Download ZebOS Network Platform Troubleshooting Guide

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
page
52
page
53
page
54
page
55
page
56
page
57
page
58
page
59
page
60
Document related concepts

Multiprotocol Label Switching wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
BIG-IP® Advanced Routing™
Troubleshooting Guide
Version 7.8.4
Publication Date
This document was published on June 27, 2013.
Legal Notices
Copyright
Copyright 2001-2013, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
Trademarks
AAM, Access Policy Manager, Advanced Client Authentication, Advanced Firewall Manager, Advanced
Routing, AFM, Alive With F5, APM, Application Acceleration Manager, Application Security Manager,
ARX, AskF5, ASM, BIG-IP, BIG-IQ, Cloud Extender, CloudFucious, Cloud Manager, Clustered
Multiprocessing, CMP, COHESION, Data Manager, DevCentral, DevCentral [DESIGN], DNS Express,
DSC, DSI, Edge Client, Edge Gateway, Edge Portal, ELEVATE, EM, Enterprise Manager, ENGAGE, F5,
F5 [DESIGN], F5 Certified [DESIGN], F5 Networks, Fast Application Proxy, Fast Cache, FirePass,
Global Traffic Manager, GTM, GUARDIAN, iApps, IBR, Intelligent Browser Referencing, Intelligent
Compression, IPv6 Gateway, iControl, iHealth, iQuery, iRules, iRules OnDemand, iSession, L7 Rate
Shaping, LC, Link Controller, Local Traffic Manager, LTM, LineRate, LineRate Systems [DESIGN],
LROS, Message Security Manager, MSM, OneConnect, Packet Velocity, PEM, Policy Enforcement
Manager, Protocol Security Manager, PSM, Real Traffic Policy Builder, ScaleN, Signalling Delivery
Controller, SDC, SSL Acceleration, StrongBox, SuperVIP, SYN Check, TCP Express, TDR, TMOS,
Traffic Management Operating System, Traffix Systems, Traffix Systems (DESIGN), Transparent Data
Reduction, UNITY, VAULT, VIPRION, vCMP, VE F5 [DESIGN], Virtual Clustered Multiprocessing,
WA, WAN Optimization Manager, WebAccelerator, WOM, and ZoneRunner, are trademarks or service
marks of F5 Networks, Inc., in the U.S. and other countries, and may not be used without F5's express
written consent.
All other product and company names herein may be trademarks of their respective owners.
A portion of this reference guide is copyrighted by IP Infusion, Inc.
ZebOS is a registered trademark, and IP Infusion and the ipinfusion logo are trademarks of IP Infusion.
All other trademarks are trademarks of their respective companies.
This documentation is subject to change without notice. The software described in this document and this
documentation are furnished under a license agreement or nondisclosure agreement. The software and
documentation may be used or copied only in accordance with the terms of the applicable agreement. No
part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any
means electronic or mechanical, including photocopying and recording for any purpose other than the
purchaser's internal use without the written permission of IP Infusion Inc.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.
All other product and company names herein may be trademarks of their respective owners.
i
ii
Table of Contents
CHAPTER 1
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Useful System Commands and Utilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
CHAPTER 2
Debugging and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Logging to stdout (terminal) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Logging information to a file or syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Turning off debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
CHAPTER 3
Troubleshooting BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
No BGP Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
show ip bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
show ip bgp summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
show ip bgp neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
CHAPTER 4
Troubleshooting OSPF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
No OSPF Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
show ip ospf database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
CHAPTER 5
Troubleshooting RIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
No RIP Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
show ip rip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
show ip rip database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
CHAPTER 6
Troubleshooting LDP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
LDP Session is not UP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
CHAPTER 7
Troubleshooting VRRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Incorrect VRRP States. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
CHAPTER 8
Troubleshooting PIM-SM. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
No PIM adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
No BSR and RP information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
RP not advertised in the BSR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25
Troubleshooting Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
show ip pim sparse-mode mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
show ip pim sparse-mode interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30
CHAPTER 9
Troubleshooting BGP4+ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
No BGP Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
iii
Table of Contents
Useful Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
show bgp ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
show bgp ipv6 summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
CHAPTER 10
Troubleshooting OSPFv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
No OSPF Adjacency. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
show ipv6 ospf database link (adv-router) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
show ipv6 ospf database intra-prefix (adv-router) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
CHAPTER 11
Troubleshooting RIPng . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
No RIPng Adjacency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
CHAPTER 12 Route Selection in NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How NSM Adds Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
How NSM Deletes Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
43
43
45
46
show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show ip route database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
CHAPTER 13 Miscellaneous Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Kernel does not notify the NSM about updating the MTU/metric. . . . . . . . . . . . . . . . . 51
OSPF adjacency lost (System Clock) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Remote Devices are unreachable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index - 1
iv
CHAPTER 1
Introduction
This guide is intended for all network administrators and application developers who install and configure ZebOS® IP
routing and switching software. It requires that the user has a broad understanding of networking principles and
network configuration. Use this information with other F5 Networks technical information available with the software.
This guide contains tips for troubleshooting basic issues faced during installation, configuration and management of
ZebOS IP routing software.
Useful System Commands and Utilities
These UNIX Commands and GNU Utilities are useful in troubleshooting. UNIX commands might have different syntax
when used on different platforms.
Note:
Use man <command> to get detailed information about any UNIX command.
id
The id utility displays the system identifications (ID) for a specific user. The system IDs identify
users and user groups to the system. This utility displays the user name, user ID, as well as the
group name and group ID of the user.
In addition, id also displays the effective user and group IDs (euid). Install ZebOS as a root
user. Use this command to verify that you are the root user.
ifconfig
Configures a network interface. It is used at boot time to set up interfaces or for debugging
purposes. Use the -a flag with this command to instruct ifconfig to display information about
all interfaces on the system.
You can use this utility to configure the loopback address:
ifconfig lo 127.0.0.1
ls
Lists the contents of the current working directory.
man
It provides access to online manual pages and information on how to run a specified command.
For example, to learn more about rm (file-removal) command type:
man rm
Use option -k with the man command if you do not know which command to look for. This
option directs man to search for manual pages containing the specified keyword.
If the information is more than one screen full of text, the man command shows the first screen
and prompts you with More at the bottom of the screen. Hit the spacebar when you are ready
for the next screen full. Type q to quit.
netstat
Displays different network related data structures. You can use various options to get different
outputs, such as -r option displays routing tables. The -n option used along with the -r option
displays network addresses as numbers.
ping
Use ping to see if a system is operating and also to see if network connections are intact. The
ping utility uses the Internet Control Message Protocol (ICMP) Echo function (detailed in RFC
792). A small packet is sent through the network to a particular IP address. The sender then
listens for a return packet; if connections are good and the target system is up, a valid return
packet is received.
1
Introduction
ping6
It uses the ICMPv6 Echo function (detailed in RFC 2463) to report errors encountered in
processing packets and to perform diagnostics.
This utility is available on Linux and FreeBSD systems. On a Solaris system the ping utility has
both IPv4 and IPv6 capability.
ssh
Use Secure Shell (SSH) to log into another computer over a network, to execute commands
from a remote machine, and to move files from one machine to another. SSH can be used in
place of telnet, rlogin, rsh etc. It provides authentication and secure communications over
insecure channels.
su
The su command changes the user ID to those of the root user or to any other specified user.
telnet
This utility is a User Interface to the TELNET protocol. It runs on your computer and connects it
to a server on the network. You can then enter commands through the Telnet program and they
are executed as if you were entering them directly on the server console. This enables you to
control the server and communicate with other systems on the network.
traceroute
Traces a packet from your system to a host showing the number of hops the packet requires to
reach the host and how long each hop takes.
traceroute6
Displays information about the route taken by the IPv6 packets to reach the destination.
This utility is available on Linux and FreeBSD systems. On a Solaris system the traceroute
utility has IPv4 and IPv6 capability.
uname
Displays information about the name and version of the current Operating System.
useradd
Creates a new User or updates default User information. This utility works on Linux and Solaris
systems. On a FreeBSD system use the pw utility to create a new user.
userdel
Deletes a User Account and its related files.
This utility works on Linux and Solaris systems. On a FreeBSD system use the pw utility to
delete an User Account.
which
Shows the complete path of the given command. If the command is missing in the path, a
message is displayed stating that the command is missing. For example, using which telnet
confirms if telnet is installed on your system and gives the path to reach it.
Network Services Module
2
CHAPTER 2
Debugging and Logging
ZebOS has a comprehensive debugging and logging facility in various protocols and components. This chapter
describes how to start/stop debugging and logging using the NSM commands. For complete information about the
logging commands, refer to the ZebOS Network Platform Network Services Manager Command Line Interface
Reference Guide. The protocol debug commands are in corresponding Command References.
Debugging
In the ZebOS implementation, every protocol has debug commands. Debug commands, when used with the
parameters, log parameter-specific information. For example, using the debug ldp nsm command, results in the
router writing all messages exchanged between LDP and NSM such as: interface, bandwidth and address updates.
On using a debug command, the router continues to generate output until the no parameter is used with the command.
The debug output and system error messages are written on the virtual terminal. Use the logging commands in the
configure mode to redirect the debugging output to a file or syslog. You can set the logging levels by using
parameters with these commands. Refer to the ZebOS Network Platform Network Services Manager Command Line
Interface Reference Guide for details on these commands.
Logging to stdout (terminal)
To start debugging to stdout:
1. Turn on the debug options by using the relevant debug command.
2. Run the terminal monitor command.
ZebOS> enable
ZebOS# configure terminal
ZebOS(config)# debug <protocol> (parameter)
ZebOS(config)# exit
ZebOS# terminal monitor
Sample Output
This is a sample output of the debug rsvp events command displayed on the terminal:
ZebOS# terminal monitor
Dec 2 16:41:49 localhost RSVP[6518]: RSVP: RSVP message sent to 10.10.23.60/32 via
interface eth0
Dec 2 16:41:57 localhost RSVP[6518]: RSVP: Received an RSVP message of type RSVP
Reservation from 192.168.0.60 via interface eth0
Dec 2 16:41:57 localhost RSVP[6518]: RSVP: Received a RESV message from 10.10.23.60/
32
Logging information to a file or syslog
To send logging information to a file:
1. Use the log file command and specify the path and file name where the information is to be logged.
3
Debugging and Logging
2. Turn on the debug option by using the relevant debug command.
ZebOS> enable
ZebOS# configure terminal
ZebOS(config)# log file <filename>
ZebOS(config)# debug <protocol> (parameter)
When logging to a file, user can simultaneously log to stdout by running the terminal monitor command.
