OSPF建立邻居的条件
来源:互联网 发布:移动协同办公软件 编辑:程序博客网 时间:2024/04/28 03:46
1、ROUTER-ID冲突(3种情况)
情况1:R1和R2的router-id冲突(华为企业网设备可以自动换router-id)
*Mar 1 00:14:00.383: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 0.0.0.1 from 12.1.1.2 on interface FastEthernet0/0
情况2:R1R2R3中 R1R3的router-id冲突
*Mar 1 00:20:32.471: %OSPF-4-DUP_RTRID_AREA: Detected router with duplicate router ID 0.0.0.1 in area 0
R1和R2可以正常建neighbor,R3会不断发LS Update报文,报文中LS Age会置为3600s,标示为删除该路由
情况3:不同area区域的router-id冲突
没有导入T5类的外部路由时,整个网络的路由是正常的,导入外部路由会出现问题
2、HELLO时间和DEAD时间必须一致
ospf建neighbor要求设备两端的HELLO时间和DEAD时间必须一致,eigrp和is-is建neighbor不要求一致
————————————————————————————————————
1、HELLO TIME 10s 30s(nbma p2mp nbma-nonbroadcast)
show ip ospf interface fastEthernet 0/0 查看hello时间
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf hello-interval 12 修改hello时间
验证:
A、可以通过屏幕打印的LOG提示
B、debug ip ospf event
2、DEAD TIME 40s 60s(nbma p2mp nbma-nonbroadcast)
show ip ospf interface fastEthernet 0/0 查看dead时间
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf dead-interval 12 修改dead时间
验证:
A、可以通过屏幕打印的LOG提示
B、debug ip ospf event
查看Hello时间:
R1#show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 12.1.1.1/24, Area 0
Process ID 100, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 0.0.0.2, Interface address 12.1.1.2
Backup Designated router (ID) 0.0.0.1, Interface address 12.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 0.0.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
修改HELLO时间:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf hello-interval 12
R1#show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 12.1.1.1/24, Area 0
Process ID 100, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.1, Interface address 12.1.1.1
No backup designated router on this network
Timer intervals configured, Hello 12, Dead 48, Wait 48, Retransmit 5
oob-resync timeout 48
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
——————————————————————————————————————————
现象:*Mar 1 03:06:36.335: %OSPF-5-ADJCHG: Process 100, Nbr 0.0.0.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
结论:邻居关系down
————————————————————————————————————
1、HELLO TIME 10s 30s(nbma p2mp nbma-nonbroadcast)
show ip ospf interface fastEthernet 0/0 查看hello时间
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf hello-interval 12 修改hello时间
验证:
A、可以通过屏幕打印的LOG提示
B、debug ip ospf event
2、DEAD TIME 40s 60s(nbma p2mp nbma-nonbroadcast)
show ip ospf interface fastEthernet 0/0 查看dead时间
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf dead-interval 12 修改dead时间
验证:
A、可以通过屏幕打印的LOG提示
B、debug ip ospf event
查看Hello时间:
R1#show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 12.1.1.1/24, Area 0
Process ID 100, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 0.0.0.2, Interface address 12.1.1.2
Backup Designated router (ID) 0.0.0.1, Interface address 12.1.1.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
oob-resync timeout 40
Hello due in 00:00:05
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 0.0.0.2 (Designated Router)
Suppress hello for 0 neighbor(s)
修改HELLO时间:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf hello-interval 12
R1#show ip ospf interface fastEthernet 0/0
FastEthernet0/0 is up, line protocol is up
Internet Address 12.1.1.1/24, Area 0
Process ID 100, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 0.0.0.1, Interface address 12.1.1.1
No backup designated router on this network
Timer intervals configured, Hello 12, Dead 48, Wait 48, Retransmit 5
oob-resync timeout 48
Hello due in 00:00:01
Supports Link-local Signaling (LLS)
Cisco NSF helper support enabled
IETF NSF helper support enabled
Index 2/2, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 1
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 0, Adjacent neighbor count is 0
Suppress hello for 0 neighbor(s)
——————————————————————————————————————————
现象:*Mar 1 03:06:36.335: %OSPF-5-ADJCHG: Process 100, Nbr 0.0.0.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired
结论:邻居关系down
3、认证类型和密钥
认证的类型:
无认证 0 (默认)
明文认证 1
MD5认证 2
认证的场合:
接口认证
区域认证
V-L认证
接口认证:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf authentication /*明文认证
R2(config-if)#ip ospf authentication-key ccna /*明文认证的key值
R1(config-if)#ip ospf authentication message-digest /*MD5认证
R1(config-if)#ip ospf message-digest-key 1 md5 ccnp /*KEY ID和KEY Value都必须一致
当设备两端接口的认证不一致时:
*Mar 1 03:20:15.055: OSPF: Rcv pkt from 12.1.1.1, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
认证密钥:
明文认证:
两端认证类型相同,但一边配了密钥,一边没有
现象:*Mar 1 03:29:52.947: OSPF: Rcv pkt from 12.1.1.1, FastEthernet0/0 : Mismatch Authentication Key - Clear Text
明文认证的数据(Auth Data)是放在HELLO头部的里面(华为面试题)
————————————————————————————————————————————————————
明文认证抓包
MD5认证:
两端的密钥ID不一致也不能建neighbor
Auth Crypto Sequence Number的作用:防重泛攻击(防低不防高)
MD5认证的数据(Auth Data)是放在HELLO头部的后面(华为面试题)
——————————————————————————————————————————————
MD5认证抓包:
区域认证:
接口认证优于区域认证
认证配置在区域上:
R2(config)#router ospf 100
R2(config-router)#area 0 authentication
密钥配在接口上:
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip ospf authentication-key ccna
明文认证的数据(Auth Data)是放在HELLO头部的里面(华为面试题)
broadcast
p2p
p2mp
nbma
nbma non-broadcast(思科私有)
修改端口的网络类型:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf network ?
