1. Static routing failure
1. Static routing and category search
When the routing table process checks for a parsable static route that uses an intermediate address (the IP address referenced by the next hop in the routing table), this check is always done in a category mode. Regardless of whether or not the ip classless command is used, if the intermediate address in a category mode in the routing table cannot be parsed, the static route is deleted.
Use show ip route to view the routing table.
Use debug to show that a network is down.
If you use the category-free method and have a default route exists, a backup profile route with high management distance will never be loaded into the routing table when the main static route fails. This is because any static route, even a static route to an intermediate address that does not exist, will be parsed using the default route.
The CISCO routing table process calls a static routing function that checks the routing table every 60S to install or delete static routes according to dynamically changing routing tables.
2. Static routing and intermediate addresses
Static routing can be created using intermediate network addresses or outgoing interfaces. In most cases, it is more efficient to use the outgoing interface to resolve static routes in the routing table process.
As long as the intermediate IP address can be parsed in the routing table, it does not have to be the interface of the real next-hop router. Static network routing (such as intermediate addresses) must eventually be resolved into a route with an outgoing interface in the routing table.
Whenever the routing table process needs to use a static routing table entry for the .0/24 network, it also needs to parse the intermediate address, called recursive lookup. An additional route lookup may not have much impact on the performance of the routing process. However, taking multiple recursive lookups to get parsed static routes may affect performance.
3. Static routing optimization
To avoid recursive searches: Serial network: Use outgoing interface
Ethernet: Use both intermediate address and outgoing interface
4. Repeated static route installation and deletion
Use outgoing interfaces instead of intermediate addresses as much as possible to configure static routing.
5. Use discarded routes
Sometimes loops are generated in the network. By periodically viewing the counter on the router interface, you can see the results of the routing loop.
clear counters serial0/0
show interface serial0/0
The problem of routing loop creates a black hole in the network. The packet is discarded once the lifetime (TTL) in the IP header is reduced to 0.
Solution 1: No ip classless routing with category mode - use no ip classless on user network routers. The router does not use any hypernet or default routes when at least one known subnet exists. But not the first choice. Because it changes the routing table lookup behavior of all packets.
Solution 2: Use a drop route - When there is no specific match in the routing table, and it is not appropriate to use a hypernet or default route to forward those packets, a drop route sends the packet to null0, i.e. bitbucket.
ip route .0.0 255.255.0.0 null0
ip route .0.0 255.255.0.0 null0 200
The latter command line configures only another discarded route to be used when the main route fails. This is done by changing the default management distance of the static route to a value higher than the management distance of the dynamic routing protocol used.
2. Troubleshoot RIP failures
1. Incompatible version types
debug ip rip
show ip protocols is useful for checking versions of RIP packets sent and received on the interface.
If R1 does not support the V2 version and can only receive RIPv1 packets, then R2 is configured as RIPv1 and RIPv2.
Specific versions of sending and receiving RIP packets can be specified at the interface level
interface e0
ip rip send version 1 2
ip rip receive version 1 2
2. Mismatch authentication keys
One option for RIPv2 is the authenticated RIPv2 update. In order to enhance security, when using authentication, passwords must be configured on both parties. This password is called the authentication key. If this key does not match the other party's key, both parties will ignore the RIPv2 update.
Configure ip rip authentication key-chain cisco on the interface
Debug ip rip.
3. The number of ways to achieve RIP
The maximum value of the RIP metric is 15 hops.
This problem cannot be overcome. A non-15-hop limit routing protocol can be used. The maximum number of IGRP hops is 255, and the maximum number of EIGRP hops is 224. Both are 100 by default.
4. Discontinuous network
When the primary network is separated by another primary network, it is called a discontinuous network.
Solution 1: Use static routing
Solution 2: Change the link address between the routers to a part of the left and right discontinuous network.
Solution 3: Use no auto-summary to configure the category-free routing version that enables RIPv2 on both routers.
router rip
version 2
network .0
no auto-summary
Solution 4: Use the category-free routing protocol. Such as OSPF, EIGRP, IS-IS replaces RIPv1 routing protocol.
5. Illegal source address
When RIP tells the routing table to install the route, it performs a source legality check. If the subnet where the source is located is different from the local interface, RIP ignores updates and does not install routes from this source in the routing table.
