Table of contents
Chapter 1 OSPF Protocol Features and Configuration
Step 1. Basic configuration and IP addressing
Step 2. Configure multi-area OSPF
Step 3. Troubleshoot OSPF within the area
Step 4. OSPF Authentication Troubleshooting
Step 5. Troubleshoot Virtual Circuits
Step 6. OSPF Route Summary Troubleshooting
Additional Experiments: Think and Verify
Chapter 1 OSPF Protocol Features and Configuration
Lab 1-6 OSPF Troubleshooting
learning purpose
Master the method of troubleshooting the area number mismatch in single-area OSPF
Learn how to troubleshoot mask mismatches in single-area OSPF
Master the method of troubleshooting the Hello time mismatch in single-area OSPF
Master the method of troubleshooting Router-id conflicts in single-area OSPF
Master the troubleshooting methods related to OSPF authentication
Master the troubleshooting methods related to OSPF summary
Master the troubleshooting methods related to virtual circuits
Topology
Figure 1-6 OSPF troubleshooting
Scenes
You are the company's network administrator. The company's network uses the OSPF protocol as a routing protocol. The OSPF protocol has powerful functions, but the corresponding configuration is relatively complicated. And in network planning, you have used various features of OSPF and also used virtual links. During the implementation process, you encounter many network communication problems. Fortunately, by using troubleshooting ideas and methods, you have successfully found various errors and restored the network.
Learning tasks
Step 1. Basic configuration and IP addressing
Configure IP addresses and masks for all routers. When configuring, note that all loopback interface configuration masks are 24 bits, which is simulated as a separate network segment.
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ip address 10.0.12.1 24
[R1-Serial1/0/0]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ip address 10.1.1.1 24
[R1-LoopBack0]quit
<R2>system-view
Enter system view, return user view with Ctrl+Z.
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ip address 10.0.12.2 24
[R2-Serial1/0/0]quit
[R2]interface Serial 2/0/0
[R2-Serial2/0/0]ip address 10.0.23.2 24
[R2-Serial2/0/0]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 24
[R2-LoopBack0]quit
To simulate the corresponding error, the G0/0/0 interface of R3 is configured with an IP address of 10.0.75.3/25, and the addresses of other interfaces are configured according to the identifiers in the topology diagram.
<R3>system-view
Enter system view, return user view with Ctrl+Z.
[R3]interface Serial 2/0/0
[R3-Serial2/0/0]ip address 10.0.23.3 24
[R3-Serial2/0/0]quit
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.0.75.3 25
[R3-GigabitEthernet0/0/0]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ip address 10.0.3.3 24
[R3-LoopBack0]quit
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ip address 10.0.75.4 24
[R4-GigabitEthernet0/0/0]quit
[R4]interface LoopBack 0
[R4-LoopBack0]ip address 10.1.4.4 24
[R4-LoopBack0]quit
<R5>system-view
Enter system view, return user view with Ctrl+Z.
[R5]interface GigabitEthernet 0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.0.75.5 24
[R5-GigabitEthernet0/0/0]quit
[R5]interface LoopBack 0
[R5-LoopBack0]ip address 10.0.5.5 24
[R5-LoopBack0]quit
After the configuration is complete, test the connectivity of the direct link.
[R3]ping -c 1 10.0.75.4
PING 10.0.75.4: 56 data bytes, press CTRL_C to break
Reply from 10.0.75.4: bytes=56 Sequence=1 ttl=255 time=5 ms
--- 10.0.75.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/5/5 ms
[R3]ping -c 1 10.0.75.5
PING 10.0.75.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.75.5: bytes=56 Sequence=1 ttl=255 time=5 ms
--- 10.0.75.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 5/5/5 ms
[R3]ping -c 1 10.0.23.2
PING 10.0.23.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.23.2: bytes=56 Sequence=1 ttl=255 time=41 ms
--- 10.0.23.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 41/41/41 ms
[R1]ping -c 1 10.0.12.2
PING 10.0.12.2: 56 data bytes, press CTRL_C to break
Reply from 10.0.12.2: bytes=56 Sequence=1 ttl=255 time=37 ms
--- 10.0.12.2 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 37/37/37 ms
Step 2. Configure multi-area OSPF
Configure interfaces Serial 1/0/0 and Loopback 0 of R1 to belong to area 2, and use the address of interface Loopback 0 as the router ID. Note that for loopback interfaces in all OSPF areas, change the OSPF network type to Broadcast so that OSPF can advertise the actual mask information of the loopback interface.
