[HCIE TAC] question 6-1

Posted by wezalmighty on Fri, 18 Feb 2022 23:30:54 +0100


Error point restore:
#AR31
isis 1
is-level level-1

Title: AR34 did not learn two equivalent routes

1, Fault root cause judgment

After analysis, the root cause of the fault is: the ISIS router level configuration error of AR31 is level-1, and the correct configuration should be level-1-2.

2, Fault analysis

2.1. The fault phenomenon reappears. Execute the display IP routing table command on AR34 to check whether there are two default routes in the routing table of AR34. The inspection results are as follows:

<AR34>dis ip routing-table 
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
     Destinations : 16       Routes : 16       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    0.0.0.0/0   ISIS-L1 15   10          D   10.5.34.30      GigabitEthernet0/0/0
  10.5.1.30/32  ISIS-L1 15   10          D   10.5.34.30      GigabitEthernet0/0/0
  10.5.1.31/32  ISIS-L1 15   10          D   10.5.14.31      GigabitEthernet0/0/1
  10.5.1.34/32  Direct  0    0           D   127.0.0.1       LoopBack0
  10.5.14.0/24  Direct  0    0           D   10.5.14.34      GigabitEthernet0/0/1
 10.5.14.34/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
10.5.14.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/1
  10.5.34.0/24  Direct  0    0           D   10.5.34.34      GigabitEthernet0/0/0
 10.5.34.34/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
10.5.34.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet0/0/0
 10.5.129.0/24  ISIS-L1 15   20          D   10.5.34.30      GigabitEthernet0/0/0
 10.5.130.0/24  ISIS-L1 15   20          D   10.5.14.31      GigabitEthernet0/0/1

According to the inspection results, there is only one default route from the next hop to AR30 in the routing table of AR34, and the overhead of the routes received from AR30 and AR31 is the same, which eliminates the possibility of failure caused by inconsistent interface overhead. Since the necessary condition for AR34 to generate two default routes is to receive the LSP with ATT set to 1 from AR30 and AR31 respectively, and the conditions for att set are as follows:

a. AR30, AR31 and AR34 establish a level-1 neighbor relationship, and must establish a level-2 neighbor relationship with AR28;

b. The ISIS area ID of AR30 and AR31 must be consistent with that of AR34, but inconsistent with that of AR28;

c. AR30 and AR31 must support the router type of ISIS level-1-2;

Therefore, it is necessary to check whether there is an LSP with ATT set to 1 from AR30 and AR31 in the ISIS LSDB database of AR34.

2.2. Execute the display isis lsdb command on AR34 to view the lsdb database of AR34. The inspection results are as follows:

<AR34>display isis lsdb 

                    Database information for ISIS(1)
                    --------------------------------

                      Level-1 Link State Database

LSPID                 Seq Num      Checksum      Holdtime      Length  ATT/P/OL
-------------------------------------------------------------------------------
0000.0000.0030.00-00  0x00000009   0x78e4        862           102     1/0/0   
0000.0000.0031.00-00  0x0000000a   0xf198        891           102     0/0/0   
0000.0000.0031.01-00  0x00000003   0xe018        891           55      0/0/0   
0000.0000.0034.00-00* 0x00000007   0x93df        766           113     0/0/0   
0000.0000.0034.01-00* 0x00000002   0x8d6a        766           55      0/0/0   

Total LSP(s): 5
*(In TLV)-Leaking Route, *(By LSPID)-Self LSP, +-Self LSP(Extended), 
       ATT-Attached, P-Partition, OL-Overload

According to the inspection results, AR34 only receives the LSP with ATT set to 1 from AR30. According to the three necessary conditions of ATT set, it is necessary to further check whether the ISIS neighbor relationship between AR31, AR34 and AR28 is established normally.

2.3 execute the display isis peer command on AR31 to check the ISIS neighbor relationship of AR31. The inspection results are as follows:

<AR31>dis isis peer 

                      Peer information for ISIS(1)

  System Id     Interface          Circuit Id       State HoldTime Type     PRI
-------------------------------------------------------------------------------
0000.0000.0034  GE0/0/1            0000.0000.0031.01 Up   23s      L1       64 

According to the inspection results, AR31 only established level-1 neighbor relationship with AR34, and did not establish level-2 neighbor relationship with AR28. It is necessary to further check whether it is caused by the inaccessibility of the three-layer address of the interface used for ISIS neighbor relationship between AR28 and AR31.

