OSPF中虛鍊路與area認證的問題

使用到的指令:show ip ospf database

今天做OSPF實驗時發現一個奇怪的問題：在各自配置了認證的區域裡做虛鍊路連接配接時，所有路由表都是不完整的。

先貼配置：

R1#show run

interface Loopback0

 ip address 172.16.1.1 255.255.255.0

interface Serial1/1

 description DCE,OSPF area 3,connected to R2's S1/0,ip 172.16.255.2/30

 ip address 172.16.255.1 255.255.255.252

 ip ospf authentication-key 7 12185628190E15

 serial restart-delay 0

 clock rate 9600

router ospf 100

 router-id 1.1.1.1

 log-adjacency-changes

 area 3 authentication message-digest

 network 172.16.0.0 0.0.255.255 area 3

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

R2#show run

interface Serial1/0

 description DTE,OSPF area 3,connected to R1's S1/1,ip 172.16.255.1/30

 ip address 172.16.255.2 255.255.255.252

 ip ospf authentication-key 7 094D1D3612000E

 description DCE,OSPF area 2,connected to R3's S1/0,ip 172.16.255.6/30

 ip address 172.16.255.5 255.255.255.252

 ip ospf authentication-key 7 045A5939042455

 router-id 2.2.2.2

 area 2 virtual-link 3.3.3.3

 area 2 authentication message-digest

 network 172.16.255.0 0.0.0.3 area 3

 network 172.16.255.4 0.0.0.3 area 2

R3#show run

 description DTE,OSPF area 2,connected to R2's S1/1,ip 172.16.255.5/30

 ip address 172.16.255.6 255.255.255.252

 description DCE,OSPF area 0,connected to R4's S1/0,ip 172.16.255.10/30

 ip address 172.16.255.9 255.255.255.252

 ip ospf authentication-key 7 1304472D00091D

 router-id 3.3.3.3

 area 2 virtual-link 2.2.2.2

 area 0 authentication message-digest

 network 172.16.255.8 0.0.0.3 area 0

R4#show run

 description DTE,OSPF area 0,connected to R3's S1/1,ip 172.16.255.9/30

 ip address 172.16.255.10 255.255.255.252

 ip ospf authentication-key 7 104F59260E120B

 router-id 4.4.4.4

 network 172.16.16.0 0.0.0.255 area 1

路由表如下：

R1#show ip route

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C       172.16.255.0/30 is directly connected, Serial1/1

C       172.16.1.0/24 is directly connected, Loopback0

R2#show ip route

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

C       172.16.255.0/30 is directly connected, Serial1/0

C       172.16.255.4/30 is directly connected, Serial1/1

O IA    172.16.255.8/30 [110/128] via 172.16.255.6, 00:00:51, Serial1/1

O IA    172.16.16.1/32 [110/129] via 172.16.255.6, 00:00:51, Serial1/1

R3#show ip route

     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

C       172.16.255.4/30 is directly connected, Serial1/0

C       172.16.255.8/30 is directly connected, Serial1/1

O IA    172.16.16.1/32 [110/65] via 172.16.255.10, 00:00:50, Serial1/1

R4#show ip route

O IA    172.16.255.4/30 [110/128] via 172.16.255.9, 00:01:12, Serial1/0

C       172.16.255.8/30 is directly connected, Serial1/0

C       172.16.16.0/24 is directly connected, Loopback0

實在沒有想到有什麼解決辦法。先檢視database。由于R1、R4沒有參與到虛鍊路中，是以重點檢視R2、R3的database。

R2#show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 100)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count

2.2.2.2         2.2.2.2         313         0x80000007 0x00FB30 0

3.3.3.3         3.3.3.3         5     (DNA) 0x80000006 0x00F6DB 3

4.4.4.4         4.4.4.4         1758  (DNA) 0x80000004 0x00A546 2

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

172.16.16.1     4.4.4.4         1758  (DNA) 0x80000003 0x00D685

172.16.255.0    2.2.2.2         313         0x80000001 0x003803

172.16.255.4    2.2.2.2         313         0x80000001 0x001027

172.16.255.4    3.3.3.3         1806  (DNA) 0x80000003 0x00ED43

                Router Link States (Area 2)

2.2.2.2         2.2.2.2         313         0x80000013 0x008174 2

3.3.3.3         3.3.3.3         319         0x8000000E 0x002BCA 2

                Summary Net Link States (Area 2)

172.16.16.1     3.3.3.3         320         0x80000006 0x0071AB

172.16.255.0    2.2.2.2         309         0x80000006 0x002E08

172.16.255.8    3.3.3.3         321         0x80000006 0x00BF6A

                Router Link States (Area 3)

1.1.1.1         1.1.1.1         2157        0x80000003 0x001239 3

2.2.2.2         2.2.2.2         313         0x8000000B 0x00D24B 1

                Summary Net Link States (Area 3)

172.16.255.4    2.2.2.2         314         0x80000001 0x001027

R3#show ip ospf database

            OSPF Router with ID (3.3.3.3) (Process ID 100)

2.2.2.2         2.2.2.2         5     (DNA) 0x80000003 0x00BB55 1

3.3.3.3         3.3.3.3         366         0x8000000E 0x00F1F4 2

4.4.4.4         4.4.4.4         901         0x80000007 0x009F49 2

172.16.1.1      2.2.2.2         275   (DNA) 0x80000002 0x003DF6

172.16.16.1     4.4.4.4         897         0x80000005 0x00D287

172.16.255.0    2.2.2.2         275   (DNA) 0x80000002 0x003604

172.16.255.4    2.2.2.2         275   (DNA) 0x80000002 0x000E28

172.16.255.4    3.3.3.3         361         0x80000001 0x00F141

2.2.2.2         2.2.2.2         351         0x80000013 0x008174 2

3.3.3.3         3.3.3.3         356         0x8000000E 0x002BCA 2

172.16.16.1     3.3.3.3         357         0x80000006 0x0071AB

172.16.255.0    2.2.2.2         348         0x80000006 0x002E08

172.16.255.8    3.3.3.3         357         0x80000006 0x00BF6A

明顯所有路由都在資料庫裡（檢視R1和R4的資料庫，同樣該有的LSA都在資料庫裡），是以排除了虛鍊路沒有轉發某一類LSA的可能。但又沒有想到是什麼導緻LSA在資料庫裡卻不能生成路由。

隻好胡亂蒙了。由于之前配置了區域間的認證，而虛鍊路正好是跨區域的，會不會是由于lsa的認證資訊與區域認證資訊不符，沒有被采納呢？

no掉所有認證資訊，重新檢視路由表：

     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks

O IA    172.16.255.4/30 [110/128] via 172.16.255.2, 00:00:33, Serial1/1

O IA    172.16.255.8/30 [110/192] via 172.16.255.2, 00:00:13, Serial1/1

O IA    172.16.16.1/32 [110/193] via 172.16.255.2, 00:00:13, Serial1/1

其它的不用看了。

不過問題還沒有解決，我相信區域認證與虛鍊路等跨區域傳輸lsa的方法應該沒有沖突才對，都已經2點了，明天還要上班，還是先睡吧，等有時間了再作研究，呵呵。

本文轉自 gole_huang 51CTO部落格，原文連結:http://blog.51cto.com/golehuang/73792