All network engineers use Ping, which is an effective way to check Routing Problems. However, engineers often complain that it is impossible. How can this problem be solved?
This confusion usually occurs when you think that the route settings are correct. I would like to add a few questions that I have encountered.
Three simplest cases:
1. too worried. That is, when the network cable is inserted into the switch, you want to ping the gateway, ignoring the convergence time of the Spanning Tree.
Of course, newer switches support fast generation trees, or some administrators simply put the user port (AC
Cess port.
2. Access Control. No matter how many hops are crossed in the middle, as long as a node (including the end node) filters ICMP, Ping failure is normal. The most common behavior is firewall behavior.
3. Some vro ports cannot be pinged. We have also encountered such a situation, which is more concealed.
1. Because of the high latency between devices, icmp echo packets cannot be received within the default time (2 seconds.
There are several reasons for latency, such as the line (the satellite network latency is 540 milliseconds), the router processing latency, or the unreasonable routing design leads to a detour path. Extended Ping is used to increase the timed out time. If Ping is enabled, the route latency is too high.
2. When Nat is introduced, one-way Ping will occur. Nat can be used to conceal internal addresses. When Ping is performed outside the NAT table, the Ping is successful because the NAT table ing exists. When the Ping is initiated outside the Intranet host, you cannot find the NAT table of the VBR.
3. Multi-route load balancing. For example, if you ping the remote target host, the successful reply and timed out are staggered and two routes to the destination CIDR Block exist on the Gateway Router. the weights of the two routes are equal, however, a route is faulty.
4. IP Address allocation is not consecutive. The problem of address planning is that a mine is buried in the network. Overlapping addresses or discontinuous mask division may cause problems during Ping.
For example, in an extreme case, A and B are connected through multiple hops. A can ping the gateway of B, and the gateway of B is set correctly, but a and B cannot be pinged. After investigation, the second address is also provided on the NIC of B, and the address overlaps with the CIDR block of.
5. Specify the extended Ping of the source address. Log on to the vro and ping the remote host. When an ICMP echo request is sent from the serial wan interface, the vro will specify an IP address as the source IP address, this IP address may not be the IP address of this interface or this interface does not have an IP address at all.
However, a downstream router may not be able to ping the IP segment. You can use extended ping to specify the source IP address.
When the host gateway and intermediate route are correctly configured, Ping is also common. In this case, you should forget the word "impossible" and combine the ping extension parameters with the feedback information, traceroute, router debug, port image, Sniffer, and other tools for analysis.
For example, when two hosts a and B are connected through a multi-hop router, the gateway of the two is set correctly. You can ping B on a, but cannot ping a on B.
By mirroring on the vswitch and capturing packets with sniffer, you can find out where the ICMP packet ends and what the packet content is, and you can find that the source IP address in the ICMP packet is not as expected, at this time, it is easy to imagine that it may be due to the NAT Function of the vro, so that we can gradually discover some neglected problems.
When Ping fails, the feedback is "destination_net_unreachable" or "timed out.