Hello everyone, my network worker friends.
As a network worker, you will basically have a long period of time to solve various problems that arise in the network .
For example, when creating a route between two or more routers, such as RIP, EIGRP, or OSPF...
When encountering a network failure, which command do you usually use first to troubleshoot?
Is it Ping or Traceroute ? Is it Show or Telnet ? Or Clear, Debug ?
There are a lot of troubleshooting commands on the Internet, but most of them are about theoretical basis, and almost meaningless in practical application.
In order to facilitate your better understanding and absorption, you can reuse it directly when you encounter the same situation.
This time, I will organize a collection of troubleshooting command cases for you . The commands just mentioned are all there .
Since the space is too long, I will divide it into several parts for you.
In today’s article, let me tell you about the most familiar Ping command, don’t miss these three practical troubleshooting cases.
Today's article reading benefits: "Compilation of Useful Tools for Network Troubleshooting"
With this troubleshooting command, I will share with you some useful tools for troubleshooting. Private message me and send the password "Troubleshooting" to get all the tools.
01 Principle & Function of Ping
The word "ping" is derived from sonar positioning operations and refers to a pulsed signal from a sonar device.
The idea of the Ping command is very similar to sending out a short radar wave and judging the target by collecting echoes:
That is, the source site sends an ICMP Echo Request message to the destination site, and the destination site returns an ICMP Echo Reply message after receiving the message.
This verifies the reachability of the IP layer between the two nodes - indicating that the network layer is connected.
The function of the Ping command is mainly used to check whether the IP network connection and the host are reachable.
02 The ping command of the RGNOS platform
On RG series devices, the format of the Ping command is as follows:
ping ip-address
For example, Ping message to the host 10.15.50.1
RG# ping 10.15.50.1 //ping通的情况
Switch>PING
Target IP address or host: 10.15.50.1 //目的IP
Repeat count [5]: 2 //执行次数
Datagram size [100]: 8100 //数据包大小
Timeout in milliseconds [2000]: 5000 //延迟时间
Extended commands [n]:
Sending 2, 8100-byte ICMP Echos to 10.15.50.1,
timeout is 5000 milliseconds.
!!
Success rate is 100 percent (2/2)
Minimum = 21ms Maximum = 22ms, Average = 21msRG
# ping 10.15.50.1 //ping不通的情况
Sending 5, 100-byte ICMP Echos to 10.15.50.1,
timeout is 2000 milliseconds.
.....
Success rate is 0 percent (0/5)
03 Ping command on Windows platform
On a PC or a server based on Windows, the format of the Ping command is as follows:
Ping [ -n number ] [ -t ] [ -l number ] ip-address
-n: the number of Ping messages, the default value is 5;
-t: Continuously ping until artificially interrupted, Ctr+Breack temporarily suspends the ping command and checks the current statistical results, while Ctr+C interrupts the execution of the command.
-l: Set the number of bytes in the data part of the Ping message, and the setting range is from 0 to 65500. Example: Send 2 ping messages with a data part size of 3000 Bytes to the host 10.15.50.1.
C:\>ping -l 3000 -n 2 10.15.50.1
Pinging 10.15.50.1 with 3000 bytes of data
Reply from 10.15.50.1: bytes=3000 time=321ms TTL=255
Reply from 10.15.50.1: bytes=3000 time=297ms TTL=255
Ping statistics for 10.15.50.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 297ms, Maximum = 321ms, Average = 309ms04 Use Ping to troubleshoot
Troubleshooting case ① Connectivity problem or performance problem?
Case description:
Engineer C, after configuring a router, executes the Ping command to check whether the link is smooth.
It was found that none of the five packets were pinged through, so I checked the configuration commands of both parties and looked at the routing table, but I couldn't find the error.
Finally, I repeated the same Ping command again, and found that one of the five packets was pinged this time—it turned out that the line quality was not good and there was serious packet loss.
Engineer Xiao C configures another router, and then executes the Ping command to access the IP address of a site on the Internet, but the ping fails.
With the lesson learned from last time, Xiao L pinged 20 messages again, but there was still no response. So Xiao L concluded that it was a network failure.
But after painstakingly checking the configuration link, nothing suspicious was found.
Finally, Xiao L adopted the method of section-by-section detection to test the gateways in the link step by step, and found that all of them could be pinged, but the response time was getting longer and longer, and the response time of the last gateway was about 1800ms.
Could it be that the Ping is displayed differently due to timeout?
Inspired by this, Xiao L changed the timeout time of the Ping command message to 4000ms. This time, the ping was successful, and it showed that the response time of all the messages was around 2200ms.
