客户在华北区购买专线访问托管区物理机,新购买专线2,把专线流量全部切换到专线2,客户走公网流量还走原专线1路由器,但切换后访问公网有1000多ms的大延时,
处理过程
【处理过程】
查看客户配置脚本,如下
专线交换机CE5850
#
ip route-static 10.86.0.0 255.255.240.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.86.0.0 255.255.240.0 10.7.4.5 preference 80
ip route-static 10.86.16.0 255.255.255.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.86.16.0 255.255.255.0 10.7.4.5 preference 80
ip route-static 10.86.31.0 255.255.255.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.86.31.0 255.255.255.0 10.7.4.5 preference 80
ip route-static 10.86.192.0 255.255.255.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.86.192.0 255.255.255.0 10.7.4.5 preference 80
ip route-static 10.136.86.0 255.255.255.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.136.86.0 255.255.255.0 10.7.4.5 preference 80
客户防火墙
#
ip route-static 10.0.3.0 24 10.86.4.250 track 2
ip route-static 10.0.3.0 24 10.86.4.242 preference 100
ip route-static 10.0.96.0 24 10.86.4.250 track 2
ip route-static 10.0.96.0 24 10.86.4.242 preference 100
ip route-static 10.6.0.0 16 10.86.4.250 track 2
ip route-static 10.6.0.0 16 10.86.4.242 preference 100
ip route-static 10.88.22.0 24 10.86.4.250 track 2
ip route-static 10.88.22.0 24 10.86.4.242 preference 100
ip route-static 10.136.0.0 16 10.86.4.250 track 2
ip route-static 10.136.0.0 16 10.86.4.242 preference 100
ip route-static 10.136.0.0 18 10.86.4.250 track 2
ip route-static 10.136.0.0 18 10.86.4.242 preference 100
ip route-static 10.136.1.0 24 10.86.4.250 track 2
ip route-static 10.136.1.0 24 10.86.4.242 preference 100
ip route-static 10.136.64.0 20 10.86.4.250 track 2
ip route-static 10.136.64.0 20 10.86.4.242 preference 100
ip route-static 10.136.80.0 22 10.86.4.250 track 2
ip route-static 10.136.80.0 22 10.86.4.242 preference 100
ip route-static 10.136.84.0 24 10.86.4.250 track 2
ip route-static 10.136.84.0 24 10.86.4.242 preference 100
ip route-static 10.136.85.0 24 10.86.4.250 track 2
ip route-static 10.136.85.0 24 10.86.4.242 preference 100
ip route-static 10.136.88.0 21 10.86.4.250 track 2
ip route-static 10.136.88.0 21 10.86.4.242 preference 100
ip route-static 10.136.96.0 20 10.86.4.250 track 2
ip route-static 10.136.96.0 20 10.86.4.242 preference 100
ip route-static 10.136.128.0 17 10.86.4.250 track 2
ip route-static 10.136.128.0 17 10.86.4.242 preference 100
ip route-static 10.254.1.0 24 10.86.4.250 track 2
ip route-static 10.254.1.0 24 10.86.4.242 preference 100
ip route-static 88.88.8.0 24 10.86.4.250 track 2
ip route-static 88.88.8.0 24 10.86.4.242 preference 100
ip route-static 172.20.8.0 24 10.86.4.250 track 2
ip route-static 172.20.8.0 24 10.86.4.242 preference 100
ip route-static 172.20.241.0 24 10.86.4.250 track 2
ip route-static 172.20.241.0 24 10.86.4.242 preference 100
ip route-static 192.168.0.0 16 10.86.4.250 track 2
ip route-static 192.168.0.0 16 10.86.4.242 preference 100
查看客户tracert图,左侧为访问托管区,右侧为访问公网,发现第一跳公网地址为大延时,但出口路由器禁tracert无法判断是否大延时
在客户防火墙上建测试口设备为内网地址10.86.31.200/32测试公网地址结果同上,说明故障点在防火墙以上节点。
在客户专线1路由器上起测试地址163.177.151.110(百度地址),测试结果同上,说明故障点在路由器与防火墙二者之一。
在专线1路由器上查看路由,发现到10.86.31.200的下一跳不是防火墙而是路由器,在专线交换机上查看路由协议发现路由器与专线交换机之间运行OSPF,且引入了静态路由,命令如下
#
ospf 10 router-id 10.7.4.6
import-route direct route-policy in_ospf
import-route static route-policy in_ospf
area 0.0.0.0
network 10.6.32.0 0.0.0.255
network 10.7.4.4 0.0.0.3
network 10.7.4.8 0.0.0.3
#
之前变更配置包括了到10.86.31.200的静态路由,如下所示,导致此静态路由引入到了OSPF中,通告给邻居专线1路由器,
ip route-static 10.86.31.0 255.255.255.0 10.7.4.9 track bfd-session zhuhai_unicom
ip route-static 10.86.31.0 255.255.255.0 10.7.4.5 preference 80
到此故障点已找到,内网10.86.31.0访问公网的来回路径不一致,回程路径经过专线,经过测试专线延时1000多毫秒。
解决方法,在客户专线1 路由器上添加静态路由到100.86.31.0/24,使来回路径一致。
根因
【原因分析】
来回路径不一致和专线延时大是导致客户访问公网延时大的根因。
建议与总结
【案例总结】
延时大要配合命令tracert命令查看,还要结合来回的路径,一般采取分段排查的办法确认故障点。