'분류 전체보기' 카테고리의 글 목록 (2 Page)

- Topology

[R3]-ge-0/0/2--------------ge-0/0/2-[R1]

- OSFP 네이버가 맺어지지 않는 상태
root@R3# run show ospf neighbor
--- 네이버 없음 --

- 트러블슈팅을 위한 traceoption 설정 ( cisco debug command 와 동일하다고 보면됨)

root@R1# set protocols ospf traceoptions file ospf.log
root@R1# set protocols ospf traceoptions flag error detail
root@R1# commit

- OSFP 로그 확인

root@R1# run show log ospf.log
Nov 18 06:30:41 trace_on: Tracing to "/var/log/ospf.log" started
Nov 18 06:30:42 OSPF packet ignored: area mismatch (0.0.0.1) from 10.10.13.3 on intf ge-0/0/2.0 area 0.0.0.0
Nov 18 06:30:42 OSPF rcvd Hello 10.10.13.3 -> 224.0.0.5 (ge-0/0/2.0 IFL 335 area 0.0.0.0)
Nov 18 06:30:42 Version 2, length 44, ID 3.3.3.3, area 0.0.0.1
Nov 18 06:30:42 checksum 0xe618, authtype 0
Nov 18 06:30:42 mask 255.255.255.0, hello_ivl 10, opts 0x12, prio 128
Nov 18 06:30:42 dead_ivl 40, DR 0.0.0.0, BDR 0.0.0.0
-> area mismatch 확인

-라우터 설정 확인

root@R3# show protocols ospf | display set
set protocols ospf area 0.0.0.1 interface lo0.0 passive
set protocols ospf area 0.0.0.1 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.1 interface ge-0/0/6.0 interface-type p2p
set protocols ospf area 0.0.0.1 interface ge-0/0/2.0 interface-type p2p

root@R1# show protocols ospf | display set
set protocols ospf area 0.0.0.0 interface lo0.0 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/0.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p
set protocols ospf traceoptions file ospf.log
set protocols ospf traceoptions flag error detail

R1 OSPF area : 0.0.0.0 = 0
R3 OSPF area : 0.0.0.1 = 1

- R3 OSPF area 수정 (0.0.0.1 -> 0.0.0.0 )

root@R3# rename protocols ospf area 1 to area 0

- 수정 후 OSPF neighbor 확인

root@R3# run show ospf neighbor
Address Interface State ID Pri Dead
10.10.13.1 ge-0/0/2.0 Full 1.1.1.1 128 39

--Service Provider sytple--

set interfaces ge-0/0/0 vlan-tagging
set interfaces ge-0/0/0 encapsulation extended-vlan-bridge
set interfaces ge-0/0/0 unit 100 vlan-id 100
set interfaces ge-0/0/0 unit 200 vlan-id 200

set interfaces ge-0/0/2 vlan-tagging
set interfaces ge-0/0/2 encapsulation extended-vlan-bridge
set interfaces ge-0/0/2 unit 100 vlan-id 100
set interfaces ge-0/0/2 unit 200 vlan-id 200

set interfaces irb unit 100 family inet address 10.10.10.1/24
set interfaces irb unit 200 family inet address 20.20.20.1/24

set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.0 interface irb.100 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface irb.200 passive

set interfaces ge-0/0/1 unit 0 family inet address 79.79.79.9/24

set bridge-domains v100 vlan-id 100
set bridge-domains v100 interface ge-0/0/0.100
set bridge-domains v100 interface ge-0/0/2.100
set bridge-domains v100 routing-interface irb.100

set bridge-domains v200 vlan-id 200
set bridge-domains v200 interface ge-0/0/0.200
set bridge-domains v200 interface ge-0/0/2.200
set bridge-domains v200 routing-interface irb.200

root@R9# run show bridge domain

Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          v100                     100
                                                             ge-0/0/0.100
                                                             ge-0/0/2.100
default-switch          v200                     200
                                                             ge-0/0/0.200
                                                             ge-0/0/2.200

--Enterprise sytple--

set interfaces ge-0/0/0 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 100
set interfaces ge-0/0/0 unit 0 family bridge vlan-id-list 200

set interfaces ge-0/0/2 unit 0 family bridge interface-mode trunk
set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 100
set interfaces ge-0/0/2 unit 0 family bridge vlan-id-list 200

set interfaces irb unit 100 family inet address 10.10.10.1/24
set interfaces irb unit 200 family inet address 20.20.20.1/24

set routing-options router-id 1.1.1.1
set protocols ospf area 0.0.0.0 interface irb.100 passive
set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p
set protocols ospf area 0.0.0.0 interface irb.200 passive

set interfaces ge-0/0/1 unit 0 family inet address 79.79.79.9/24

set bridge-domains v100 vlan-id 100
set bridge-domains v100 routing-interface irb.100
set bridge-domains v200 vlan-id 200
set bridge-domains v200 routing-interface irb.200

root@R9# run show bridge domain

Routing instance        Bridge domain            VLAN ID     Interfaces
default-switch          v100                     100
                                                             ge-0/0/0.0
                                                             ge-0/0/2.0
default-switch          v200                     200
                                                             ge-0/0/0.0
                                                             ge-0/0/2.0

