OSPF中虚链路与area认证的问题
使用到的命令:show ip ospf database 今天做OSPF实验时发现一个奇怪的问题:在各自配置了认证的区域里做虚链路连接时,所有路由表都是不完整的。 先贴配置: R1#show run interface Loopback0
ip address 172.16.1.1 255.255.255.0 interface Serial1/1
description DCE,OSPF area 3,connected to R2's S1/0,ip 172.16.255.2/30
ip address 172.16.255.1 255.255.255.252
ip ospf authentication-key 7 12185628190E15
serial restart-delay 0
clock rate 9600 router ospf 100
router-id 1.1.1.1
log-adjacency-changes
area 3 authentication message-digest
network 172.16.0.0 0.0.255.255 area 3 // R2#show run interface Serial1/0
description DTE,OSPF area 3,connected to R1's S1/1,ip 172.16.255.1/30
ip address 172.16.255.2 255.255.255.252
ip ospf authentication-key 7 094D1D3612000E
serial restart-delay 0
interface Serial1/1
description DCE,OSPF area 2,connected to R3's S1/0,ip 172.16.255.6/30
ip address 172.16.255.5 255.255.255.252
ip ospf authentication-key 7 045A5939042455
serial restart-delay 0
clock rate 9600 router ospf 100
router-id 2.2.2.2
log-adjacency-changes
area 2 virtual-link 3.3.3.3 area 3 authentication message-digest area 2 authentication message-digest
network 172.16.255.0 0.0.0.3 area 3
network 172.16.255.4 0.0.0.3 area 2 // R3#show run interface Serial1/0
description DTE,OSPF area 2,connected to R2's S1/1,ip 172.16.255.5/30
ip address 172.16.255.6 255.255.255.252
ip ospf authentication-key 7 045A5939042455
serial restart-delay 0
interface Serial1/1
description DCE,OSPF area 0,connected to R4's S1/0,ip 172.16.255.10/30
ip address 172.16.255.9 255.255.255.252
ip ospf authentication-key 7 1304472D00091D
serial restart-delay 0
clock rate 9600 router ospf 100
router-id 3.3.3.3
log-adjacency-changes
area 2 virtual-link 2.2.2.2 area 2 authentication message-digest area 0 authentication message-digest
network 172.16.255.4 0.0.0.3 area 2
network 172.16.255.8 0.0.0.3 area 0 // R4#show run interface Serial1/0
description DTE,OSPF area 0,connected to R3's S1/1,ip 172.16.255.9/30
ip address 172.16.255.10 255.255.255.252
ip ospf authentication-key 7 104F59260E120B
serial restart-delay 0 router ospf 100
router-id 4.4.4.4
log-adjacency-changes area 0 authentication message-digest
network 172.16.16.0 0.0.0.255 area 1
network 172.16.255.8 0.0.0.3 area 0 // 路由表如下: R1#show ip route 172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C172.16.255.0/30 is directly connected, Serial1/1
C172.16.1.0/24 is directly connected, Loopback0
R2#show ip route 172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C172.16.255.0/30 is directly connected, Serial1/0
C172.16.255.4/30 is directly connected, Serial1/1
O IA172.16.255.8/30 [110/128] via 172.16.255.6, 00:00:51, Serial1/1
O IA172.16.16.1/32 [110/129] via 172.16.255.6, 00:00:51, Serial1/1 R3#show ip route 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
C172.16.255.4/30 is directly connected, Serial1/0
C172.16.255.8/30 is directly connected, Serial1/1
O IA172.16.16.1/32 [110/65] via 172.16.255.10, 00:00:50, Serial1/1 R4#show ip route 172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks
O IA172.16.255.4/30 [110/128] via 172.16.255.9, 00:01:12, Serial1/0
C172.16.255.8/30 is directly connected, Serial1/0
