

  • EIGRP故障排除Troubleshoot and resolve EIGRP problems
    • 邻居关系的建立Neighbour adjancies
    • 自治系统编号AS number
    • 负载均衡Load balancing
    • 水平分割Split horizon

邻居关系故障的排除

Troubleshooting Neighbour Relationships

这里重要的是掌握到仅在两台或更多路由器之间简单地开启EIGRP并不保证能建立邻居关系。而是除了在那些确切参数匹配外一些其它因素亦会造成EIGRP邻居关系建立的失败。以下任何问题都将导致EIGRP邻居关系的无法建立

  • 这些邻居路由器不在同一个子网中The neighbour routers are not on a common subnet
  • 不匹配的主从子网Mismatched primary and secondary subnets
  • K值不匹配Mismatched K values
  • 不匹配的自治系统编号, Mismatched ASN
  • 有访问控制列表将EIGRP数据包过滤掉了Access control lists are filtering EIGRP packets
  • 存在物理层故障Physical Layer issues
  • 存在数据链路层故障Data Link Layer issues
  • 认证参数不匹配, Mismatched authentication parameters

非同一子网问题是在尝试建立EIGRP邻居关系时所遇到的最常见故障之一。而在因为子网不一致造成EIGRP无法建立邻居关系时将有下面的消息在控制台上打印出来或是被路由器、交换机所记录Uncommon subnet issues are one of the most common problems experienced when attempting to establish EIGRP neighbour relationships. When EIGRP cannot establish a neighbour relationship because of an uncommon subnet, the following error message will be printed on the console, or will be logged by the router or switch

*Mar 2 22:12:46.589 CST: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 150.1.1.2 not on common subnet for FastEthernet0/0
*Mar 2 22:12:50.977 CST: IP-EIGRP(Default-IP-Routing-Table:1): Neighbor 150.1.1.2 not on common subnet for FastEthernet0/0

而造成邻居路由器位处不同子网的最常见原因,就是配置不当了。这可能是意外地将邻居路由器接口配置在了两个不同的子网上了。而假如两台邻居路由器是经由VLAN连接的则有可能是因为多播数据包在VLANs之间泄露了从而导致此种故障。对于这种故障要排除之首先就要对设备上的接口配置进行检查。而随后的其它排除步骤则是诸如执行VLAN的故障排除在适用的情况下以对隔离出故障并加以解决。

导致报出上面错误消息的另一常见原因,就是在尝试建立EIGRP邻居关系时采用的是接口的从地址(secondary addresses)。解决此类故障的最简单方式同样是对路由器或交换机的配置进行检查。比如假定上面的错误消息是在本地路由器控制台上打印出来的那么故障排除的第一步就是检查配置在接口上的IP地址如下所示

R1#show running-config interface FastEthernet0/0
Building configuration...
Current configuration : 140 bytes
!
interface FastEthernet0/0
ip address 150.2.2.1 255.255.255.0
duplex auto
speed auto
end

接着就要验证到有着IP地址150.1.1.2的设备上的配置是一致的,如下所示:

R2#show running-config interface FastEthernet0/0
Building configuration...
Current configuration : 140 bytes
!
interface FastEthernet0/0
ip address 150.2.2.2 255.255.255.0 secondary
ip address 150.1.1.2 255.255.255.0
duplex auto
speed auto
end

从上面的输出可以看到路由器R1上的主要子网the primary subnet却是本地路由器R2上的第二子网the secondary subnet。在使用从地址时EIGRP是无法建立邻居关系的。该故障的解决方法就是简单地将路由器R2的Fastethernet0/0接口的IP分址配置the IP addressing configuration予以更正即可如下所示

R2#config terminal
Enter configuration commands, one per line.
End with CNTL/Z.
R2(config)#interface FastEthernet0/0
R2(config-if)#ip address 150.2.2.2 255.255.255.0
R2(config-if)#ip address 150.1.1.2 255.255.255.0 secondary
R2(config-if)#end
*Oct 20 03:10:27.185 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 150.2.2.1 (FastEthernet0/0) is up: new adjacency

而EIGRP的那些K值则是用于给路径的不同方面比如带宽、延迟等可能包含在EIGRP复合度量值中的参数进行权重分配的。这里再度说明一下默认的K值为K1=K3=1K2=K4=K5=0。如在某台路由器或交换机上对这些K值进行了修改那么就必须对自治系统中所有其它路由器或交换机上的K值做同样修改。使用show ip protocols命令就可查看到默认EIGRP的那些K值如下所示

R1#show ip protocols
Routing Protocol is “eigrp 150”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is 1
  Default networks flagged in outgoing updates
  Default networks accepted from incoming updates
  EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
  EIGRP maximum hopcount 100
  EIGRP maximum metric variance 1
  Redistributing: eigrp 150, ospf 1
  EIGRP NSF-aware route hold timer is 240s
  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    10.1.0.0/24
    172.16.1.0/30
  Routing Information Sources:
    Gateway         Distance      Last Update
    (this router)         90      15:59:19
    172.16.0.2            90      12:51:56
    172.16.1.2            90      00:27:17
  Distance: internal 90 external 170

在某台路由器上的K值被重置后那么该本地路由器的所有邻居关系都将被重置。而如果在重置后所有路由器上的这些K值出现不一致那么控制台上将打印出下面的错误消息同时EIGRP邻居关系将不会建立

