在我的实验室里,我已经被困在这个上面一段时间了。任何帮助表示赞赏。
这是我的 CPE 边缘拓扑:
https://i.imgur.com/UZ4u0XG.png
采取以下场景:
我有 2 个电路进来,我正在为我的 WAN 链接(Fa0/0 和 Fa0/1)进行每个数据包的负载平衡。在两条链路的 PPP 协商完成后,我使用 IPCP 安装了我的默认路由。看起来正常如下:
CPE-4# sh ip route
S* 0.0.0.0/0 [1/0] via 10.161.3.1
CEF 显示我在那里有两条路径:
CPE-4# sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 10.161.3.1 Dialer1
10.161.3.1 Dialer2
我的两个会议都结束了:
CPE-4#sh caller
Active Idle
Line User Service Time Time
con 0 - TTY 01:12:07 00:00:00
Vi2 LNS1 PPPoE 00:58:27 00:00:01
Vi3 LNS1 PPPoE 01:03:54 00:00:08
我关闭了一个 wan 链接 (Fa0/0),我得到了预期的 PPP 调试日志:
*Oct 16 18:23:19.279: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Oct 16 18:23:20.279: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Oct 16 18:24:16.279: Vi2 PPP: Missed 5 keepalives, taking LCP down
*Oct 16 18:24:16.279: Vi2 PPP DISC: Missed too many keepalives
*Oct 16 18:24:16.283: PPP: NET STOP send to AAA.
*Oct 16 18:24:16.299: Vi2 IPCP: Event[DOWN] State[Open to Starting]
*Oct 16 18:24:16.299: Vi2 IPCP: Event[CLOSE] State[Starting to Initial]
*Oct 16 18:24:16.303: Vi2 LCP: O TERMREQ [Open] id 3 len 4
*Oct 16 18:24:16.307: Vi2 LCP: Event[CLOSE] State[Open to Closing]
*Oct 16 18:24:16.307: Vi2 PPP: Phase is TERMINATING
*Oct 16 18:24:16.359: Di1 Deleted neighbor route from AVL tree: topoid 0, address 10.161.3.1
*Oct 16 18:24:16.359: Di1 IPCP: Remove route to 10.161.3.1
*Oct 16 18:24:16.359: Di1 IPCP: Remove default route thru 10.161.3.1
*Oct 16 18:24:16.395: Vi2 LCP: Event[DOWN] State[Closing to Initial]
*Oct 16 18:24:16.399: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to down
*Oct 16 18:24:16.415: Vi2 PPP: Phase is DOWN
*Oct 16 18:24:16.443: %DIALER-6-UNBIND: Interface Vi2 unbound from profile Di1
*Oct 16 18:24:16.483: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to down
我的辅助 WAN 链接仍然正常,我们可以确认:
CPE-4#sh caller
Active Idle
Line User Service Time Time
con 0 - TTY 01:12:07 00:00:00
Vi3 LNS1 PPPoE 01:03:54 00:00:08
但现在我的默认路线不见了
CPE-4# sh ip route
Gateway of last resort is not set
CEF 绝对不存在:
CPE-4# sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
我仍然可以 ping 我的下一跳,每个人都知道到达那里的方法:
CPE-4#ping 10.161.3.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/54/68 ms
CPE-4#sh ip route
Gateway of last resort is not set
10.0.0.0/32 is subnetted, 1 subnets
C 10.161.3.1 is directly connected, Dialer1
CPE-4(config-if)#do sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
要恢复默认路由,我需要反弹 Vi3(第二个 WAN 链接)并重新协商 PPP 并以这种方式获取 IPCP 路由。
这是拨号器配置。很标准的东西:
interface Dialer1
mtu 1492
ip address negotiated
ip load-sharing per-packet
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp chap hostname testuser@gns3.homelab
ppp chap password 0 password
ppp ipcp route default
no cdp enable
interface Dialer2
mtu 1492
ip address negotiated