broadcast Specify OSPF broadcast multi-access network
non-broadcast Specify OSPF NBMA network
point-to-multipoint Specify OSPF point-to-multipoint network
point-to-point Specify OSPF point-to-point network
无认证 0 (默认)
明文认证 1
MD5认证 2
认证的场合:
接口认证
区域认证
V-L认证
接口认证:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf authentication /*明文认证
R2(config-if)#ip ospf authentication-key ccna /*明文认证的key值
R1(config-if)#ip ospf authentication message-digest /*MD5认证
R1(config-if)#ip ospf message-digest-key 1 md5 ccnp /*KEY ID和KEY Value都必须一致
当设备两端接口的认证不一致时:
*Mar 1 03:20:15.055: OSPF: Rcv pkt from 12.1.1.1, FastEthernet0/0 : Mismatch Authentication type. Input packet specified type 2, we use type 0
认证密钥:
明文认证:
两端认证类型相同,但一边配了密钥,一边没有
现象:*Mar 1 03:29:52.947: OSPF: Rcv pkt from 12.1.1.1, FastEthernet0/0 : Mismatch Authentication Key - Clear Text
明文认证的数据(Auth Data)是放在HELLO头部的里面(华为面试题)
————————————————————————————————————————————————————
明文认证抓包
MD5认证:
两端的密钥ID不一致也不能建neighbor
Auth Crypto Sequence Number的作用:防重泛攻击(防低不防高)
MD5认证的数据(Auth Data)是放在HELLO头部的后面(华为面试题)
——————————————————————————————————————————————
MD5认证抓包:
区域认证:
接口认证优于区域认证
认证配置在区域上:
R2(config)#router ospf 100
R2(config-router)#area 0 authentication
密钥配在接口上:
R2(config)#interface fastEthernet 0/0
R2(config-if)#ip ospf authentication-key ccna
明文认证的数据(Auth Data)是放在HELLO头部的里面(华为面试题)
4、区域ID
同一网段的区域ID要一致
当区域ID不一致时:
现象:*Mar 1 04:49:12.470: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 12.1.1.2, FastEthernet0/0
当区域ID不一致时:
现象:*Mar 1 04:49:12.470: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 12.1.1.2, FastEthernet0/0
5、区域的FLAG位
area 0不能配置为NSSA和STUB区域
邻居之间会比较HELLO报文中E和NP位,如果不一致不能建neighbor
AREA 0 NORMAL STUB NSSA
NP 0 0 0 1
E 1 1 0 0
R1(config)#router ospf 100
R1(config-router)#area 10 stub /*或者 area 10 nssa
邻居之间会比较HELLO报文中E和NP位,如果不一致不能建neighbor
AREA 0 NORMAL STUB NSSA
NP 0 0 0 1
E 1 1 0 0
R1(config)#router ospf 100
R1(config-router)#area 10 stub /*或者 area 10 nssa
6、MTU
三层的MTU可能小于二层的MTU,但不可能大于二层的MTU,因为三层的MTU包含在二层中
HELLO报文中不协商MTU,是在DBD报文中协商
DBD报文是在第一次建neighbor的时候互相发,建好后不会发,因此建好neighbor后改MTU不会造成neighbor DOWN,但是传递数据可能会出现问题,当对端发的数据长度大于自己的MTU时不会接收。
修改MTU后,把端口shutdown会造成neighbor建不起来,稳定后MTU小的一边EXSTART,MTU大的一边EXCHANGE
R1#show ip interface fastEthernet 0/0 三层的MTU
FastEthernet0/0 is up, line protocol is up
Internet address is 12.1.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
R1#show interface fastEthernet 0/0 三层的MTU
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip mtu 1400
现象:*Mar 1 04:58:49.410: OSPF: Rcv DBD from 0.0.0.1 on FastEthernet0/0 seq 0x10B1 opt 0x52 flag 0x7 len 32 mtu 1000 state EXSTART
结论:OSPF在建立邻居时通过DBD报文协商MTU,若MTU不一致,无法建立邻接关系。现象是:MTU大的exchange,MTU小的exstart
若OSPF邻接关系已正常,后期修改MTU不影响邻接关系,但是对LSU报文可能有影响
exstart:两端在协商主从关系
exchange:正式开始发DBD报文
HELLO报文中不协商MTU,是在DBD报文中协商