*Oct 20 03:19:14.140 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 150.2.2.1 (FastEthernet0/0) is down: Interface Goodbye received
*Oct 20 03:19:18.732 CST: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 150.2.2.1 (FastEthernet0/0) is down: K-value mismatched

注意: 尽管可使用metric-weights命令对EIGRP的那些K值进行调整但在没有老练网络工程师或思科技术支持中心的协助下是不推荐的。

与OSPF使用到本地意义上的进程ID不同, 在与其它路由器建立邻居关系时EIGRP要求同样的自治系统编号除开其它变量之外。对此方面故障的排除是通过对设备配置进行比较并确保那些将要建立邻居关系的路由器之间的自治系统编号除开其它变量一致即可。作为邻居处于不同自治系统的一个良好指标就是即使路由器之间有着基本的IP连通性的情况下仍然缺少双向Hello数据包。这一点可通过使用show ip eigrp traffic命令予以验证该命令的输出在接下来的小节中有演示unlike OSPF, which uses a locally significant process ID, EIGRP requires the same ASN(among other variables) when establishing neighbour relationships with other routers. Troubleshoot such issues by comparing configurations of devices and ensuring that the ASN(among other variables) is consistent between routers that should establish neighbour relationships. A good indicator that neighbours are in a different AS would be a lack of bidirectional Hellos, even in the presence of basic IP connectivity between the routers. This can be validated using the show ip eigrp traffic command, the output of which is illustrated in the section that follows

配置不当的访问控制清单ACLs与其它过滤器filters同样也是造成路由器建立EIGRP邻居关系失败的常见原因。这时就要对路由器配置和其它中间设备进行检查以确保EIGRP或多播数据包未被过滤掉。要用到的一个非常有用的故障排除命令就是show ip eigrp traffic了。此命令提供了所有EIGRP数据包的统计信息。比如假设这里已经对基本的连通性ping及两台设备之间的配置进行了验证但EIGRP邻居关系仍然没有建立。那么在此情况下就可以在本地设备上开启调试enabling debugging on the local device之前使用该命令检查看看路由器是否有Hello数据包的交换如下所示

R2#show ip eigrp traffic
IP-EIGRP Traffic Statistics for AS 2
  Hellos sent/received: 144/0
  Updates sent/received: 0/0
  Queries sent/received: 0/0
  Replies sent/received: 0/0
  Acks sent/received: 0/0
  SIA-Queries sent/received: 0/0
  SIA-Replies sent/received: 0/0
  Hello Process ID: 149
  PDM Process ID: 120
  IP Socket queue:   0/2000/0/0 (current/max/highest/drops)
  Eigrp input queue: 0/2000/0/0 (current/max/highest/drops)

在上面的输出中注意虽然该本地路由器已发出144个Hello数据包, 但其尚未收到任何的Hello数据包。假设已验证了两台设备之间有着连通性及各自配置那么就应对本地路由器与中间设备在适用时上的访问控制清单配置进行检查以确保EIGRP或多播数据包未被过滤掉。比如可能发现有着一条ACL配置为拒绝所有D类与E类流量而放行所有其它流量譬如下面的ACL

R2#show ip access-lists
Extended IP access list 100
    10 deny ip 224.0.0.0 15.255.255.255 any
    20 deny ip any 224.0.0.0 15.255.255.255 (47 matches)
    30 permit ip any any (27 matches)

物理及数据链路层的故障,以及这些故障对路由协议及其它流量造成影响的方式,已在早先的课程模块中有所说明。对这些故障的排除,可以使用show interfacesshow interfaces countersshow vlanshow spanning-tree等命令,以及其它一些在前面课程模块(物理及数据链路层故障排除)中讲到的命令。这里为了避免重复,就不再重申那些物理及数据链路层故障排除步骤了。

最后一些常见的认证配置错误包括在配置密钥链时使用了不同密钥ID以及指定了不同或不匹配的口令等Finally, common authentication configuration mistakes include using different key IDs when configuring key chains and specifying different or mismatched password。在某个接口下开启了认证时EIGRP邻居关系将被重置并被重新初始化。如在部署认证之后原本已建立的邻居关系未能再度建立那么就要通过在路由器上观察运行配置或使用show key chainshow ip eigrp interfaces detail [name]命令,来对各项认证参数进行检查。下面是由show key chain命令所打印出来的示例输出:

R2#show key chain
Key-chain EIGRP-1:
    key 1 -- text “eigrp-1”
      accept lifetime (always valid) - (always valid) [valid now]
      send lifetime (always valid) - (always valid) [valid now]
Key-chain EIGRP-2:
    key 1 -- text “eigrp-2”
      accept lifetime (00:00:01 UTC Nov 1 2010) - (infinite)
      send lifetime (00:00:01 UTC Nov 1 2010) - (infinite)
Key-chain EIGRP-3:
    key 1 -- text “eigrp-3”
      accept lifetime (00:00:01 UTC Dec 1 2010) - (00:00:01 UTC Dec 31 2010)
      send lifetime (00:00:01 UTC Dec 1 2010) - (00:00:01 UTC Dec 31 2010)

以下是由show ip eigrp interfaces detail [name]命令所打印出的示例信息输出:

R2#show ip eigrp interfaces detail Serial0/0
IP-EIGRP interfaces for process 1
                        Xmit Queue   Mean   Pacing Time    Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable    Flow Timer   Routes
Se0/0              0        0/0        0        0/1             0           0
  Hello interval is 5 sec
  Next xmit serial <none>
  Un/reliable mcasts: 0/0  Un/reliable ucasts: 0/0
  Mcast exceptions: 0  CR packets: 0  ACKs suppressed: 0
  Retransmissions sent: 0  Out-of-sequence rcvd: 0
  Authentication mode is md5,  key-chain is “EIGRP-1”
  Use unicast

通常在进行故障排除时都是建议在思科IOS软件中使用show命令(show commands而不是debug命令(debug commands。虽然调试提供到实时信息但调试是非常耗费处理器资源的从而造成设备的高CPU使用率同时在某些情况下甚至造成设备设备崩溃。除了这些show命令之外,还应对软件所打印出的错误消息加以留意,因为这些消息提供了可用于故障排除及隔离出问题根源的有用信息。

路由安装的故障排除

Troubleshooting Route Installation

在一些故障实例中可能会注意到EIGRP未有将某些路由安装到路由表中。造成此类问题的主要原因就是某些与协议失败相对应的错误配置For the most part, this is typically due to some misconfigurations versus a protocol failure。路由安装失败的一些常见原因如下

  • 经由另一协议收到了有着更低管理距离的相同路由The same route is received via another protocol with a lower administrative distance
  • EIGRP汇总EIGRP summarisation
  • EIGRP域中出现了重复的路由器IDDuplicate router IDs are present within the EIGRP domain
  • 这些路由未能满足可行条件The routes do not meet the Feasibility Condition

管理距离这一概念被用于确定出路由源的可靠性The administrative distance(AD) concept is used to determine how reliable the route source is。较低的管理距离就意味着路由源更为可靠。假如从三种不同协议接收到同一条路由那么有着最低管理距离的那条路由将被安装到路由表中。在使用EIGRP时要记住对于汇总、内部及外部三种路由summary, internal, and external routesEIGRP分别使用了不同的管理距离值。而假如同时运行着多种路由协议这时就要确保对各种路由协议的管理距离数值以及它们对路由表的生成有何种影响有所掌握。这在进行多种路由协议之间路由重分发时尤其要加以关注If you are running multiple routing protocols, it is important to ensure that you understand AD values and how they impact routing table population. This is especially of concern when you are Redistributing routes between multiple routing protocols

默认情况下EIGRP在有类边界上进行自动汇总并创建出一条指向Null0接口的汇总路由。由于该汇总是以默认的管理距离数值5安装到路由表中的因此所有其它类似的动态接收到的路由就都不会被安装到路由表中了By default, EIGRP automatically summarises at classful boundaries and creates a summary route pointing to the Null0 interface. Because the summary is installed with a default AD value of 5, any other similar dynamically received routes will not be installed into the routing table。比如考虑下图37.1中所演示的拓扑:

EIGRP的自动汇总 图 37.1 -- EIGRP的自动汇总

参考图37.1中所演示的图示,子网150.1.1.0/3010.1.1.0/2410.2.2.0/24分离开来。在开启了自动汇总时,路由器R1R2都将相应地把10.1.1.0/2410.2.2.0/24汇总到10.0.0.0/8。该汇总路由将以5的管理距离及下一跳接口Null0,被安装到路由表中。此较低的管理距离值,将阻止两台路由器对来自其它路由器的该10.0.0.0/8汇总的接收与安装,如下面的输出所示:

R2#debug eigrp fsm
EIGRP FSM Events/Actions debugging is on
R2#
R2#
*Mar 13 03:24:31.983: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 150.1.1.1
(FastEthernet0/0) is up: new adjacency
*Mar 13 03:24:33.995: DUAL: dest(10.0.0.0/8) not active
*Mar 13 03:24:33.995: DUAL: rcvupdate: 10.0.0.0/8 via 150.1.1.1 metric 156160/128256
*Mar 13 03:24:33.995: DUAL: Find FS for dest 10.0.0.0/8. FD is 128256, RD is 128256
*Mar 13 03:24:33.995: DUAL: 0.0.0.0 metric 128256/0
*Mar 13 03:24:33.995: DUAL: 150.1.1.1 metric 156160/128256 found Dmin is 128256
*Mar 13 03:24:33.999: DUAL: RT installed 10.0.0.0/8 via 0.0.0.0

在上面的调试输出中,本地路由器从邻居150.1.1.1处接收到了有着路由度量值156160/12825610.0.0.0/8路由。但由于汇总操作,弥散更新算法本地也有着该相同路由,且该本地路由有着128256/0的路由度量值。因此安装到路由表中的是本地路由而不是接收到的因为本地路由有着更好的度量值。此情形在路由器R1上同样适用R1将会把它本地的10.0.0.0/8路由安装到RIBRoute Information Base, 路由信息库)中。结果就是两台路由器都无法ping到对方的10.x.x.x子网。为解决此问题,就应在两台路由器上都使用no auto-summary命令,关闭自动汇总,从而允许这些具体路由条目得以通告出去。

EIGRP路由器IDRID的主要用途就是阻止路由环回的形成。RID用于识别外部路由的始发路由器The RID is used to identify the originating router for external routes。假如接收到一条有着与本地路由器相同RID的外部路由该路由将被丢弃。不过重复的路由器ID却并不会影响到任何内部EIGRP路由。设计此特性的目的就是降低那些有着多台自治系统边界路由器AS Boundary Router, ASBR进行路由重分发的网络出现路由环回的可能性。在show ip eigrp topology命令的输出中便可查看到始发路由器IDThe primary use of the EIGRP router ID(RID) is to prevent routing loops. The RID is used to identify the originating router for external routes. If an external route is received with the same RID as the local router, the route will be discarded. However, duplicate RIDs do not affect any internal EIGRP routes. This feature is designed to reduce the possibility of routing loops in networks where route redistribution is being performed on more than on ASBR. The originating RID can be viewed in the output of the show ip eigrp topology command如下所示

R1#show ip eigrp topology 2.2.2.2 255.255.255.255
IP-EIGRP (AS 1): Topology entry for 2.2.2.2/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 156160
  Routing Descriptor Blocks:
  150.1.1.2 (FastEthernet0/0), from 150.1.1.2, Send flag is 0x0
      Composite metric is (156160/128256), Route is External
      Vector metric:
        Minimum bandwidth is 100000 Kbit
        Total delay is 5100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 2.2.2.2
        AS number of route is 0
        External protocol is Connected, external metric is 0
        Administrator tag is 0 (0x00000000)

如怀疑存在潜在的RID重复故障就可以对EIGRP事件日志中的事件进行检查看看是否有任何路由因为RID重复而被拒绝。下面的示例演示了该EIGRP事件日志的输出样例显示出一些因为从某台与本地路由器有着相同RID的路由器接收而被弹回的路由If you suspect a potential duplicate RID issue, you can check the events in the EIGRP event log to see if any routes have been rejected because of a duplicate RID. The following illustrates a sample output of the EIGRP event log, showing routes that have been rejected because they were received from a router with the same RID as the local router:

R2#show ip eigrp events
Event information for AS 1:
...
[Truncated Output]
21   03:05:39.747 Ignored route, neighbor info: 10.0.0.1 Serial0/0
22   03:05:39.747 Ignored route, dup router: 150.1.1.254
23   03:05:06.659 Ignored route, metric: 192.168.2.0 284160
24   03:05:06.659 Ignored route, neighbor info: 10.0.0.1 Serial0/0
25   03:05:06.659 Ignored route, dup router: 150.1.1.254
26   03:04:33.311 Ignored route, metric: 192.168.1.0 284160
27   03:04:33.311 Ignored route, neighbor info: 10.0.0.1 Serial0/0
28   03:04:33.311 Ignored route, dup router: 150.1.1.254
...
[Truncated Output]

上述问题的可能解决办法,就是修改邻居路由器10.0.0.1上的RID或本地路由器的RID这取决于到底哪一个是不被正确配置的The resolution for the solution above would be to change the RID on neighbour router 10.0.0.1 or on the local router, depending upon which one of the two has been incorrectly configured

最后重要的是记住EIGRP不会将那些未能满足可行条件的路由安装到路由表中。就算在本地路由器上配置了variance命令,这一点也是适用的。作为一个常见误解,就是执行variance命令就会令到EIGRP在那些路由度量值为后继路由度量值x倍的路径上进行负载分配了Finally, it is important to remember that EIGRP will not install routes into the routing table if they do not meet the Feasibility Condition. This is true even if the variance command has been configured on the local router. It is a common misconception that issuing the variance command will allow EIGRP to load share over any paths whose route metric is x times that of the successor metric。比如请考虑下图37.2中所演示的拓扑:

掌握可行条件 图 37.2 -- 掌握可行条件

图37.2展示了一个包含了多个从R1到子网192.168.100.0/24度量值的基本网络。参考图37.2, 下表37.1给出了在R1上看到的网络192.168.100.0/24的那些报告的距离与可行距离:

表37.1 -- R1 的路径与距离

网络路径Network Path R1的邻居(R1 Neighbour 邻居度量值Neighbour Metric, RD R1的可行距离(R1 Feasible Distance
R1-R2-R5 R2 30 35
R1-R3-R5 R3 10 30
R1-R4-R5 R4 15 25

R1已被配置为在所有路径上进行负载均衡,同时命令variance 2被加入到路由器配置。这就令到EIGRP在至多两倍于后继路由度量值的路径上进行负载均衡给予默认的度量值计算这将包含到所有三条的路径。但尽管有着此配置仍只有两条路径将被安装及使用R1 has been configured to load share across all paths and the variance 2 command is added to the router configuration. This allow EIGRP to load share across paths with up to twice the metric of the Successor route, which would include all three paths based on the default metric calculation. However, despite this configuration, only two paths will be installed and used

首先,基于经由R4的路径的可行距离,也就是25, R1将选择该路由作为后继路由。该路由将被放入到IP路由表以及EIGRP的拓扑表中。而邻居R3192.168.100.0/24网络的度量值,也被称作报告的距离或通告的距离,是10。该度量值低于可行距离因此该路由是满足可行条件的而被放入到EIGRP的拓扑表。

