USG2160与对端思科设备通过GRE建立OSPF邻居卡在exchange状态

发布时间:  2014-11-18 浏览次数:  609 下载次数:  0
问题描述
客户使用华为USG2160与对端思科2600路由器通过GRE建立OSPF建立邻居卡在exchange状态。
本端tunnel地址是10.1.1.1,对端是10.1.1.4
<USG2160>display ospf peer 10.1.1.4
19:46:10  2014/11/17

         OSPF Process 1 with Router ID 10.8.1.250
                 Neighbors

Area 0.0.0.0 interface 10.1.1.1(Tunnel1)'s neighbors
Router ID: 10.1.1.4         Address: 10.1.1.4         GR State: Normal    
   State: Exchange  Mode:Nbr is  Slave  Priority: 0
   DR: 10.1.1.1  BDR: None   MTU: 1500
   Dead timer due in 28  sec
   Neighbor is up for 00:00:00    
   Authentication Sequence: [ 0 ]
本端设备版本是V300R001C10SPC200
告警信息
处理过程
1. 检查用户配置,发现两端MTU值不一样,让思科那边修改成1500,并且取消MTU校验,还是不行。
2. 检查了一下网络状况,从本端带源地址ping对端是通的,而且网络情况良好,没有出现丢包现象。
3. 检查以后,没有其他配置上的问题,查看OSPF错包,发现有部分报文在增长:
         OSPF Process 1 with Router ID 10.8.1.250
                 OSPF error statistics

General packet errors:
0     : IP: received my own packet     0     : Bad packet
0     : Bad version                    0     : Bad checksum
660   : Bad area id                    0     : Drop on unnumbered interface
0     : Bad virtual link               0     : Bad authentication type
0     : Bad authentication key         0     : Packet too small
0     : Packet size > ip length        0     : Transmit error
110   : Interface down                 68    : Unknown neighbor

HELLO packet errors:
0     : Netmask mismatch               3     : Hello timer mismatch
0     : Dead timer mismatch            0     : Extern option mismatch
5572  : Router id confusion            0     : Virtual neighbor unknown
0     : NBMA neighbor unknown

DD packet errors:
1305  : Neighbor state low             0     : Router id confusion
0     : Extern option mismatch         0     : Unknown LSA type
0     : MTU option mismatch
                                         
LS ACK packet errors:*
1305  : Neighbor state low             173   : Bad ack      //此处数量有增长
94971 : Duplicate ack                  0     : Unknown LSA type
4.和对端工程师沟通后,思科的tunel口配置mtu 1500的时候,实际三层出去的是1468的MTU。修改本端USG接口的MTU也配置成1468状态就FULL了。
!
interface Tunnel1                                                              
bandwidth 1000                                                                
ip address 10.1.1.4 255.255.255.248                                           
ip broadcast-address 10.1.1.7                                                 
no ip redirects                                                               
ip mtu 1500                                                                   
ip nhrp authentication gao@123                                                
ip nhrp map multicast 124.172.122.97                                          
ip nhrp map 10.1.1.1 124.172.122.97                                           
ip nhrp network-id 10                                                         
ip nhrp holdtime 300                                                          
ip nhrp nhs 10.1.1.1                                                          
ip tcp adjust-mss 1360                                                        
ip ospf network broadcast                                                     
ip ospf priority 0                                                            
ip ospf mtu-ignore                                                            
delay 1000                                                                    
tunnel source Dialer1                                                         
tunnel mode gre multipoint                                                    
tunnel key 39021371                                                           
tunnel checksum                                                               
!                   

C2621-2#show ip interface tunnel  1                                            
Tunnel1 is up, line protocol is up                                             
  Internet address is 10.1.1.4/29                                              
  Broadcast address is 10.1.1.7                                                
  Address determined by non-volatile memory                                    
  MTU is 1468 bytes                                                            
  Helper address is not set                                                    
  Directed broadcast forwarding is disabled                                    
  Multicast reserved groups joined: 224.0.0.5                                  
  Outgoing access list is not set                                              
  Inbound  access list is not set                                              
  Proxy ARP is enabled                                                         
  Local Proxy ARP is disabled                                                  
  Security level is default                                                    
  Split horizon is enabled                                                     
  ICMP redirects are never sent                                                
  ICMP unreachables are always sent                                            
  ICMP mask replies are never sent                                             
  IP fast switching is disabled                                                
  IP fast switching on the same interface is disabled                          
  IP Flow switching is disabled                                                
  IP CEF switching is disabled                                                 
  IP Null turbo vector                                                         
  IP multicast fast switching is disabled                                      
  IP multicast distributed fast switching is disabled                          
  IP route-cache flags are Fast, CEF                                           
  Router Discovery is disabled                                                 
  IP output packet accounting is disabled                                      
  IP access violation accounting is disabled                                   
  TCP/IP header compression is disabled                                        
  RTP/IP header compression is disabled                                        
  Policy routing is disabled                                                   
  Network address translation is disabled                                      
  BGP Policy Mapping is disabled                                               
  WCCP Redirect outbound is disabled                                           
  WCCP Redirect inbound is disabled                                            
  WCCP Redirect exclude is disabled          