2.4 execute ping -a 10.5.130.31 10.5.130.28 command on AR31, and the test results are as follows:

<AR31>ping -a 10.5.130.31 10.5.130.28
PING 10.5.130.28: 56  data bytes, press CTRL_C to break
Reply from 10.5.130.28: bytes=56 Sequence=1 ttl=255 time=60 ms
Reply from 10.5.130.28: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.5.130.28: bytes=56 Sequence=4 ttl=255 time=30 ms
Reply from 10.5.130.28: bytes=56 Sequence=5 ttl=255 time=20 ms

 --- 10.5.130.28 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/30/60 ms

According to the output results, the three-layer address of the interconnection interface between AR28 and AR31 can be reached. It is preliminarily judged that there may be an error in the ISIS configuration of AR31. Check whether AR31 receives the ISIS error statistics message.

2.5 execute the command display isis error int g0/0/2 on AR31 and check whether the g0/0/2 interface of AR31 receives the error statistics message. The check results are as follows:

<AR31>display isis error int g 0/0/2
Statistics of errored packets for GE0/0/2:
--------------------------------------------------------------------
LSP packet errors:
Longer LSP              : 0           Smaller LSP             : 0           
Mismatched Level        : 0           Invalid Sysid           : 0           
Zero Sequence Number    : 0           Illegal IS Type         : 0           
Zero Checksum           : 0           Incorrect Checksum      : 0           		
Bad Authentication      : 0           Bad Auth Count          : 0           
More Protocol TLV       : 0           Bad Nbr TLV             : 0           
Bad Extended IS TLV     : 0           Bad IF Addr TLV         : 0           
Bad Reach TLV           : 0           Bad Inter Domain TLV    : 0           
Mismatched Area Id(L1)  : 0           Bad TLV Length          : 0          
Bad Alias TLV           : 0           Bad Area TLV            : 0           
Bad SRLG TLV            : 0           Unknown Adjacency       : 0           
Bad Protocol ID         : 0           Bad Version             : 0           
Zero Lifetime           : 0           Bad Ext Reach TLV       : 0           
Bad TE Router ID TLV    : 0           Bad TE Sub TLV          : 0           

Hello packet errors:
Bad Packet Length       : 0           Reserved CircType       : 0           
Repeated System ID      : 0           Bad Circuit Type        : 0           
Longer packet           : 0           More Area Addr          : 0           
Longer Area Addr        : 0           Bad Area Addr TLV       : 0           
More IF Addr            : 0           Bad Formatted IF TLV    : 0           
More Nbr SNPA(LAN)      : 0           Invalid Sysid           : 0           
Bad TLV Length          : 0           Zero HoldingTime        : 0           
Unusable IP Addr        : 0           Repeated IPv4 Addr      : 0           
Mismatched Area Addr(L1): 0           Mismatched Proto        : 0           
SNPA Conflicted(LAN)    : 0           Mismatched Level        : 0           
Mimatched Max Area Addr: 0           Bad Authentication      : 0           
More Auth TLV           : 0           3-Way Option Error(P2P) : 0           
No Area Addr TLV        : 0           Bad Protocol ID         : 0           
Bad Version             : 0           Invalid IPv6 Addr       : 0           
More IPv6 IF Addr       : 0           Duplicate IPv6 Addr     : 0           
More Optional Checksum  : 0           Bad Optional Checksum   : 0           
--------------------------------------------------------------------

According to the output results, the g/0/0/2 interface of AR31 has not received any error statistics messages. It is necessary to further check the isis configuration information of AR31.

2.6 execute the display isis brief command on AR31 and check the ISIS related configuration of AR31. The inspection results are as follows:

<AR31>dis isis brief 

                 ISIS Protocol Information for ISIS(1)
                 -------------------------------------
SystemId: 0000.0000.0031      System Level: L1    
Area-Authentication-mode: NULL
Domain-Authentication-mode: NULL
Ipv6 is not enabled
ISIS is in invalid restart status
ISIS is in protocol hot standby state: Real-Time Backup

Interface: 10.5.14.31(GE0/0/1)
Cost: L1 10        L2 10                Ipv6 Cost: L1 10   L2 10   
State: IPV4 Up                          IPV6 Down
Type: BROADCAST                         MTU: 1497      
Priority: L1 64   L2 64   
Tmers:     Csnp: L1 10    L2 10    ,Retransmit: L12 5   , Hello: L1 10 L2 10  ,

Hello Multiplier: L1 3    L2 3     , LSP-Throttle Timer: L12 50  

Interface: 10.5.130.31(GE0/0/2)
Cost: L1 10        L2 10                Ipv6 Cost: L1 10   L2 10   
State: IPV4 Up                          IPV6 Down
Type: BROADCAST                         MTU: 1497      
Priority: L1 64   L2 64   
Timers:     Csnp: L1 10    L2 10    ,Retransmit: L12 5   , Hello: L1 10 L2 10  ,

Hello Multiplier: L1 3    L2 3     , LSP-Throttle Timer: L12 50  

Interface: 10.5.1.31(Loop0)
Cost: L1 0         L2 0                 Ipv6 Cost: L1 0    L2 0    
State: IPV4 Up                          IPV6 Down
Type: P2P                               MTU: 1500      
Priority: L1 64   L2  64   
Timers:     Csnp: L12 10  , Retransmit: L12 5   , Hello: 10  ,
Hello Multiplier: 3            , LSP-Throttle Timer: L12 50  

According to the output results, AR31 only supports Isis neighbor relationship of level-1 and does not support Isis neighbor relationship of level-2, which makes it impossible to establish level-2 neighbor relationship with AR28. Since the interconnection interface with AR28 is not enabled, the Isis neighbor relationship cannot be established, so it is necessary to check the g 0/0/2 interface of AR31.