3. To log information in the system log, use the log syslog command:
ZebOS(config)# log syslog
The system log enables logging and analyzing configuration events and system error messages centrally. This
helps in monitoring interface status, security alerts and CPU process overloads. It also allows real-time capturing of
client debug output sessions. Use the no parameter with this command to disable system logging:
ZebOS(config)# no log syslog
Turning off debugging
To turn off debugging, use the no debug or undebug command. When a protocol is specified with the no debug or
undebug commands, debugging is stopped for the specified protocol. To stop all debugging, use the all parameter
with these commands.
ZebOS(config)# no debug bgp events
or
ZebOS# undebug all
To turn off logging information to a file, use the no parameter with the log file command:
ZebOS(config)# no log file (filename)
4
CHAPTER 3
Troubleshooting BGP
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform Border Gateway Protocol Command Line Interface Reference Guide for details
on commands used in this chapter.
No BGP Adjacency
Interface status
Use the show ip interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration setting with the no
shutdown command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
Neighbor configuration
Make sure that the BGP configuration is correct. To establish BGP, configure a TCP
session with another router using the neighbor remote-as command.
When using iBGP:
•
Make sure the two routers know how to reach each other’s loopback addresses, if
you have established iBGP using loopback interface. Typically, you have an IGP
(say OSPF) running between the two routers. In this case, enable OSPF on the
loopback interface or redistribute the loopback address into OSPF.
•
Ping to each other’s loopback address to ensure mutual reachability.
When using eBGP:
•
Make sure you have configured the multihop number for an eBGP neighbor that is
not directly connected.
•
Use the neighbor ebgp-multihop command to specify the maximum hop
count to reach the neighbor.
Connectivity
Make sure you can reach the neighbor using the ping A.B.C.D command.
Firewall
Verify if a firewall is present. If there is a firewall, it might be configured to block TCP
packets. Verify the existing firewall configurations (in Linux) by using:
ipchains -L
Flush the existing firewall configurations by using:
ipchains -F
5
Troubleshooting BGP
Show Commands
show ip bgp
This command displays the current state of the BGP routing table. Use this command to check whether a specific route
has been installed into the BGP routing table or not and to view information about various attributes of a route, such as,
nexthop, metric and AS path.
Sample Output
BGP table version is 0, local router ID is 10.100.0.77
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, S stale,
Origin codes: i - IGP, e - EGP,? - incomplete
Network
Next Hop
Metric LocPrf
Weight
Path
*> 172.16.1.0/24
10.10.10.78
0
1 4 i
*> 192.16.1.0
10.10.10.78
200
0
1 4 ?
*
10.100.0.62
100
0
3 4 ?
*>i 192.17.1.0
10.100.0.62
100
0
i
Line by Line Description
This routing table shows routes learned from both iBGP and eBGP peers.
BGP table version is 0, local router ID is 10.100.0.77
• The Table version is 0. This version number increases whenever the table changes.
• The Router ID of the local router is 10.100.0.77.
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i - internal
The possible status codes displayed at the beginning of the route entry. They display the status of the routes.
Status Code
Description
Comments
s
suppressed
Indicates that the route is suppressed and will not be advertised to the neighbors.
d
damped
When the penalty of a flapping route exceeds the suppress limit, the route is damped
and remains in a WITHDRAWN state until its penalty decreases below the reuse limit.
h
history
When the penalty of a flapping route does not exceed the suppress limit, the route is
not damped and BGP maintains a history of the flapping route.
S
stale
When the BGP neighbor, from which a route is learned, is experiencing graceful
restart, the route is retained in the BGP routing table and labeled by symbol p.
*
valid
Indicates that the route is a valid route. When a route is not suppressed, damped or
present in the history, it is a valid route.
>
best
The selected route to be installed in the kernel routing table.
i
internal
Indicates that the route is learned from an iBGP peer. An absence of this status code
indicates that the route is learned from an eBGP peer.
Origin codes: i - IGP, e - EGP, ? - incomplete
6
Troubleshooting BGP
Origin codes are at the end of each line in the routing table and provide information about where the route has
originated from.
Origin Code
Description
Comments
i
IGP
Origin of the route is an Interior Gateway Protocol.
e
EGP
Origin of the route is an Exterior Gateway Protocol.
?
incomplete
Origin not known. Typically, redistributed routes from IGP.
*> 172.16.1.0/24
10.10.10.78
0
1 4 i
• The absence of status code i indicates that it is learned from an eBGP peer.
•
The > indicates that this route is selected to be installed in the kernel routing table. Its network address is
172.16.1.0/24.
•
The IP address of the nexthop for this route is 10.10.10.78.
•
The weight parameter applies only to routes within an individual router. Since this route was learned from a peer,
it has a default weight of 0. All routes generated by the local router have a weight of 32,768.
•
The path attribute 1 4 indicates that the prefix advertisement passed through the ASs AS1 and AS4.
• The origin code i indicates that the prefix was added by network statement at originating AS.
*> 192.16.1.0
10.10.10.78
200
0
1 4 ?
*
10.100.0.62
100
0
3 4 ?
• The same prefix is learned from two different ASs, AS1 and AS3.
•
The route learned from AS1 is chosen as the best route because AS1 has a lower Router ID (10.10.10.78) than
AS2 (10.100.0.62). Although the Metric or MED (MULTI_EXIT_DISC) of the route learned from AS1 is higher
(200) than the route learnt from AS3 (100), this attribute is not used in the best path selection decision because
MEDs are compared only if the first (neighboring) AS is the same in the two paths.
• The origin code ? indicates that the routes are learned through redistribution.
*>i192.17.1.0
10.100.0.62
100
0
i
• The route is learned through an iBGP peer as indicated by the status code i.
•
The LOCAL_PREF attribute of the route, which is used only with the local AS, is set to 100 (the default value).
show ip bgp summary
This command displays the state summary of BGP neighbor connections. Use this command to check the state of the
BGP neighbor connections and to view information about the:
•
Current state of BGP neighbor connections.
•
Number of prefixes received from specific neighbor after BGP connection is established.
Sample Output
BGP router identifier 10.10.10.77, local AS number 10
0 BGP AS-PATH entries
0 BGP community entries
Neighbor
V
AS MsgRcvd MsgSent
TblVer InQ
10.10.10.78
4
20
1088
1094
0
0
Total number of neighbors 1
OutQ
0
Up/Down State/PfxRcd
16:22:53
2
7
Troubleshooting BGP
Line by Line Description
BGP router identifier 10.10.10.77, local AS number 10
0 BGP AS-PATH entries
0 BGP community entries
• BGP router ID is 10.10.10.77 and the local router AS number is 10.
• There are no BGP AS-PATH or community entries.
10.10.10.78
4
20
1088
1094
0
0
0
16:22:53
• There is only one BGP neighbor available, with an IP address 10.10.10.78 and AS Number 20.
2
•
The neighbor uses BGP version 4.
•
1088 messages are received by the local BGP.
•
1094 messages are sent by the local router since the BGP connection has been established.
•
The current BGP routing table version (TblVer) is 0. When the table changes, the version will increase.
•
The input queue (InQ) indicates that there are no received messages waiting in the input queue for further
processing.
•
The output queue (OutQ) indicates that there are no messages waiting in the output queue to be sent.
•
The connection has been up for 16 hours, 22 minutes and 53 seconds.
•
The local router has received two prefixes from this neighbor.
show ip bgp neighbors
This command gives detailed information about all BGP peering sessions that the local system is currently involved in.
You can view information pertaining to a specific neighbor, by specifying the IP address of the neighbor with this
command (show ip bgp neighbors <ipaddress>).
Sample Output (on 10.10.10.77)
ZebOS# show ip bgp neighbors
BGP neighbor is 10.10.10.78, remote AS 2, local AS 1, external link
BGP version 4, remote router ID 40.40.40.78
BGP state = Established, up for 00:00:56
Last read 00:00:01, hold time is 180, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
Received 4 messages, 0 notifications, 0 in queue
Sent 5 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
2 accepted prefixes
1 announced prefixes
Connections established 1; dropped 0
Local host: 10.10.10.77, Local port: 2713
Foreign host: 10.10.10.78, Foreign port: 179
Nexthop: 10.10.10.77
8
Troubleshooting BGP
Nexthop global: aaaa:bbbb::77
Nexthop local: fe80::204:75ff:fe9e:c936
BGP connection: non shared network
Read thread: on Write thread: off
The following is a line-by-line description of the output:
BGP neighbor is 10.10.10.78, remote AS 2, local AS 1, external link
• The IP address of the BGP neighbor is 10.10.10.78
•
The AS number of the neighbor is 2.
•
The AS number of the local system is 1
•
The type of BGP peering is external (eBGP). If the neighbor is in the same AS, this line would display internal
link.
BGP version 4, remote router ID 40.40.40.78
• The negotiated BGP version for this peering session is BGP4.
•
The neighbor’s Router ID is 40.40.40.78. BGP uses the highest loopback address as the Router ID. If no
loopback interface is configured, BGP uses the highest configured IP address on a system.
BGP state = Established, up for 00:00:56
• The peering session is in an Established state.The session can be in a Idle, Active, OpenSent,
OpenConfirm or Established state. Only after the neighbor session is in an Established state, the exchange
of routing information begins between peers. Detailed information about BGP states is in the Section 8 of the
IETF RFC 1771 - A Border Gateway Protocol - 4 or the latest IETF BGP (draft version
22).
• The current peering session has been running for 56 seconds.
Last read 00:00:01, hold time is 180, keepalive interval is 60 seconds
• The time elapsed since a message was last received from this neighbor is 00:00:01.
•
The maximum time that can elapse between successive messages from this neighbor is 180 seconds. If no
message is received for 180 seconds, this neighbor will be declared dead.
•
The time interval between successive keepalive messages is 60 seconds. Typically, the hold time value is set to
three times the keepalive interval.