[R1]ospf 1 router-id 10.1.1.1
[R1-ospf-1]area 2
[R1-ospf-1-area-0.0.0.2]network 10.0.12.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2]network 10.1.1.1 0.0.0.0
[R1-ospf-1-area-0.0.0.2]quit
[R1-ospf-1]quit
[R1]interface LoopBack 0
[R1-LoopBack0]ospf network-type broadcast
[R1-LoopBack0]quit
Configure interface Serial 2/0/0 and loopback 0 on R2 to belong to area 1, and interface Serial 1/0/0 to belong to area 2. When OSPF is enabled, no router ID is statically specified.
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]network 10.0.23.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]network 10.0.2.2 0.0.0.0
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]network 10.0.12.2 0.0.0.0
[R2-ospf-1-area-0.0.0.2]quit
[R2-ospf-1]quit
[R2]interface LoopBack 0
[R2-LoopBack0]ospf network-type broadcast
[R2-LoopBack0]quit
Configure interfaces Serial 2/0/0 and Loopback 0 to belong to area 1 on R3, and interface GigabitEthernet 0/0/0 to belong to area 0.
[R3]ospf 1 router-id 10.0.3.3
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]network 10.0.23.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]network 10.0.3.3 0.0.0.0
[R3-ospf-1-area-0.0.0.1]quit
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 10.0.75.3 0.0.0.0
[R3-ospf-1-area-0.0.0.0]quit
[R3-ospf-1]quit
[R3]interface LoopBack 0
[R3-LoopBack0]ospf network-type broadcast
[R3-LoopBack0]quit
Configure interface GigabitEthernet 0/0/0 on R4 to belong to area 1, and interface Loopback 0 to not belong to any area. When configuring the OSPF process, use ospf 1 router-id to specify the router ID of R4 as 10.0.5.5.
[R4]ospf 1 router-id 10.0.5.5
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]quit
[R4-ospf-1]quit
Configure interfaces GigabitEthernet 0/0/0 and Loopback 0 on R5 to belong to area 0.
[R5]ospf 1 router-id 10.0.5.5
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.0.75.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]network 10.0.5.5 0.0.0.0
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit
[R5]interface LoopBack 0
[R5-LoopBack0]ospf network-type broadcast
[R5-LoopBack0]quit
Step 3. Troubleshoot OSPF within the area
Check the neighbor list of R4, and find that R4 has no neighbor relationship with other routers.
[R4]display ospf peer
OSPF Process 1 with Router ID 10.0.5.5
Run the display ospf error command on R3, R4, and R5 to view OSPF errors.
[R3]display ospf error
OSPF Process 1 with Router ID 10.0.3.3
OSPF error statistics
General packet errors:
0 : IP: received my own packet 11 : Bad packet
0 : Bad version 0 : Bad checksum
41 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
2 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
227 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
[R4]display ospf error
OSPF Process 1 with Router ID 10.0.5.5
OSPF error statistics
General packet errors:
0 : IP: received my own packet 0 : Bad packet
0 : Bad version 0 : Bad checksum
245 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
2 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
235 : Router id confusion 0 : Bad authentication sequence number
[R5]display ospf error
OSPF Process 1 with Router ID 10.0.5.5
OSPF error statistics
General packet errors:
0 : IP: received my own packet 260 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
286 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
260 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
From the above output, we can see that there are five types of errors among the three routers R3, R4, and R5: Router ID conflict (Router id confusion), subnet mask mismatch (Netmask mismatch), wrong area number (Bad area id), wrong data packet (Bad packet), wrong virtual circuit (Bad virtual link).