但邻居R2192.168.100.0/24网络的度量值却是30。该值要比可行距离25要高。那么该路由就不满足可行条件而不被当作是一条可行后继。但该路由仍将被放入到EIGRP的拓扑表。不过就算该路径的度量值是处于由EIGRP路由器配置命令variance 2所指定的范围中,其也不会被用于负载分配。在这类情形中,可考虑使用EIGRP的偏移清单来确保所有路由都被加以考虑In such situations, consider using EIGRP offset lists to ensure that all routes are considered

路由通告的故障排除

Troubleshooting Route Advertisement

总是会出现看起来EIGRP要么没有对其配置的那些进行通告的网络加以通告要么通告出其未配置为进行通告的那些网络的情形。对于这些大部分情况来说此类故障都是由于路由器或交换机的不当配置造成的。而至于EIGRP没有对其已配置为加以通告的某个网络进行通告的原因有好几种。一些原因如下所示There are times when it may seem that EIGRP is either not advertising the networks that is has been configured to advertise or is advertising networks that it has not been configured to advertise. For the most part, such issues are typically due to router and switch misconfigurations. Thare are several reasons why EIGRP might not advertise a network that it has been configured to advertise. Some of these reasons include the following

  • 投送清单Distribute lists, 这是超出CCNA大纲要求的
  • 水平分割Split horizon
  • 汇总Summarisation

未正确配置的投送清单是EIGRP没有对某个已被配置为加以通告的网络进行通告的一个原因。在配置同送清单时要确保所有应被通告的网络都是为所引用的IP访问控制清单IP前缀清单放行Incorrectly configured distribute lists are one reason why EIGRP might not advertise a network that it has been configured to advertise. When configuring distribute lists, ensure that all networks that should be advertised are permitted by the referenced IP ACL or IP Prefix List)。

另一个采用EIGRP时与网络通告有关的常见故障就是水平分割的默认行为了。水平分割是一项强制路由信息无法从其被接收到的接口再发送出去的一项距离矢量协议特性。此特性阻止了路由信息再度通告到学习到该信息的来源从而有效地阻止了路由环回Another common issue pertaining to network advertisement when using EIGRP is the default behaviour of split horizon. Split horizon is a Distance Vector protocol feature that mandates that routing information cannot be sent back out of the same interface through which it was received. This prevents the re-advertising of information back to the source from which it was learned, effectively preventing routing loops。此概念在下图37.3中进行了演示:

EIGRP的水平分割 图37.3 -- EIGRP的水平分割

图37.3中的拓扑演示了一个经典的中心与分支网络,其中路由器HQ作为中心路由器,而路由器S1S2作为两台分支路由器。在该帧中继的WAN上每台分支路由器都有着局部网状网络中、单独的在各自自身与中心路由器之间所提供的DLCI。默认情况下对于连接到包交换网络比如这里的帧中继的WAN接口EIGRP的水平分割是开启的。这就意味着该中心路由器将不会对接口Serial0/0上学习到的路由信息再在该相同接口上通告出去The topology in Figure 37.3 illustrates a classic hub-and-spoke network, with router HQ as the hub router and routers S1 and S2 as the two spoke routers. On the Frame Relay WAN, each spoke router has a single DLCI provisioned between itself and the HQ router in a partial-mesh topology. By default, EIGRP split horizon is enabled for WAN interfaces connected to packet-switched networks, such as Frame Relay. This means that the HQ router will not advertise routing information learned on Serial0/0 out of the same interface

该默认行为的影响,就是中心路由器不会将自S1接收到的10.1.1.0/24前缀通告给S2, 因为该路由是通过Serial0/0接口接收到,而水平分割特性阻止了该路由器对在那个接口上所学习到的信息从该相同接口通告出去。同样的情形对于中心路由器从S2上所接收到的10.2.2.0/24前缀也是适用的。此问题的推荐解决办法就是在中心路由器的该WAN接口上使用接口配置命令no ip split-horizon eigrp [asn]关闭水平分割特性了。

而对于EIGRP来说自动汇总则是在有类边界the classful boundary上默认是开启的。这一点可使用show ip protocols命令予以验证到。除开自动汇总EIGRP还支持接口级别的手动汇总。不管采用何种方式汇总都将阻止由汇总路由所涵盖到的那些更具体路由条目被通告给邻居路由器Regardless of the method implemented, summarisation prevents the more specific route entries that are encompassed by the summary from being advertised to neighbour routers。如果汇总是被不当配置的那就可能出现EIGRP没有通告出某些网络的情况。比如请考虑下图37.4中所演示的基本网络拓扑:

EIGRP的汇总 图37.4 -- EIGRP的汇总

参考图37.4, 所有路由器都位于EIGRP自治系统150中。R2正经由EIGRP对10.1.1.0/2410.1.2.0/2410.1.3.0/24子网进行通告。而R1也有着一个分配给子网10.1.0.0/24的接口,其就应相应地将这些子网通告给R3R1, which also has an interface assigned to the 10.1.0.0/24 subnet, should in turn advertise these subnets to R3)。路由器R2上的EIGRP配置已作如下部署

R2(config)#router eigrp 150
R2(config-router)#network 10.1.1.0 0.0.0.255
R2(config-router)#network 10.1.2.0 0.0.0.255
R2(config-router)#network 10.1.3.0 0.0.0.255
R2(config-router)#network 172.16.1.0 0.0.0.3
R2(config-router)#no auto-summary
R2(config-router)#exit

