Scribd
Upload
74 views55 pages

Lecture 6 - Troubleshooting OSPFv2

Uploaded by

Zainab Munir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
74 views55 pages

Lecture 6 - Troubleshooting OSPFv2

Uploaded by

Zainab Munir
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 55

Lecture 6: Troubleshooting

OSPFv2
Brent MacRae
October 2021

CCNP Enterprise: Advanced Routing


Troubleshooting OSPFv2 Neighbour
Adjacencies

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 2
Troubleshooting OSPFv2
OSPF Establishes Neighbor Relationships
• OSPF establishes neighbor relationships by sending hello packets out interfaces participating
in the OSPF process
• You can enable the OSPF process on an interface and place it in an OSPF area using two
methods:

1. Router OSPF configuration mode.

R1(config)# router ospf 1


R1(config-router)# network 10.1.1.0 0.0.0.255 area 0

2. Interface configuration mode.

R1(config)# interface g0/0


R1(config-if)# ip ospf 1 area 51

Be very careful when making assumptions about OSPF not being enabled
on an interface, make sure you check both methods of configuration.
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 3
Troubleshooting OSPFv2
Show IP OSPF Neighbor
• To verify OSPFv2 neighbors, you use the show ip ospf neighbor command:

• Neighbor ID – the router ID (RID) of the neighbor


• Priority – the priority of the neighbor for the router election process
• State – whether the neighbor is a DR, BDR, or DROTHER
• Dead Time - how long the router waits until it declares the neighbor down if it does not hear
another hello packet within that time (default is 40 seconds on a LAN)
• Address - the neighbor’s interface IP address from which the hello packet was sent
• Interface - the local router interface used to reach that neighbor

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 4
Troubleshooting OSPFv2
Troubleshooting OSPFv2 Neighbor Relationships
The following are some of the reasons an OSPFv2 neighbor relationship might not form:

• Interface is down - interface must be up/up


• Interface not running the OSPF process - if the interface is not enabled for OSPF, it does not send
hello packets or form adjacencies
• Mismatched timers - hello and dead timers must match between neighbors
• Mismatched area numbers - two ends of a link must be in the same OSPF area
• Mismatched area type - an area type could be a stub area or a not-so-stubby area (NSSA); routers
must agree on the type of area they are in
• Different subnets - neighbors must be in the same subnet
• Passive interface - suppresses the sending and receiving of hello packets while still allowing the
interface’s network to be advertised
• Mismatched authentication information - both OSPF interfaces must be configured for matching
authentication
• ACLs - an ACL may be denying packets to the OSPF multicast address 224.0.0.5
• MTU mismatch - maximum transmission unit of neighboring interfaces must match
• Duplicate router IDs - Router IDs must be unique for all routers participating in OSPF
• Mismatched network types - neighbors configured with a different OSPF network type might not
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 5
form an adjacency
Troubleshooting OSPFv2
Adjacency States
Down state – No hello packets received, send hellos

Init state – Hello packets received from neighbour containing their router ID

Two-way state – A router has seen its own router ID in a received Hello. On Ethernet links, elect a DR and BDR

ExStart state – Negotiate master/slave relationship and initiate DBD exchange

Exchange state – Routers exchange DBD packets; transition to Loading if additional information is required; else transition to Full

Loading state – LSRs and LSUs are used to gain additional information; routes are processed using the SPF algorithm

Full state – Routers have converged © 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 6
Troubleshooting OSPFv2
OSPF Basic Configuration Errors
• When an OSPF neighbor relationship does not form you need the assistance of an accurate physical and
logical network diagram and the show cdp neighbors command to verify who should be the neighbors

Interface is Down
• Router interfaces must be up/up if you plan on forming an OSPF neighbor adjacency

Interface Not Running OSPF Process


• Incorrect/missing network command or OSPF configured on the wrong interfaces or in the wrong area IDs
can prevent neighbor relationships from forming
• If an interface is enabled for OSPF with both the network ip_address wildcard_mask area
area_id command and the ip ospf process_id area area_id command, the interface command
takes precedence
• You can verify which interfaces are participating in the OSPF process by using the command show ip
ospf interface brief:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 7
Troubleshooting OSPFv2
Mismatched Timers
• OSPF timers must match for
neighbor adjacencies to form (with
EIGRP they do not)
• The hello timer defaults to:
• 10 seconds for broadcast and
point-to-point networks
• 30 seconds for nonbroadcast
and point-to-multipoint
networks
• The dead timer defaults to:
• 40 seconds for broadcast and
point-to-point networks
• 120 seconds for
nonbroadcast and point-to-
multipoint networks

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 8
Troubleshooting OSPFv2
Mismatched Timers
• You can also use the debug ip ospf hello command when troubleshooting adjacencies to reveal
mismatched timers

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 9
Troubleshooting OSPFv2
Mismatched Area Numbers
• For OSPF routers to form neighbor adjacencies, their neighboring interfaces must be in the same area

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 10
Troubleshooting OSPFv2
Mismatched Area Numbers
• You can use a debug command when troubleshooting adjacencies to find mismatched area numbers

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 11
Troubleshooting OSPFv2
Mismatched Area Type
• For routers within an area to form adjacencies, they
must agree on the area type
• Within the hello packet, a stub area flag is designed
to indicate the type of area the neighbor is in
• Area type can be verified on the router using show
ip protocols