Here we have not configured a virtual circuit. In this case, the wrong virtual circuit is actually the wrong area number. For R4, when it receives an OSPF data packet with area number 0 on an interface with area number 1, it will think that this is a data packet sent over a virtual circuit. This error occurs because the router itself is not configured with a virtual circuit.
The wrong subnet mask is also part of the wrong data packet. We can fix the problem of the subnet mask first and then observe whether there are still wrong data packets.
First eliminate the problem of router ID conflicts. We can check the Router ID of each router in turn to manually find out the conflicting router, or we can find it through the system log. Browse the current system log of the router through display logbuffer .
[R5]display logbuffer
Logging buffer configuration and contents: enabled
Allowed max buffer size: 1024
Actual buffer size: 512
Channel number: 4, Channel name: logbuffer
Dropped messages: 0
Overwritten messages: 0
Current messages: 66
Oct 26 2016 12:34:51+00:00 R5 %%01OSPF/4/CONFLICT_ROUTERID_INTF(l)[12]:OSPF Router id conflict is detected on interface. (ProcessId=1, RouterId=10.0.5.5, AreaId=0.0.0.0, InterfaceName=GigabitEthernet0/0/0, IpAddr=10.0.75.5, PacketSrcIp=10.0.75.4)
From the above, we can see that the IP address of the router interface that conflicts with R5 is 10.0.75.4. Check the topology and find that 10.0.75.4 is the interface address of R4. Then check the Router ID of R4, and you can see that the Router ID of this router is the same as that of R5. At the same time, it is also found that the area code configuration of R4 is also incorrect.
[R4]display ospf brief
OSPF Process 1 with Router ID 10.0.5.5
OSPF Protocol Information
RouterID: 10.0.5.5 Border Router:
Multi-VPN-Instance is not enabled
Global DS-TE Mode: Non-Standard IETF Mode
Graceful-restart capability: disabled
Helper support capability : not configured
Applications Supported: MPLS Traffic-Engineering
Spf-schedule-interval: max 10000ms, start 500ms, hold 1000ms
Default ASE parameters: Metric: 1 Tag: 1 Type: 2
Route Preference: 10
ASE Route Preference: 150
SPF Computation Count: 2
RFC 1583 Compatible
Retransmission limitation is disabled
Area Count: 1 Nssa Area Count: 0
ExChange/Loading Neighbors: 0
Process total up interface count: 1
Process valid up interface count: 1
Area: 0.0.0.1 (MPLS TE not enabled)
Authtype: None Area flag: Normal
SPF scheduled Count: 2
ExChange/Loading Neighbors: 0
Router ID conflict state: Normal
Area interface up count: 1
Interface: 10.0.75.4 (GigabitEthernet0/0/0)
Cost: 1 State: DR Type: Broadcast MTU: 1500
Priority: 1
Designated Router: 10.0.75.4
Backup Designated Router: 0.0.0.0
Timers: Hello 10 , Dead 40 , Poll 120 , Retransmit 5 , Transmit Delay 1
Modify the Router ID and area number of R4.
[R4]ospf 1 router-id 10.1.4.4
[R4-ospf-1]area 1
[R4-ospf-1-area-0.0.0.1]undo network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.1]quit
[R4-ospf-1]undo area 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 10.0.75.4 0.0.0.0
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit
<R4>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
After modification, run the reset ospf counter command to clear the OSPF counter.
Note that the reset command must be run in user view.
<R4>reset ospf counters
After resetting, wait for a while, and then run display ospf error to check whether the problem disappears.