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Address family IPv4 Unicast: advertised and received
• The Route Refresh and Address Family IPv4 unicast capabilities are advertised and received from the
neighbor.
Received 4 messages, 0 notifications, 0 in queue
Sent 5 messages, 0 notifications, 0 in queue
• Received 4 messages and 0 notifications from the neighbor and sent 5 messages and 0 notifications to the
neighbor.
• There are 0 messages to be or received from the neighbor.
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 30 seconds
• No route refresh requests have been sent or received from the neighbor.
•
The minimum advertisement interval for the neighbor is 30 seconds. This means that the minimum time gap
between successive route updates sent to the neighbor is 30 seconds. Generally, a jitter (of 25%) is applied to this
time interval, which means that if the time between advertisements is configured as 30, successive advertisements
can have a time gap of as low as 22.5 (after applying a 25% jitter to the 30 seconds, which is 7.5 seconds).
For address family: IPv4 Unicast
9
Troubleshooting BGP
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
2 accepted prefixes
1 announced prefixes
• The peers have exchanged IPv4 Unicast address family capability, which is the default. For each of the address
families agreed upon, a separate table is maintained by BGP. This can be seen from the BGP table version number
(1).
•
One prefix (route) is advertised to and 2 received from the neighbor. Also, both the community attributes
(standard and extended) have been sent.
Connections established 1; dropped 0
• The router has established a TCP connection once, and the two peers have agreed to speak BGP with each other
once.
• The good connection has not failed or brought down (0).
Local host: 10.10.10.77, Local port: 2713
• The IP address and the port number on the local system used for the peering session are 10.10.10.77 and
2713.
Foreign host: 10.10.10.78, Foreign port: 179
• The IP address 10.10.10.78 and the port 179 is used for the neighbor. BGP always uses the TCP port number
179. In this example, the local system (10.10.10.77) has initiated the TCP connection, thus, the port number
on the peer is 179. If the connection had been initiated by the remote peer, 179 would be a port number on the
local system.
Nexthop: 10.10.10.77
Nexthop global: aaaa:bbbb::77
Nexthop local: fe80::204:75ff:fe9e:c936
• The IP address of the next-hop (10.10.10.77) is used to reach the neighbor. The BGP peers eBGP or iBGP do
not require to be directly connected. Peering sessions can be set up across multiple hops. In this example, since
the neighbors are directly connected, the IP address of the local system (10.10.10.77) is listed as the next-hop.
•
The global IPv6 address of the nexthop is aaaa:bbbb::77.
• The link-local IPv6 address of the next-hop is fe80::204:75ff:fe9e:c936.
BGP connection: non shared network
• The peering session is running on a non shared network.
Read thread: on Write thread: off
• The read/write status for the socket shared with this particular peer is off. Both are generally in off state when
the state of the BGP session between peers is Idle.
10
CHAPTER 4
Troubleshooting OSPF
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Open Shortest Path First Command Line Interface Reference Guide for details on the commands
used in this chapter.
No OSPF Adjacency
Interface Status
Use the show ip interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration setting with the no
shutdown command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
OSPF Enabled on the
Interface
Make sure that OSPF is enabled on the interface. To enable OSPF on a particular
interface, use the network area command with a specified Area ID. Use the show
ip ospf interface to confirm that OSPF is enabled for the interface.
Sample output
eth2 is up, line protocol is up
Internet Address 56.168.1.7/24, Area 0.0.0.0, MTU 1500
Router ID 7.7.7.7, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 7.7.7.7, Interface Address 56.168.1.7
Backup Designated Router (ID) 8.8.8.8, Interface Address
56.168.1.8
Timer intervals configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:05
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
Hello received 625 sent 645, DD received 3 sent 4
LS-Req received 1 sent 1, LS-Upd received 5 sent 13
LS-Ack received 8 sent 5, Discarded 0
11
Troubleshooting OSPF
Passive Interface
Ensure that the interface is not configured as a passive using show run:
!
router ospf
passive interface eth0
!
If the interface is passive, remove this configuration setting by using this command:
no passive interface eth0
Exchange of Hello Packets
Check the interface to make sure that OSPF Hello packets are being sent and
received correctly. You can use either packet sniffer (such as, Ethereal or TCP dump)
or ZebOS log messages to verify the hello packet.
To turn on ZebOS logging, type:
ZebOS# configure terminal
ZebOS(config)# debug ospf event
ZebOS(config)# debug ospf packet hello
To display the logging message on the terminal, type:
ZebOS# terminal monitor
Mismatch between Hello
Parameters
It is possible that there is a mismatch between Hello parameters. Make sure that you
have specified the same hello interval and dead interval values on both machines by
using the show ip ospf interface command on each machine.
Mismatch between MTU sizes
Run show ip ospf neighbor, if you see the neighbor but the state is not full.
Make sure that both routers have the same MTU size for the interfaces.
Show Commands
show ip ospf interface
This command displays interface information for OSPF. Use this command when you want to check the interfaces
enabled for an OSPF process. It provides important information about the OSPF parameters. Confirm that the OSPF
parameters match that of the neighbors. If the intended interfaces are not shown in the OSPF information, check the
configuration to make sure that the IP address of the missing interface is included.
Sample Output
eth1 is up, line protocol is up
Internet Address 10.100.10.72/24, Area 0.0.0.0, MTU 1500
Router ID 100.100.100.72, Network Type BROADCAST, Cost: 10, TE Metric 0
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 100.100.100.72, Interface Address 10.100.10.72
Backup Designated Router (ID) 10.100.12.57, Interface Address 10.100.10.105
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Neighbor Count is 1, Adjacent neighbor count is 1
Crypt Sequence Number is 0
Hello received 19 sent 106, DD received 4 sent 3
12
Troubleshooting OSPF
LS-Req received 1 sent 1, LS-Upd received 3 sent 3
LS-Ack received 2 sent 3, Discarded 0
Description of displayed fields
Internet Address
The IP address and subnet mask of the interface.
Area
The OSPF area to which the interface belongs.
MTU
The Maximum Transmission Unit (MTU) of the interface.
Transmit Delay
The transmit delay of the interface.
Priority
The OSPF priority of the current interface. It is used for election of
Designated Router (DR) and Backup Designated Router (BDR).
Hello
The OSPF hello-interval.
Dead
The OSPF dead-interval.
Wait
The Hello wait-interval.
Retransmit
The period, in seconds, for which the router waits between retransmissions
of OSPF packets that have not been acknowledged.
Hello due in
The time period for which router expects to receive hello packet.
Neighbor Count
The OSPF neighbor count.
Adjacent neighbor
The OSPF adjacent neighbor count.
Crypt Sequence Number
This is used for authentication.
Hello received 19 sent 106,
DD received 4 sent 3
This line shows that this router received 19 and sent 106 Hello packets. It
has received 4 and sent 3 DD packets out.
LS-Req received 1 sent 1,
LS-Upd received 3 sent 3
This line indicates that this router received and sent 1 LSA request. It sent
and received 3 LSA updates.
LS-Ack received 2 sent 3,
Discarded 0
This line indicates that this router received 2 and sent 3 LSA
acknowledgements. It discarded no LSA acknowledgement.
show ip ospf neighbor
This command displays information about OSPF neighbors. Use this command to check OSPF neighbors and their
states. If the expected neighbors do not show OSPF, make sure that the OSPF parameters match the intended
neighbors and they are configured in the same area.
Sample Output
ZebOS# show ip ospf neighbor
OSPF process 100:
Neighbor ID
Pri
10.100.12.57
1
State
Dead Time
Full/Backup 0:00:37
Address
Interface
10.100.10.105 eth1:10.100.10.72
OSPF process
The OSPF process involved.
Neighbor ID
The OSPF Router ID of the neighbor.
RXmtL RqstL DBsmL
0
0
0
13
Troubleshooting OSPF
Pri
The OSPF priority of the neighbor.
State
The functional state of the OSPF neighbor.
Dead Time
If a new Hello is not received within this duration, the neighbor is declared dead.
Address
The IP address of neighbor’s interface attached to the network.
Interface
The interface attached to the network on which the neighbor is located.
show ip ospf database
This command displays information about OSPF link-state database on the router.
Sample Output
QA72# show ip ospf database
OSPF Router process 100 with ID (100.100.100.72)
Router Link States (Area 0.0.0.0)
Link ID
ADV Router
Age
Seq#
CkSum
10.100.12.57
10.100.12.57
930 0x80000003 0x90de
100.100.100.72 100.100.100.72
933 0x80000004 0x7592
Net Link States (Area 0.0.0.0)
Link ID
ADV Router
Age
Seq#
CkSum
10.100.10.72
100.100.100.72
933 0x80000001 0x0bef
Summary Link States (Area 0.0.0.0)
Link ID
ADV Router
Age
Seq#
CkSum
10.60.0.0
10.100.12.57
928 0x80000001 0x5108
71.87.120.0
10.100.12.57
928 0x80000001 0xc2c5
127.0.0.1
10.100.12.57
928 0x80000001 0x23fb
Link count
2
2
Route
10.60.0.0/24
71.87.120.0/24
127.0.0.1/32
Description of displayed fields
Link ID
Link ID has a different meaning for different types of Link-State Advertisements.
•
Link ID for Router Link States: Depends on the type of network the router connects to:
•
Point to Point network
Neighbor’s Router ID.
•
Transit network
IP address of the Designated Router’s interface.
•
Stub network
IP network or subnet address
•
Virtual link
Neighbor’s Router ID.
•
Link ID for Net Link States: The IP address of the DR's interface.
•
Link ID for Summary Link States: The IP address of the network or subnet being advertised.
ADV Router
The router ID of the router advertising the LSA.
Age
The age of the LSA.
Seq#
14
Troubleshooting OSPF
The sequence number of the LSA. This number increments each time a new instance of the LSA originates. This
update helps other routers identify the most recent instance of the LSA.
CkSum
The fetch checksum of the complete LSA except the Age field.
15
Troubleshooting OSPF
16
CHAPTER 5
Troubleshooting RIP
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. Please contact F5 Networks, if the
issue remains unresolved.
Refer to the ZebOS Network Platform Routing Information Protocol Command Line Interface Reference Guide for
details on commands used in this chapter.