R1上的EIGRP则是部署如下

R1(config)#router eigrp 150
R1(config-router)#network 10.1.0.0 0.0.0.255
R1(config-router)#network 172.16.0.0 0.0.0.3
R1(config-router)#network 172.16.1.0 0.0.0.3
R1(config-router)#exit

最后,R3上的EIGRP配置部署如下

R3(config)#router eigrp 150
R3(config-router)#network 172.16.0.0 0.0.0.3
R3(config-router)#no auto-summary
R3(config-router)#exit

在此种配置之后,R2上的路由表显示出以下条目:

R2#show ip route eigrp
     172.16.0.0/30 is subnetted, 2 subnets
D       172.16.0.0 [90/2172416] via 172.16.1.1, 00:02:38, FastEthernet0/0
     10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
D       10.0.0.0/8 [90/156160] via 172.16.1.1, 00:00:36, FastEthernet0/0

R1上的路由表显示以下条目:

R1#show ip route eigrp
     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
D       172.16.0.0/16 is a summary, 00:01:01, Null0
     10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
D       10.1.3.0/24 [90/156160] via 172.16.1.2, 00:21:01, FastEthernet0/0
D       10.3.0.0/24 [90/2297856] via 172.16.0.2, 00:00:39, Serial0/0
D       10.1.2.0/24 [90/156160] via 172.16.1.2, 00:21:01, FastEthernet0/0
D       10.1.1.0/24 [90/156160] via 172.16.1.2, 00:21:01, FastEthernet0/0
D       10.0.0.0/8 is a summary, 00:01:01, Null0

最后,R3上的路由表显示以下条目:

R3#show ip route eigrp
     172.16.0.0/30 is subnetted, 2 subnets
D       172.16.1.0 [90/2172416] via 172.16.0.1, 00:21:21, Serial0/0
     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D       10.0.0.0/8 [90/2297856] via 172.16.0.1, 00:01:15, Serial0/0

因为在R1上汇总是开启的就出现了EIGRP不再通告由汇总路由10.0.0.0/8所包含的那些具体子网的情况了Because summarisation is enabled on R1, it appears that the EIGRP is no longer advertising the specific subnets encompassed by the 10.0.0.0/8 summary。而要允许这些具体子网通过EIGRP得以通告就应在R1上将汇总关闭,如下所示:

R1(config)#router eigrp 150
R1(config-router)#no auto-summary
R1(config-router)#exit

这么做之后,R3上的路由表将显示如下的路由条目:

R3#show ip route eigrp
     172.16.0.0/30 is subnetted, 2 subnets
D       172.16.1.0 [90/2172416] via 172.16.0.1, 00:00:09, Serial0/0
     10.0.0.0/24 is subnetted, 5 subnets
D       10.1.3.0 [90/2300416] via 172.16.0.1, 00:00:09, Serial0/0
D       10.1.2.0 [90/2300416] via 172.16.0.1, 00:00:09, Serial0/0
D       10.1.1.0 [90/2300416] via 172.16.0.1, 00:00:09, Serial0/0
D       10.1.0.0 [90/2297856] via 172.16.0.1, 00:00:09, Serial0/0

同样的情况对于R2也将适用,R2上的路由表现在将显示出子网10.1.0.0/2410.3.0.0/24的具体条目,如下所示:

R2#show ip route eigrp
     172.16.0.0/30 is subnetted, 2 subnets
D       172.16.0.0 [90/2172416] via 172.16.1.1, 00:00:10, FastEthernet0/0
     10.0.0.0/24 is subnetted, 5 subnets
D       10.3.0.0 [90/2300416] via 172.16.1.1, 00:00:10, FastEthernet0/0
D       10.1.0.0 [90/156160] via 172.16.1.1, 00:00:10, FastEthernet0/0

EIGRP路由故障的调试

Debugging EIGRP Routing Issues

在前面这些小节中我们把主要强调的方面放在那些show命令上的同时此最后的小节将介绍一些还可以用于EIGRP故障排除的调试命令。不过还是要始终记住调试是甚为处理器密集而应作为随后手段加以应用的也就是在应用并尝试了所有show命令及其它故障排除方法和工具之后。While primary emphasis has been placed on the use of show commands in the previous sections, this final section descibes some of the debugging commands that can also be used to troubleshoot EIGRP. Keep in mind, however, that debugging is very processor intensive and should be used only as a last resort(i.e., after all show commands and other troubleshooting methods and tools have been applied or attempted))。

命令debug ip routing [acl|static]是一个强大的故障排除工具及命令a powerful troubleshooting tool and command。但需要注意到尽管此命令并非特定于EIGRP其提供到有关路由表的有用与详细信息。下面是由该命令所打印出的信息示例

