IPCP在2可用时移除默认路由
我被困在我的实验室里有段时间了。任何帮助都是非常感谢的。
下面是我的CPE边缘拓扑:
https://i.imgur.com/UZ4u0XG.png
以以下情景为例:
我有两个电路,我正在为我的广域网链路(Fa0/0和Fa0/1)做每个包的负载平衡。我得到了我的默认路径与IPCP后,PPP谈判,为两个链接已经完成。看起来正常,如下所示:
CPE-4# sh ip route
S* 0.0.0.0/0 [1/0] via 10.161.3.1CEF显示我在那里有两条路:
CPE-4# sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 10.161.3.1 Dialer1
10.161.3.1 Dialer2我的两个疗程都结束了:
CPE-4#sh caller
Active Idle
Line User Service Time Time
con 0 - TTY 01:12:07 00:00:00
Vi2 LNS1 PPPoE 00:58:27 00:00:01
Vi3 LNS1 PPPoE 01:03:54 00:00:08我关闭了一个wan链接(Fa0/0),并得到了预期的PPP调试日志:
*Oct 16 18:23:19.279: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Oct 16 18:23:20.279: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Oct 16 18:24:16.279: Vi2 PPP: Missed 5 keepalives, taking LCP down
*Oct 16 18:24:16.279: Vi2 PPP DISC: Missed too many keepalives
*Oct 16 18:24:16.283: PPP: NET STOP send to AAA.
*Oct 16 18:24:16.299: Vi2 IPCP: Event[DOWN] State[Open to Starting]
*Oct 16 18:24:16.299: Vi2 IPCP: Event[CLOSE] State[Starting to Initial]
*Oct 16 18:24:16.303: Vi2 LCP: O TERMREQ [Open] id 3 len 4
*Oct 16 18:24:16.307: Vi2 LCP: Event[CLOSE] State[Open to Closing]
*Oct 16 18:24:16.307: Vi2 PPP: Phase is TERMINATING
*Oct 16 18:24:16.359: Di1 Deleted neighbor route from AVL tree: topoid 0, address 10.161.3.1
*Oct 16 18:24:16.359: Di1 IPCP: Remove route to 10.161.3.1
*Oct 16 18:24:16.359: Di1 IPCP: Remove default route thru 10.161.3.1
*Oct 16 18:24:16.395: Vi2 LCP: Event[DOWN] State[Closing to Initial]
*Oct 16 18:24:16.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Oct 16 18:24:16.415: Vi2 PPP: Phase is DOWN
*Oct 16 18:24:16.443: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Oct 16 18:24:16.483: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down我的二级广域网连接仍未开通,我们可以确认:
CPE-4#sh caller
Active Idle
Line User Service Time Time
con 0 - TTY 01:12:07 00:00:00
Vi3 LNS1 PPPoE 01:03:54 00:00:08但现在我的默认路线已经走了
CPE-4# sh ip route
Gateway of last resort is not set它肯定不在CEF里面:
CPE-4# sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route我仍然可以跳下一跳,每个人都知道去那里的路:
CPE-4#ping 10.161.3.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/54/68 ms
CPE-4#sh ip route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
C 10.161.3.1 is directly connected, Dialer1
CPE-4(config-if)#do sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1为了恢复默认路由,我需要弹出Vi3 (第二广域网链路)和重新定位PPP,并以这种方式获得IPCP路由。
这是拨号器吐露的信息。相当标准的东西:
interface Dialer1
mtu 1492
ip address negotiated
ip load-sharing per-packet
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname testuser@gns3.homelab
ppp chap password 0 password
ppp ipcp route default
no cdp enable
interface Dialer2
mtu 1492
ip address negotiated
ip load-sharing per-packet
encapsulation ppp
dialer pool 2
dialer idle-timeout 0
dialer persistent
dialer-group 2
ppp chap hostname testuser2@gns3.homelab