No RIP Adjacency
Interface Status
Use the show ip interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration using the no shutdown
command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
RIP enabled on Interface
Confirm that RIP is enabled on the interface. To enable RIP on a particular interface,
use the network command. Use the show ip rip interface to make sure that
RIP is enabled for the interface.
Sample Output
ZebOS# show ip rip interface
fxp0 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.15.0.60/16
Passive Interface
Make sure that the interface is not configured as a passive interface using the show
run command:
!
router rip
passive interface eth0
!
If the interface is configured as passive (as shown above), remove this configuration
setting by using this command:
no passive interface eth0
17
Troubleshooting RIP
Exchange of RIP
Advertisements
Make sure that RIP advertisements are being sent and received on the interface. You
can use either a packet sniffer (such as, Ethereal or TCP dump) or the ZebOS log
messages to verify the RIP advertisements.
To turn on ZebOS logging, type:
ZebOS# configure terminal
ZebOS(config)# debug rip event
ZebOS(config)# debug rip packet detail
To display the logging message on the terminal, type:
ZebOS# terminal monitor
RIP Version Mismatch
One router configured as RIPv1 and the other router as RIPv2 results in no RIP
adjacency.
Configure the router running RIPv2 as follows:
!
interface eth1
ip rip send version 1-compatible
ip rip receive version 1 2
!
Firewall
Verify whether a firewall is present. If there is a firewall, it blocks the UDP packet. You
must remove the firewall if you have one. To display the existing firewall
configurations, in Linux, use:
ipchains -L
Flush the existing firewall configurations by using:
ipchains -F
Show Commands
show ip rip interface
This command displays information about RIP interfaces. Use this command to verify that RIP is enabled on an
interface.
Sample Output
ZebOS# show ip rip interface eth1
eth1 is up, line protocol is up
Routing Protocol: RIP
Receive RIP packets
Send RIP packets
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IP interface address:
10.10.10.10/24
18
Troubleshooting RIP
Line by line description
In the above output:
eth1 is up, line protocol is up
Routing Protocol: RIP
These lines denote that the interface is UP and RIP is enabled.
Receive RIP packets
Send RIP packets
These lines indicate that the interface is capable of receiving/sending both RIP version 1 and 2 packets, which is
the default.
If RIP is configured to send only version 1 packets using the ip rip send version 1 command, the output
displays: Send RIPv1 packets only
Passive interface: Disabled
This line denotes that the specified interface is not passive and can send and receive RIP updates.
If passive interface is configured using the passive-interface <IFNAME> command, RIP updates are
received but not sent. This configuration is required when a router does not want to advertise itself but still wants to
learn RIP routes.
Split horizon: Enabled with Poisoned Reversed
This line denotes that the split-horizon with poisoned reversed feature is enabled on the displayed
interface (eth1). This means that routes will not be advertised on the interface from which they are learnt avoiding
the problem of counting to infinity.
IP interface address:
10.10.10.10/24
These lines display the IPv4 address of the RIP enabled interface.
show ip rip database
This command displays the different routes learnt by RIP. Use this command to view details of all the routes learnt by
RIP.
Sample Output
ZebOS# show ip rip database
Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS,
B - BGP
Network
Next Hop
Metric From
If
Time
R 192.1.1.0/24
10.10.10.68
2 10.10.10.68
eth1
02:47
O 193.1.1.0/24
20.10.10.50
2 20.10.10.50
eth2
03:06
S 196.6.6.0/24
1
eth1
Line by line description
In the above output:
Codes: R - RIP, K - Kernel, C - Connected, S - Static, O - OSPF, I - IS-IS,
B - BGP
19
Troubleshooting RIP
Refer to the show ip route command description for details about these codes.
Network
Is the network prefix
Next hop
Is the IPv4 address of the nexthop router.
Metric
Is the metric to reach the network prefix.
From
Is the IPv4 address of the neighbor's interface.
If
Is the local router's interface through which the router reaches the Network prefix.
Time
Is the duration for which the network prefix is stored in the RIP routing table.
R
192.1.1.0/24
10.10.10.68
2
10.10.10.68
eth1
02:47
This line denotes a RIP route learnt from a neighbor (10.10.10.68) through interface eth1. This route belongs
to the 192.1.1.0/24 network, its metric value is 2 and its nexthop is 10.10.10.68. It will remain in the RIP
routing table for 2 minutes 47 seconds.
O
193.1.1.0/24
20.10.10.50
2
20.10.10.50
eth2
03:06
This line denotes an OSPF route learnt from a neighbor (20.10.10.50) through interface eth2. This route
belongs to the 193.1.1.0/24 network, its metric value is 2 and nexthop is 20.10.10.50. It will remain for 3
minutes and 6 seconds in the RIP routing table.
S
196.6.6.0/24
1
eth1
This line denotes a static route connected through interface eth1. It has a metric value of 1 to reach the network
prefix.
20
CHAPTER 6
Troubleshooting LDP
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform Label Distribution Protocol Command Line Interface Reference Guide for details
on commands used in this chapter.
LDP Session is not UP
Selection of the Transport
Address
Make sure that the transport address is selected correctly by the system. The
transport address is the IP address that the LDP router advertises in its Hello
message so that other routers can communicate using this IP address while setting
up a TCP connection for the LDP session.
F5 Networks recommends that the loopback address be used as a transport address
so that link loss on any one interface does not cause the LDP session to go down.
Use show ldp to verify the status of the transport address. The following is a section
from the output of the show ldp command:
Router# show ldp
Router ID
LDP Version
Global Merge Capability
Label Advertisement Mode
Label Retention Mode
...
Targeted Hello Receipt
Transport Address data
Labelspace 0
Import BGP routes
:
:
:
:
:
192.168.0.42
1
N/A
Downstream Unsolicited
Liberal
: Disabled
:
: 192.168.0.42 (in use)
: No
In this show output, the transport address data indicates that 192.168.0.42 is the
transport address and is using 0 labelspace.
When loopback address is configured, it is automatically selected as transport
address. If no loopback address is available, the LDP process selects the first
available physical interface IP address.
21
Troubleshooting LDP
Reachability to transport
address
When the transport address is verified to be correct on the peering systems, make
sure that the transport address of the remote peer is reachable from both the routers.
To verify that the remote transport address is reachable, ping the remote transport
address. Use show ip route and check if there is a route to the neighbor’s
transport address.
Sample Output
....
S
O
C
O
C
...
23.23.23.0/24 [1/0] is directly connected, eth0
48.48.48.48/32 [110/30] via 172.168.27.82, eth1, 15:44:20
81.81.81.81/32 is directly connected, lo
82.82.82.82/32 [110/20] via 172.168.27.82, eth1, 17:45:31
127.0.0.0/8 is directly connected, lo
In the output above, 82.82.82.82/32 is the neighbor’s transport address and can
be reached via 172.168.27.82.
If there is no route to the neighbor’s transport address:
Add a static route to the neighbor’s transport address.
Or
Use an IGP (OSPF) to reach the neighbor’s transport address.
Verify the status of LDP
Use the show ldp interface command to verify the status of LDP.
QA16# show ldp interface
Interface
LDP Identifier
lo
10.30.0.16:0
eth0
10.30.0.16:0
eth1
10.30.0.16:0
eth2
10.30.0.16:0
Label-switching
Disabled
Disabled
Enabled
Enabled
Merge Capability
N/A
N/A
Merge capable
Merge capable
If the label-switching is disabled on an interface, use the show run command to
ensure that LDP and label-switching are enabled on that interface. The configuration
should show as follows:
!
interface eth1
label-switching
ip address 172.168.27.81/24
enable-ldp
!
Targeted peers
Use the show run command to ensure that targeted peer hello receipt is enabled.
If not, then run the targeted-peer-hello-receipt command to configure the
LSR to respond to requests for targeted hello messages.
22
CHAPTER 7
Troubleshooting VRRP
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform Virtual Router Redundancy Protocol Command Line Interface Reference Guide
for details on commands used in this chapter. The following topology is used for illustration purposes.
Figure 1: VRRP Topology
23
Troubleshooting VRRP
Incorrect VRRP States
Interface running
Make sure the interfaces are up and running by using the show interface
command. In the following sample output interface eth1 is:
ZebOS# show interface eth1
Interface eth1
Hardware is Ethernet, address is 0002.b3d4.436f
index 3 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST>
...
input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 0..
If the interface is down:
Use no shutdown command, in the interface mode, to bring up the interface.
Or
Use the ifconfig <IFNAME> up command to bring up the interface.
Reachability of routers
Make sure that both VRRP routers can reach each other by pinging.
ZebOS# ping 10.10.11.2
PING 10.10.11.2 (10.10.11.2) 56(84) bytes of data.
64 bytes from 10.10.11.2: icmp_seq=1 ttl=255 time=0.202 ms
64 bytes from 10.10.11.2: icmp_seq=2 ttl=255 time=0.201 ms
If both routers cannot reach each other, check the network connections for the default
Master and default Backup routers.
Advertisement Intervals on
both routers
Check the advertisement interval on Master and Backup routers. The advertisement
interval must be the same on both.
The default advertisement interval = 1.
Use the advertisement-interval command, in Router mode, to configure the
advertisement interval.
24
CHAPTER 8
Troubleshooting PIM-SM
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform PIM-SM Command Line Interface Reference Guide for details on commands
used in this chapter.
No PIM adjacency
Interface Status
Use the show run command to make sure that the interface is not administratively
shutdown. If shutdown is configured, remove this configuration with the no
shutdown command.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
PIM Enabled on the Interface
Make sure that PIM-SM is enabled on the interface by using the show ip pim
sparse-mode interface command.
Adjacency between ZebOS
and CISCO
If you are trying to establish adjacency between ZebOS and CISCO and are not
successful, use the ip pim exclude-genid command on the interface.
Some old CISCO IOS do not recognize the GenID option in the PIM-SM Hello packet
and discard the packet.
No BSR and RP information
Unicast Routing Configuration
Check your Unicast routing configuration to make sure that you can reach BSR and
RP. Use the show ip route command to display the unicast routing table.
