Sharing of practical experience on routing technology pitfalls, have you learned it?

With the rapid development of information technology, network technology is also constantly updated and iterated, but there is a technology that cannot be replaced. It is responsible for obtaining information and finding paths in the network, and it is the routing protocol. In the process of network construction and operation and maintenance, whether it is a simple or complex network architecture, you will always encounter some routing minefields more or less. It is because of these minefields that you can gain experience and keep awe at all times. As part of the underlying infrastructure connecting the business, the network carries the key business and data traffic of the enterprise. Once a problem occurs, not only the interests of the enterprise will be damaged, but also the user experience will be damaged. This article comes from a veteran who has been engaged in network work for more than ten years. It summarizes the cases of uncommon but fatal routing loops under network routing protocols, and shares tips on mine avoidance during the configuration of network routing protocols.

Case 1: Static route configuration lacks a specified next-hop outbound interface, causing a loop

Topology environment:

Case Description:

❶Configure the static route 192.168.0.0/16 on WAN router CR1 and point the next hop to the organization switch;

❷ WAN router CR1 redistributes static routes to OSPF, and the five types of LSAs are Type 1;

❸The core switch learns the OSPF route sent by WAN router CR1. The next hop of the core switch to 192.168.0.0/16 is CR1;

❹Due to project needs, a new WAN router CR2 is added to replace the CR1 router. Except for the configuration of the upstream core switch, the other configurations of the CR2 router are consistent with those of CR1, including the static routing configuration of the downstream switch.

❺The newly added WAN CR2 router is connected to the core switch and an OSPF neighbor relationship is established;

Routing loop occurs: ❻After CR2 is connected to the core switch, half of the services accessed by the PC to the organization are interrupted. The organization route 192.168.0.0/16 is checked on the core switch, and it is found that the route to 192.168.0.0/16 has two next hops with equal load, namely CR1 and CR2 routers; ❼On CR2, the next hop of the organization route 192.168.0.0/16 is the core switch; at this time, the organization route 192.168.0.0/16 is looped between the core switch and the WAN router CR2;

Cause of the problem: In this case scenario, the WAN router CR2 is configured with a static route for the downstream organization. Although the downstream organization interface on CR2 is in the DOWN state, the next-hop address configured for the static route is reachable, that is, there is a 1.1.1.0/30 route on CR2. CR2 will perform route iteration query, causing the static route configured on CR2 to be activated and enter the routing table. As a result, the core switch can also learn the downstream organization route from CR2, and a route loop is formed between the core switch and CR2.

Solution: Add a specified outbound interface to the static route configured on WAN router CR2. In this case, the static route will be activated and entered into the routing table only when the CR2 outbound interface is in UP state.

Case 2: Lack of silent interfaces in OSPF configuration causes loop

Topology environment

Case Description:

❶ The core switch at the headquarters is configured with a static route 192.168.0.0/16 with the next hop pointing to the access network;

❷The core switch at the headquarters redistributes the static route 192.168.0.0/16 to OSPF, and the five types of LSA are Type 2;

❸After receiving the OSPF route, the headquarters downstream routers CR1 and CR2 redistribute the 192.168.0.0/16 route to the BGP neighbor and send it to the branch upstream router;

❹After receiving the BGP route from the headquarters' downstream router, the branch's upstream router BR2 forwards it to its IBGP neighbor BR1;

❺ The branch upstream router BR2 also redistributes the BGP route 192.168.0.0/16 into OSPF, and the five types of LSAs are Type 1;

❻The branch core switch receives the OSPF route sent by the branch upstream router and transmits it within OSPF. The five types of LSA are Type 1;

CR1 hardware card failure: ❼The business card of the headquarters downstream router CR1 fails. During the replacement of the faulty card, the passive-interface command for the interconnection interface between CR1 and BR1 in the OSPF configuration on CR1 disappears. The headquarters downstream router CR1 and the branch upstream router BR1 have established an OSPF neighbor relationship (there is a network Internet segment in the OSPF configuration on CR1 and BR1 devices, and there is no passive-interface command in the OSPF configuration of BR1 device)

❽At this time, the branch's upstream router BR1 receives the Type 1 route 192.168.0.0/16, and BR1 passes it to the head office's downstream router CR1 through OSPF.

❾The headquarters downstream router CR1 receives five types of LSAs of type 2 from the headquarters core switch and five types of LSAs of type 1 from the branch upstream router BR1. Since Type 1 is superior to Type 2 in the OSPF routing principle, the next hop of the route 192.168.0.0/16 in the headquarters downstream router CR1 routing table points to the branch upstream router BR1; since the management distance of the headquarters and branch routers EBGP routing protocol is configured as 20, the next hop of the route 192.168.0.0/16 received by the branch upstream router BR1 is the headquarters downstream router CR1;

A routing loop occurs: After the headquarters downstream router CR1 and the branch upstream router BR1 establish OSPF neighbors, CR1 receives the OSPF route of 192.168.0.0/16 sent by BR1. CR1 then redistributes the OSPF route to BR1. The next hop of the BGP route for 192.168.0.0/16 on BR1 is CR1. From then on, the 192.168.0.0/16 route is repeated between CR1 and BR1 until the TTL is exhausted and the message is discarded.

Solution: Configure the passive-interface command in the OSPF configuration of the headquarters downstream router CR1 and the branch upstream router BR1 respectively. The loop problem is solved.