<R4>display ospf error
OSPF Process 1 with Router ID 10.1.4.4
OSPF error statistics
General packet errors:
0 : IP: received my own packet 13 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
13 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
It can be seen that after modifying the configuration, the problem of Route ID conflict and wrong area number disappears, and the problem of subnet mask mismatch remains. In order to find out which router is configured with the wrong subnet mask, we check the Debug information on R4.
<R4>terminal debugging
Info: Current terminal debugging is on.
<R4>debugging ospf packet hello
Oct 26 2016 14:30:08.350.1+00:00 R4 RM/6/RMDEBUG:
FileID: 0xd0178024 Line: 2271 Level: 0x20
OSPF 1: RECV Packet. Interface: GigabitEthernet0/0/0
<R4>
Oct 26 2016 14:30:08.360.1+00:00 R4 RM/6/RMDEBUG: Source Address: 10.0.75.3
Oct 26 2016 14:30:08.360.2+00:00 R4 RM/6/RMDEBUG: Destination Address: 224.0.0.5
Oct 26 2016 14:30:08.360.3+00:00 R4 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
Oct 26 2016 14:30:08.360.4+00:00 R4 RM/6/RMDEBUG: Length: 44, Router: 10.0.3.3
Oct 26 2016 14:30:08.360.5+00:00 R4 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: 9a18
Oct 26 2016 14:30:08.360.6+00:00 R4 RM/6/RMDEBUG: AuType: 00
Oct 26 2016 14:30:08.360.7+00:00 R4 RM/6/RMDEBUG: Key(ascii): * * * * * * * *
Oct 26 2016 14:30:08.360.8+00:00 R4 RM/6/RMDEBUG: Net Mask: 255.255.255.128
Oct 26 2016 14:30:08.360.9+00:00 R4 RM/6/RMDEBUG: Hello Int: 10, Option: _E_
Oct 26 2016 14:30:08.360.10+00:00 R4 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 40
Oct 26 2016 14:30:08.360.11+00:00 R4 RM/6/RMDEBUG: DR: 10.0.75.3
Oct 26 2016 14:30:08.360.12+00:00 R4 RM/6/RMDEBUG: BDR: 0.0.0.0
Oct 26 2016 14:30:08.360.13+00:00 R4 RM/6/RMDEBUG: # Attached Neighbors: 0
From the above information, we can see that the subnet mask in the Hello packet sent from 10.0.75.3 is 255.255.255.128. Check the otherid2ology and find that the configuration of the corresponding interface on R3 is incorrect.
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]display this
[V200R007C00SPC600]
#
interface GigabitEthernet0/0/0
ip address 10.0.75.3 255.255.255.128
#
return
[R3-GigabitEthernet0/0/0]ip address 10.0.75.3 24
[R3-GigabitEthernet0/0/0]quit
Clear the OSPF counters again to check whether there are still errors.
<R3>reset ospf counters
<R3>display ospf error
OSPF Process 1 with Router ID 10.0.3.3
OSPF error statistics
General packet errors:
0 : IP: received my own packet 0 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
0 : Netmask mismatch 0 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
Check the neighbor list on R3, and find that the status of each neighbor is normal.
[R3]display ospf peer brief
OSPF Process 1 with Router ID 10.0.3.3
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.1.4.4 Full
0.0.0.0 GigabitEthernet0/0/0 10.0.5.5 Full
0.0.0.1 Serial2/0/0 10.0.2.2 Full
----------------------------------------------------------------------------
Next, we modify the Hello interval of the GigabitEthernet 0/0/0 interface of R4 to 5 seconds, and observe whether the neighbor relationship can be formed.
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]ospf timer hello 5
[R4-GigabitEthernet0/0/0]quit
After about half a minute, it can be observed that R4's neighbors have disappeared.
[R4]display ospf peer brief
OSPF Process 1 with Router ID 10.1.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
----------------------------------------------------------------------------
Clear the R4 OSPF counter and check OSPF errors.