DBD报文是在第一次建neighbor的时候互相发,建好后不会发,因此建好neighbor后改MTU不会造成neighbor DOWN,但是传递数据可能会出现问题,当对端发的数据长度大于自己的MTU时不会接收。
修改MTU后,把端口shutdown会造成neighbor建不起来,稳定后MTU小的一边EXSTART,MTU大的一边EXCHANGE
R1#show ip interface fastEthernet 0/0 三层的MTU
FastEthernet0/0 is up, line protocol is up
Internet address is 12.1.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
R1#show interface fastEthernet 0/0 三层的MTU
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip mtu 1400
现象:*Mar 1 04:58:49.410: OSPF: Rcv DBD from 0.0.0.1 on FastEthernet0/0 seq 0x10B1 opt 0x52 flag 0x7 len 32 mtu 1000 state EXSTART
结论:OSPF在建立邻居时通过DBD报文协商MTU,若MTU不一致,无法建立邻接关系。现象是:MTU大的exchange,MTU小的exstart
若OSPF邻接关系已正常,后期修改MTU不影响邻接关系,但是对LSU报文可能有影响
exstart:两端在协商主从关系
exchange:正式开始发DBD报文
7、掩码
在MA网络中掩码需要一致
R1: R1(config)#int fa1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
router ospf 100
network 12.1.1.1 0.0.0.0
R2: R2(config)#int fa1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.128
router ospf 100
network 12.1.1.2 0.0.0.0
现象:无法建立邻居,在建立邻居的时候,会比较HELLO报文中的掩码,如果不一致,不允许建立邻居。
原因:在MA网络中,broadcast/nbma类型中,T1类型描述了拓扑 T2描述了网络号和掩码,由于DR描述的T2类,只有一个掩码,所以如果掩码不一致,T2类无法统一掩码。
验证:debug ip ospf event
*Mar 1 05:36:13.898: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 12.1.1.1
R1#
*Mar 1 05:36:16.106: OSPF: Rcv hello from 0.0.0.2 area 0 from FastEthernet0/0 12.1.1.2
*Mar 1 05:36:16.106: OSPF: Mismatched hello parameters from 12.1.1.2
*Mar 1 05:36:16.110: OSPF: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.128 C 255.255.255.0
————————————————————————————————————————————————————
注意:在HELLO中,报文是携带掩码信息的
MA网络中抓取报文:
————————————————————————————————————————————————————
在P2P网络中,建立邻接关系的设备网段的掩码可以不一致,但是网段需要一致。
补充:R2: R2(config)#int s1/0
R2(config-if)#ip address 23.1.1.2 255.255.0.0
router ospf 100
network 23.1.1.2 0.0.0.0
R3: R3(config)#int s1/0
R3(config-if)#ip address 23.1.1.3 255.255.255.0
router ospf 100
network 23.1.1.3 0.0.0.0
show ip route ospf 可以看到对端的网段学习到路由表中的COST 128
R2#show ip ospf database router
LS age: 198
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 0.0.0.2
Advertising Router: 0.0.0.2
LS Seq Number: 8000001E
Checksum: 0xA357
Length: 72
Number of Links: 4
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 0.0.0.3
(Link Data) Router Interface address: 23.1.1.2
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 23.1.0.0
(Link Data) Network Mask: 255.255.0.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 2.2.2.2
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1
————————————————————————————————————————————
注意:在HELLO中,报文是携带掩码信息的
P2P网络的报文
R1: R1(config)#int fa1/0
R1(config-if)#ip address 12.1.1.1 255.255.255.0
router ospf 100
network 12.1.1.1 0.0.0.0
R2: R2(config)#int fa1/0
R2(config-if)#ip address 12.1.1.2 255.255.255.128
router ospf 100
network 12.1.1.2 0.0.0.0