RP not advertised in the BSR
CISCO BSR and ZebOS RP
This happens when CISCO is a BSR and ZebOS is the candidate RP. In this case,
you must configure the following command, in the Configure mode, on ZebOS
candidate RP router.
ip pim crp-cisco-prefix
25
Troubleshooting PIM-SM
Troubleshooting Example
In this example, PIM-SM is running on all routers, ZebOS and the Check Point FireWall are running on R3. NAT is
configured to translate Source address of the packets coming from eth1 to eth2 interface address. The multicast
Source address is 192.168.2.2. R2 is the RP and has a Receiver attached to it.
Problem
The Source router sends multicast data packets to R3. R3 acts as the Designated Router (DR) of the Source and
sends unicast Register packets to the RP. At the Receiver end, double multicast traffic is coming out. For each
multicast packet sent by Source, the Receiver is receiving two copies of the packet instead of one.
Figure 2: PIM-SIM Topology
Recommended Action
1. Using your packet sniffer, observe the packets sent out by R3. Notice that both native multicast traffic and Register
packets come out from eth2 and the Register packet encapsulates the multicast packet.
2. Check the ZebOS multicast routing table by running the show ip pim sparse-mode mroute command on
ZebOS:
ZebOS# show ip pim sparse-mode mroute
IP Multicast Routing Table
(*,*,RP) Entries: 0
(*,G) Entries: 0
(S,G) Entries: 1
(S,G,rpt) Entries: 1
(192.168.1.1, 224.0.1.3)
RPF nbr: 0.0.0.0
RPF idx: None
SPT bit: 1
Upstream State: JOINED
Local
.l..............................
Joined
..j.............................
Asserted ................................
26
Troubleshooting PIM-SM
Outgoing
.oo.............................
(192.168.1.1, 224.0.1.3, rpt)
RP: 0.0.0.0
RPF nbr: 192.168.2.35
RPF idx: eth2
Upstream State: RPT NOT JOINED
Pruned
................................
Outgoing ................................
3. In this output, the SPT bit for the (S,G) state is set to 1, indicating that the source tree is formed on R3 and is
already delivering multicast traffic over the source tree. However, Register VIF is still on outgoing list. This indicates
that ZebOS is not receiving Register-Stop from RP. This is confirmed by observing packets coming in on R3 eth2.
It also explains what we observed in step 1, both native multicast traffic and encapsulated Register packets come
out from eth2.
4. Using your packet sniffer, observe the packet on R3 eth2 further. All multicast packets coming out from eth2
have the same source IP address 192.168.2.2, except the Register packet, which has an IP address
192.168.1.2.
5. Run the show ip route command on R2 (RP). There is no route to reach 192.168.1.2. Because RP does not
have a route to source, it failed to send the Register-stop message.
6. According to the protocol specification, the Source address of the Register packet is the DR address of the source,
which is the IP address of the interface toward the source (in this case, 192.168.1.2).
Typically, the firewall does not NAT locally generated packets. When the Register packet is sent out from eth2 on
R3, the Source address (in this case, eth1) is not NATed by the fireWall.
A solution for this is to change the IP source address of the Register packet. Use the ip pim register-source
command to configure the source address of Register packet:
ZebOS# configure terminal
ZebOS(config)# ip pim register-source 192.168.2.2
After changing the source address, ZebOS sends Register packets with source address as 192.168.2.2 and
receives Register-Stop packet from the RP. ZebOS stops encapsulating multicast data packet in the Register
packet. The receiver now receives only one copy for each multicast data packet.
Note:
When running ZebOS PIM-SM with checkpoint NAT, the Register source address must be a reachable address
(visible to the external network) to be used by the RP to send corresponding Register-Stop messages in
response. You might use the ip pim register-source command to change the Register packet source
address.
Show Commands
show ip pim sparse-mode mroute
This command displays multicast routing entries.
This is a very useful PIM-SM command and should be used whenever there is a multicast routing problem.
Show Output
ZebOS# show ip pim sparse-mode mroute
IP Multicast Routing Table
27
Troubleshooting PIM-SM
(*,*,RP) Entries: 0
(*,G) Entries: 1
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 1
(*, 224.0.1.3)
RP: 10.10.5.4
RPF nbr: 192.168.1.22
RPF idx: eth1
Upstream State: JOINED
Local
................................
Joined
..j.............................
Asserted ................................
FCR:
Source: 10.10.1.100
Outgoing ..o.............................
KAT timer running, 208 seconds remaining
Packet count 1, Byte count 0
(10.10.1.52, 224.0.1.3)
RPF nbr: 192.168.1.22
RPF idx: eth1
SPT bit: 1
Upstream State: JOINED
Local
................................
Joined
..j.............................
Asserted ................................
Outgoing ..o.............................
(10.10.1.52, 224.0.1.3, rpt)
RP: 10.10.5.4
RPF nbr: 192.168.1.22
RPF idx: eth1
Upstream State: NOT PRUNED
Pruned
................................
Outgoing ..o.............................
Description
(*,*,RP) Entries: 0
(*,G) Entries: 1
(S,G) Entries: 1
(S,G,rpt) Entries: 1
FCR Entries: 1
These entries display statistical information for the multicast group entries.
(*,
RP:
RPF
RPF
28
224.0.1.3)
10.10.5.4
nbr: 192.168.1.22
idx: eth1
Troubleshooting PIM-SM
Upstream State: JOINED
Local
................................
Joined
..j.............................
Asserted ................................
This is a (*,G) state entry that maintains the RP tree for group G. In this output the group G address is 224.0.1.3.
10.10.5.4 is the Rendezvous Point (RP).
192.168.1.22 is the Reverse Path Forwarding (RPF) neighbor or the upstream neighbor toward RP.
The RPF index is the upstream interface (eth1) used to reach the RPF neighbor.
The Upstream state is joined. A joined upstream indicates that the router has already joined the RP tree for this (*,
G) state.
Local indicates a local member Join. In this output there is no local member.
Joined indicates a downstream router Join. In this output, a downstream router has joined the RP tree.
Asserted indicates Asserts on the interface, which could be either a Winner or a Loser.
The dots (.) indicate the VIF index in an ascending order starting from left to right from 0-31. To display the VIF
index of an interface, use the show ip pim interface command.
FCR:
Source: 10.10.1.100
Outgoing ..o.............................
KAT timer running, 208 seconds remaining
Packet count 1, Byte count 0
This entry indicates that multicast traffic is received from source 10.10.1.100 on the RP tree.
Outgoing indicates the outgoing interface for this state.
The Keep Alive Timer (KAT) is running and there are 208 seconds remaining.
The packet count indicate the number of packets forwarded on the RP tree for the source 10.10.1.100.
(10.10.1.52, 224.0.1.3)
RPF nbr: 192.168.1.22
RPF idx: eth1
SPT bit: 1
Upstream State: JOINED
Local
................................
Joined
..j.............................
Asserted ................................
Outgoing ..o.............................
This is a (S,G) state entry that maintains a source-specific tree for source S and group G. In this output the source
is 10.10.1.52 and the group is 224.0.1.3.
SPT bit 1 indicates that forwarding is taking place on the (S,G) Shortest Path Tree.
The other fields have already been described above.
(10.10.1.52, 224.0.1.3, rpt)
RP: 10.10.5.4
RPF nbr: 192.168.1.22
RPF idx: eth1
Upstream State: NOT PRUNED
Pruned
................................
Outgoing ..o.............................
29
Troubleshooting PIM-SM
This is a (S,G,rpt) entry. It indicates the source-specific multicast information on the RP tree for group G. For
example, if multicast traffic is being received on the source-specific tree, it is normally pruned off the RP tree. In
this output, 10.10.1.52 is the source and 224.0.1.3 is the group.
The Upstream State “Not Pruned” indicates that the router does not prune itself for source 10.10.1.52 from RP tree.
Pruned displays an interface that is pruned from the RP tree. This output shows that there are no interfaces
pruned from the RP tree.
Outgoing indicates interfaces on the RP tree. This output shows one interface on the RP tree for the source
10.10.1.52.
show ip pim sparse-mode interface
Use this command to display interface information for a PIM-SM enabled interface.
Show Output
ZebOS#show ip pim sparse-mode interface
Address
Interface
10.10.3.39
30
eth1
VIFindex
0
Ver/
Mode
Nbr
Count
DR
Prior
v2/S
1
1
Fields
Description
Address
The IP address of the interface is 10.10.3.39
Interface
Name of the interface is eth1.
VIF index
Virtual Interface (VIF) index.
Ver
The PIM-SM version 2.
Mode
The PIM-SM Sparse mode.
Nbr Count
The number of neighbors. Here it is 1.
DR Prior
The priority of the Designated Router. Here it is 1.
DR
The IP address of the Designated Router 10.10.3.39.
DR
10.10.3.39
CHAPTER 9
Troubleshooting BGP4+
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform Border Gateway Protocol Command Line Interface Reference Guide for details
on commands used in this chapter.
No BGP Adjacency
Interface status
Use the show ipv6 interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration setting with the no
shutdown command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
Neighbor configuration
Make sure that the configuration is correct. To establish BGP, configure a TCP session
with another router using the neighbor remote-as command. Refer to the ZebOS
BGP Command Reference for details on this command.
When using iBGP:
•
Make sure the two routers know how to reach each other’s loopback address, if
you have established iBGP using loopback interface. Typically, you have IGP (say
OSPF) running between the two routers. In this case, enable OSPF on the
loopback interface or redistribute the loopback address into OSPF.
•
Ping to each other’s loopback address to ensure mutual reachability.
When using eBGP:
•
Make sure you have configured the multihop number for an eBGP neighbor that is
not directly connected.
•
Use the neighbor ebgp-multihop command to specify the maximum hop
count to reach the neighbor.
Connectivity
Make sure you can ping to the neighbor using the ping A.B.C.D command.
Firewall
Verify if a firewall is present. If there is a firewall, it might be configured to block TCP
packets. Verify the existing firewall configurations (in Linux) by using:
ipchains -L
Flush the existing firewall configurations by using:
ipchains -F
31
Troubleshooting BGP4+
Useful Show Commands
show bgp ipv6
This command displays the current state of the BGP routing table.
When to use this command
Use this command to check whether the specific route has been installed into the BGP routing table or not.
Use this command to view information about:
•
Routes installed in the BGP routing table.
•
Various attributes of the route, such as nexthop, metric and AS path.