<R4>reset ospf counters
<R4>system-view
Enter system view, return user view with Ctrl+Z.
[R4]display ospf error
OSPF Process 1 with Router ID 10.1.4.4
OSPF error statistics
General packet errors:
0 : IP: received my own packet 4 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
HELLO packet errors:
0 : Netmask mismatch 4 : Hello timer mismatch
0 : Dead timer mismatch 0 : Virtual neighbor unknown
0 : NBMA neighbor unknown 0 : Invalid Source Address
It can be seen that the Hello time mismatch error occurs, indicating that OSPF requires the same Hello interval between neighbors.
Cancel the modification of the Hello interval. Check the neighbor list again.
[R4]interface GigabitEthernet 0/0/0
[R4-GigabitEthernet0/0/0]undo ospf timer hello
[R4-GigabitEthernet0/0/0]quit
[R4]display ospf peer brief
OSPF Process 1 with Router ID 10.1.4.4
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0 10.0.3.3 Full
0.0.0.0 GigabitEthernet0/0/0 10.0.5.5 Full
----------------------------------------------------------------------------
Neighborhood relations were found to have returned to normal.
Step 4. OSPF Authentication Troubleshooting
Configure interface-based authentication on R1 and R2.
Among them, R1 adopts the simple method, and the key is 123.
R2 adopts the MD5 method, and the key is huawei.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode simple plain 123
[R1-Serial1/0/0]quit
[R2]interface Serial 1/0/0
[R2-Serial1/0/0]ospf authentication-mode md5 1 plain huawei
[R2-Serial1/0/0]quit
After the configuration is complete, clear the OSPF counter on R1 to view OSPF errors.
<R1>reset ospf counters
<R1>system-view
Enter system view, return user view with Ctrl+Z.
[R1]display ospf error
OSPF Process 1 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0 : IP: received my own packet 3 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 3 : Bad authentication type
0 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
After configuring the authentication method of R1 to MD5, check whether there is still an error.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode md5 1 plain 123
[R1-Serial1/0/0]return
<R1>reset ospf counters
<R1>display ospf error
OSPF Process 1 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0 : IP: received my own packet 9 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 0 : Bad authentication type
9 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
It can be seen that the problem still exists.
Change the key of R1 to huawei and observe the neighbor relationship.
[R1]interface Serial 1/0/0
[R1-Serial1/0/0]ospf authentication-mode md5 1 plain huawei
[R1-Serial1/0/0]quit
[R1]display ospf peer brief
OSPF Process 1 with Router ID 10.1.1.1
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.2 Serial1/0/0 10.0.2.2 Full
----------------------------------------------------------------------------
It can be seen that R1 and R2 have established an adjacency relationship.
Step 5. Troubleshoot Virtual Circuits
To ensure connectivity between Area 2 and Area 0, create a virtual circuit between R2 and R3.
[R2]ospf 1
[R2-ospf-1]area 1
[R2-ospf-1-area-0.0.0.1]vlink-peer 10.0.3.3
[R2-ospf-1-area-0.0.0.1]quit
[R2-ospf-1]quit
[R3]ospf 1
[R3-ospf-1]area 1
[R3-ospf-1-area-0.0.0.1]vlink-peer 10.0.2.2
[R3-ospf-1-area-0.0.0.1]quit
[R3-ospf-1]quit
Check whether the virtual circuit is established normally and whether R1 has learned the routes of the entire network.
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
[R1]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1562 D 10.0.12.2 Serial1/0/0
10.0.3.0/24 OSPF 10 3124 D 10.0.12.2 Serial1/0/0
10.0.5.0/24 OSPF 10 3125 D 10.0.12.2 Serial1/0/0
10.0.23.0/24 OSPF 10 3124 D 10.0.12.2 Serial1/0/0
10.0.75.0/24 OSPF 10 3125 D 10.0.12.2 Serial1/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
Test connectivity on R1 and verify that R5 can be reached.