R1#debug ip routing
IP routing debugging is on
R1#
*Mar  3 23:03:35.673: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to down
*Mar  3 23:03:35.673: RT: is_up: FastEthernet0/0 0 state: 4 sub state: 1 line: 0
has_route: True
*Mar  3 23:03:35.677: RT: interface FastEthernet0/0 removed from routing table
*Mar  3 23:03:35.677: RT: del 172.16.1.0/30 via 0.0.0.0, connected metric [0/0]
*Mar  3 23:03:35.677: RT: delete subnet route to 172.16.1.0/30
*Mar  3 23:03:35.677: RT: NET-RED 172.16.1.0/30
*Mar  3 23:03:35.677: RT: Pruning routes for FastEthernet0/0 (3)
*Mar  3 23:03:35.689: RT: delete route to 10.1.3.0 via 172.16.1.2, FastEthernet0/0
*Mar  3 23:03:35.689: RT: no routes to 10.1.3.0, flushing
*Mar  3 23:03:35.689: RT: NET-RED 10.1.3.0/24
*Mar  3 23:03:35.689: RT: delete route to 10.1.2.0 via 172.16.1.2, FastEthernet0/0
*Mar  3 23:03:35.689: RT: no routes to 10.1.2.0, flushing
*Mar  3 23:03:35.689: RT: NET-RED 10.1.2.0/24
*Mar  3 23:03:35.689: RT: delete route to 10.1.1.0 via 172.16.1.2, FastEthernet0/0
*Mar  3 23:03:35.689: RT: no routes to 10.1.1.0, flushing
*Mar  3 23:03:35.693: RT: NET-RED 10.1.1.0/24
*Mar  3 23:03:35.693: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 150: Neighbor 172.16.1.2
(FastEthernet0/0) is down: interface down
*Mar  3 23:03:39.599: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 150: Neighbor 172.16.1.2
(FastEthernet0/0) is up: new adjacency
*Mar  3 23:03:40.601: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
*Mar  3 23:03:40.601: RT: is_up: FastEthernet0/0 1 state: 4 sub state: 1 line: 1
has_route: False
*Mar  3 23:03:40.605: RT: SET_LAST_RDB for 172.16.1.0/30
  NEW rdb: is directly connected
*Mar  3 23:03:40.605: RT: add 172.16.1.0/30 via 0.0.0.0, connected metric [0/0]
*Mar  3 23:03:40.605: RT: NET-RED 172.16.1.0/30
*Mar  3 23:03:40.605: RT: interface FastEthernet0/0 added to routing table
*Mar  3 23:03:49.119: RT: SET_LAST_RDB for 10.1.1.0/24
  NEW rdb: via 172.16.1.2
*Mar  3 23:03:49.119: RT: add 10.1.1.0/24 via 172.16.1.2, eigrp metric [90/156160]

可与某条访问控制清单结合使用此命令来查看有关在那个访问控制清单中所引用到某条路由或某几条路由的信息。此外同样的命令也可以用于本地设备上静态路由事件的调试。作为附注在运行EIGRP时作为使用此命令的替代请考虑使用show ip eigrp events命令而不是此命令,因为show ip eigrp events提供到EIGRP内部事件的历史记录且可用于对活动粘滞故障以及路由抖动及其它事件进行排除You can use this command in conjunction with an ACL to view information about the route or routes referenced in the ACL. Additionally, the same command can also be used for troubleshooting static route events on the local device. As a side note, instead of using this command, if you are running EIGRP, consider using the show ip eigrp events command instead, as it provides a history of EIGRP internal events and can be used to troubleshoot SIA issues, as well as route flaps and other events。下面是show ip eigrp events命令所打印信息的一个示例:

R1#show ip eigrp events
Event information for AS 150:
1    23:03:49.135 Ignored route, metric: 192.168.3.0 28160
2    23:03:49.135 Ignored route, metric: 192.168.2.0 28160
3    23:03:49.135 Ignored route, metric: 192.168.1.0 28160
4    23:03:49.131 Rcv EOT update src/seq: 172.16.1.2 85
5    23:03:49.127 Change queue emptied, entries: 3
6    23:03:49.127 Ignored route, metric: 192.168.3.0 28160
7    23:03:49.127 Ignored route, metric: 192.168.2.0 28160
8    23:03:49.127 Ignored route, metric: 192.168.1.0 28160
9    23:03:49.127 Metric set: 10.1.3.0/24 156160
10   23:03:49.127 Update reason, delay: new if 4294967295
11   23:03:49.127 Update sent, RD: 10.1.3.0/24 4294967295
12   23:03:49.127 Update reason, delay: metric chg 4294967295
13   23:03:49.127 Update sent, RD: 10.1.3.0/24 4294967295
14   23:03:49.123 Route install: 10.1.3.0/24 172.16.1.2
15   23:03:49.123 Find FS: 10.1.3.0/24 4294967295
16   23:03:49.123 Rcv update met/succmet: 156160 128256
17   23:03:49.123 Rcv update dest/nh: 10.1.3.0/24 172.16.1.2
18   23:03:49.123 Metric set: 10.1.3.0/24 4294967295
19   23:03:49.123 Metric set: 10.1.2.0/24 156160
20   23:03:49.123 Update reason, delay: new if 4294967295
21   23:03:49.123 Update sent, RD: 10.1.2.0/24 4294967295
22   23:03:49.123 Update reason, delay: metric chg 4294967295
...
[Truncated Output]

除开debug ip routing命令思科IOS软件里还有额外可用的两个EIGRP专用调试命令。命令debug eigrp可用于提供到有关弥散更新算法的有限状态机、EIGRP邻居关系、非停止转发事件、数据包及传输事件等的相关实时信息In addition to the debug ip routing command, two additional EIGRP-specific debugging commands are also available in Cisco IOS software. The debug eigrp command can be used to provide real-time information on the DUAL Finite State Machine, EIGRP neighbour relationships, Non-Stop Forwarding events, packets, and transimission events。下面演示了此命令可用的参数

