OSPF造成鄰居關係的條件及驗證

一、造成鄰居條件：

1）區域ID相同；
2）hello，dead時間一致；
3）認證，認證密碼一致；
4）區域性質一致（例都是普通區域，或者都是末節區域等等）。
 

二、驗證

2.一、基本配置

R1:
en
conf t
no ip domain-lookup
host R1
inter s1/1
ip add 10.10.1.1 255.255.255.252
description  to-R2-s1/0
no shut
exit
interface Loopback100
 ip address 1.1.1.1 255.255.255.0
router ospf 100
 network 10.10.1.1 0.0.0.0 area 0

R2:
en
conf t
no ip domain-lookup
host R2
inter s1/0
ip add 10.10.1.2 255.255.255.252
description  to-R1-s1/1
no shut
inter s1/1
ip add 10.10.2.1 255.255.255.252
description  to-R3-s1/0
no shut
exit
interface Loopback200
 ip address 2.2.2.2 255.255.255.0
router ospf 200
 network 10.10.1.2 0.0.0.0 area 0

//此鄰居關係理論上已經創建成功：

R1#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/  -        00:00:39    10.10.1.2       Serial1/1

R2#sh ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           0   FULL/  -        00:00:31    10.10.1.1       Serial1/0

2.二、驗證過程

2.2.一、區域不一樣

把R2的區域修改爲area 1

R2(config-router)#network 10.10.1.2 0.0.0.0 area 1
R2(config-router)#
*Oct 23 15:53:50.927: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Oct 23 15:53:50.935: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 0 to area 1
*Oct 23 15:53:57.755: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 10.10.1.1, Serial1/0

//更改區域後，提示鄰居關係已經中斷，緣由是區域號不一致，建議經過虛擬鏈路來實現。
R2(config-router)#do sh ip ospf nei

R2(config-router)#

//查看R2鄰居已經丟失。

R1#sh ip ospf neighbor

R1#sh ip ospf neighbor

//查看R1鄰居也已經丟失。

R2(config-router)#network 10.10.1.2 0.0.0.0 area 0
R2(config-router)#
*Oct 23 15:58:03.699: %OSPF-6-AREACHG: 10.10.1.2/32 changed from area 1 to area 0
*Oct 23 15:58:03.759: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done
R2(config-router)#do sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           0   FULL/  -        00:00:33    10.10.1.1       Serial1/0
R2(config-router)#

//R2配置還原成area 0，鄰居關係立刻恢復。

R1#
*Oct 23 15:58:04.019: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Serial1/1 from LOADING to FULL, Loading Done

//R1鄰居關係也恢復。

2.2.2 hello，dead時間一致；
注：基於接口來修改時間，修改hello時，dead時間同時修改，保持爲hello的4倍。

默認的時間以下：

R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:05
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

 

修改以下：

R2(config-if)#ip ospf hello-interval 20

//由10s修改20s

R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 20, Dead 80, Wait 80, Retransmit 5
    oob-resync timeout 80
    Hello due in 00:00:18
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

//已修改爲爲20s，同時dead時間也修改爲80s

R2(config-if)#
R2(config-if)#
*Oct 23 16:05:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//提示鄰居關係已中斷，緣由是dead時間不匹配。

還原配置：

R2(config-if)#no ip ospf hello-interval 20
R2(config-if)#do sh ip ospf inter s1/0   
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
R2(config-if)#
*Oct 23 16:07:27.843: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//鄰居關係恢復。

單獨修改dead時間：

R2(config-if)#ip ospf dead-interval 50
R2(config-if)#do sh ip ospf inter s1/0
Serial1/0 is up, line protocol is up
  Internet Address 10.10.1.2/30, Area 0
  Process ID 200, Router ID 2.2.2.2, Network Type POINT_TO_POINT, Cost: 64
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 50, Wait 50, Retransmit 5
    oob-resync timeout 50
    Hello due in 00:00:00
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1
  Suppress hello for 0 neighbor(s)

//只修改dead時間，hello時間不變

R2(config-if)#
*Oct 23 16:09:27.739: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired

//鄰居關係也會中斷，提示與hello時間不一樣的現象同樣。

R2(config-if)#no ip ospf dead-interval 50
*Oct 23 16:10:29.531: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from LOADING to FULL, Loading Done

//再還原配置。

2.2.3 認證，認證密碼一致；
1）3認證類型

無認證；

明文認證；

MD5認證；

2）必要條件

認證類型和密碼都要一致。

3）各類狀況驗證

第一種：兩端無認證，默認的配置就符合這種狀況，故不在此作驗證。

第二種：兩端都爲明文認證，此狀況不須要在此作驗證，真有疑問，請找cisco研發；

第三種：兩端都爲MD5認證，同上；

第四種：無認證+明文認證；

R1：配置不改

R2：改成明文認證

R2(config-if)#ip ospf authentication         
R2(config-if)#ip ospf authentication-key cisco
R2(config-if)#
*Oct 23 16:24:07.747: %OSPF-5-ADJCHG: Process 200, Nbr 1.1.1.1 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
R2(config-if)#

//配置完成後，提示鄰居已經中斷；

在R1上開啓debug後輸出信息以下：

R1#debug ip ospf events
OSPF events debugging is on
R1#
*Oct 23 16:24:47.983: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1
*Oct 23 16:24:49.675: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 1, we use type 0

//提示對方使用type 1（明文認證），我(R1)使用type 0（無認證）

 

第五種：無認證+MD5認證；

R1：配置不改

R2：改成MD5認證

R2(config-if)#ip ospf authentication message-digest

R2(config-if)#ip ospf authentication-key cisco

//鄰居關係天然也是不能創建的。

查看R1的debug信息以下：

Oct 23 16:30:07.987: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/1 from 10.10.1.1
*Oct 23 16:30:09.639: OSPF: Rcv pkt from 10.10.1.2, Serial1/1 : Mismatch Authentication type. Input packet specified type 2, we use type 0

//提示對方使用type 2（MD5認證），我(R1)使用type 0（無認證）

第六種：明文認證+MD5認證+key相同；

R2保持上面配置，

R1改成明文認證：

R1(config-if)#ip ospf authentication-ke
R1(config-if)#ip ospf authentication-key cisco

在R2上開啓debug信息以下：

*Oct 23 16:34:49.411: OSPF: Send with youngest Key 0
*Oct 23 16:34:49.411: OSPF: Send hello to 224.0.0.5 area 0 on Serial1/0 from 10.10.1.2
*Oct 23 16:34:57.763: OSPF: Rcv pkt from 10.10.1.1, Serial1/0 : Mismatch Authentication type. Input packet specified type 1, we use type 2

//提示認證類型不一樣。

還原認證配置。

2.2.四、區域性質一致

有點累了，因此省略，有時間再作了------------