ppp chap password 0 password
ppp ipcp route default
no cdp enable其次是广域网链接:
interface FastEthernet0/0
description *** WAN 1 ***
no ip address
duplex full
pppoe enable group global
pppoe-client dial-pool-number 1
interface FastEthernet0/1
description *** WAN 2 ***
no ip address
duplex full
pppoe enable group global
pppoe-client dial-pool-number 2作为参考,当关闭一个接口:https://hastebin.com/wolobujeyo.yaml (在本例中,Dialer2是当前活动的接口)时,调试日志来自PPP和CEF。Dialer1被关闭了。
大多数值得注意的日志如下所示,这些日志说明Dialer2已经接管了默认路由:
*Oct 16 20:48:10.019: FIBpath: {mod} [v4-ah-10.161.3.1-Di2 67561A40(1)] Linked path to oce IP adj out of Dialer2 675AFA60
*Oct 16 20:48:10.023: FIBpathlist_ifnums: [1/0:v4-ah-10.161.3.1-Di2 67561474(1)]inserted Dialer2(10) 0.0.0.0
*Oct 16 20:48:10.115: FIBpathlist_ifnums: [1/0:v4-rcrsv-10.161.3.1 675613D4(2)] updated Dialer2(10) 0.0.0.0如果我也清除了VAI,也会发生同样的事情:
CPE-4#clear int vi3
*Oct 17 11:31:22.839: %DIALER-6-UNBIND: Interface Vi3 unbound from profile Di1
*Oct 17 11:31:22.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Oct 17 11:31:22.935: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down。
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer2。
CPE-4#sh ip route
Gateway of last resort is not setVAI回来了:
*Oct 17 11:31:45.063: %DIALER-6-BIND: Interface Vi3 bound to profile Di1
*Oct 17 11:31:45.079: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Oct 17 11:31:46.259: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up路线回来了
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 10.161.3.1 Dialer1
10.161.3.1 Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
attached Dialer2LNS还为我提供了两个IP地址,因为它是两个单独的用户帐户,通过RADIUS登录:
CPE-4#sh ip int br
Interface IP-Address OK? Method Status Protocol
Dialer1 172.16.100.1 YES IPCP up up
Dialer2 172.16.100.2 YES IPCP up up我可以进一步证实,这是PPP/IPCP在做一些事情,因为我也可以手动添加静态路由,它们不清楚PPP何时下降:
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 attached Dialer1
attached Dialer2
10.161.3.1 Dialer1
10.161.3.1 Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
attached Dialer2在清除一个VAI之后:
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 attached Dialer1
attached Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1所以国际化学品安全方案或公私伙伴关系绝对是这里的问题。
我已经在多个固件版本和非常不同的硬件上尝试过这一点。此复制是在Cisco 7206 VXRNPE-40015.2(4)S3上完成的。我还在Cisco 877,887,891,927-4P,1921,1911,2911,ISR 4331,ISR 1111-4P/8P上复制了这个问题。固件版本从15.2 - 15.7。
由于我能够复制的范围,我不认为这是一个错误,比我错过了一些IPCP的工作方式。
有人能解释为什么当一个WAN链路关闭时,我的默认路由会被删除,尽管有两个--都有有效的路由和CEF条目?
回答 1
Network Engineering用户
发布于 2020-10-17 21:34:18
在思科的头脑中,这应该由多链路PPP来处理,但是在他们的MLPPP代码出现了严重的问题后,我们("I")将问题客户切换到每个包的CEF。
在这种模式下,您不能依赖IPCP来设置伪ECMP。IPCP创建的路由不包括接口,因此当添加重复条目时-通过10.161.3.1 - 0/0 -无法知道要删除哪一个,因此两者都被删除。如果你不依赖国际化学品安全方案,这将是很好的工作。但是,您必须始终连接到相同的RAS。(或者到接口的路由,这从来不是一个好的实践。)
https://networkengineering.stackexchange.com/questions/70528
复制相似问题
腾讯云开发者
