Route Failure Analysis: Route tables that cannot be routed (1)

Vro is an important device for interconnection between the Intranet and the Internet. You can set static routes and dynamic routes based on network complexity. Static Routing can be easily configured for a simple network, but improper routing list setting may cause some network interconnection faults.
Some people in department A report that they cannot access the network of the upper-level department (Department B. Run the ping command from the computer A1 (IP Address: 10.20.12.11/24) used by the user to send the ping command to the computer B1 (IP Address: 10.20.30.110/24) and B2 (IP Address: 10.20.30.111/24) of department B) send test data packets with a packet loss rate of 100%. ping other computers in the Department to check that the connection is normal. Check the IP settings of the computer and find that the gateway is correctly set (the correct gateway is 10.20.12.1). Therefore, it is suspected that the router cannot work normally. When I came back to my office, I used the computer A2 and A3 to test and found the following strange phenomena:
(1) run the ping command on computer A2 (IP Address: 10.20.12.12/24) to ping the computers B1 and B2 in department B's network respectively. Then, it is found that B1 has a normal response, and the response rate of B2 is between 20% and 24 ~ In computer A3 (IP: 10.20.12.13/24), ping the computer B1 and B2 by using the ping command. The response shows that the connection is normal and the packet loss rate is 0.
(2) Change the IP address of computer A3 to 10.20.12.12/24 before testing. The ping result is the same as that of computer A2 in (1.
(3) change the IP address of computer A2 to an unused IP Address: 10.20.12.22/24. Test the connection with B1 and B2. The result shows normal and the packet loss rate is 0.
(4) change the IP address of computer A1 to an unused IP Address: 10.20.12.23/24. Test the connection with B1 and B2. The result shows normal and the packet loss rate is 0.
Fault Analysis

Considering that network connectivity is related to the IP address of the Local Machine, refer to the network topology of the Local Machine (1). It is suspected that the fault may be caused by the firewall settings of department B's network. Because department B and department B are located in two different places in the city, it is not convenient to view the firewall settings, so I called to ask. However, the Department's network administrator told him that the firewall was set for the network IP segment, that is, the firewall allowed access to the entire network IP segment of Department.

The reason may be that some computers in this department have sent illegal access information to department B's network, and department B's firewall automatically intrude this IP address into the computer list, the IP packet sent by WAF is blocked, leading to abnormal network connection. Investigate all computers in the Department and change the IP addresses of computers that cannot normally access the external network (Department B network) to the new IP address.

However, a week later, the Network went down again, and packet loss occurred to several computers in department B that could have been normally accessed, however, some IP addresses that previously failed to access the external network can normally access the external network. It seems that the problem may not be on the firewall.