现象:无法建立邻居,在建立邻居的时候,会比较HELLO报文中的掩码,如果不一致,不允许建立邻居。
原因:在MA网络中,broadcast/nbma类型中,T1类型描述了拓扑 T2描述了网络号和掩码,由于DR描述的T2类,只有一个掩码,所以如果掩码不一致,T2类无法统一掩码。
验证:debug ip ospf event
*Mar 1 05:36:13.898: OSPF: Send hello to 224.0.0.5 area 0 on FastEthernet0/0 from 12.1.1.1
R1#
*Mar 1 05:36:16.106: OSPF: Rcv hello from 0.0.0.2 area 0 from FastEthernet0/0 12.1.1.2
*Mar 1 05:36:16.106: OSPF: Mismatched hello parameters from 12.1.1.2
*Mar 1 05:36:16.110: OSPF: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.128 C 255.255.255.0
————————————————————————————————————————————————————
注意:在HELLO中,报文是携带掩码信息的
MA网络中抓取报文:
————————————————————————————————————————————————————
在P2P网络中,建立邻接关系的设备网段的掩码可以不一致,但是网段需要一致。
补充:R2: R2(config)#int s1/0
R2(config-if)#ip address 23.1.1.2 255.255.0.0
router ospf 100
network 23.1.1.2 0.0.0.0
R3: R3(config)#int s1/0
R3(config-if)#ip address 23.1.1.3 255.255.255.0
router ospf 100
network 23.1.1.3 0.0.0.0
show ip route ospf 可以看到对端的网段学习到路由表中的COST 128
R2#show ip ospf database router
LS age: 198
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 0.0.0.2
Advertising Router: 0.0.0.2
LS Seq Number: 8000001E
Checksum: 0xA357
Length: 72
Number of Links: 4
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 0.0.0.3
(Link Data) Router Interface address: 23.1.1.2
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 23.1.0.0
(Link Data) Network Mask: 255.255.0.0
Number of TOS metrics: 0
TOS 0 Metrics: 64
Link connected to: a Stub Network
(Link ID) Network/subnet number: 2.2.2.2
(Link Data) Network Mask: 255.255.255.255
Number of TOS metrics: 0
TOS 0 Metrics: 1
————————————————————————————————————————————
注意:在HELLO中,报文是携带掩码信息的
P2P网络的报文
8、网络类型
网络类型:broadcast
p2p
p2mp
nbma
nbma non-broadcast(思科私有)
修改端口的网络类型:
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip ospf network ?
broadcast Specify OSPF broadcast multi-access network
non-broadcast Specify OSPF NBMA network
point-to-multipoint Specify OSPF point-to-multipoint network
point-to-point Specify OSPF point-to-point network
0 0
- OSPF建立邻居的条件
- ospf邻居关系的建立过程
- OSPF建立邻居、邻接关系
- 重温OSPF——OSPF邻居建立
- MPLS LDP 邻居的建立和IGP(eigrp,ospf)的邻居建立一样也是直连才可以建立邻居,
- Cisco: ospf邻居关系建立不成功的因素
- ospf学习-----邻居建立以及报文
- OSPF邻居状态的描述
- 关于 1.1.1.1 255.255.255.255 单是这个是不会让ospf 建立邻居的
- 解决zebra下ospf正常启动却无法建立邻居的问题
- OSPF的8种邻居状态
- ospf不同进程下的邻居状态
- MTU设置不正确导致OSPF邻居不能建立
- eigrp的邻居建立解析
- OSPF之邻居路由
- OSPF(三):邻居
- OSPF路由协议中的邻居与邻接的区别
- 4.HCNP-R&S-IERN——建立OSPF邻居与邻接关系
- java+mysql 中文乱码问题解决
- 大O表示法
- Java 学习博客笔记
- SQL语句select随机调取10行数据 Access/SQL Server/Mysql等数据库
- Unity3D之Position的设置
- OSPF建立邻居的条件
- java制作QQ聊天工具——2多线程1
- 【转载】Cocoa 框架 For iOS(一) 框架的介绍,Objectivie-C运行时能力的解析等
- Unity3D之Animator的不常用方法
- P121 4
- 反汇编vmlinux
- ORA-01045: user lacks CREATE SESSION privilege; logon denied
- java读写文件时nio、bio对比
- Error Code: 1360 - Trigger does not existQuery