This check must be closed when one party is numbered and the other party is not numbered.
router rip
no validate-update-source
6. Flapping route
Routing refers to the continuous deletion and reinsertion of a route in the routing table. To check if the route is actually flipped, check the route selection table and view the route's lifetime (age). If the lifespan is continuously reset to 00:00:00, it means that the route is flipping.
RIP has 180S not receiving a route, then the route will remain 240S and then be cleared.
Use show interface to check interface statistics.
The most common frame relay environment packet loss.
Use show ip route rip to check how long it takes for the RIP to be updated.
Use show interface serial 0 to see if a large number of broadcast packets are discarded on the interface. In the case of frame relay, it may be necessary to adjust the frame relay broadcast queue. In non-frame relay environments, it may be necessary to add input or output retention queues.
7. Large routing table
Use ip summary-address to summarize routes on the interface.
3. Troubleshoot EIGRP failures
1. Mismatch K value
EIGRP In order to establish its neighbor relationship, the K constant value of the calculated EIGRP metric must be the same.
K1-Bandwidth K2-Load K3-Delay K4, K5-Reliability
router eigrp 1
network
metric weights 0 1 1 1 1 0
2. Mismatched AS numbers
EIGRP does not form any neighbor relationship with routers with different autonomous system numbers.
3. Activity stickiness
(1) Determine the problem
Possible reasons are:
. Bad or congested links;
. Low router resources such as low memory and high CPU processing on the router.
. Long query range
. Too much redundancy
The default active sticky timer is only 180S.
Use the show ip eigrp topology active command to help troubleshoot EIGRP activity sticky errors, which are only useful when problems occur, and users only have 180S times at a time to determine. The neighbor has an r following it means that it does not answer the query.
(2) Troubleshooting methods
Track the query, jump after jump, and find the status of the active route in each jump.
(3) Final solution
As manually as possible, routes are summarized and there is a hierarchical network design. The more networks EIGRP aggregates, the less things you need to do when the main convergence occurs.
4. Duplicate routing ID
EIGRP only uses the concept of router ID for external routing to prevent loops. EIGRP selects the router ID based on the maximum IP address of the loopback interface on the router. If the router does not have a loopback interface, the largest activation IP address among all interfaces is selected as the router ID of EIGRP.
debug ip eigrp can see that a certain network is notified on the interface.
Rule of thumb: Never configure the same IP address in two places on the network.
4. Troubleshoot OSPF
1. Mismatched parameters
Use the debug ip ospf adj command to see most mismatch problems.
(1) The hello/dead interval does not match - only match can form neighbors.
(2) Mismatch authentication types—There are MD5 and plain text authentication under OSPF.
router ospf 1
area 0 authentication message-digest
network .0.0 0.0.255.255 area 0
(3) Unmatched area ID—area information is sent in the HELLO packet of OSPF. Different, no adjacency is formed.
(4) Mismatched truncation/transmission/NSSA area options—When OSPF exchanges HELLO packets with a neighbor, one of the content it exchanges is an optional capability represented by 8 bits. One of the options fields is the E bit, which is the OSPF truncated flag. When E bit is set to 0, the region associated with the route is a short-cut area, and the external LSA is not allowed to enter this area.
Status issues
A router that becomes a neighbor does not guarantee switching link status updates. Once the router decides to form an adjacency with a neighbor, it begins to exchange a complete copy of its link state database.
(1) OSPF falls into ATTEMPT - only valid for NBMA networks with neighbor statements. Hitting ATTEMPT is when a router attempts to contact a neighbor by sending its HELLO but it does not receive a response.
show ip ospf neighbor view.
Cause: Incorrectly configured neighbor; unicast connectivity on NBMA is broken, which may be caused by a wrong DLCI, accessing lists, or converting unicast NAT.
(2) OSPF is trapped in INIT - INIT status means that the router receives a HELLO packet from the neighbor, but the two-way communication is not established.
reason:
. One party access list prevents HELLO;
. One party's multicast capability fails (one switch fails);
. Authentication is enabled on only one party;
. One of the frame-relay map/dialer map statements lack the broadcast keyword.
. One sideHELLOIn the2Layer is missing。
(3) OSPF falls into 2-WAY - Bidirectional state means that the router sees its router ID in the neighbor field of the HELLO packet. Similar to the priority of all routers is 0, no election will occur, and all routers stay in the bidirectional state.