ip load-sharing per-packet
encapsulation ppp
dialer pool 2
dialer idle-timeout 0
dialer persistent
dialer-group 2
ppp chap hostname testuser2@gns3.homelab
ppp chap password 0 password
ppp ipcp route default
no cdp enable
其次是广域网链接:
interface FastEthernet0/0
description *** WAN 1 ***
no ip address
duplex full
pppoe enable group global
pppoe-client dial-pool-number 1
interface FastEthernet0/1
description *** WAN 2 ***
no ip address
duplex full
pppoe enable group global
pppoe-client dial-pool-number 2
作为参考,关闭一个接口时来自 PPP 和 CEF 的调试日志:https ://hastebin.com/wolobujeyo.yaml - 在这种情况下,Dialer2 是当前活动的接口。Dialer1 已关闭。
下面是最值得注意的日志,其中指出 Dialer2 已接管默认路由:
*Oct 16 20:48:10.019: FIBpath: {mod} [v4-ah-10.161.3.1-Di2 67561A40(1)] Linked path to oce IP adj out of Dialer2 675AFA60
*Oct 16 20:48:10.023: FIBpathlist_ifnums: [1/0:v4-ah-10.161.3.1-Di2 67561474(1)]inserted Dialer2(10) 0.0.0.0
*Oct 16 20:48:10.115: FIBpathlist_ifnums: [1/0:v4-rcrsv-10.161.3.1 675613D4(2)] updated Dialer2(10) 0.0.0.0
如果我也清除 VAI,也会发生同样的事情:
CPE-4#clear int vi3
*Oct 17 11:31:22.839: %DIALER-6-UNBIND: Interface Vi3 unbound from profile Di1
*Oct 17 11:31:22.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to down
*Oct 17 11:31:22.935: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to down
.
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 no route
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer2
.
CPE-4#sh ip route
Gateway of last resort is not set
VAI 回来了:
*Oct 17 11:31:45.063: %DIALER-6-BIND: Interface Vi3 bound to profile Di1
*Oct 17 11:31:45.079: %LINK-3-UPDOWN: Interface Virtual-Access3, changed state to up
*Oct 17 11:31:46.259: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access3, changed state to up
路线回来了
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 10.161.3.1 Dialer1
10.161.3.1 Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
attached Dialer2
LNS 还给了我两个 IP 地址,因为它是通过 RADIUS 登录的两个单独的用户帐户:
CPE-4#sh ip int br
Interface IP-Address OK? Method Status Protocol
Dialer1 172.16.100.1 YES IPCP up up
Dialer2 172.16.100.2 YES IPCP up up
我可以进一步确认它是 PPP/IPCP 在做某事,因为我也可以手动添加静态路由,并且当 PPP 关闭时它们不会清除:
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 attached Dialer1
attached Dialer2
10.161.3.1 Dialer1
10.161.3.1 Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
attached Dialer2
清除一个 VAI 后:
CPE-4#sh ip cef
Prefix Next Hop Interface
0.0.0.0/0 attached Dialer1
attached Dialer2
0.0.0.0/8 drop
0.0.0.0/32 receive
10.161.3.1/32 attached Dialer1
所以IPCP或PPP绝对是这里的问题。
我已经在多个固件版本和非常不同的硬件上进行了尝试。此复制在 Cisco 7206VXR NPE-400 15.2(4)S3 上完成。我还在 Cisco 877、887、891、927-4P、1921、1911、2911、ISR 4331、ISR 1111-4P/8P 上复制了该问题。固件版本为 15.2 - 15.7。
由于我能够复制它的范围,我认为这不是一个错误,而不是我在 IPCP 的工作方式上遗漏了一些东西。
有没有人能够解释为什么当一个 WAN 链接出现故障时我的默认路由会被删除,尽管有两个 - 都具有有效路由和 CEF 条目?