Suggestions and conclusions:
Is it really that the ping fails? This issue needs to be clearly defined.
Because the focus of debugging connectivity problems and performance problems is different - the wrong location of the problem will inevitably lead to setbacks in the troubleshooting process.
Using the general Ping command, the default is to send 5 packets, and the timeout period is 2000ms.
If the ping fails, it is best to use the Ping command with parameters -c and -t to execute it again.
For example: Ping -c 20 -t 4000 ip-address, that is, send 20 packets continuously, and the timeout period of each packet is 4000ms, so you can generally determine whether it is a connectivity problem or a performance problem.
Troubleshooting case ②Use large packets to ping the peer to troubleshoot MTU inconsistency
Case description:
In a certain deployment, an RG router is used to interconnect with a router from another manufacturer, and the OSPF protocol is running.
After the data configuration is completed, everything is normal, and the equipment will run stably for a long time in the future. But two months later, users reported a network outage.
Related information shows:
1. Log in to the two routers, and find that the connection between the two routers is normal, and they can ping each other's addresses. But the OSPF protocol is interrupted.
2. Log in to the RG router to check the neighbor status, and find that the neighbor state machine is in the Exstart state. Turn on the corresponding debug switch to view the corresponding message information, and find that both parties can receive the Hello message, but after the RG router sends the DD message, it has not received the DD message from the other party.
3. Log in to the router of another manufacturer, turn on the corresponding debug switch, and find that the other party responds by sending a corresponding DD message after receiving the DD message sent by the RG router.
Cause Analysis:
It is preliminarily concluded that the RG router did not receive the DD response message, but the other party did send it out.
Since the HELLO message can be received, it means that the link is smooth, and there is no problem in sending and receiving multicast messages.
Then it may be that the DD packet sent by the other party has an error and the RG router rejects it, but checking the corresponding information does not report that the wrong DD packet has been received.
After carefully checking the debugging information of a certain manufacturer's router, it is found that the DD packet is very large with more than 2000 bytes.
Could it be a problem caused by the large size of the packet?
I tried to ping a 2000-byte packet, but it failed. Then the cause of the failure is likely to be that the large packets cannot be communicated due to the inconsistency of the MTUs of the two parties.
Process:
Check the configuration and find that the MTU of the peer router is set to more than 4000 and the MTU of the RG router is set to 1500, so modify the MTU of the peer router to 1500.
troubleshooting.
So why is there no problem in the early stage of the project?
This is because the length of the DD packet in the early stage was less than 1500 bytes, but later the network expansion resulted in too much routing information and the length of the DD packet exceeded 1500 bytes.
Suggestions and conclusions:
Since the default Ping packet size is 56 bytes, the displayed Ping pass information only means that packets with 56 bytes can pass through, but not necessarily that packets with other sizes can still pass through.
Therefore, you should be good at using other parameters of Ping for troubleshooting.
Troubleshooting case ③ If A can ping B, must B be able to ping A?
Case description:
First look at a network diagram.
Configure a static route pointing to 2.0.0.0/8 on RouterA:
RouterA(config)# ip route 2.0.0.0 255.0.0.0 1.1.1.1
Ping the Ethernet address 2.2.2.2 of RouterB on RouterA, and it shows that the ping is successful.
However, the Ethernet address 3.3.3.3 of RouterA cannot be pinged through on RouterB.
Cause Analysis:
Since there is no corresponding route to 3.0.0.0/8 configured on RouterB, the Ethernet port 3.3.3.3 of RouterA cannot be pinged from RouterB.
But why is it possible to ping 2.2.2.2 on A? Also there is no return route ah?
Turn on the IP packet debugging switch on the router and find that the source address of the original ICMP packet sent from RouterA is 1.1.1.1 instead of 3.3.3.3.
Since the s0 ports of the two routers are on the same network segment, the response packets can reach RouterB smoothly.
Suggestions and conclusions:
If A can ping B, then B must be able to ping A (regardless of the firewall). The right or wrong of this sentence depends on whether A and B refer to the host or the router.
If it refers to two hosts, then this sentence is correct.
If it refers to two routers, it is wrong, because routers usually have multiple IP addresses
Now there is the following question: which one should be selected for the source address of the ICMP Echo message sent by the Ping command from a router?
The actual situation is that the router chooses the IP address of the interface from which the packet is sent.
That's all for today's issue.
I also want to see troubleshooting cases of other commands, pay attention to the Network Engineer Club, and wait for my update.
Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club