Solution: Ensure that at least one router has an IP OSPF priority of at least 1.
(4) OSPF trapped in EXSTART/EXCHANGE - OSPF neighbors in EXSTART or EXCHANGE state are trying to exchange DBD (database description) packets.
reason:
. Mismatched interface MTU
. Duplicate router ID on neighbor
. Unable to PING with a length greater than a specific MTU
. Disconnected unicast connectivity, it may be due to the wrong DLCI, accessing lists or converting unicast NAT
(5) OSPF is stuck in LOADING - the neighbor has no answer or the neighbor's answer never reaches the local router, and the router will also fall into the LOADING state. There is often "%OSPF-4-BADLSA" console information.
reason:
. Mismatched MTU
. Error link status request grouping
3. One side of the point-to-point link is unnumbered
interface s0
ip unnumbered loopback0
Solution: Both parties need to be a numbered point-to-point link or an unnumbered point-to-point link.
No summary LSA of type 4 was generated
One function of the summary LSA of Type 4 is to declare accessibility of ASBRs to other regions. If ASBR exists in the same region, an LSA of type 4 is not required.
The output of the show ip ospf database external command shows whether the route exists in the router's external OSPF database.
The output of the show ip ospf database asbr-summary command shows whether the route has an LSA of type 4.
Check if R is really ABR. If so, a summary of type 3 or type 4 is produced ip ospf
5. The forwarding address cannot be known through intra-region or inter-region routing.
When OSPF obtains an external LSA, it determines the forwarding address before loading the route into the routing table can be known through an OSPF intra-ordinate or inter-regional route. If the forwarding address cannot be known through intra-regional or inter-regional routing, OSPF will not load the route into the routing table.
Possible solutions:
. Not summarizing on ABR
. Filter and redistribute direct subnets into OSPF on ASBR
router ospf 1
redistribute rip subnets
6. Routing summary issues
A summary of two types:
. Inter-region routing summary can be performed on ABR
. Executable external routing summary on ASBR
(1) Inter-regional summary
router ospf 1
area 3 range .0 255.255.255.0
You can view it through show ip ospf
(2) External summary
router ospf 1
summary-address x.0.0.0 255.0.0.0
question
Generated in:. Neighbor formation process
. LSA refresh process
Computation and routing flip
As long as the topology changes, OSPF runs the SPF algorithm to calculate the shortest path priority tree again. , may cause link instability.
reason:
. Interface flips in the area
. Neighbor interface flips in the area
. Duplicate router ID
Use the show ip ospf command to view the number of times the SPF algorithm is run in a given area;
Use debug ip ospf monitor to isolate a flipped LSA;
Use the show log command to display the flip caused by the interface.
solve:
. Fixed the flipped link
. Redefine regional boundaries
5. Troubleshooting IS-IS
-IS adjacency problem
Usually caused by link failures and configuration errors.
show clns neighbors Show all neighbors that want to be adjacent to the router being investigated
debug isis adj-packets command to debug
2. Some or all adjacencies are not formed
Step 1 - Check for link failures. show ip interface brief
Step 2 - Check for configuration errors. show run
Step 3 - Check for mismatched level 1 and level 2 interfaces.
Step 4 - Check the wrong configuration of the area.
Step 5 - Check the wrongly configured subnet
Step 6 - Check the duplicate system ID
3. Adjacent is trapped in INIT state
Common reasons: mismatched interface MTU and authentication parameters. show clns neighbors can be seen
Step 1 - Check the authentication debug isis adj-packets
Step 2 - Check for mismatched MTU debug isis adj-packets
Step 3 - Check the HELLO filling prohibition of IS-IS (the command is the same as above)
Use show clns interface to view the HELLO filling status on the interface
-IS adjacency formation replaces IS-IS adjacency formation
The CISCO router running IS-IS in an IP environment still listens to the ISH generated by the ES-IS protocol. When the physical layer and the data link layer work, ES-IS adjacency can still be formed even if there is no appropriate conditions for establishing IS-IS adjacency.
show clns neighbors
5. Routing notification issues
Most routing advertisement issues can be limited to configuration issues at the source or propagation issues with Link State Packets (LSPs).
The Dijkstra algorithm runs on the LS database to obtain the best path for each advertised route.
debug isis update-packets
debug isis snp-packets
The above two debugging helps troubleshoot LSP flooding issues and link status database synchronization.
