当前位置：网站首页>Layer 3 loop brought by route Summary - solution experiment

Layer 3 loop brought by route Summary - solution experiment

2022-06-29 21:35:00 【51CTO】

A summary of the problem

We all know , Do route summary to reduce route entries , However, improper configuration may cause a three-layer loop , And will cause equipment CPU Increase the load .

The topology

Layer 3 loop brought by route summary - Solving experiment _f5

AR1 Analog Internet ,AR2 Is an exit routing device ,LSW1 As a three-layer switch, it is divided into 5 individual vlan, And is PC1-PC5 Gateway for

The experiment starts with the establishment of normal network interworking , Then test and trigger the loop , Finally, how to solve this problem

Equipment configuration and network connectivity test

LSW1：

      
      
       
       [LSW1]vlan batch 10 20 30 40 50 100
       
       
[LSW1]int vlanif 10
       
       
[LSW1-Vlanif10]ip add 10.1.1.1 24
       
       
[LSW1-Vlanif10]int vlanif 20
       
       
[LSW1-Vlanif20]ip add 10.1.2.1 24
       
       
[LSW1-Vlanif20]int vlanif 30
       
       
[LSW1-Vlanif30]ip add 10.1.3.1 24
       
       
[LSW1-Vlanif30]int vlanif 40
       
       
[LSW1-Vlanif40]ip add 10.1.4.1 24
       
       
[LSW1-Vlanif40]int vlanif 50
       
       
[LSW1-Vlanif50]ip add 10.1.5.1 24
       
       
// because ensp in S5700 This device cannot be configured after it is converted to a three-layer interface ip, So here we use vlanif100 Instead of 
       
       
[LSW1-Vlanif50]interface Vlanif100
       
       
[LSW1-Vlanif100]ip address 172.16.1.2 255.255.255.252
       
       
[LSW1-Vlanif100]interface GigabitEthernet0/0/1
       
       
[LSW1-GigabitEthernet0/0/1]port hybrid pvid vlan 100
       
       
[LSW1-GigabitEthernet0/0/1]port hybrid untagged vlan 100
       
       
[LSW1-GigabitEthernet0/0/1]un sh
       
       
#
       
       
[LSW1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
       
       
[LSW1-GigabitEthernet0/0/2]port link-type access
       
       
[LSW1-GigabitEthernet0/0/2]port default vlan 10
       
       
#
       
       
// The interface configuration method of the remaining connecting hosts is similar , It is omitted here ...
       
       
#
       
       
// Configure the default route 
       
       
[LSW1]ip route-static 0.0.0.0 0.0.0.0 172.16.1.1
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.
       
       7.
       
       8.
       
       9.
       
       10.
       
       11.
       
       12.
       
       13.
       
       14.
       
       15.
       
       16.
       
       17.
       
       18.
       
       19.
       
       20.
       
       21.
       
       22.
       
       23.
       
       24.
       
       25.
       
       26.
       
       27.

AR2：

      
      
       
       [AR2]interface GigabitEthernet0/0/0
       
       
[AR2-GigabitEthernet0/0/0]ip address 100.100.100.2 255.255.255.252 
       
       
[AR2-GigabitEthernet0/0/0]un sh
       
       
[AR2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
       
       
[AR2-GigabitEthernet0/0/1]ip address 172.16.1.1 255.255.255.252
       
       
[AR2-GigabitEthernet0/0/1]un sh
       
       
[AR2-GigabitEthernet0/0/1]quit
       
       
// Here, multiple network segments are summarized , And configure static routing 
       
       
[AR2]ip route-static 10.1.0.0 255.255.248.0 172.16.1.2
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.
       
       5.
       
       6.
       
       7.
       
       8.
       
       9.

AR1：

      
      
       
       [AR1]interface GigabitEthernet0/0/0
       
       
[AR1-GigabitEthernet0/0/0]ip address 100.100.100.1 255.255.255.252 
       
       
[AR1-GigabitEthernet0/0/0]quit
       
       
[AR1]ip route-static 0.0.0.0 0.0.0.0 100.100.100.2
      
      
      
      
       
       1.
       
       2.
       
       3.
       
       4.

PC1 – PC5 Each is well prepared ip Address
use PC1 ping measuring 100.100.100.1, Can communicate , For normal , Besides, we tracert Follow up , It's normal Layer 3 loop brought by route summary - Solving experiment _ip Address _02

Trigger the loop and analyze the problem

So let's use PC1 Go to tracert Track the existing and non-existent network segments .

Discovery tracking PC2(2 paragraph ) normal , That's because LSW1 Is directly connected to all PC Of , There must be a destination in the routing table PC2 Direct route entry for , Direct routing is the highest priority , So we arrived smoothly .

track 6 Paragraph and 7 Duan found jumping back and forth , It means that the loop has been lifted ,LSW1 There is no direct connection route of these two network segments in the routing table of , Only the default route can be matched AR2 了 ,AR2 After receiving, find the route table to match the summarized route entries 10.1.0.0/21, So she asked LSW1 Sent back ,LSW1 After receiving, it will be sent back .

And tracking 8 The segment shows *, It means that the forwarding cannot reach the destination address , The bag was discarded , That's because packets arrive AR2 when , No route entries were found to match ,10.1.0.0/21 The last of the paragraph ip The address is 10.1.7.255, So arrive AR2 Discard the packet .

terms of settlement

How to solve ？ It's simple , Just in LSW1 Add one that is also 10.1.0.0/21 Aggregate black hole routing for , So when the destination is received ip Is this paragraph and ip When there is no , It won't send out any more .

      
      
       
       [LSW1]ip route-static 10.1.0.0 21 NULL0
      
      
      
      
       
       1.

Layer 3 loop brought by route summary - Solving experiment _ Routing table _03

Reuse PC1 track , Just as expected

Layer 3 loop brought by route summary - Solving experiment _ Routing table _04

One last reminder , Experiments and cases can play the role of understanding and reference , In practice, we still have to be flexible ！！ Sharing is here , If you have other ways that work , Welcome to the comments section