1. OSPF external type 1 이 type 2 보다 우선함.

[R2]--------[R4]

| / |

[R1]--------[R3]

R1 설정

- static 10.10.10.0/24 를 ospf로 재분배 및 ospf type 1 설정

chano@vMX_01# show policy-options | display set

set policy-options policy-statement static_to_ospf term 10 from protocol static

set policy-options policy-statement static_to_ospf term 10 then external type 1

set policy-options policy-statement static_to_ospf term 10 then accept

set policy-options policy-statement static_to_ospf term 20 then reject

chano@vMX_01# show routing-options | display set

set routing-options static route 10.10.10.0/24 discard

set routing-options router-id 172.27.255.1

chano@vMX_01# show protocols ospf| display set

set protocols ospf export static_to_ospf

set protocols ospf area 0.0.0.0 interface ae1.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/6.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.1 interface ge-0/0/3.0 interface-type p2p

R3 설정

- static 10.10.10.0/24 를 ospf로 재분배 및 ospf type 2 설정

chano@vMX_03# show policy-options | display set

set policy-options policy-statement static_to_ospf term 10 from protocol static

set policy-options policy-statement static_to_ospf term 10 then external type 2

set policy-options policy-statement static_to_ospf term 10 then accept

set policy-options policy-statement static_to_ospf term 20 then reject

chano@vMX_03# show routing-options | display set

set routing-options static route 10.10.10.0/24 discard

set routing-options router-id 172.27.255.3

chano@vMX_03# show protocols ospf| display set

set protocols ospf export static_to_ospf

set protocols ospf area 0.0.0.0 interface ge-0/0/1.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0 interface-type p2p

set protocols ospf area 0.0.0.2 interface ge-0/0/3.0 interface-type p2p

R4에서 10.10.10.0/24 대역 확인

- external type 1을 우선함을 확인.

chano@vMX_04> show route 10.10.10.0/24

inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.10.10.0/24 *[OSPF/150] 00:25:01, metric 1, tag 0

> to 172.27.0.10 via ae1.0 [R1향 인터페이스 ae1]

chano@vMX_04> show ospf database extensive external

OSPF AS SCOPE link state database

Type ID Adv Rtr Seq Age Opt Cksum Len

Extern 10.10.10.0 172.27.255.1 0x80000021 136 0x22 0xe249 36

mask 255.255.255.0

Topology default (ID 0)

Type: 1, Metric: 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:57:43

Installed 00:02:15 ago, expires in 00:57:44, sent 00:02:15 ago

Last changed 00:02:15 ago, Change count: 7

Extern 10.10.10.0 172.27.255.3 0x80000001 80 0x22 0x9a2f 36

mask 255.255.255.0

Topology default (ID 0)

Type: 2, Metric: 0, Fwd addr: 0.0.0.0, Tag: 0.0.0.0

Aging timer 00:58:40

Installed 00:01:19 ago, expires in 00:58:40, sent 00:01:19 ago

Last changed 00:01:19 ago, Change count: 1

2. external type 1 는 경로에 있는 모든 링크 cost 값을 더함.

external type 2 는 경로에 있는 모든 링크 cost 값을 무시함.

[R2]--------[R4]---------[R5]

|

[R1]

- 모든 링크 cost는 1로 설정함.

R1 설정

- R1 에서 10.10.10.0/24 대역을 ospf type 1 으로 광고

chano@vMX_01# show policy-options | display set

set policy-options policy-statement static_to_ospf term 10 from protocol static

set policy-options policy-statement static_to_ospf term 10 then external type 1

set policy-options policy-statement static_to_ospf term 10 then accept

set policy-options policy-statement static_to_ospf term 20 then reject

chano@vMX_01# show protocols ospf | display set

set protocols ospf export static_to_ospf

set protocols ospf area 0.0.0.0 interface ae1.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface ge-0/0/6.0 interface-type p2p

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ospf area 0.0.0.1 interface ge-0/0/3.0 interface-type p2p

chano@vMX_01# show routing-options | display set

set routing-options static route 10.10.10.0/24 discard

set routing-options router-id 172.27.255.1

R5 에서 확인

chano@vMX_05> show route 10.10.10.0/24 extensive

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)