Sample Output
BGP table version is 0, local router ID is 10.100.0.77
Status codes: s suppressed, d damped, h history, * valid, > best, i Origin codes: i - IGP, e - EGP, ? - incomplete
Network
Metric LocPrf Weight
*> 2001:58::/32
0
fe80::202:b3ff:fec8:9fdb
*> 2002:58::/32
0
fe80::202:b3ff:fec8:9fdb
*>i2003:58::/32
100
0
fe80::208:a1ff:fe16:797d
internal S stale,
Path
20 ?
20 i
i
LIne by line Description
This routing table shows routes learned from both iBGP and eBGP.
Status codes: s suppressed, d damped, h history, p stale, * valid, > best, i - internal
This section of output displays the possible status codes displayed as the first character of the route entry.
32
Status Code
Description
Comments
s
suppressed
Indicates that the route is suppressed and will no be advertised to neighbors.
d
damped
When the penalty of a flapping route exceeds the suppress limit, the route is
damped and remains in a WITHDRAWN state until its penalty decreases
below the reuse limit.
h
history
When the penalty of a flapping route does not exceed the suppress limit, the
route is not damped and BGP maintains a history of the flapping route.
S
stale
When the BGP neighbor, from which a route is learned, is experiencing
graceful restart, the route is retained in the BGP routing table and labeled by
symbol p.
*
valid
Indicates that the route is a valid route. When a route is not suppressed,
damped or present in the history, it is a valid route.
Troubleshooting BGP4+
>
best
The selected route to be installed in the kernel routing table.
i
internal
Indicates that the prefix is learned from an iBGP peer.
Origin codes: i - IGP, e - EGP, ? - incomplete
Origin codes are at the end of each line in the routing table and provide information about where the route has
originated from.
Origin Code
Description
Comments
i
IGP
Origin of the route is an Interior Gateway Protocol.
e
EGP
Origin of the route is an Exterior Gateway Protocol.
?
incomplete
Origin not known. Typically, redistributed routes from IGP.
*> 2002:58::/32
fe80::202:b3ff:fec8:9fdb
• This route entry shows that this route is learned from eBGP.
0 20 i
•
The origin code i indicates that the prefix is added by the network statement at originating AS.
•
The path attribute 20 indicates that the prefix advertisement originated from AS20.
•
The administrative weight parameter applies only to routes within an individual router.
•
Since this route was learned from a peer, it has a default weight of 0. All routes generated by the local router
have a weight of 32,768.
*> 2001:58::/32
fe80::202:b3ff:fec8:9fdb
0 20 ?
This route entry shows that the prefix is learnt from eBGP.The origin code i indicates that the prefix is added by
network statement at originating AS.The path attribute 20 indicates that the route advertisement originated from
AS20.The administrative weight parameter applies only to routes within an individual router. Since this route was
learned from a peer, it has a default weight of 0. All routes generated by the local router have a weight of
32,768.The origin code ? indicates that the route is learnt through redistribution.
*>i2003:58::/32
fe80::208:a1ff:fe16:797d
100
0 i
The status code i in this route entry indicates that the route is learnt through iBGP. The Local Preference attribute
of the route, which is used only with the local AS, is set to 100 (the default value).
show bgp ipv6 summary
This command displays the state summary of BGP neighbor connections.
When to use this command
Use this command to check the state of BGP neighbor connections and to view information about:
•
Current state of BGP neighbor connections
•
Number of prefixes received from specific neighbor after BGP connection was established
Sample Output
BGP router identifier 10.10.10.77, local AS number 10
0 BGP AS-PATH entries
0 BGP community entries
Neighbor
V
AS
MsgRcvd
MsgSent
TblVer
fe80::202:b3ff:fec8:9fdb
InQ OutQ Up/Down
State/PfxRcd
33
Troubleshooting BGP4+
4
20
fe80::208:a1ff:fe16:797d
4
10
Total number of neighbors 2
24
24
0
0
0 00:20:34
2
19
22
0
0
0 00:17:13
1
Description
34
•
This output shows that currently there are two BGP neighbors available with the link-local IPv6 address
fe80::202:b3ff:fec8:9fdb and fe80::208:a1ff:fe16:797d respectively.
•
The version of BGP used by these neighbors is BGP4 and AS numbers are 20 and 10. 24 and 19 messages
are received from these two neighbors and 24 or 22 messages are sent to them.
•
The current BGP routing table version (TblVer) is 0, with any change in the table the version will increase.
•
The input queue (InQ) indicates the number of received messages waiting in the input queue for further
processing and output queue (OutQ) indicates the number of messages waiting in the output queue to be sent.
•
The connection with the first neighbor is up for 20 minutes and 34 seconds and the connection with the second
neighbor is up for 17 minutes and 13 seconds.
•
Two prefixes are received from the first neighbor and one from the second.
CHAPTER 10
Troubleshooting OSPFv3
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. If the issue remains unresolved,
please contact F5 Networks.
Refer to the ZebOS Network Platform Open Shortest Path First Command Line Interface Reference Guide for details
on the commands used in this chapter.
No OSPF Adjacency
Interface Status
Use the show ipv6 interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration setting with the no
shutdown command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
OSPF Enabled on the
Interface
Make sure that OSPF is enabled on the interface. To enable OSPF on a particular
interface, use the ipv6 router ospf area command with a specified Area ID.
Use the show ipv6 ospf interface to confirm that OSPF is enabled for the
interface.
ZebOS# show ipv6 ospf interface
eth0 is up, line protocol is up
Interface ID 3, Instance ID 0, Area 0.0.0.0
IPv6 Link-Local Address fe80::248:54ff:fec0:f32d/10
Router ID 1.2.3.4, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State Backup, Priority 1
Designated Router (ID) 5.6.7.8
Interface Address fe80::203:47ff:fe4c:776e
Backup Designated Router (ID) 1.2.3.4
Interface Address fe80::248:54ff:fec0:f32d
Timer interval configured, Hello 10, Dead 40, Wait 40,
Retransmit 5
Hello due in 00:00:01
Neighbor Count is 1, Adjacent neighbor count is 1
lo is up, line protocol is up
OSPFv3 not enabled on this interface
sit0 is down, line protocol is down
OSPFv3 not enabled on this interface
35
Troubleshooting OSPFv3
Passive Interface
Ensure that interface is not configured as a passive interface using show run:
!
router ipv6 ospf
passive interface eth0
!
If the interface is configured as passive (as shown above), remove this configuration
setting by using this command:
no passive interface eth0
Exchange of Hello Packets
Check on the interface to make sure that OSPF Hello packets are being sent and
received on the interface. You can use either packet sniffer (such as, Ethereal or TCP
dump) or ZebOS log messages to verify the Hello packets.
To turn on ZebOS logging, type:
ZebOS# configure terminal
ZebOS(config)# debug ipv6 ospf event
ZebOS(config)# debug ipv6 ospf packet hello
To display the logging message on the terminal, type:
ZebOS# terminal monitor
Mismatch between Hello
Parameters
It is possible that there is a mismatch between Hello parameters. Make sure that you
have specified the same hello interval and dead interval values on both
machines by using the show ipv6 ospf interface command.
Mismatch between MTU sizes
Run the show ipv6 ospf neighbor command; if you see the neighbor but the
state is not full, make sure that both routers have the same MTU size for the interfaces.
Firewall
Verify if a firewall is present. If there is a firewall, it blocks the UDP packet. You must
remove the firewall if you have one. To display the existing firewall configurations, in
Linux, use:
ipchains -L
Flush the existing firewall configurations by using:
ipchains -F
show ipv6 ospf database link (adv-router)
This command displays the information about the Link LSAs (Link State Advertisements).
When to use this command
Use this command to view information about the:
•
Link Local address of a router
•
IPv6 prefixes associated with the link of the router
Sample Output
ZebOS# show ipv6 ospf database link adv-router 10.70.0.58
OSPFv3 Router with ID (10.70.0.58) (Process 100)
Link-LSA (Interface eth1)
LS age: 492
36
Troubleshooting OSPFv3
LS Type: Link-LSA
Link State ID: 0.0.0.3
Advertising Router: 10.70.0.58
LS Seq Number: 0x80000001
Checksum: 0xC2D6
Length: 68
Priority: 1
Options: 0x000013 (-|R|-|-|E|V6)
Link-Local Address: fe80::204:75ff:feaa:fedb
Number of Prefixes: 2
Prefix: 5f00:1:2:10::/64
Prefix Options: 0 (-|-|-|-)
Line by line description
OSPFv3 Router with ID (10.70.0.58) (Process 100)
The router ID and OSPFv3 process tag of the local router.
Link-LSA (Interface eth1)
Interface name (eth1) of the router associated with this Link-LSA.
Ls age: 492
The length of time in seconds since the LSA was originated.
LS Type: Link-LSA
The type of LSA (in this case Link LSA)
Link State ID: 0.0.0.3
Interface ID of the originating router.
Advertising router: 10.70.0.58
The router ID of a router advertising this link LSA.
LS Seq Number: 0x80000001
Successive instance of an LSA.
Checksum:0xC2D6
LSA header checksum (excluding the LS age field).
Length: 68
The length in bytes of the LSA (including 20 byte header).
Priority: 1
The router priority of the interface attaching the originating router of the link.
Options: 0x000013 (-|R|-|-|E|V6)
The set of option bits that the router would like set in the Network-LSA that will be originated for the link. Options
field is 24 bit field.
R-bit indicates whether the router is an active router.If this bit is cleared, routes which transit the advertising node
cannot be computed.
E-bit indicates that AS-External-LSAs are flooded.
V6-bit indicates that router/link should be included in routing calculations.
Link-Local Address: fe80::204:75ff:feaa:fedb
37
Troubleshooting OSPFv3
The originating router's (here 10.70.0.58) Link -Local interface address (fe80::204:75ff:feaa:fedb).
Number of Prefixes: 2
The number of ipv6 prefixes contained in this LSA. There are two ipv6 prefixes advertised in this link LSA
(5f00:1:2:10::/64 and 6f00:1:2:10::/64)
Prefix: 5f00:1:2:10::/64
The global ipv6 prefix (5f00:1:2:10::/64) associated with this link.
Prefix Options: 0 (-|-|-|-)
Each prefix is advertised along with an 8-bit capabilities field.They serve as input to the various routing calculations
allowing, for example, certain prefixes to be ignored in some cases or to be marked as not re-advertisable in
others.
show ipv6 ospf database intra-prefix (adv-router)
This command displays the information about Intra-Area-Prefix-LSA.
