Configuration, analysis, package & mdash; try to explain in detail (2)

Related links:

VPN configuration, analysis, package-strive to explain 1): http://425093014.blog.51cto.com/5109559/1060124

VPN configuration, analysis, package-strive to explain 3): http://425093014.blog.51cto.com/5109559/1063675

 

Tip: if the image is too small to be clearly visible, you can click the image to view the original image or download the experiment materials.

If you need, you can go to the http://down.51cto.com/data/602810 to download the project, code, configuration save file for this experiment, use GNS3 simulation.

 

Topology:

650) this. width = 650; "width =" 746 "height =" 332 "border =" 0 "style =" background-image: none; border-right-0px; padding-left: 0px; padding-right: 0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px "title =" 0 true Topology "alt =" 0 true Topology "src =" http://www.bkjia.com/uploads/allimg/131227/0131134612-0.jpg "/>

 

Experiment introduction:

1) Disable s0/0 of R1 to check the packet sending status.

2) Disable s0/1 of R2 to check the packet sending status.

3) Start s0/1 of R2 to check the packet sending status.

 

Lab details:

1) Disable s0/0 of R1 to check the packet sending status.

In R3, the s0/1 interface uses wireshark to intercept data packets. When s0/0 is disabled, R1 cannot arrive

172.16.3.0

10.0.0.0

172.16.2.0

Because only the s0/1 interface is used, a query is sent for unicast ).

 

Figure 1: Query

650) this. width = 650; "width =" 724 "height =" 379 "border =" 0 "style =" background-image: none; border-right-0px; padding-left: 0px; padding-right: 0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px "title =" 1 pack query "alt =" 1 pack query "src =" http://www.bkjia.com/uploads/allimg/131227/0131131642-1.jpg "/>

You can see that the sending and receiving interface, the package content, in fact, R1 this inquiry package has two functions.

--- 1. These networks cannot be reached.

--- 2. Can you access these networks?

 

Figure 2: Query ACK, of course, is called ack only to distinguish between them.

650) this. width = 650; "width =" 736 "height =" 285 "border =" 0 "style =" background-image: none; border-right-0px; padding-left: 0px; padding-right: 0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px "title =" 1 pack ack-query "alt =" 1 pack ack-query "src =" http://www.bkjia.com/uploads/allimg/131227/0131136029-2.jpg "/>

 

Figure 3: Reply

650) this. width = 650; "width =" 710 "height =" 322 "border =" 0 "style =" background-image: none; border-right-0px; padding-left: 0px; padding-right: 0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px "title =" 1 pack reply "alt =" 1 pack reply "src =" http://www.bkjia.com/uploads/allimg/131227/013113O12-3.jpg "/>

Questions on the video. Why?

He asked 172.16.3.0 and 172.16.2.0. Although the two networks are in 172.16.0.0, R1 and R2 are automatically summarized and sent to R3. In fact, R3

I do not know whether it can reach 172.16.3.0 or 172.16.2.0. So for accuracy, I cannot reply.

The following is the R3 route table after R1 s0/0 is disabled:

R3 # sh ip route
Codes: C-connected, S-static, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

192.168.10.0/24 is variably subnetted, 3 subnets, 2 masks
D 192.168.10.0/24 is a summary, 00:00:41, Null0
C 192.168.10.4/30 is directly connected, Serial0/0
C 192.168.10.8/30 is directly connected, Serial0/1
D 172.16.0.0/16 [90/2172416] via 192.168.10.9, 00:00:39, Serial0/1
[90/2172416] via 192.168.10.5, 00:00:39, Serial0/0
D 10.0.0.0/8 [90/2297856] via 192.168.10.9, 00:00:39, Serial0/1
C 192.168.1.0/24 is directly connected, FastEthernet1/0

Figure 4: Reply ACK

650) this. width = 650; "width =" 792 "height =" 339 "border =" 0 "style =" background-image: none; border-right-0px; padding-left: 0px; padding-right: 0px; border-top-width: 0px; border-bottom-width: 0px; border-left-width: 0px; padding-top: 0px "title =" 1 pack ack-reply "alt =" 1 pack ack-reply "src =" http://www.bkjia.com/uploads/allimg/131227/0131135061-4.jpg "/>

2) The analysis will be more comprehensive than (1)

 

2) Disable s0/1 of R2 to check the packet sending status.

Information in CLI

1. Disable the interface

2. Router feedback and messages received by R3

R2 (config) # int s0/1
R2 (config-if) # shutdown
R2 (config-if )#
* Mar 1 00:07:16. 483: % DUAL-5-NBRCHANGE: IP-EIGRP (0) 1: Neighbor 192.168.10.10 (Serial0/1) is down: interface down
R2 (config-if )#
* Mar 1 00:07:18. 343: % LINK-5-CHANGED: Interface Serial0/1, changed state to administratively down
* Mar 1 00:07:19. 343: % LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down

 

* Mar 1 00:07:27. 367: % DUAL-5-NBRCHANGE: IP-EIGRP (0) 1: Neighbor 192.168.10.9 (Serial0/1) is down: holding time expired
R3 #
* Mar 1 00:07:45. 975: % LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down
R3 #

 

Specific Package content:

Figure 5: Ask R1, can you go to 10.0.0.0?