Case 3: A loop is caused by a problem with the configuration of the priority of the bidirectional dual-point redistribution route

Topology environment

Case Description:

❶ The branch core switch is configured with a static route 192.168.0.0/16 with the next hop pointing to the access network;

❷The branch core switch redistributes the static route 192.168.0.0/16 to OSPF, and the five types of LSA are Type 1;

❸After receiving the OSPF route, the branch upstream router redistributes the 192.168.0.0/16 route to the EBGP neighbor and sends it to the headquarters downstream router;

❹The headquarters downstream routers CR1/CR2/CR3 receive EBGP routes from the corresponding interconnected Juniper devices BR1/BR2/BR3, with an administrative distance of 20;

❺At this time, the branch's upstream router BR3 has a hardware failure. Use Huawei router equipment to complete configuration translation and replace the faulty device. If the operation fails, first connect to the branch network, establish an OSPF neighbor relationship with the branch core, and establish an IBGP neighbor relationship with the branch's upstream Juniper routers BR1 and BR2;

❻After the new Huawei router BR3 established an IBGP neighbor relationship with the Juniper router, the downstream router of the headquarters could not receive the 192.168.0.0/16 route sent by the branch, and the services between the headquarters and the branch were interrupted;

❼The newly installed Huawei router BR3 learns the OSPF route of 192.168.0.0/16 through the branch core switch and redistributes the OSPF route into BGP (EBGP and IBGP);

Routing loop occurs: ❽At this time, the branch's upstream routers BR1 and BR2 learn the 192.168.0.0/16 route sent by the new Huawei router BR3 through IBGP. Since the IBGP routing protocol management distance of the branch's upstream Juniper router is set to 20, which is better than the OSPF external route 150, the 192.168.0.0/16 route originally learned by the branch's upstream Juniper router through the branch's core OSPF is changed from the routing table to the IBGP route. The OSPF for 192.168.0.0/16 on BR1 and BR2 routers disappears and cannot be redistributed to BGP through OSPF. Also, because EBGP and IBGP do not transmit routes to each other by default in Juniper routers, the branch's 192.168.0.0/16 route cannot be sent to the headquarters through EBGP. That is, the headquarters receives the branch's route, and the services between the headquarters and the branch are damaged. A loop appears in the 192.168.0.0/16 route between the branch's upstream routers.

Solution: Adjust the IBGP route priority to 170 on the branch's upstream Juniper routers BR1 and BR2 to be higher than the OSPF external route priority of 150. The loop problem is solved.

Routing protocol design practice:

Static routing:

• It is recommended to specify the next-hop outbound interface in static route configuration to avoid iterative route query.
• It is recommended to configure route description information for all static routes for readability;
• Configure the static floating route management distance according to the actual network environment. If static routing is preferred in the environment and dynamic routing is secondary, it is recommended that the floating route management distance be configured larger than the routing protocol management distance.

Routing announcement:

• It is recommended to manually configure the Router-id for all dynamic routing protocol processes. The Router-id is the device management address by default.
• When the router announces the interconnected address segment, it is recommended to announce it according to the address mask of the device interface. It is not recommended to use the same command to announce multiple interfaces.
• For the business routing network segment, routing announcements need to be made on all gateway devices;
• When the WAN dedicated line interconnection interface needs to be announced, it is recommended to announce the interconnection address only on one side of the device, and it is not recommended to announce it on the other end device;
• Except for BGP, it is recommended to configure silent interfaces in all dynamic routing processes. By default, all Layer 3 interfaces are prohibited from establishing routing neighbor relationships with other devices. When it is necessary to establish routing neighbor relationships with other devices, disable the corresponding silent interface command in the corresponding device configuration.

Route summarization and routing policies:

• It is recommended that all routing protocols disable automatic route aggregation and perform service route aggregation based on actual network needs;
• It is recommended that the match list for configuring routing policy calls does not contain Deny entries;
• When the routing policy needs to exclude certain traffic, it is recommended to configure two match lists, one to match the traffic that needs policy routing, and the other to match the traffic that needs to be excluded; configure a Deny policy in Route-Plicy to match the match list corresponding to the traffic that needs to be excluded, and then configure a Permit policy to match the match list corresponding to the traffic that needs policy routing;

Route redistribution:

• When redistributing static routes to dynamic routes, it is recommended to add different tags according to different service attributes to facilitate routing policy matching in dynamic routes. When statically redistributing the primary and backup links to OSPF, it is recommended to use five types of LSAs of Type 2; when statically redistributing the load link to OSPF, it is recommended to use five types of LSAs of Type 1;
• When redistributing routes to OSPF, a common mistake for Cisco devices is the lack of the Subnets keyword. If some routes are missing, it is recommended to check whether the configuration redistributes subnet routes.
• When bidirectional dual-point redistribution is performed between OSPF and BGP dynamic routing protocols, anti-loop mechanisms must be configured in both directions. It is recommended to use tag and community methods for routing anti-loop.
• In view of the inconsistency of the default management distances of different manufacturers, if the network environment contains three-layer routing networking of multi-vendor devices, it is recommended to manually adjust the routing priority to a consistent one to avoid suboptimal paths or routing loops during networking or in fault scenarios.

Appendix: Default routing priorities of mainstream manufacturers: