Quidway路由器無厘頭故障分享

        狀況是這樣的，北京和上海之間經過路由器創建了IPSec ×××，北京新上了電信的線，爲了上海到北京更快更高更強！決定將×××創建到北京的電信鏈路上，因而更改了兩端的IP地址。

#

ike peer peer pre-shared-key ****

remote-address 219.143.x.x

local-address 116.228.x.x

#

 

#

ike peer peer pre-shared-key ****

remote-address 116.228.x.x

local-address 219.143.x.x

#

        修改完畢，

reset ipsec sa

reset ike sa

        坐等創建鏈接，1分鐘...2分鐘...5分鐘...fuck....看來沒法創建成功，檢查回話狀態

<Quidway>dis ike sa
    Total IKE phase-1 SAs:  0
    connection-id  peer            flag        phase   doi
  ----------------------------------------------------------
             38    219.143.x.x    RD|ST         2     IPSEC

  flag meaning
  RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT

 

<MSR5040>dis ike sa
    total phase-1 SAs:  0
    connection-id  peer            flag        phase   doi
  ----------------------------------------------------------
     28599         116.228.x.x        RD            2     IPSEC

     28598         <unnamed>     RD            1     IPSEC

  flag meaning
  RD--READY ST--STAYALIVE RL--REPLACED FD--FADING TO--TIMEOUT

        居然創建ike sa失敗，檢查配置，一切正常，很奇怪，無奈開啓debugging

        -----------北京路由器--------------

<MSR5040>terminal debugging
Info: Current terminal debugging is on.

<MSR5040>terminal monitor
Info: Current terminal monitor is on.

<MSR5040>debugging ike all

 

<MSR5040>
*Oct 16 15:43:11:409 2012 MSR5040 IKE/7/DEBUG: message send:
*Oct 16 15:43:11:409 2012 MSR5040 IKE/7/DEBUG:   ICOOKIE: 0xf348aed30c37f270
*Oct 16 15:43:11:409 2012 MSR5040 IKE/7/DEBUG:   RCOOKIE: 0x0000000000000000
*Oct 16 15:43:11:410 2012 MSR5040 IKE/7/DEBUG:   NEXT_PAYLOAD: SA
*Oct 16 15:43:11:410 2012 MSR5040 IKE/7/DEBUG:   VERSION: 16
*Oct 16 15:43:11:410 2012 MSR5040 IKE/7/DEBUG:   EXCH_TYPE: ID_PROT
*Oct 16 15:43:11:410 2012 MSR5040 IKE/7/DEBUG:   FLAGS: [ ]
*Oct 16 15:43:11:411 2012 MSR5040 IKE/7/DEBUG:   MESSAGE_ID: 0x00000000
*Oct 16 15:43:11:411 2012 MSR5040 IKE/7/DEBUG:   LENGTH: 124
<MSR5040>

        請求信息無誤，而且已經產生SA，問題應該不是處在北京路由器上，檢查上海路由器。

      -----------上海路由器-------------- 

<Quidway>terminal debugging
Info: Current terminal debugging is on.

<Quidway>terminal monitor
Info: Current terminal monitor is on.

<Quidway>debugging ike all

 

 

<Quidway>
*0.24561482 Quidway IKE/7/DEBUG:add transport: adding 8408fac4
*0.24561483 Quidway IKE/7/DEBUG:transport reference: transport 8408fac4 now has 1references
*0.24561485 Quidway IKE/7/DEBUG:message alloc: allocated 84087264
*0.24561486 Quidway IKE/7/DEBUG:message_recv: message 84087264
*0.24561488 Quidway IKE/7/DEBUG:  ICOOKIE: 0xf348aed30c37f270
*0.24561489 Quidway IKE/7/DEBUG:  RCOOKIE: 0x0000000000000000
*0.24561491 Quidway IKE/7/DEBUG:  NEXT_PAYLOAD: SA
*0.24561492 Quidway IKE/7/DEBUG:  VERSION: 16
*0.24561493 Quidway IKE/7/DEBUG:  EXCH_TYPE: ID_PROT
*0.24561494 Quidway IKE/7/DEBUG:  FLAGS: [ ]
*0.24561497 Quidway IKE/7/DEBUG:  MESSAGE_ID: 0x00000000
*0.24561498 Quidway IKE/7/DEBUG:  LENGTH: 124
*0.24561500 Quidway IKE/7/DEBUG:message dump: iovec 0:
*0.24561501 Quidway IKE/7/DEBUG:f348aed3 0c37f270 00000000 00000000 01100200 00000000 0000007c 0d000038
 
*0.24561503 Quidway IKE/7/DEBUG:00000001 00000001 0000002c 01010001 00000024 00010000 80010001 80020002
 
*0.24561505 Quidway IKE/7/DEBUG:80030001 80040001 800b0001 000c0004 00015180 0d000014 90cb8091 3ebb696e
 
*0.24561507 Quidway IKE/7/DEBUG:086381b5 ec427b1f 00000014 4485152d 18b6bbcd 0be8a846 9579ddcc
*0.24561509 Quidway IKE/7/DEBUG:exchange lookup from cookie: icookie f348aed30c37f270
*0.24561511 Quidway IKE/7/DEBUG:message parse payloads: payload SA
*0.24561512 Quidway IKE/7/DEBUG:message parse payloads: payload VENDOR
*0.24561517 Quidway IKE/7/DEBUG:message parse payloads: payload VENDOR
*0.24561518 Quidway IKE/7/DEBUG:validate payload SA of message 84087264
*0.24561520 Quidway IKE/7/DEBUG:  DOI: 1
*0.24561521 Quidway IKE/7/DEBUG:exchange_setup_p1: no ike peer configuration found for peer "111.207.x.x,116.228.x.x"
*0.24561524 Quidway IKE/7/DEBUG:message free: freeing 84087264
*0.24561525 Quidway IKE/7/DEBUG:release transport: transport 8408fac4 had 1references
*0.24561527 Quidway IKE/7/DEBUG:release transport:: freeing 8408fac4
*0.24561528 Quidway IKE/7/DEBUG:transport reference: transport 840889c4 now has 2references
*0.24561530 Quidway IKE/7/DEBUG:transport reference: transport 84088564 now has 2references
*0.24561532 Quidway IKE/7/DEBUG:transport reference: transport 84088424 now has 2references
*0.24561537 Quidway IKE/7/DEBUG:release transport: transport 840889c4 had 2references
*0.24561539 Quidway IKE/7/DEBUG:release transport: transport 84088564 had 2references
*0.24561541 Quidway IKE/7/DEBUG:release transport: transport 84088424 had 2references

         問題浮出水面，紅色的信息顯示的IP地址是錯誤的，是變動前的IP地址！peer 的IP地址已經變動了，這裏依然再使用變動前的IP地址在創建鏈接，這不是坑爹呢麼……問題應該就是這裏了，再次配置，依然無效，無奈重啓上海路由器，問題解決。

 

         此問題告訴咱們，即便是路由器也並非時時刻刻都能配置即時生效，排除故障要持有懷疑一切的態度，萬萬不能存有經驗主義的錯誤觀念！