Ping gateways for different reasons (51cto blog relocation)

2013-09-08 19:35:58

The network engineer will usePing, which is an effective way to check for routing problems. But also often listen to engineer complain: Impossible, how can not pass?

This confusion typically occurs when you think the routing is set up correctly. To give some of the problems I have encountered, welcome to add.

The simplest of three cases:

1. Too impatient. That is, the network cable just insertedSwitchThink about it.PingThe convergence time of the spanning tree is ignored. Of course, the newerSwitchBoth support the fast spanning tree, or some administrators simply turn off the spanning tree protocol of the user port (Access port) and the problem is resolved.

2. Access control. Regardless of the number of hops across the middle, as long as there are nodes (including the end node) to filter ICMP,PingIt is normal to not pass. The most common is the behavior of the firewall.

3. Some router ports are not allowed for usersPingOf

Also encountered such a situation, more covert.

1. The network due to the delay between the device is too large, resulting in Icmpecho messages can not be received within the default time (2 seconds). There are several reasons for the delay, such as the line (the satellite network delays the star for 540 milliseconds), the router processing delay, or the routing design unreasonable cause the circuitous path. Using the extensionPing, increase timed out time, canPingRouting delay is too big a problem.

2. The introduction of NAT will result in one-wayPingWildcard NAT can act as a covert internal address,PingOutside, you canPingBecause the mapping of a NAT table exists when it is initiated by an externalPingOn the intranet host, it is impossible to find the NAT table entry for the border router.

3. Multi-routed load balancing scenarios. Like whatPingRemote destination host, successful reply and timed out interleaving, the results found that there are two routes to the destination network segment on the gateway router, the two routes have equal weights, but there is a problem in checking a route.

4.IP address assignment is not contiguous. Address planning problems such as the presence of landmines in the network, address overlap or the mask partition discontinuity may be inPingThe problem occurs. For example, an extreme situation, A, B two host, after multiple hops connected, a canPingGateway to B, and B's gateway is set correctly, but a, B isPingNot pass. A second address is also provided on the NIC of B, and this address overlaps the network segment where A is located.

5. Specify the extension of the source addressPing。 Log on to the router,PingRemote host, when the ICMP echorequest from the serial WAN interface, the router will specify an IP address as the source IP, the IP address may not be the IP of this interface or the interface does not have an IP address at all. A downstream router may not be routed to this IP segment, resulting inPingWildcard You can use the extendedPing, specify a good source IP address.

When the configuration of the host gateway and intermediate route is considered to be correct,PingThe problem is also a very common phenomenon. At this time should forget the "impossible" a few words, putPingAnalysis with tools such as extended parameters and feedback, traceroute, router debug, and port mirroring and sniffer.

For example, when both A and B hosts are connected by a multi-hop router, the gateways are set correctly and a can bePingb, but not on B.PingPass A. You can pass theSwitchDo the mirror, and use sniffer to find out where the ICMP message terminates, what the message content is, you can find the source IP address in the ICMP message is not expected, it is easy to imagine that the NAT function of the router, it is possible to gradually discover some neglected issues. andPingWhether the feedback information is "destination_net_unreachable" or "timedout" is also a difference.

Ping gateways for different reasons (51cto blog relocation)