When to use this command
Use this command to list information about a ipv6 prefixes associated with the router itself, transit network or attached
stub network segment.
Note:
The above information for OSPFv2 can be viewed with Router LSA and Network LSA. However, for ipv6 all
addressing information has been removed from router-LSA and network-LSAs, leading to the introduction of
Intra-Area-Prefix-LSA. On Transit network Intra-Area-Prefix-LSA serves the same purpose as Network LSA
and on point-to-point or point-to-multipoint network serves the same purpose as router LSA)
Sample output
ZebOS# show ipv6 ospf database intra-prefix adv-router 10.70.0.58
OSPFv3 Router with ID (10.70.0.58) (Process 100)
Intra-Area-Prefix-LSA (Area 0.0.0.0)
LS age: 1435
LS Type: Intra-Area-Prefix-LSA
Link State ID: 0.0.0.2
Advertising Router: 10.70.0.58
LS Seq Number: 0x80000001
Checksum: 0x1B4E
Length: 56
Number of Prefixes: 2
Referenced LS Type: 0x2002
Referenced Link State ID: 0.0.0.3
Referenced Advertising Router: 10.70.0.58
Prefix: 5f00:1:2:10::/64
Prefix Options: 0 (-|-|-|-)
Metric: 0
Prefix: 6f00:1:2:10::/64
Prefix Options: 0 (-|-|-|-)
Metric: 0
Line by Line Description
OSPFv3 Router with ID (10.70.0.58) (Process 100)
The router ID and OSPFv3 process tag for the router on which this command was used.
38
Troubleshooting OSPFv3
Intra-Area-Prefix-LSA (Area 0.0.0.0)
Intra-Area-Prefix-LSA has area flooding scope. This LSA belongs to Area 0.0.0.0.
LS age: 1435
The time in seconds since the LSA was originated.
LS Type: Intra-Area-Prefix-LSA
The type of LSA (here Intra-Area-Prefix-LSA).
Link State ID: 0.0.0.2
Link State ID in Intra-Area-LSA. This ID is an identity for multiple Intra-Area-Prefix-LSAs originated by the same
router.
Advertising router:10.70.0.58
The Router ID of the router advertising this link LSA. On a Transit network it is always the Designated Router’s ID.
LS Seq Number”0x80000001
Successive instance of an LSA.
Checksum:0x1B4E
LSA header checksum (excluding the LS age field).
Length: 56
The length of the LSA in bytes (includes the 20 byte header).
Number of Prefixes: 2
The number of ipv6 prefixes contained in this LSA. There are two ipv6 prefixes advertised in this link LSA
(5f00:1:2:10::/64 and 6f00:1:2:10::/64).
Referenced LS Type: 0x2002
Identifies the Router-LSA or Network-LSA with which the ipv6 prefixes are associated. When the Referenced LS
Type is 0x2001 the prefixes are associated with Router-LSA and when the Referenced LS Type is 0x2002 the
prefixes are associated with Network-LSA.
Referenced Link State ID: 0.0.0.3
When the Referenced LS Type is 0x2001, this field is 0 and when the Referenced LS Type is 0x2002, this field
is the Interface ID of the link's DR (Designated Router).
Referenced Advertising Router: 10.70.0.58
When the Referenced LS Type is 0x2001, this field is the ID of the originating Router and when the Referenced
LS Type is 0x2002 this field is the ID of the Designated Router (DR).
Prefix: 5f00:1:2:10::/64
The global ipv6 prefix (5f00:1:2:10::/64) associated with the router (when the Referenced LS Type is 0x2001)
or transit link (when the Referenced LS Type is 0x2002).
Prefix Options: 0 (-|-|-|-)
Each prefix is advertised along with an 8-bit capabilities field.These prefixes options provide information for
different routing calculations, for example, some prefixes are marked to be ignored or marked not to be readvertised.
Metric: 0
The cost of this prefix.
39
Troubleshooting OSPFv3
40
CHAPTER 11
Troubleshooting RIPng
In this chapter the topics are arranged sequentially. Depending on the event and time when the problem occurred,
select the relevant section and follow steps sequentially. If the issue is not resolved, refer to the Miscellaneous Issues
chapter in this document and the FAQs available at the Customer Support Web site. Please contact F5 Networks if the
issue remains unresolved.
Refer to the ZebOS Network Platform Routing Information Protocol Command Line Interface Reference Guide for
details on commands used in this chapter.
No RIPng Adjacency
Interface Status
Use the show ipv6 interface brief command to make sure that the interface is
not administratively shutdown. Remove this configuration by no shutdown
command, if shutdown is configured.
ZebOS# configure terminal
ZebOS(config)# interface eth0
ZebOS(config-if)# no shutdown
Use the show interface command to make sure that the interface is up.
RIPng enabled on Interface
Make sure that RIPng is enabled on the interface. To enable RIPng on a particular
interface, use the ipv6 router rip command. Use the show ipv6 rip
interface to confirm that RIP is enabled for the interface.
Sample Output
ZebOS# show ipv6 rip interface eth1
eth1 is up, line protocol is up
Routing Protocol: RIPng
Passive interface: Disabled
Split horizon: Enabled with Poisoned Reversed
IPv6 interface address:
3ffe:1::10/64
fe80::204:76ff:fec8:28cc/10
Passive Interface
Make sure that interface is not configured as a passive interface using the show run
command:
!
router ipv6 rip
passive interface eth0
!
If the interface is configured as passive (as shown above), remove this configuration
setting by using this command:
no passive interface eth0
41
Troubleshooting RIPng
Exchange of RIPng
Advertisements
Check on the interface to make sure that RIPng advertisements are being sent and
received on the interface. You can use either a packet sniffer (such as, Ethereal or
TCP dump) or the ZebOS log messages to verify the RIPng advertisements.
To turn on ZebOS logging, type:
ZebOS# configure terminal
ZebOS(config)# debug ipv6 rip event
ZebOS(config)# debug ipv6 rip packet detail
To display the logging message on the terminal, type:
ZebOS# terminal monitor
Firewall
Verify if a firewall is present. If there is a firewall, it blocks the UDP packet. You must
remove the firewall if you have one. To display the existing firewall configurations, in
Linux, use:
ipchains -L
Flush the existing firewall configurations by using:
ipchains -F
42
CHAPTER 12
Route Selection in NSM
Understanding the NSM route selection process helps in analyzing and troubleshooting route-related problems. This
chapter describes the route selection process in NSM. It also describes relevant show commands and their outputs.
For every known prefix, NSM maintains a route node entry in its route table. NSM populates this table upon receiving
routes from clients (BGP, OSPF, RIP), from static routes configured using CLI, from the kernel's Forwarding Information
Base (FIB) or connected routes derived from interface information.
When multiple routes are available for the same prefix, NSM uses an internal route selection mechanism to select
routes to be added to the FIB. The primary factor for route selection is the “Administrative Distance” of the protocol.
The following table lists the default administrative distances of protocols.
Administrative
Distance
Preference
Connected
-
1 (highest)
Kernel
-
2
Static
1
3
eBGP
20
4
OSPF
110
5
ISIS
115
6
RIP
120
7
iBGP
200
8 (lowest)
Protocols
How NSM Adds Routes
NSM prefers routes learned from protocols with a lower administrative distance over routes learned from protocols with
a higher administrative distance.
For example, the following route entries display that the Static Routes (administrative distance 1) is preferred over the
OSPF Route (administrative distance 110):
S *> 10.10.34.0/24 [1/0] via 10.10.31.16, eth2
O
10.10.34.0/24 [110/31] via 10.10.31.16, eth2, 00:21:19
Note:
The administrative distance of routing protocols can be configured using the distance command.
Figure 3 on page 44 displays a flowchart on how a route is selected in NSM.
43
Route Selection in NSM
Figure 3: How NSM Adds a Route
Routing protocols use different metrics to calculate the best path for a destination. The best path is sent to NSM.
However, when two paths have an equal cost/metric and Equal Cost Multipath (ECMP) is enabled on a system, NSM
might receive two paths from the same protocol.
44
Route Selection in NSM
How NSM Deletes Routes
When NSM receives a route delete request from a routing protocol, NSM deletes the specified route from its database.
Then it checks if the specified route is in the FIB. If the route is in the FIB, NSM deletes it from the FIB and checks if
another route is available in its database for the same prefix. If there is another route in the database, NSM installs this
route in the FIB. When multiple such routes exist, NSM runs the route selection mechanism to choose the best route to
be added to the FIB.
Figure 4: How NSM Deletes a Route
45
Route Selection in NSM
Show Commands
The show ip route and the show ip route database commands are important tools for troubleshooting. Use
these commands in conjunction to get complete information about routes received and selected by NSM. Use the show
ip route database command to list all the routes received by NSM and use the show ip route command to list
only routes that are selected by NSM and installed in the FIB.
show ip route
The show ip route command displays the contents of the IP routing table maintained by NSM. Routes displayed in
this table are also added to the kernel routing table.
When to use this command
Use this command to view only the routing entries selected by NSM.
Sample Output
ZebOS# show ip route
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
* - candidate default
Gateway of last resort is 10.30.0.11 to network 0.0.0.0
K*
O
K
C
S
O
C
S
O E2
S
O
C
O
C
0.0.0.0/0 via 10.30.0.11, eth0
9.9.9.9/32 [110/31] via 10.10.31.16, eth2, 00:18:56
10.10.0.0/24 via 10.30.0.11, eth0
10.10.31.0/24 is directly connected, eth2
10.10.34.0/24 [1/0] via 10.10.31.16, eth2
10.10.37.0/24 [110/11] via 10.10.31.16, eth2, 00:20:54
10.30.0.0/24 is directly connected, eth0
11.22.11.0/24 [1/0] via 10.10.31.16, eth2
14.5.1.0/24 [110/20] via 10.10.31.16, eth2, 00:18:56
16.16.16.16/32 [1/0] via 10.10.31.16, eth2
17.17.17.17/32 [110/31] via 10.10.31.16, eth2, 00:20:54
45.45.45.45/32 is directly connected, lo
55.55.55.55/32 [110/21] via 10.10.31.16, eth2, 00:20:54
127.0.0.0/8 is directly connected, lo
Line by line description
Each entry in this table has a code preceding it, indicating the source of the routing entry. For example, O indicates
OSPF as the origin of the route and K indicates that the route has been learned from the Kernel (most operating
systems add some implicitly learnt routes when the device is started up). The first few lines of the output list the
possible codes that may be seen with the route entries. Typically, route entries are composed of the following elements:
46
•
Code
•
network/ host ip address
•
outgoing interface name
•
administrative distance and metric
Route Selection in NSM
•
nexthop ip address
•
time since route entry was added
•
a second Label indicating the sub type of the route.
