作者mikevada (vada)
看板Network
標題[除錯] ospf不穩定,要如何解?
時間Fri Dec 13 11:43:45 2013
總公司和分公司有形成一個vpn lan,分公司有二條專線做流量的分流,和總公司跑ospf(
中間經過中華電信機房),
可是一直以來都有看到介面的log像下面,
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.48 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.75 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.254 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.254 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.52 on GigabitEthernet1/0/1 from 2WAY
to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.254 on GigabitEthernet1/0/2 from
FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.254 on GigabitEthernet1/0/2 from
FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.48 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.254 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.75 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.254 on GigabitEthernet1/0/2 from
LOADING to FULL, Loading Done
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.254 on GigabitEthernet1/0/2 from
FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.254 on GigabitEthernet1/0/2 from
FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.4.254 on GigabitEthernet1/0/1 from
FULL to DOWN, Neighbor Down: Dead timer expired
%OSPF-5-ADJCHG: Process 1, Nbr 192.168.0.254 on GigabitEthernet1/0/1 from
FULL to DOWN, Neighbor Down: Dead timer ex
線路就一直在LOADING to FULL, Loading Done、from FULL to DOWN, Neighbor Down:
Dead timer expired之間切換,
在正常的狀態下可以看到對外都有從兩路線路學到路由,在異常時從分公司的路由表也會
看到其中一路的路由會不見,然後又起來的不
穩定情形,請問有可能是什麼問題?已經困擾很久了。
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 122.116.88.154
推 deadwood:確認一下,你們家專線是用ADSL或是v.35進線,這兩種都有 12/13 12:03
→ deadwood:不小的機率因為線路品質不穩(別懷疑)造成IGP溝通中斷 12/13 12:04
→ deadwood:接觸過不少客戶,用中華專線也是常常在跟neighbor斷線 12/13 12:06
→ mikevada:我們是用fttb的光纖 12/13 12:58
推 deadwood:排除網路品質問題的話,就得從你們的網路架構跟設定 12/13 13:15
→ deadwood:去找出有問題的地方了,只貼log很難知道怎麼除錯 12/13 13:16
→ deadwood:不過192.168.0.X跟192.168.4.X兩組IP應該是不同網段 12/13 13:18
→ deadwood:照理說應該只會分別從某個介面連到,你的log卻顯示 12/13 13:19
→ deadwood:giga1/0/1跟1/0/2兩個介面都能同時連到這兩個網段 12/13 13:19
→ deadwood:可能你們公司的架構比較特殊吧? 12/13 13:20
→ chugliang:能給公司網路架構嗎?兩個網段怎會在同一條線路? 12/13 13:28
→ chugliang:VPN耶....架構圖可以畫來看看嗎? 12/13 13:31
推 deadwood:建議可以先確認一下總公司跟分公司的ospf hello-interval 12/13 14:05
→ deadwood:或是dead-interval有沒有一致,看起來有點像這個問題 12/13 14:06
→ mikevada:兩邊都是cisco 3750,hello time都是預設應該是10秒 12/13 16:42
→ mikevada:可是下指令時sh ip ospf 1沒有看到hello time的資訊 12/13 16:43
→ mikevada:架構圖後補了。 12/13 16:45
推 deadwood:在exec模式下 sh ip ospf int port號 就能看 12/13 17:10
→ deadwood:不過應該不是那個問題,因為hellotime不匹配連鄰居都不會 12/13 17:11
→ deadwood:建立成功。 12/13 17:11
推 asdfghjklasd:這問題不難啊.... 12/13 20:58
→ mikevada:a大,怎麼說? 12/13 22:56
推 sssxyz:線路異常? 頻寬滿載? 12/14 22:36
頻寬沒滿,也沒有error packet
→ flyiii:先起個BFD看看到底是不是介面有問題再說吧. 12/16 23:31
是只要一邊起BFD就好了嗎?還是要兩邊都做?以前沒試過
→ infosec:樓上高手高手高高手出現了~ 12/17 00:38
※ 編輯: mikevada 來自: 122.116.88.154 (12/18 20:06)