A summary of the problem
We all know , Do route summary to reduce route entries , However, improper configuration may cause a three-layer loop , And will cause equipment CPU Increase the load .

The topology

AR1 Analog Internet ,AR2 Is an exit routing device ,LSW1 As a three-layer switch, it is divided into 5 individual vlan, And is PC1-PC5 Gateway for

The experiment starts with the establishment of normal network interworking , Then test and trigger the loop , Finally, how to solve this problem

Equipment configuration and network connectivity test
LSW1：

[LSW1]vlan batch 10 20 30 40 50 100
[LSW1]int vlanif 10
[LSW1-Vlanif10]ip add 10.1.1.1 24
[LSW1-Vlanif10]int vlanif 20
[LSW1-Vlanif20]ip add 10.1.2.1 24
[LSW1-Vlanif20]int vlanif 30
[LSW1-Vlanif30]ip add 10.1.3.1 24
[LSW1-Vlanif30]int vlanif 40
[LSW1-Vlanif40]ip add 10.1.4.1 24
[LSW1-Vlanif40]int vlanif 50
[LSW1-Vlanif50]ip add 10.1.5.1 24
// because ensp in S5700 This device cannot be configured after it is converted to a three-layer interface ip, So here we use vlanif100 Instead of
[LSW1-Vlanif50]interface Vlanif100
[LSW1-Vlanif100]ip address 172.16.1.2 255.255.255.252
[LSW1-Vlanif100]interface GigabitEthernet0/0/1
[LSW1-GigabitEthernet0/0/1]port hybrid pvid vlan 100
[LSW1-GigabitEthernet0/0/1]port hybrid untagged vlan 100
[LSW1-GigabitEthernet0/0/1]un sh

[LSW1-GigabitEthernet0/0/1]interface GigabitEthernet0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type access
[LSW1-GigabitEthernet0/0/2]port default vlan 10

// The interface configuration method of the remaining connecting hosts is similar , It is omitted here …

// Configure the default route
[LSW1]ip route-static 0.0.0.0 0.0.0.0 172.16.1.1
AR2：

[AR2]interface GigabitEthernet0/0/0
[AR2-GigabitEthernet0/0/0]ip address 100.100.100.2 255.255.255.252
[AR2-GigabitEthernet0/0/0]un sh
[AR2-GigabitEthernet0/0/0]interface GigabitEthernet0/0/1
[AR2-GigabitEthernet0/0/1]ip address 172.16.1.1 255.255.255.252
[AR2-GigabitEthernet0/0/1]un sh
[AR2-GigabitEthernet0/0/1]quit
// Here, multiple network segments are summarized , And configure static routing
[AR2]ip route-static 10.1.0.0 255.255.248.0 172.16.1.2
AR1：

[AR1]interface GigabitEthernet0/0/0
[AR1-GigabitEthernet0/0/0]ip address 100.100.100.1 255.255.255.252
[AR1-GigabitEthernet0/0/0]quit
[AR1]ip route-static 0.0.0.0 0.0.0.0 100.100.100.2

PC1 – PC5 Each is well prepared ip Address
use PC1 ping measuring 100.100.100.1, Can communicate , For normal , Besides, we tracert Follow up , It's normal

Trigger the loop and analyze the problem
So let's use PC1 Go to tracert Track the existing and non-existent network segments .

Discovery tracking PC2(2 paragraph ) normal , That's because LSW1 Is directly connected to all PC Of , There must be a destination in the routing table PC2 Direct route entry for , Direct routing is the highest priority , So we arrived smoothly .

track 6 Paragraph and 7 Duan found jumping back and forth , It means that the loop has been lifted ,LSW1 There is no direct connection route of these two network segments in the routing table of , Only the default route can be matched AR2 了 ,AR2 After receiving, find the route table to match the summarized route entries 10.1.0.0/21, So she asked LSW1 Sent back ,LSW1 After receiving, it will be sent back .

And tracking 8 The segment shows *, It means that the forwarding cannot reach the destination address , The bag was discarded , That's because packets arrive AR2 when , No route entries were found to match ,10.1.0.0/21 The last of the paragraph ip The address is 10.1.7.255, So arrive AR2 Discard the packet .

terms of settlement
How to solve ？ It's simple , Just in LSW1 Add one that is also 10.1.0.0/21 Aggregate black hole routing for , So when the destination is received ip Is this paragraph and ip When there is no , It won't send out any more .

[LSW1]ip route-static 10.1.0.0 21 NULL0

Reuse PC1 track , Just as expected

One last reminder , Experiments and cases can play the role of understanding and reference , In practice, we still have to be flexible ！！ Sharing is here , If you have other ways that work , Welcome to the comments section