To avoid repetition, only selected route entries comprised of different elements are described here:
O
10.10.37.0/24 [110/11] via 10.10.31.16, eth2, 00:20:54
This route entry denotes:
•
This route in the network 10.10.37.0/24 was added by OSPF.
•
This route has an administrative distance of 110 and metric/cost of 11.
•
This route is reachable via nexthop 10.10.31.16.
•
The outgoing local interface for this route is eth2.
•
This route was added 20 minutes and 54 seconds ago.
10.10.31.0/24 is directly connected, eth2
C
This route entry denotes:
•
Route entries for network 10.10.31.0/24 are derived from the IP address of local interface eth2.
•
These routes are marked as Connected routes (C) and always preferred over routes for the same network
learned from other routing protocols.
•
Routes for connected networks always exist in the kernel routing table but as an exception are not marked as
kernel routes because NSM always calculates entries for these routes upon learning interface information from
the kernel.
10.10.0.0/24 via 10.30.0.11, eth0
K
This route entry denotes:
•
This route in the network 10.10.0.0/24 was learned from the kernel routing table (route was statically added
using kernel commands).
•
This route is reachable via nexthop 10.30.0.11.
•
The outgoing local interface for this route is eth0.
Note:
O E2
The static routes added using kernel commands and static routes added using NSM commands are
different. The kernel static routes are not redistributed when the redistribute static command is
used in a protocol. However, the kernel static routes can be redistributed using the redistribute
kernel command.
14.5.1.0/24 [110/20] via 10.10.31.16, eth2, 00:18:56
This route entry denotes:
•
K*
This route is the same as the other OSPF route explained above; the only difference is that it is a Type 2
External OSPF route.
0.0.0.0/0 via 10.30.0.11, eth0
This route entry denotes:
•
This is a default route and was learned from the kernel (route was statically added using kernel commands).
•
This route is reachable via nexthop 10.30.0.11.
•
The local interface for this route is eth0.
47
Route Selection in NSM
show ip route database
The show ip route database command displays all routing entries known by NSM. When multiple entries are
available for the same prefix, NSM uses an internal route selection mechanism based on protocol administrative
distance and metric values to choose the best route. All best routes are entered into the FIB and can be viewed using
the show ip route command.
When to use this command
Use this command to view all the routing entries known by NSM.
Sample Output
ZebOS# show ip route database
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter
area
> - selected route, * - FIB route, p - stale info
K
*> 0.0.0.0/0 via 10.30.0.11, eth0
O
*> 9.9.9.9/32 [110/31] via 10.10.31.16, eth2, 00:19:21
K
*> 10.10.0.0/24 via 10.30.0.11, eth0
O
10.10.31.0/24 [110/1] is directly connected, eth2, 00:28:20
C
*> 10.10.31.0/24 is directly connected, eth2
S
*> 10.10.34.0/24 [1/0] via 10.10.31.16, eth2
O
10.10.34.0/24 [110/31] via 10.10.31.16, eth2, 00:21:19
O
*> 10.10.37.0/24 [110/11] via 10.10.31.16, eth2, 00:21:19
K
* 10.30.0.0/24 is directly connected, eth0
C
*> 10.30.0.0/24 is directly connected, eth0
S
*> 11.22.11.0/24 [1/0] via 10.10.31.16, eth2
O E2 *> 14.5.1.0/24 [110/20] via 10.10.31.16, eth2, 00:19:21
O
16.16.16.16/32 [110/11] via 10.10.31.16, eth2, 00:21:19
S
*> 16.16.16.16/32 [1/0] via 10.10.31.16, eth2
O
*> 17.17.17.17/32 [110/31] via 10.10.31.16, eth2, 00:21:19
C
*> 45.45.45.45/32 is directly connected, lo
O
*> 55.55.55.55/32 [110/21] via 10.10.31.16, eth2, 00:21:19
K
* 127.0.0.0/8 is directly connected, lo
C
*> 127.0.0.0/8 is directly connected, lo
Line-by-line description
The routes added to the FIB are marked with a *. When multiple routes are available for the same prefix, the best route
is indicated with the > symbol. All unselected routes have neither the * nor the > symbol.
In the case of Connected routes, 2 entries exist in the route database; one learned from the kernel and the other
derived from interface information.
K
* 10.30.0.0/24 is directly connected, eth0
C
*> 10.30.0.0/24 is directly connected, eth0
These route entries denote:
48
•
Both these routes are in the same network 10.30.0.0/24.
•
The first route has originated from the kernel. The * indicates that it has been added to the FIB (Forwarding
Information Base).
Route Selection in NSM
•
S
O
The second route is derived from the IP address of local interface eth0. It is marked as a Connected route
(C). Since a Connected route has the lowest administrative distance, it is the selected route.
*> 10.10.34.0/24 [1/0] via 10.10.31.16, eth2
10.10.34.0/24 [110/31] via 10.10.31.16, eth2, 00:21:19
These route entries denote:
•
The same prefix was learned from OSPF and from static route configuration.
•
Since Static routes are preferred over OSPF routes, the static route is selected and installed in the FIB.
Note:
When the static route becomes unavailable, NSM automatically selects the OSPF route and installs it in
the FIB.
49
Route Selection in NSM
50
CHAPTER 13
Miscellaneous Issues
Kernel does not notify the NSM about updating the MTU/metric
Live MTU/metric updates are sent by NSM to the protocols on Linux and all flavors of BSDs. For Solaris, the kernel
does not notify the NSM about updating the MTU/metric. To trigger this information from NSM to protocols, you need to
administratively bring the interface DOWN, modify the MTU/metric and then bring the interface UP. This sends the new
MTU/metric update to the protocols.
OSPF adjacency lost (System Clock)
When changing the system clock (moving it backward or forward) the OSPF daemon on Solaris loses adjacency.
OSPF adjacency is lost and stuck in “Init” state. This is a known Solaris issue. When changing the system time using
any mechanism, users need to shutdown the system and bring it up. So when changing system time on Solaris,
shutdown the system and restart ZebOS protocols.
Remote Devices are unreachable
If you cannot reach remote devices when restarting NSM, make sure that there is at least one static IP address
configured from the primary interface of the OS. Failure to do so can result in the device becoming unreachable from
the outside. The connectivity established through ZebOS is lost when ZebOS is killed and the device requires manual
intervention. To configure a static address from the primary interface, use the ifconfig command or edit a file in the
network-scripts:
1. Edit file ifcfg-eth<x> in /etc/sysconfig/network-scripts with this minimum configuration:
DEVICE = eth<x>
ONBOOT = yes
PADDR = 10.10.10.222
NETMASK = 255.255.255.0
BROADCAST = 10.10.10.255
2. Make sure /etc/rc.d/init.d/network does exist to configure a network interface with a static IP address at
boot time.
51
Miscellaneous Issues
52
Index
Register-Stop 27
metrics 44
A
N
administrative distance 43
cannot reach host
master down 23
community entries 8
nbr count 30
neighbor
capabilities 9
netstat 1
no BSR and RP information 25
no ospf adjacency 11, 35
no ospfv3 adjacency 35
no PIM adjacency 25
no rip adjacency 17
no ripng adjacency 41
NSM
route selection 43
D
O
damped route 6
debugging
disabling 4
DR prior 30
origin codes 6
B
BGP AS-PATH entries 8
BGP state 9
BGP table version 6
C
E
Ethereal 18, 42
F
firewall present 5
H
history 6
how to log 3
I
ifconfig 1
Incorrect VRRP States 24
L
logging
to stdout 3
M
message
P
ping 1
ping6 2
R
remote devices unreachable 51
rip enabled but no adjacency 18, 42
route refresh request 9
RP not advertised in the BSR 25
S
show ip bgp command 6
show ip bgp neighbors 8
show ip bgp summary 7
show ip mroute command 27
show ip ospf database command 14
show ip ospf interface command 12
show ip ospf neighbor command 13
show ip pim interface command 30
show ip rip database command 19
show ip rip interface command 18
show ipv6 bgp command 32
show ipv6 bgp summary command 33
show ipv6 ospf database intra-prefix (adv-router) 38
show ipv6 ospf database link (adv-router) 36
ssh 2
stale route 6
Index - 1
Index
static route 43
status codes 6
suppressed route 6
T
targeted peers 22
TCP dump 18, 42
TCP packet blocked 5
telnet 2
traceroute 2
traceroute6 2
transmit delay 13
transport address
reachability 22
selection 21
troubleshooting
ldp 21
OSPF 11
OSPFv3 35
PIM-SM 25
rip 17
ripng 41
vrrp 23
Index - 2
U
uname 2
Unix System Commands and Utilities
ifconfig 1
netstat 1
ping 1
ping6 2
ssh 2
telnet 2
traceroute 2
traceroute6 2
uname 2
useradd 2
userdel 2
useradd 2
userdel 2
V
valid route 6
Verify the status of LDP 22
VIF index 30
Related documents
Internet Traffic Engineering
Internet Traffic Engineering
glossary - Homework Market
glossary - Homework Market
Slides - Duke Computer Science
Slides - Duke Computer Science
COS 420 day 17
COS 420 day 17
class18 - eecis.udel.edu
class18 - eecis.udel.edu
notes
notes
The Cutting EDGE of Router Configuration D. Caldwell, A. Gilbert, J. Gottlieb,
The Cutting EDGE of Router Configuration D. Caldwell, A. Gilbert, J. Gottlieb,
PPT
PPT
Neuroimaging and language I
Neuroimaging and language I
Monitoring and Measurement
Monitoring and Measurement
Dynamic Routing Protocols
Dynamic Routing Protocols
Why did Europeans Explore the World
Why did Europeans Explore the World