R1#debug eigrp ?
  fsm        EIGRP Dual Finite State Machine events/actions
  neighbors  EIGRP neighbors
  nsf        EIGRP Non-Stop Forwarding events/actions
  packets    EIGRP packets
  transmit   EIGRP transmission events

debug eigrp命令之外,命令debug ip eigrp打印出有关EIGRP路由事件的详细信息诸如EIGRP如何处理到来的更新等。下面演示了可与该命令结合使用的那些额外关键字

R1#debug ip eigrp ?
  <1-65535>      Autonomous System
  neighbor       IP-EIGRP neighbor debugging
  notifications  IP-EIGRP event notifications
  summary        IP-EIGRP summary route processing
  vrf            Select a VPN Routing/Forwarding instance
  <cr>

最后,下面是命令debug ip eigrp的一个输出示例:

R1#debug ip eigrp
IP-EIGRP Route Events debugging is on
R1#
*Mar  3 23:49:47.028: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 150: Neighbor 172.16.1.2
(FastEthernet0/0) is up: new adjacency
*Mar  3 23:49:47.044: IP-EIGRP(Default-IP-Routing-Table:150): 10.1.0.0/24 - do advertise
out FastEthernet0/0
*Mar  3 23:49:47.044: IP-EIGRP(Default-IP-Routing-Table:150): Int 10.1.0.0/24 metric
128256 - 256 128000
*Mar  3 23:49:48.030: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0,
changed state to up
*Mar  3 23:49:56.179: IP-EIGRP(Default-IP-Routing-Table:150): Processing incoming UPDATE
packet
*Mar  3 23:49:56.544: IP-EIGRP(Default-IP-Routing-Table:150): Processing incoming UPDATE
packet
*Mar  3 23:49:56.544: IP-EIGRP(Default-IP-Routing-Table:150): Int 10.1.1.0/24 M 156160 -
25600 130560 SM 128256 - 256 128000
*Mar  3 23:49:56.544: IP-EIGRP(Default-IP-Routing-Table:150): route installed for
10.1.1.0  ()
*Mar  3 23:49:56.544: IP-EIGRP(Default-IP-Routing-Table:150): Int 10.1.2.0/24 M 156160 -
25600 130560 SM 128256 - 256 128000
*Mar  3 23:49:56.548: IP-EIGRP(Default-IP-Routing-Table:150): route installed for
10.1.2.0  ()
*Mar  3 23:49:56.548: IP-EIGRP(Default-IP-Routing-Table:150): Int 10.1.3.0/24 M 156160 -
25600 130560 SM 128256 - 256 128000
...
[Truncated Output]

第37天问题

Day 37 Questions

  1. Name at least three reasons for EIGRP neighbour relationships not forming.
  2. Which command can you use to verify EIGRP K values?
  3. Which command can you use to verify EIGRP packets statistics?
  4. Name at least two common reasons for EIGRP route installation failures.
  5. The administrative distance concept is used to determine how reliable the route source is. True or false?
  6. By default, EIGRP automatically summarises at classful boundaries and creates a summary route pointing to the Null0 interface. True or false?
  7. Which command can you can use to debug FSM events?
  8. Which command can you use to see the originating router ID of a specific prefix?
  9. Which command can you use to show the EIGRP event log?
  10. What is the best command to use when debugging various routing issues?

第37天答案

Day 37 Answers

  1. The neighbour routers are not on a common subnet; mismatched primary and secondary subnets; mismatched K values; mismatched ASN; ACLs are filtering EIGRP packets; Physical Layer issues; Data Link Layer issues; and mismatched authentication parameters.
  2. The show ip protocols command.
  3. The show ip eigrp traffic command.
  4. The same route is received via another protocol with a lower administrative distance;EIGRP summarisation; duplicate router IDs are present within the EIGRP domain; and the routes do not meet the Feasibility Condition.
  5. True.
  6. True.
  7. The debug eigrp fsm command.
  8. The show ip eigrp topology x.x.x.x y.y.y.y command.
  9. The show ip eigrp events command.
  10. The debug ip routing command.

第37天实验

Day 37 Lab

请重复前一天的EIGRP实验。此外对本节课中给出的那些EIGRP故障排除命令进行测试

  • 使用show ip protocol命令来查看那些EIGRP的参数See the EIGRP parameters using the show ip protocol command
  • 对两台路由器上的K值进行修改并再次执行该命令Modify K values on both routers and issue the command again
  • 注意各异的所配置K值导致了EIGRP邻居关系丢失Notice that different configured K values lead to EIGRP neighbour relationships being lost
  • 通过执行show ip eigrp traffic命令验证所传输的Hello数据包Verify the Hello packets being transmitted by issuing the show ip eigrp traffic command
  • debug eigrp fsm命令进行测试
  • 针对已通告的路由测试show ip eigrp topology命令并留意起源RID在远端路由器上修改RID并再次执行该命令Test the show ip eigrp topology command for the advertised route and notice the originating RID; change the RID on the remote router and issue the command again
  • show ip eigrp events命令加以验证Verify the show ip eigrp events command
  • 在将网络通告进EIGRP之前启动IP路由调试留意所生成的调试更新消息Start the debug IP routing before advertising the network into EIGRP; notice the generated debug updates

请访问www.in60days.com网站,免费观看作者完成此实验。