系统日志报告“静态路由目标的路径监视失败...”消息
28009
Created On 04/10/23 10:42 AM - Last Modified 01/07/25 19:33 PM
Symptom
- 已配置静态路由的路径监控
- 系统日志(显示日志系统)报告“静态路由目标xyzq/m 的路径监视失败,下一跳 xyza 路由已被删除。”
Environment
- Palo Alto 防火墙
- 支持的 PAN OS
- 路径监控
Cause
目标 IP 间歇性无法访问,导致路径监视失败,随后隧道中断。
Resolution
- Use CLI command 显示路由路径监控 to verify the current static route status and monitored-IP state.
admin@PA-VM> show routing path-monitor flags: A:active, S:static, E:ecmp VIRTUAL ROUTER: default (id 1) ================================= ========== destination nexthop metric weight flags interface pathmonitor status 192.168.16.0/24 172.16.130.96 10 S ethernet1/1 Enabled(Any) Down |--> monitored-IP interval/count state 8.8.8.8 3/5 Failed - Verify the path monitor failure and find the timestamps from log file 路由日志.
admin@PA-VM> grep pattern MON: mp-log routed.log 2023-05-01 10:26:01.491 +0800 MON: status update md(16: 172.16.130.165 => 172.16.130.96 => 8.8.8.8) Failed 2023-05-01 10:26:01.491 +0800 MON: status update monitor(vr default: 192.168.16.0 > 172.16.130.96) Down - Use CLI command 调试路由路径监控器 to find out the details of the path monitor. The path monitor failure can be confirmed by monitoring and comparing 发送数据包 and Rx 数据包.
admin@PA-VM> 调试路由路径监控器 sw.mprelay.s1.dp0.rtmon.debug ID: 0 Source Address: 172.16.130.165 Source Address (Dynamic): :: Destination Address: 8.8.8.8 Next Hop Address: 172.16.130.96 Next Hop VR: 0 Next Hop VR Address: :: Interface ID: 16 Ping Count: 5 Ping Interval: 3 Tick Elapsed: 50 Status: 0 TX packets: 19 Rx packets: 0 Errors: Generic: 0 Link: 0 Dynamic Source: 0 TX Resource 1: 0 TX Resource 2: 0 Route Lookup: 0 Interface: 0 Tunnel Egress: 0 L2: 1 RX Generic: 0 - 在这个例子中,路径监视数据包已发送,但未看到响应(RX)数据包。需要检查中间设备是否丢失数据包。
- 作为一种解决方法,使用响应 ICMP 数据包的已知可达 IP 进行路径监视器。