2.7. Execute the display isis int g 0/0/2 command on AR31 and check the interface configuration. The output results are as follows:

<AR31>dis isis int g 0/0/2

                   Interface information for ISIS(1)
                   ---------------------------------
Interface       Id      IPV4.State          IPV6.State      MTU  Type  DIS   
GE0/0/2         002         Up                 Down         1497 L1/L2 No/No

According to the output results, the g 0/0/2 interface of AR31 enables ISIS, and the interface types support L1 and L2

To sum up: the fundamental reason why AR34 cannot generate two default routes is that AR28 and AR31 cannot establish the ISIS neighbor relationship of level-2, resulting in that AR34 cannot receive the LSP with ATT set to 1 from AR31. The reason why AR34 cannot establish a neighbor is that the ISIS route level of AR31 is configured as level-1 and the correct configuration is level-1-2.

3, Fault handling

3.1. The router level of AR31 is configured as level-1. The following commands need to be executed on AR31:

system-view                        #Enter system view
isis 1                             #Enter ISIS process
is-level level-1-2                 #Modify the router level to level-1-2
 After executing the above command, in AR31 and AR34 Test whether the fault has been solved by executing the following command on:
display isis peer                  #Check whether a level-2 neighbor relationship is established with AR28 on AR31
display isis lsdb                  #Set art from ls31 and art 34 in lsdb to see if it is received
display ip routing-table           #Check whether there are two default routes in the routing table

3.2. Other high possibility faults - the g 0/0/2 interface of AR28 does not enable ISIS, so the following commands need to be executed on AR28:

system-view                        #Enter system view
iint g0/0/2                        #Enter interface view
isis enable 1                      #Enable isis function
 After executing the above command, in AR31 and AR34 Test whether the fault has been solved by executing the following command on:
display isis peer                  #Check whether a level-2 neighbor relationship is established with AR28 on AR31
display isis lsdb                  #Check whether the lsdb of AR34 receives the LSP with ATT set to 1 from AR30 and AR31
display ip routing-table           #Check whether there are two default routes in the routing table

3.3. Other high possibilities - isis authentication is configured under the g 0/0/2 interface of AR28, and the following commands need to be executed on AR28:

system-view                        #Enter system view
iint g0/0/2                        #Enter interface view
undo isis authentication-mode      #Delete interface isis authentication
 After executing the above command, in AR31 and AR34 Test whether the fault has been solved by executing the following command on:
display isis peer                  #Check whether a level-2 neighbor relationship is established with AR28 on AR31
display isis lsdb                  #Check whether the lsdb of AR34 receives the LSP with ATT set to 1 from AR30 and AR31
display ip routing-table           #Check whether there are two default routes in the routing table

3.4. Other high possibilities - the forced ATT not set command is configured under the ISIS process of AR31, and the following commands need to be executed on AR31:

system-view                        #Enter system view
isis 1                             #Enter ISIS process
undo attached-bit advertise        #Delete ATT unset command
 After executing the above command, in AR31 and AR34 Test whether the fault has been solved by executing the following command on:
display isis peer                  #Check whether a level-2 neighbor relationship is established with AR28 on AR31
display isis lsdb                  #Check whether the lsdb of AR34 receives the LSP with ATT set to 1 from AR30 and AR31
display ip routing-table           #Check whether there are two default routes in the routing table

3.5. Other high possibility - to configure the weight value of AR30 as the next hop under the ISIS process of AR34, you need to execute the following commands on AR34:

system-view                        #Enter system view
isis 1                             #Enter ISIS process
undo next-hop 10.5.34.30           #Delete the weight value of the next hop configuration
 After executing the above command, in AR31 and AR34 Test whether the fault has been solved by executing the following command on:
display isis peer                  #Check whether a level-2 neighbor relationship is established with AR28 on AR31
display isis lsdb                  #Check whether the lsdb of AR34 receives the LSP with ATT set to 1 from AR30 and AR31
display ip routing-table           #Check whether there are two default routes in the routing table

quit # exit to system view
save # saves the configuration
If the fault still exists after executing the above command, please send a front-line engineer to the site for troubleshooting, or provide complete equipment configuration information, call Huawei 400 hotline and ask Huawei experts for remote assistance.

Topics: network