C172.16.16.0/24 is directly connected, Loopback0 实在没有想到有什么解决办法。先查看database。由于R1、R4没有参与到虚链路中,因此重点查看R2、R3的database。 R2#show ip ospf database OSPF Router with ID (2.2.2.2) (Process ID 100) Router Link States (Area 0) Link IDADV RouterAgeSeq#Checksum Link count
2.2.2.22.2.2.23130x80000007 0x00FB30 0
3.3.3.33.3.3.35(DNA) 0x80000006 0x00F6DB 3
4.4.4.44.4.4.41758(DNA) 0x80000004 0x00A546 2 Summary Net Link States (Area 0) Link IDADV RouterAgeSeq#Checksum
172.16.16.14.4.4.41758(DNA) 0x80000003 0x00D685
172.16.255.02.2.2.23130x80000001 0x003803
172.16.255.42.2.2.23130x80000001 0x001027
172.16.255.43.3.3.31806(DNA) 0x80000003 0x00ED43 Router Link States (Area 2) Link IDADV RouterAgeSeq#Checksum Link count
2.2.2.22.2.2.23130x80000013 0x008174 2
3.3.3.33.3.3.33190x8000000E 0x002BCA 2
Summary Net Link States (Area 2) Link IDADV RouterAgeSeq#Checksum
172.16.16.13.3.3.33200x80000006 0x0071AB
172.16.255.02.2.2.23090x80000006 0x002E08
172.16.255.83.3.3.33210x80000006 0x00BF6A Router Link States (Area 3) Link IDADV RouterAgeSeq#Checksum Link count
1.1.1.11.1.1.121570x80000003 0x001239 3
2.2.2.22.2.2.23130x8000000B 0x00D24B 1 Summary Net Link States (Area 3) Link IDADV RouterAgeSeq#Checksum
172.16.255.42.2.2.23140x80000001 0x001027
// R3#show ip ospf database OSPF Router with ID (3.3.3.3) (Process ID 100) Router Link States (Area 0) Link IDADV RouterAgeSeq#Checksum Link count
2.2.2.22.2.2.25(DNA) 0x80000003 0x00BB55 1
3.3.3.33.3.3.33660x8000000E 0x00F1F4 2
4.4.4.44.4.4.49010x80000007 0x009F49 2 Summary Net Link States (Area 0) Link IDADV RouterAgeSeq#Checksum
172.16.1.12.2.2.2275(DNA) 0x80000002 0x003DF6
172.16.16.14.4.4.48970x80000005 0x00D287
172.16.255.02.2.2.2275(DNA) 0x80000002 0x003604
172.16.255.42.2.2.2275(DNA) 0x80000002 0x000E28
172.16.255.43.3.3.33610x80000001 0x00F141 Router Link States (Area 2) Link IDADV RouterAgeSeq#Checksum Link count
2.2.2.22.2.2.23510x80000013 0x008174 2
3.3.3.33.3.3.33560x8000000E 0x002BCA 2 Summary Net Link States (Area 2) Link IDADV RouterAgeSeq#Checksum
172.16.16.13.3.3.33570x80000006 0x0071AB
172.16.255.02.2.2.23480x80000006 0x002E08
172.16.255.83.3.3.33570x80000006 0x00BF6A
明显所有路由都在数据库里(查看R1和R4的数据库,同样该有的LSA都在数据库里),因此排除了虚链路没有转发某一类LSA的可能。但又没有想到是什么导致LSA在数据库里却不能生成路由。 只好胡乱蒙了。由于之前配置了区域间的认证,而虚链路正好是跨区域的,会不会是由于lsa的认证信息与区域认证信息不符,没有被采纳呢? no掉所有认证信息,重新查看路由表: R1#show ip route 172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
C172.16.255.0/30 is directly connected, Serial1/1
O IA172.16.255.4/30 [110/128] via 172.16.255.2, 00:00:33, Serial1/1
O IA172.16.255.8/30 [110/192] via 172.16.255.2, 00:00:13, Serial1/1
O IA172.16.16.1/32 [110/193] via 172.16.255.2, 00:00:13, Serial1/1
C172.16.1.0/24 is directly connected, Loopback0 其它的不用看了。 不过问题还没有解决,我相信区域认证与虚链路等跨区域传输lsa的方法应该没有冲突才对,都已经2点了,明天还要上班,还是先睡吧,等有时间了再作研究,呵呵。 【OSPF中虚链路与area认证的问题】转载于:https://blog.51cto.com/golehuang/73792
推荐阅读
- 第六章|第六章 Sleuth--链路追踪
- 计算机网络-数据链路层
- 计算机网络——数据链路层
- 消息队列 RocketMQ 遇上可观测(业务核心链路可视化)
- 网络开发|CentOS配置zebra OSPF
- 企业如何从 0 到 1 构建整套全链路追踪体系
- 路由交换|Cisco交换机 ——链路聚合
- 实用golang日志库logger,集成了日志及分布式链路追踪功能
- #|计算机网络之数据链路层(2、透明传输、封装成帧(字符填充、零比特填充、违规编码、字符计数))
- #|计算机网络之数据链路层(6、后退N帧协议(GBN))