【 Weak current College 】 routing failures do not ask for instance on the router failure

The router is the implementation of intranet and Internet of critical equipment, according to network complexity to set the static and dynamic routing. For simple network setting static routes makes it easy to manage, but improper routing lists raised some Internet failure.

Recently, I sector (sector A) some people reflect cannot access superior sector (sector B) network. I used from the A1 computer (IP address 10.20.12.11/24) on the ping command to sector B network computer B1 (IP address 10.20.30.110/24) and B2 (IP address 10.20.30.111/24) send test packets, and packet loss rate reaches 100%, ping the other computer to this sector displays the connection properly. Check the computer IP settings, discover the gateway is set correctly (the correct gateway to 10.20.12.1), so I suspect that the router does not work properly. Back in my own Office, use the Office computer A2, A3 test, find the following peculiarities:

(1) A2 in computer (IP-10.20.12.12/24) on the ping command to ping sectors respectively B network computer B1 and B2, B1 is a normal response is found, the response rate in B2 20% ~ 50%; in computer A3 (IP to 10.20.12.13/24) using the ping command to ping the computer respectively B1 and B2, the response to display the connection works, packet loss rate is 0.

(2) the IP address of the computer A3 to 10.20.12.12/24 post test, ping results with (1) A2 test in the computer.

(3) the IP address of the computer A2 to has not yet been used IP address: 10.20.12.22/24, test and B1 and B2, the result looks fine, packet loss rate is 0.

(4) the IP address of the computer A1 to has not yet been used IP address: 10.20.12.23/24, test and B1 and B2, the result looks fine, packet loss rate is 0.

Fault analysis

Taking into account the situation of network connectivity and IP address of the computer, refer to the network topology diagram (Figure 1), so I suspect that may be due to sector B network firewall settings caused the fault. As the sector B and departments are located at the city in two different places, it is not convenient to view its firewall settings, and then call. But the network administrator to inform its firewall is set up for network IP segment, that is, the firewall for sector A whole network IP segment is allowed to access.

Analysis of the above reasons, it may be that some computers in this sector to sector B network send illegal access to information, sector B firewall will automatically send the IP list column intrusion computer shielding its sending IP packets, causing the network connection is not normal. Investigation of this sector in all computers, you will not be able to access the external network (sector B networks) of your computer's IP to the new IP address, the problem is temporarily resolved.

But a week later, the network also fails, there are several original normal access sector B computer against packet loss, and several original doesn't access the IP address of the external network can properly access the external network, it appears that the problem may not be in the firewall.

A2 on your computer (IP address 10.20.12.12/24) using the Tracert command to trace the test, the phenomenon is as follows:

c:\>Tracert10.20.30.110

Tracingrouteto10.20.30.110overamaximumof30hops

1<1ms<1ms<1ms10.20.12.1

21ms<1ms1ms192.168.10.2

31ms1ms1ms10.20.30.1

42ms1ms2ms10.20.30.110

Tracecomplete

On your computer to the IP address of the A2 to 10.20.12.22/24, using the Tracert command to trace the test, the phenomenon is as follows:

Tracingrouteto10.20.30.110overamaximumof30hops

1<1ms<1ms<1ms10.20.12.1

21ms**192.168.10.2

3*2ms*10.20.30.1

4***Requesttimedout

5***Requesttimedout

6**2ms10.20.30.110

Tracecomplete


Tracecomplete
→

Tracert trace test sometimes used is 4, 5 and later displayedare Requesttimedout.

Recalling the recent changes in the network structure, the original of this sector in the gateway's position is a three-layer switches (only uses its routing function), then the normal internal network to access the external network, in exchange for a week ago, the Cisco3640 Router 3 layer switch configurations to reconfigure the router 3640, shortly after more than a network failure occurred. Check the Cisco3640Port configurations and routing configuration, find port IP address configuration function, and in the route list there are two routes:

iproute0.0.0.00.0.0.0192.168.10.2

iproute0.0.0.00.0.0.010.20.12.254

This sector is the most lower units wide area network subnets, according to business need to access the entire Wan, while this sector network only by one Cisco3640 router RouterA access sector B network, and then through sector b router RouterB access units wide area network (see network topography). To facilitate setting, we only need to add a default Cisco3640 routing "iproute0.0.0.00.0.0.0192.168.10.2" can this sector to access external networks are forwarded to the departments b router RouterB, enabling network Internet. Perhaps because of errors, is set in routing tables with a non-existent next-hop node "iproute0.0.0.00.0.0.010.20.12.254". So when the computers in your internal network to access the external network, the router is not always accessible in the IP packet correctly sent to 192.168.10.2, because the router is powered on, the memory saved intranet extranet access routing list, making some computers have been able to access the external network, while others cannot access your computer, when a router restarted (e.g. the second Monday morning restart router), access routing list is re-established so that internal computer access to the extranet of discovery.

Troubleshooting

In router privilege mode to delete useless routing list:

#noiproute0.0.0.00.0.0.010.20.12.254

#wr

Restart the router, this sector all computers can access the network and Division B units wide area network, is thoroughly solve faults.

Refers to a router or other network device on the Internet is stored on the table, the table is reached the specific network path to the Terminal, in some cases, there are a number of these path-related metrics.

The General form of the routing table to:

DestinationGatewayFlagRefsUseInerface

Where the Destination destination network or host IP addresses; Gateway reaches the purpose of using gateway; Flag flags field, describe the routing features; Refcnt said in order to build a connection, the number of routing use; Use expressed through this route transmission group reported assemble; Interface indicates that the routing of network interface name is used.

A typical example of a routing table

DestinationGatewayFlagsRefsUseInterface

default26.112.191.98UGS00net0

default26.112.191.98UGS018net0

26.112.19126.112.191.2UC10net0

26.112.191.2127.0.0.1UGHS392lo0

127.0.0.1127.0.0.1UH39786480lo0

22426.112.191.2UCS00net0