There may be many potential reasons for the problem of routing not reaching the remote end of the network, including adjacency issues, layer 1/2 issues, IS-IS misconfiguration, and others.
6. Routing problem
High CPU utilization (SHOW PROCESS CPU command) of SPF processes in the network should also be marked as unstable.
Unstable links.
The flip may also be caused by an LSP error storm or a routing loop.
The show isis spf-log command shows which LSP changes the most frequently and which LSP angle has issued SPF calculations.
show isis update-packets
6. Troubleshooting BGP
1. Troubleshoot BGP neighbor relationship issues
Follow: First, layer 1/2 should be checked, then IP connectivity (layer 3), TCP connection (layer 4), and finally BGP configuration.
(1) Direct external BGP neighbors are not initialized
The autonomous system (AS) does not send or receive any IP prefix updates to or from the AS unless the neighbor relationship reaches an established state, which is the last stage of BGP neighbor establishment. When the AS has a single EBGP connection, IP connectivity is achieved until the BGP completes its sending and receiving IP prefix operation
Only happens.
reason:
. Layer 2 is down, preventing communication with direct EBGP neighbors
. There is an incorrect neighbor IP address in BGP configuration
Command: show ip bgp summary and show ip bgp neighbors check BGP neighbors
An active state means that no successful communication occurs between neighbors and that the neighbors are not formed. Test its connectivity with PING, if it fails, it means that the layer 1/2 problem is to be fixed.
debug ip bgp can help diagnose problems
(2) Indirect external BGP neighbors are not initialized
In some cases, EBGP neighbors are not directly connected. BGP neighbor relationships can be established between routers trying to form an EBGP neighbor relationship separated by one or more routers. This kind of neighbor is called EBGP multi-hop in IOS.
When multiple interfaces exist between routers and IP traffic load balancing is required between those interfaces, an EBGP peer entity is usually established between loopback interfaces.
Possible reasons:
. The route to the non-directly connected peer entity address is lost from the routing table
. The ebgp-multihop command is missing in the BGP configuration
. Missing update-source interface command
Commands: show ip bgp summary and show bgp neighbors
router bgp 109
neighbor remote-as 110
neighbor ebgp-multihop 2
neighbor update-source loopback0
(3) Internal BGP neighbors are not initialized
reason:
. The route to the non-direct IBGP neighbor is missing
. The update-source interface command is missing in the BGP configuration
(4) BGP neighbors (external and internal) are not initialized
Interface access list/filtering is a common cause of BGP neighbor activity problems.
2. Troubleshooting BGP routing notices
Occurs in the generation and reception of BGP routing advertisements.
(1) No BGP routing was generated
reason:
. There is no matching route in the IP routing table
. A configuration error occurred
. BGP automatically summarizes to categories/network boundaries
(2) Problem of propagating/generating a BGP route to IBGP/EBGP neighbors
The configured distribution list filtering may be the cause of the problem, or there is a problem with policy routing.
(3) Problem of spreading a BGP route to EBGP neighbor but not to IBGP neighbor
show run
show ip bgp
show ip bgp summary
solve:
. Full Internet connection with IBGP
. Design a routing reflector model.
router bgp 109
neighbor route-reflector-client
. Design a smart model
(4) Problem of propagating an IBGP route to IBGP/EBGP adjacency
A BGP route is only synchronized after being first obtained through IGP or static routes.
The output of the show ip bgp command shows the asynchronous route in the BGP table.
3. Troubleshooting the failure of the route not loading into the IP routing table
reason:
(1) IBGP reasons
. IBGP routing is not synchronized
. BGP's next jump is unreachable
(2) EBGP reasons
. In case of multiple jumps, BGP will not reach the next jump
. BGP routing is suppressed
. Multi-exit discriminator (MED) value is infinite
The next jump is unreachable
solve:
. Declare EBGP next hop via IGP using static routing or redistribution
router ospf 1
network .0 0.0.0.255 area 0
. Use the next-hop-self command to change the next hop to an internal peer entity address
router bgp 109
router ospf next-hop-self
Routing is suppressed
Dampening is a method to reduce the instability caused by unstable BGP routing from EBGP neighbors in the local BGP network.
Suppression is a method of assigning a penalty point to a flipped BGP route.
router bgp 109
bgp dampening