Shulou(Shulou.com)06/01 Report--

Today encountered a problem, a branch is unable to access the Internet, I write out the ideas to solve the problem, for your reference.

Background introduction of network environment:

The branch has two lines, one MPLS dedicated line for internal network traffic, the other is internet line for local Internet access, the two lines are mutually complementary.

Resolution steps:

Since I am not in the local area, I am not sure what the state is.

Step 1: first connect to the router of internet, check the default route, and find that the router can be connected, initially eliminating the problem of the line.

The second step is to transfer the remote desktop to the DC and ping the public network address from DC, but it is found that it does not work. Check the DNS forwarding address of the DNS server and find that the configuration is normal. Take a look at the DNS service and everything is fine.

At this point, suddenly the internet router was cut off, and the first reaction was that there was a problem with the line.

The third step, think about it, call the local, inquire why the internet line is broken, ask the local to connect the line to the computer for testing, and later know that the local engineer unplugged the internet line during my test.

The fourth step, suddenly found that the local Internet, but the ping value is a little high. At that time, the reflection was that the traffic was switched to the MPLS line, and I could guess it without tracert routing. Because the intenret router does Trap, if the internet line goes down, the default floating route will direct traffic to the MPLS router.

Step 5: since there is no feedback on any tests done by the local IT, it is said that the direct connection is normal, which interferes with my judgment. I assume that the line is right, and log in to the internet router, ping gateway, found that the packet is out, looked at a default route, there is, the original came out of the default route lost, resulting in internal unable to access the Internet.

Step 6: go out from the internal tracert and find that it is impassable from the core to the router. Stuck on an interface and didn't notice it at the time. The subjective interruption is that the DNS server does not parse. Then rudely restart DC and found that the problem was not solved.

Step 7, focus on solving the problem of DNS, reset the forwarding address of DNS to my main DNS server, and direct the local DNS request to the main DNS server. It is normal for private network resolution, or cannot resolve the domain name of the external network. When I achieve this state, the conclusion is that the DNS service is working, otherwise the internal name will not be resolved. I feel that the line limits the forwarding direction of my public network DNS.

Step 8, call for repair, abuse the line supplier and ask them to find out what restrictions they have made. Anyway, as we all know, the support of this line is very limited, and many technicians are dizzy and hardly understand your needs.

In the ninth step, we have to rely on ourselves to find out what the problem is, so that measures can be taken. Seek the support of the local IT engineer, test the circuit carefully again, and rule out the line problem. I suddenly remembered the test in step 6: why the traffic is stuck on an interface, the core is to throw the data to the router, the router also has a default route, the routing table is not lost, and the router can also send packets from the exit. There is only one problem, that is, the router does not forward the following routes. I saw show cdp neibor, the devices are all alive, show ip eigrp nei, the neighbors are all here. But if the routing process does not do data forwarding, it must be unable to get out, ah, looked at the port, there is no error disable.

The method is very simple, of course, it is rough, restart the router, and the problem is solved in an instant. Because there is not much time to misarrange the routing process, the next time you encounter it, take a closer look.

Summary:

1. Logical judgment is very important in solving emergencies.

two。 Communication with local engineers is very important, never two people do the same thing at the same time, do not communicate with each other, for remote judgment, it will lead to serious misjudgment.

3. The way to solve the problem is very important, and even if you have a clear understanding of the architecture, it is not easy to wake up under high pressure. If the production network of a factory is interrupted, the consequences are really serious.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.