10.10.10.0/24 (1 entry, 1 announced)

TSI:

KRT in-kernel 10.10.10.0/24 ->

*OSPF Preference: 150

Next hop type: Router, Next hop index: 561

Address: 0x9700438

Next-hop reference count: 13

Next hop: 172.27.0.21 via ae2.0, selected

Session Id: 0x142

State: <Active Int Ext>

Age: 2:21 Metric: 3 ( R1<---> R5경로의 cost를 더한 값(1+1+1)이 출력. )

Validation State: unverified

Tag: 0

Task: OSPF

Announcement bits (1): 0-KRT

AS path: I

R1 설정

- R1 에서 10.10.10.0/24 대역을 ospf type 2 으로 광고

chano@vMX_01# show policy-options | display set

set policy-options policy-statement static_to_ospf term 10 from protocol static

set policy-options policy-statement static_to_ospf term 10 then external type 2

set policy-options policy-statement static_to_ospf term 10 then accept

set policy-options policy-statement static_to_ospf term 20 then reject

R5 에서 확인

chano@vMX_05> show route 10.10.10.0/24 extensive

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)

10.10.10.0/24 (1 entry, 1 announced)

TSI:

KRT in-kernel 10.10.10.0/24 ->

*OSPF Preference: 150

Next hop type: Router, Next hop index: 561

Address: 0x9700438

Next-hop reference count: 13

Next hop: 172.27.0.21 via ae2.0, selected

Session Id: 0x142

State: <Active Int Ext>

Age: 30 Metric: 0 ( R1 <--> R5 경로상의 cost 값 무시, metric 미설정으로 0이 출력됨.)

Validation State: unverified

Tag: 0

Task: OSPF

Announcement bits (1): 0-KRT

AS path: I

R1 설정

- R1 에서 10.10.10.0/24 대역을 ospf type 2 으로 광고 (metric 100 설정)

chano@vMX_01# show policy-options | display set

set policy-options policy-statement static_to_ospf term 10 from protocol static

set policy-options policy-statement static_to_ospf term 10 then metric 100

set policy-options policy-statement static_to_ospf term 10 then external type 2

set policy-options policy-statement static_to_ospf term 10 then accept

set policy-options policy-statement static_to_ospf term 20 then reject

R5 에서 확인

chano@vMX_05> show route 10.10.10.0/24 extensive

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)

10.10.10.0/24 (1 entry, 1 announced)

TSI:

KRT in-kernel 10.10.10.0/24 ->

*OSPF Preference: 150

Next hop type: Router, Next hop index: 561

Address: 0x9700438

Next-hop reference count: 13

Next hop: 172.27.0.21 via ae2.0, selected

Session Id: 0x142

State: <Active Int Ext>

Age: 3 Metric: 100 ( R1 <--> R5 경로상의 cost 값 무시하고 설정한 cost 값 100 출력됨.)

Validation State: unverified

Tag: 0

Task: OSPF

Announcement bits (1): 0-KRT

AS path: I

저작자표시

{master:0}[edit]

icraft@EX4300_1# run ssh 5.5.5.5

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

Someone could be eavesdropping on you right now (man-in-the-middle attack)!

It is also possible that a host key has just been changed.

The fingerprint for the ECDSA key sent by the remote host is

bf:1f:e9:9a:89:83:8c:e6:3c:83:ee:03:63:e2:d7:c8.

Please contact your system administrator.

Add correct host key in /var/home/icraft/.ssh/known_hosts to get rid of this message.

Offending ECDSA key in /var/home/icraft/.ssh/known_hosts:1

ECDSA host key for 5.5.5.5 has changed and you have requested strict checking.

Host key verification failed.

{master:0}[edit]

icraft@EX4300_1# run file delete /var/home/icraft/.ssh/known_hosts

{master:0}[edit]

icraft@EX4300_1# run ssh 5.5.5.5

The authenticity of host '5.5.5.5 (5.5.5.5)' can't be established.

ECDSA key fingerprint is bf:1f:e9:9a:89:83:8c:e6:3c:83:ee:03:63:e2:d7:c8.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '5.5.5.5' (ECDSA) to the list of known hosts.

==================================================================

This system is the property of SK broadband.

Disconnect IMMEDIATELY if you are an unauthorised user!

Violators will be prosecuted both by civil and

criminal law to the fullest extent.

==================================================================

Password:

저작자표시

차노 블로그

차노

OSPF Troubleshooting - Area mismatch

Juniper MX series VLAN config

--Service Provider sytple--

--Enterprise sytple--

OSPF external type 1&2

주니퍼 ssh key 삭제방법

+ Recent posts

티스토리툴바