OSPF中虚链路与area认证的问题

使用到的命令:show ip ospf database

今天做OSPF实验时发现一个奇怪的问题：在各自配置了认证的区域里做虚链路连接时，所有路由表都是不完整的。

先贴配置：

R1#show run

interface Loopback0

 ip address 172.16.1.1 255.255.255.0

interface Serial1/1

 description DCE,OSPF area 3,connected to R2's S1/0,ip 172.16.255.2/30

 ip address 172.16.255.1 255.255.255.252

 ip ospf authentication-key 7 12185628190E15

 serial restart-delay 0

 clock rate 9600

router ospf 100

 router-id 1.1.1.1

 log-adjacency-changes

 area 3 authentication message-digest

 network 172.16.0.0 0.0.255.255 area 3

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

R2#show run

interface Serial1/0

 description DTE,OSPF area 3,connected to R1's S1/1,ip 172.16.255.1/30

 ip address 172.16.255.2 255.255.255.252

 ip ospf authentication-key 7 094D1D3612000E

 description DCE,OSPF area 2,connected to R3's S1/0,ip 172.16.255.6/30

 ip address 172.16.255.5 255.255.255.252

 ip ospf authentication-key 7 045A5939042455

 router-id 2.2.2.2

 area 2 virtual-link 3.3.3.3

 area 2 authentication message-digest

 network 172.16.255.0 0.0.0.3 area 3

 network 172.16.255.4 0.0.0.3 area 2

R3#show run

 description DTE,OSPF area 2,connected to R2's S1/1,ip 172.16.255.5/30

 ip address 172.16.255.6 255.255.255.252

 description DCE,OSPF area 0,connected to R4's S1/0,ip 172.16.255.10/30

 ip address 172.16.255.9 255.255.255.252

 ip ospf authentication-key 7 1304472D00091D

 router-id 3.3.3.3

 area 2 virtual-link 2.2.2.2

 area 0 authentication message-digest

 network 172.16.255.8 0.0.0.3 area 0

R4#show run

 description DTE,OSPF area 0,connected to R3's S1/1,ip 172.16.255.9/30

 ip address 172.16.255.10 255.255.255.252

 ip ospf authentication-key 7 104F59260E120B

 router-id 4.4.4.4

 network 172.16.16.0 0.0.0.255 area 1

路由表如下：

R1#show ip route

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C       172.16.255.0/30 is directly connected, Serial1/1

C       172.16.1.0/24 is directly connected, Loopback0

R2#show ip route

     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks

C       172.16.255.0/30 is directly connected, Serial1/0

C       172.16.255.4/30 is directly connected, Serial1/1

O IA    172.16.255.8/30 [110/128] via 172.16.255.6, 00:00:51, Serial1/1

O IA    172.16.16.1/32 [110/129] via 172.16.255.6, 00:00:51, Serial1/1

R3#show ip route

     172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

C       172.16.255.4/30 is directly connected, Serial1/0

C       172.16.255.8/30 is directly connected, Serial1/1

O IA    172.16.16.1/32 [110/65] via 172.16.255.10, 00:00:50, Serial1/1

R4#show ip route

O IA    172.16.255.4/30 [110/128] via 172.16.255.9, 00:01:12, Serial1/0

C       172.16.255.8/30 is directly connected, Serial1/0

C       172.16.16.0/24 is directly connected, Loopback0

实在没有想到有什么解决办法。先查看database。由于R1、R4没有参与到虚链路中，因此重点查看R2、R3的database。

R2#show ip ospf database

            OSPF Router with ID (2.2.2.2) (Process ID 100)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count

2.2.2.2         2.2.2.2         313         0x80000007 0x00FB30 0

3.3.3.3         3.3.3.3         5     (DNA) 0x80000006 0x00F6DB 3

4.4.4.4         4.4.4.4         1758  (DNA) 0x80000004 0x00A546 2

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum

172.16.16.1     4.4.4.4         1758  (DNA) 0x80000003 0x00D685

172.16.255.0    2.2.2.2         313         0x80000001 0x003803

172.16.255.4    2.2.2.2         313         0x80000001 0x001027

172.16.255.4    3.3.3.3         1806  (DNA) 0x80000003 0x00ED43

                Router Link States (Area 2)

2.2.2.2         2.2.2.2         313         0x80000013 0x008174 2

3.3.3.3         3.3.3.3         319         0x8000000E 0x002BCA 2

                Summary Net Link States (Area 2)

172.16.16.1     3.3.3.3         320         0x80000006 0x0071AB

172.16.255.0    2.2.2.2         309         0x80000006 0x002E08

172.16.255.8    3.3.3.3         321         0x80000006 0x00BF6A

                Router Link States (Area 3)

1.1.1.1         1.1.1.1         2157        0x80000003 0x001239 3

2.2.2.2         2.2.2.2         313         0x8000000B 0x00D24B 1

                Summary Net Link States (Area 3)

172.16.255.4    2.2.2.2         314         0x80000001 0x001027

R3#show ip ospf database

            OSPF Router with ID (3.3.3.3) (Process ID 100)

2.2.2.2         2.2.2.2         5     (DNA) 0x80000003 0x00BB55 1

3.3.3.3         3.3.3.3         366         0x8000000E 0x00F1F4 2

4.4.4.4         4.4.4.4         901         0x80000007 0x009F49 2

172.16.1.1      2.2.2.2         275   (DNA) 0x80000002 0x003DF6

172.16.16.1     4.4.4.4         897         0x80000005 0x00D287

172.16.255.0    2.2.2.2         275   (DNA) 0x80000002 0x003604

172.16.255.4    2.2.2.2         275   (DNA) 0x80000002 0x000E28

172.16.255.4    3.3.3.3         361         0x80000001 0x00F141

2.2.2.2         2.2.2.2         351         0x80000013 0x008174 2

3.3.3.3         3.3.3.3         356         0x8000000E 0x002BCA 2

172.16.16.1     3.3.3.3         357         0x80000006 0x0071AB

172.16.255.0    2.2.2.2         348         0x80000006 0x002E08

172.16.255.8    3.3.3.3         357         0x80000006 0x00BF6A

明显所有路由都在数据库里（查看R1和R4的数据库，同样该有的LSA都在数据库里），因此排除了虚链路没有转发某一类LSA的可能。但又没有想到是什么导致LSA在数据库里却不能生成路由。

只好胡乱蒙了。由于之前配置了区域间的认证，而虚链路正好是跨区域的，会不会是由于lsa的认证信息与区域认证信息不符，没有被采纳呢？

no掉所有认证信息，重新查看路由表：

     172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks

O IA    172.16.255.4/30 [110/128] via 172.16.255.2, 00:00:33, Serial1/1

O IA    172.16.255.8/30 [110/192] via 172.16.255.2, 00:00:13, Serial1/1

O IA    172.16.16.1/32 [110/193] via 172.16.255.2, 00:00:13, Serial1/1

其它的不用看了。

不过问题还没有解决，我相信区域认证与虚链路等跨区域传输lsa的方法应该没有冲突才对，都已经2点了，明天还要上班，还是先睡吧，等有时间了再作研究，呵呵。

本文转自 gole_huang 51CTO博客，原文链接:http://blog.51cto.com/golehuang/73792