[USG2210-Tunnel1]dis this                                                      
17:33:42  2014/11/18                                                           
#                                                                              
interface Tunnel1                                                              
mtu 1468                                                                      
alias Tunnel1                                                                 
ip address 10.1.1.1 255.255.255.248                                           
tunnel-protocol gre p2mp                                                      
source Vlanif100                                                              
gre key 39021371                                                              
gre checksum                                                                  
nhrp authentication plain %$%$g5V.BKq<]E_mR1:N:|j"UXOF%$%$                    
nhrp network-id 10                                                            
nhrp entry holdtime second 300                                                
nhrp entry multicast dynamic                                                  
nhrp server                                                                   
nhrp redirect                                                                 
ospf network-type broadcast                                                   
ospf dr-priority 255                                                          
#                                                                              
return           

[USG2210]display  interface Tunnel  1                                          
17:35:25  2014/11/18                                                           
Tunnel1 current state : UP                                                     
Line protocol current state : UP                                               
Tunnel1 current firewall zone : untrust3                                       
Description : Huawei, USG2200 Series, Tunnel1 Interface, Route Port            
The Maximum Transmit Unit is 1468 bytes                                        
Internet Address is 10.1.1.1/29                                                
                                                                               
Encapsulation is TUNNEL, loopback not set                                      
Tunnel source Vlanif100                                                        
Tunnel protocol/transport P2MP-GRE/IP, key 39021371                            
Checksumming of packets enabledQoS max-bandwidth : 100000 Kbps                 
Output queue : (Urgent queue : Size/Length/Discards)  0/50/0                   
Output queue : (Frag queue : Size/Length/Discards)  0/1000/0                   
Output queue : (Protocol queue : Size/Length/Discards) 0/1000/0                
Output queue : (FIFO queue : Size/Length/Discards)  0/256/0                    
    Last 300 seconds input rate 0 bits/s, 0 packets/s                          
    Last 300 seconds output rate 0 bits/s, 0 packets/s                         
    7807930 packets input, 1614323453 bytes                                    
    0 input error                                                              
    8395015 packets output, 3598131152 bytes                                   
    0 output error                                                             
                                                


[USG2210]display ospf peer  Tunnel  1                                          
17:34:01  2014/11/18                                                           
                                                                               
         OSPF Process 1 with Router ID 10.8.1.250                              
                 Neighbors                                                     
                                                                               
Area 0.0.0.0 interface 10.1.1.1(Tunnel1)'s neighbors                          
Router ID: 172.16.33.1      Address: 10.1.1.2         GR State: Normal        
   State: Full  Mode:Nbr is  Master  Priority: 0                               
   DR: 10.1.1.1  BDR: None   MTU: 1468                                         
   Dead timer due in 35  sec                                                   
   Neighbor is up for 02:05:19                                                 
   Authentication Sequence: [ 0 ]                                              
                                                                               
Router ID: 10.1.1.3         Address: 10.1.1.3         GR State: Normal        
   State: Full  Mode:Nbr is  Slave  Priority: 0                                
   DR: 10.1.1.1  BDR: None   MTU: 1468                                         
   Dead timer due in 32  sec                                                   
   Neighbor is up for 00:10:18                                                 
   Authentication Sequence: [ 0 ]                                              
                                                                               
Router ID: 10.1.1.4         Address: 10.1.1.4         GR State: Normal        
   State: Full  Mode:Nbr is  Slave  Priority: 0                                
   DR: 10.1.1.1  BDR: None   MTU: 1468                                         
   Dead timer due in 35  sec                                                   
   Neighbor is up for 00:02:23                                                 
   Authentication Sequence: [ 0 ]                                     


       
根因
问题为对端思科设备特性
解决方案
修改接口MTU参数
建议与总结
总结OSPF邻居停滞在EXSTART/EXCHANGE状态的原因有以下几点:
1、不匹配的接口MTU。
2、在邻居路由器上有重复的routeID.
3、链路质量不好,ping测试有严重丢包,或者是无法ping大包。
4、邻居路由器之间单播通信中断。
5、在PRI和BRI/拨号接口之间网络类型为点到点类型。

END