继续执行命令ping

网络工程 瞻博网络 故障排除 杜松-srx
2021-07-05 13:13:16

在此处输入图片说明

请告诉我为什么继续执行命令ping ...

Router#ping vrf vrf-trust 50.50.50.50 sou 2.2.2.2

Type escape sequence to abort.
ending 5, 100-byte ICMP Echos to 50.50.50.50, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

而路由表中没有指定返回 2.2.2.2 的路由。

UntrustGi-vr.inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.10.0/24      *[Static/5] 21:31:56
                > to 14.0.64.1 via ge-0/0/1.0
14.0.64.0/24       *[Direct/0] 1d 09:03:47
                > via ge-0/0/1.0
14.0.64.2/32       *[Local/0] 1d 09:40:15
                  Local via ge-0/0/1.0
20.20.20.0/24      *[Static/5] 21:31:56
                > to 14.0.64.1 via ge-0/0/1.0
30.30.30.0/24      *[Static/5] 21:31:56
                > to 14.0.64.1 via ge-0/0/1.0
40.40.40.0/24      *[OSPF/10] 1d 09:00:35, metric 2
                > to 14.0.64.1 via ge-0/0/1.0
50.50.50.0/24      *[OSPF/10] 21:37:17, metric 2
                > to 14.0.64.1 via ge-0/0/1.0
60.60.60.0/24      *[OSPF/10] 1d 09:00:35, metric 2
                > to 14.0.64.1 via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 2d 00:06:40, metric 1
                  MultiRecv

但最近,这条路线是。但现在我删除了它。

也许是因为 SRX 记住了 session。但我输入了命令清除安全流会话,除了 ping 继续...

[edit routing-instances UntrustGi-vr]
admin# run show route 

inet.0: 2 destinations, 2 routes (1 active, 0 holddown, 1 hidden)
+ = Active Route, - = Last Active, * = Both

224.0.0.5/32       *[OSPF/10] 3d 00:31:23, metric 1
                      MultiRecv

Trust-vr.inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[Static/5] 1d 04:08:21
                      to table UntrustGi-vr.inet.0
1.1.1.0/24         *[Static/5] 1d 12:31:58
                    > to 7.7.7.1 via ge-0/0/0.0
2.2.2.0/24         *[Static/5] 1d 12:30:19
                    > to 7.7.7.1 via ge-0/0/0.0
3.3.3.0/24         *[Static/5] 1d 12:30:19
                    > to 7.7.7.1 via ge-0/0/0.0
4.4.4.0/24         *[OSPF/10] 1d 12:50:53, metric 2
                    > to 7.7.7.1 via ge-0/0/0.0
5.5.5.0/24         *[OSPF/10] 1d 12:45:48, metric 2
                    > to 7.7.7.1 via ge-0/0/0.0
6.6.6.0/24         *[OSPF/10] 1d 12:50:53, metric 2
                    > to 7.7.7.1 via ge-0/0/0.0
7.7.7.0/24         *[Direct/0] 1d 12:54:13
                    > via ge-0/0/0.0
7.7.7.2/32         *[Local/0] 1d 13:30:28
                      Local via ge-0/0/0.0
224.0.0.5/32       *[OSPF/10] 2d 04:41:34, metric 1
                      MultiRecv

UntrustGi-vr.inet.0: 9 destinations, 9 routes (9 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.10.10.0/24      *[Static/5] 1d 01:22:09
                    > to 14.0.64.1 via ge-0/0/1.0
14.0.64.0/24       *[Direct/0] 1d 12:54:00
                    > via ge-0/0/1.0
14.0.64.2/32       *[Local/0] 1d 13:30:28
                      Local via ge-0/0/1.0
20.20.20.0/24      *[Static/5] 1d 01:22:09
                    > to 14.0.64.1 via ge-0/0/1.0
30.30.30.0/24      *[Static/5] 1d 01:22:09
                    > to 14.0.64.1 via ge-0/0/1.0
40.40.40.0/24      *[OSPF/10] 1d 12:50:48, metric 2
                    > to 14.0.64.1 via ge-0/0/1.0
50.50.50.0/24      *[OSPF/10] 1d 01:27:30, metric 2
                    > to 14.0.64.1 via ge-0/0/1.0
60.60.60.0/24      *[OSPF/10] 1d 12:50:48, metric 2
                    > to 14.0.64.1 via ge-0/0/1.0
224.0.0.5/32       *[OSPF/10] 2d 03:56:53, metric 1
                      MultiRecv
1个回答

根据您的评论,一切看起来都是正确的。尽管 50.50.50.50 可能没有到 2.2.2.2 的直接/学习路由,但他确实将默认网关设置为 14.0.64.2。

Router#show ip route vrf vrf-untrustgi 
  S* 0.0.0.0/0 [1/0] via 14.0.64.2

如果您在本地没有可用于响应 ping 的接口,您将无法使用它。ASA 中可能存在使用随机地址的功能,大概是出于安全审计的原因。它看起来类似于:

Router#ping 8.8.8.8 source 2.2.2.2
% Invalid source address- IP address not on any of our up interfaces
Router#
其它你可能感兴趣的问题
上一篇使用 nat/pat 将子网转换为同一子网中的单个地址 下一篇奇怪的 OSPF/BGP 问题