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.5.5: bytes=56 Sequence=1 ttl=253 time=81 ms
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 81/81/81 ms
For testing purposes, delete the loopback0 interface of R2.
[R2]undo interface LoopBack 0
Later, due to an accident, the router restarted. Here we simulate a router restart by restarting the OSPF process.
<R2>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
At this time, users connected to R1 find that they cannot access addresses outside the zone. The administrator logs in to R1 and finds that it cannot communicate with the loopback address of R5.
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Request time out
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
0 packet(s) received
100.00% packet loss
After checking the virtual circuit between R2 and R3, it is found that the status is abnormal and the Router ID of R2 has changed.
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.23.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Down
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
The virtual circuit is established based on the router ID of the peer device. The Router ID of R2 has changed, so the virtual circuit is faulty.
Usually we specify the Router ID of the process when starting the OSPF process, just to prevent the Router ID from changing during the running of the router.
Next, we fix the Router ID of R2 to 10.0.2.2, add the loopback address back, and then restart the OSPF process.
[R2]ospf 1 router-id 10.0.2.2
Info: The configuration succeeded. You need to restart the OSPF process to validate the new router ID.
[R2-ospf-1]interface LoopBack 0
[R2-LoopBack0]ip address 10.0.2.2 24
[R2-LoopBack0]quit
<R2>reset ospf process
Warning: The OSPF process will be reset. Continue? [Y/N]:y
Check the status of the virtual circuit again.
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
At this point the virtual circuit has returned to normal.
For security reasons, the administrator uses area-based authentication in area 0, and enables MD5 to encrypt packets with the key huawei.
[R3]ospf 1
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R3-ospf-1-area-0.0.0.0]quit
[R3-ospf-1]quit
[R4]ospf 1
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit
[R5]ospf 1
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit
At this time, the administrator again found that users in area 2 could not access the network outside the area. After checking the virtual circuit, it was found that the virtual circuit was in a faulty state again.
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Down
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
Check the OSPF error and find that there is an authentication error.
<R2>reset ospf counters
<R2>display ospf error
OSPF Process 1 with Router ID 10.0.2.2
OSPF error statistics
General packet errors:
0 : IP: received my own packet 7 : Bad packet
0 : Bad version 0 : Bad checksum
0 : Bad area id 0 : Drop on unnumbered interface
0 : Bad virtual link 7 : Bad authentication type
9 : Bad authentication key 0 : Packet too small
0 : Packet size > ip length 0 : Transmit error
0 : Interface down 0 : Unknown neighbor
0 : Bad net segment 0 : Extern option mismatch
0 : Router id confusion 0 : Bad authentication sequence number
OSPF virtual circuits belong to area 0. Area-based authentication is enabled in area 0, and authentication also needs to be enabled on the virtual circuit.
[R2]ospf 1
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]authentication-mode md5 1 plain huawei
[R2-ospf-1-area-0.0.0.0]quit
[R2-ospf-1]quit
At this time, the state of the virtual circuit returns to normal, and R1 can access other areas normally.
[R2]display ospf vlink
OSPF Process 1 with Router ID 10.0.2.2
Virtual Links
Virtual-link Neighbor-id -> 10.0.3.3, Neighbor-State: Full
Interface: 10.0.23.2 (Serial2/0/0)
Cost: 1562 State: P-2-P Type: Virtual
Transit Area: 0.0.0.1
Timers: Hello 10 , Dead 40 , Retransmit 5 , Transmit Delay 1
GR State: Normal
[R1]ping -c 1 10.0.5.5
PING 10.0.5.5: 56 data bytes, press CTRL_C to break
Reply from 10.0.5.5: bytes=56 Sequence=1 ttl=253 time=73 ms
--- 10.0.5.5 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 73/73/73 ms
Step 6. Troubleshoot OSPF Route Summarization
First, import the Loopback 0 interface address on R4 in the form of an external route, and summarize the addresses. The summarized subnet mask is 16 bits.
[R4]ospf 1
[R4-ospf-1]import-route direct
[R4-ospf-1]asbr-summary 10.1.0.0 255.255.0.0
[R4-ospf-1]quit
After a period of time, the administrator configured inter-area summarization on R2 to summarize the network segment connected to the Loopback 0 interface of R1 into a route with a 16-bit mask.
[R2]ospf 1
[R2-ospf-1]area 2
[R2-ospf-1-area-0.0.0.2]abr-summary 10.1.0.0 255.255.0.0
[R2-ospf-1-area-0.0.0.2]quit
[R2-ospf-1]quit
At this time, except for the users connected to R4, all users on the entire network report that they cannot access the loopback address 10.1.4.4 of R4.
Check the routing table of router R5 in the same area as R4, and find that to reach 10.1.4.4, the route entry 10.1.0.0/16 is matched, and the next hop of this route is 10.0.75.3.
Why is there such a wrong entry?
[R5]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 5 Routes : 5
OSPF routing table status : <Active>
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.0.3.0/24 OSPF 10 1 D 10.0.75.3 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.0.23.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.1.0.0/16 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
Let's first observe the LSDB of R5.
[R5]display ospf lsdb
OSPF Process 1 with Router ID 10.0.5.5
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.5.5 10.0.5.5 214 48 80000025 0
Router 10.0.3.3 10.0.3.3 1246 48 80000024 1
Router 10.0.2.2 10.0.2.2 1247 36 80000005 1562
Router 10.1.4.4 10.1.4.4 648 36 8000000D 1
Network 10.0.75.4 10.1.4.4 206 36 80000004 0
Sum-Net 10.0.12.0 10.0.2.2 916 28 80000002 1562
Sum-Net 10.0.3.0 10.0.3.3 893 28 80000008 0
Sum-Net 10.0.3.0 10.0.2.2 916 28 80000002 1562
Sum-Net 10.0.2.0 10.0.3.3 919 28 80000003 1562
Sum-Net 10.0.2.0 10.0.2.2 916 28 80000002 0
Sum-Net 10.1.0.0 10.0.2.2 538 28 80000001 1562
Sum-Net 10.0.23.0 10.0.3.3 893 28 80000008 1562
Sum-Net 10.0.23.0 10.0.2.2 917 28 80000002 1562
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.0.75.0 10.1.4.4 649 36 80000001 1
External 10.1.0.0 10.1.4.4 620 36 80000001 2
In the LSDB, we see that there are 2 routes describing 10.1.0.0, and then check the details of the LSA. The following type-3 LSA is initiated by R2, and the type-5 LSA is originated by R5. These two LSAs describe the same network segment information.
[R5]display ospf lsdb summary 10.1.0.0
OSPF Process 1 with Router ID 10.0.5.5
Area: 0.0.0.0
Link State Database
Type : Sum-Net
Ls id : 10.1.0.0
Adv rtr : 10.0.2.2
Ls age : 767
Len : 28
Options : E
seq# : 80000001
chksum: 0xa380
Net mask : 255.255.0.0
Tos 0 metric: 1562
Priority : Low
[R5]display ospf lsdb ase 10.1.0.0
OSPF Process 1 with Router ID 10.0.5.5
Link State Database
Type : External
Ls id : 10.1.0.0
Adv rtr : 10.1.4.4
Ls age : 871
Len : 36
Options : E
seq# : 80000001
chksum : 0xe3cd
Net mask : 255.255.0.0
TOS 0 Metric: 2
E type : 2
Forwarding Address : 0.0.0.0
Tag : 1
Priority : Low
In OSPF, the third type of LSA is always better than the fifth type of LSA, so the next hop of the route 10.1.0.0/16 in the routing table of R5 will be R3.
In order to avoid such problems, we cancel the original summary of external routes on R4, so that this route will appear in the routing tables of other routers again.
[R4]ospf 1
[R4-ospf-1]undo asbr-summary 10.1.0.0 255.255.0.0
[R4-ospf-1]quit
[R5]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
----------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 6 Routes : 6
OSPF routing table status : <Active>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.0.3.0/24 OSPF 10 1 D 10.0.75.3 GigabitEthernet0/0/0
10.0.12.0/24 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.0.23.0/24 OSPF 10 1563 D 10.0.75.3 GigabitEthernet0/0/0
10.1.0.0/16 OSPF 10 3125 D 10.0.75.3 GigabitEthernet0/0/0
10.1.4.4/24 O_ASE 150 1 D 10.0.75.4 GigabitEthernet0/0/0
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
At this time, we can see that a correct route about 10.1.4.4/24 has been learned on R5. At this point we test connectivity on R1.
[R1]ping -c 1 10.1.4.4
PING 10.1.4.4: 56 data bytes, press CTRL_C to break
Reply from 10.1.4.4: bytes=56 Sequence=1 ttl=253 time=71 ms
--- 10.1.4.4 ping statistics ---
1 packet(s) transmitted
1 packet(s) received
0.00% packet loss
round-trip min/avg/max = 71/71/71 ms
It can be seen that the network is back to normal.
Additional Experiments : Think and Verify
Can I enable both zone-based authentication and interface-based authentication in a zone?
Can the area numbers of non-backbone areas be the same?
final device configuration
<R1>display current-configuration
[V200R007C00SPC600]
#
sysname R1
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.1 255.255.255.0
ospf authentication-mode md5 1 plain huawei
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.1.1.1
area 0.0.0.2
network 10.0.12.1 0.0.0.0
network 10.1.1.1 0.0.0.0
#
return
<R2>display current-configuration
[V200R007C00SPC600]
#
sysname R2
#
interface Serial1/0/0
link-protocol ppp
ip address 10.0.12.2 255.255.255.0
ospf authentication-mode md5 1 plain huawei
#
interface LoopBack0
ip address 10.0.2.2 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.2.2
area 0.0.0.0
authentication-mode md5 1 plain huawei
area 0.0.0.1
network 10.0.23.2 0.0.0.0
network 10.0.2.2 0.0.0.0
vlink-peer 10.0.3.3
area 0.0.0.2
abr-summary 10.1.0.0 255.255.0.0
network 10.0.12.2 0.0.0.0
#
return
<R3>display current-configuration
[V200R007C00SPC600]
#
sysname R3
#
interface Serial2/0/0
link-protocol ppp
ip address 10.0.23.3 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.0.75.3 255.255.255.0
#
interface LoopBack0
ip address 10.0.3.3 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.3.3
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.3 0.0.0.0
area 0.0.0.1
network 10.0.23.3 0.0.0.0
network 10.0.3.3 0.0.0.0
vlink-peer 10.0.2.2
#
return
<R4>display current-configuration
[V200R007C00SPC600]
#
sysname R4
#
interface GigabitEthernet0/0/0
ip address 10.0.75.4 255.255.255.0
#
interface LoopBack0
ip address 10.1.4.4 255.255.255.0
#
ospf 1 router-id 10.1.4.4
import-route direct
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.4 0.0.0.0
#
return
<R5>display current-configuration
[V200R007C00SPC600]
#
sysname R5
#
interface GigabitEthernet0/0/0
ip address 10.0.75.5 255.255.255.0
#
interface LoopBack0
ip address 10.0.5.5 255.255.255.0
ospf network-type broadcast
#
ospf 1 router-id 10.0.5.5
area 0.0.0.0
authentication-mode md5 1 plain huawei
network 10.0.75.5 0.0.0.0
network 10.0.5.5 0.0.0.0
#
Return