650) this. width = 650; "height =" 328 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 2-ask 1 "alt =" 2-ask 1 "src =" http://www.bkjia.com/uploads/allimg/131227/0131136423-5.jpg "/>

 

Figure 6: R1: OK; serial number: 22

650) this. width = 650; "height =" 325 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 2-ack ask 1 "alt =" 2-ack ask 1 "src =" http://www.bkjia.com/uploads/allimg/131227/0131133I3-6.jpg "/>

 

Figure 7: R1 answers

650) this. width = 650; "height =" 420 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 2-reply "alt =" 2-reply "src =" http://www.bkjia.com/uploads/allimg/131227/0131131132-7.jpg "/>

.

Let's look at the route table of R3:

R3 # sh ip route
Codes: C-connected, S-static, R-RIP, M-mobile, B-BGP
D-OSPF, EX-VPN external, O-OSPF, IA-OSPF inter area
N1-ospf nssa external type 1, N2-ospf nssa external type 2
E1-OSPF external type 1, E2-OSPF external type 2
I-IS, su-IS summary, L1-IS-level-1, L2-IS level-2
Ia-IS inter area, *-candidate default, U-per-user static route
O-ODR, P-periodic downloaded static route

Gateway of last resort is not set

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
D 192.168.10.0/24 is a summary, 00:20:27, Null0
C 192.168.10.4/30 is directly connected, Serial0/0
D 172.16.0.0/16 [90/2172416] via 192.168.10.5, 00:10:05, Serial0/0
D 10.0.0.0/8 [90/2809856] via 192.168.10.5, 00:10:05, Serial0/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0

 

Previously, R3 arrived at 10.0.0.0/8 through 192.168.10.9, which can be viewed in the yellow section of the R3 route table in Experiment 1) above.

Now, it is changed to the interface ip address of s0/1 of R1.

 

Figure 8: R3 OK, thanks

650) this. width = 650; "height =" 294 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 2-ackreply "alt =" 2-ackreply "src =" http://www.bkjia.com/uploads/allimg/131227/0131131423-8.jpg "/>

 

 

After a period of time, R3 will display:

* Mar 1 00:10:55. 967: % LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to down

It means that he cannot reach 192.168.10.8/30. Then I asked R1 again. To avoid repetition, I only took two images.

Figure 9:

650) this. width = 650; "height =" 299 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 3-ask "alt =" 3-ask "src =" http://www.bkjia.com/uploads/allimg/131227/0131135426-9.jpg "/>

 

Figure 10: Response: I cannot.

650) this. width = 650; "height =" 330 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" 3-answer "alt =" 3-answer "src =" http://www.bkjia.com/uploads/allimg/131227/0131131Y2-10.jpg "/>

 

 

 

 

3) Start s0/1 of R2 to check the packet sending status.

Next, start s0/1 of R2 to view the feedback.

R2 (config-if) # no shutdown

* Mar 1 00:21:29. 727: % LINK-3-UPDOWN: Interface Serial0/1, changed state to up
R2 (config-if )#
* Mar 1 00:21:30. 731: % LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
R2 (config-if )#
R2 (config-if )#
R2 (config-if )#
R2 (config-if )#
* Mar 1 00:21:46. 343: % DUAL-5-NBRCHANGE: IP-EIGRP (0) 1: Neighbor 192.168.10.10 (Serial0/1) is up: new adjacency

 

Information received by R3

* Mar 1 00:21:45. 951: % LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/1, changed state to up
* Mar 1 00:21:46. 107: % DUAL-5-NBRCHANGE: IP-EIGRP (0) 1: Neighbor 192.168.10.9 (Serial0/1) is up: new adjacency

 

 

Figure 11: update package. 6 send to. 5

650) this. width = 650; "height =" 332 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" update "alt =" update "src =" http://www.bkjia.com/uploads/allimg/131227/0131135Y2-11.jpg "/>

192.168.10.8/30 is added to the R3 route table to restrict updates. Send an update package to R1.

The Ack package under the update package on the way.

Then R1 sends an update to R3. The content is the same, because R3 tells it, see

Figure 12:

650) this. width = 650; "height =" 290 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" update2 "alt =" update2 "src =" http://www.bkjia.com/uploads/allimg/131227/0131133557-12.jpg "/>

 

Then, R3 sends an update to R1 because 10.0.0.0/8 and 172.16.0.0/16 are added to the route table.

Figure 13:

650) this. width = 650; "height =" 316 "border =" 0 "style =" background-image: none; border-bottom: 0px; border-left: 0px; padding-left: 0px; padding-right: 0px; border-top: 0px; border-right: 0px; padding-top: 0px "title =" update3 "alt =" update3 "src =" http://www.bkjia.com/uploads/allimg/131227/0131136455-13.jpg "/>

Then R1 sends back the confirmation, but R1 does not send Update to R3 because the two destination networks R1 exist and the route table has not changed,

Therefore, R1 will not send updates.

After that, everything is normal. Hello, go down.

 

Come to an end. Thank you for watching.

 

If you need, you can go to the http://down.51cto.com/data/602810 to download the project, code, configuration save file for this experiment, use GNS3 simulation.

This article is from the "weak water three thousand" blog, please be sure to keep this source http://425093014.blog.51cto.com/5109559/1061059