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 12
Troubleshooting OSPFv2
Mismatched Area Type
• The debug ip ospf hello command is also used to find mismatched area types

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 13
Troubleshooting OSPFv2
Subnets and Passive Interfaces
Different Subnets - to form an OSPF
neighbor adjacency, the router
interfaces must be on the same
subnet

Passive Interface - if you configure


the wrong interface as passive, a
legitimate OSPF neighbor relationship
is not formed

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 14
Troubleshooting OSPFv2
Mismatched Authentication Information
• Both routers must agree on the settings for a neighbor relationship to form
• To verify whether authentication has been enabled, you use the show ip ospf command

If you configure authentication on an interface-by-interface basis, the


output of show ip ospf states Area has no authentication.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 15
Troubleshooting OSPFv2
Mismatched Authentication Information
• To verify the key ID being used on an interface-by-interface basis use the show ip ospf interface
interface_type interface_number command.
• If you configure authentication on an interface-by-interface basis you need to check the output of show
ip ospf interface command:

• You can use the debug ip ospf adj command to find mismatched authentication information:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 16
Troubleshooting OSPFv2
ACLs
• If an ACL is applied to an interface, and the ACL is not permitting OSPF packets, a neighbor relationship
does not form

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 17
Troubleshooting OSPFv2
MTU Mismatch
• For OSPF routers to become neighbors and achieve full adjacency, the interface of each router forming
the adjacency must have the same MTU
• If they don’t, the routers can see each other but get stuck in the ExStart/Exchange states
• To solve this issue, you can manually modify the MTU values of the interfaces so that they match, or you
can use the ip ospf mtu-ignore interface configuration command, which stops OSPF from
comparing the MTU when trying to form an adjacency

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 18
Troubleshooting OSPFv2
Duplicate Router ID
• OSPF neighbor relationships do not form between routers if they have the same RID
• When a duplicate RID exists, you receive a syslog message similar to the following:

• If you manually change the RID with the router-id ip_address command in router OSPF
configuration mode, you must reset the OSPF process by using the clear ip ospf process command
for it to take effect

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 19
Troubleshooting OSPFv2
Mismatched Network Types

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 20
Troubleshooting OSPFv2
Mismatched Network
Types
• To determine the network type
associated with an OSPF-
enabled interface, you can issue
the command show ip ospf
interface interface_type
interface_number

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 21
Troubleshooting OSPFv2 Routes

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 22
Troubleshooting OSPFv2 Routes
Common Reasons for Missing OSPFv2 Routes
• OSPF routers receive LSAs from every router within the same area
• Every router in an area must have exactly the same link-state database (LSDB) for that area
• If you have no neighbors, you will not learn any routes

The following is a list of common reasons OSPF routes might be missing either from the LSDB or the routing
table:
• Interface not running the OSPF process - If the interface is not participating in the OSPF process, the
network the interface is part of is not injected into the OSPF process and is therefore not advertised to
neighbors
• Better source of information - If exactly the same network is learned from a more reliable source, it is
used instead of the OSPF-learned information
• Route filtering - A filter might be preventing a route from being installed in the routing table
• Stub area configuration - If the wrong type of stub area is chosen, you might be receiving a default route
instead of the actual route
• Interface is shut down - The OSPF-enabled interface must be up/up for the network associated with the
interface to be advertised
• Wrong designated router elected - In a hub-and-spoke environment, if the wrong router is the DR, routes
are not exchanged properly
• Duplicate RIDs - If there are two or more routers with the same RID, ©routes are missing in the topology23
2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Troubleshooting OSPFv2 Routes
Interface Not Running the OSPF Process

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 24
Troubleshooting OSPFv2 Routes
Better Source of Information

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 25
Troubleshooting OSPFv2 Routes
Better Source of Information
• Even though a route appears in the routing table
as directly connected, it will still appear in the
LSDB if OSPF is enabled on that interface

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 26
Troubleshooting OSPFv2 Routes
Better Source of Information

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 27
Troubleshooting OSPFv2 Routes
Route Filtering
• A distribute list applied to an
OSPF process controls which
routes are installed into the
routing table from the LSDB
• Note that this differs from
EIGRP, where the distribute list
controls routes sent and
received between neighbors.
The reason this difference exists
is that all OSPF routers in an
area must have the same
LSDB.
• To apply a route filter to OSPF,
the distribute list is applied in
OSPF configuration mode
inbound (meaning into the routing
table), and the routes installed
are controlled by ACLs, prefix
lists, or route maps

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 28
Troubleshooting OSPFv2 Routes
Route Filtering (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 29
Troubleshooting OSPFv2 Routes
Route Filtering (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 30
Troubleshooting OSPFv2 Routes
Stub Area Configuration
• Stub areas or NSSAs, suppress Type 5 External LSAs from entering an area at the ABR
• Totally stubby areas and totally NSSAs, suppress Type 5 External and Type 3 Summary LSAs from
entering an area at the ABR
• The routes that would have been learned from the Type 5 and Type 3 LSAs are now replaced by a
default route

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 31
Troubleshooting OSPFv2 Routes
Stub Area Configuration (Cont.)
With totally stubby areas or totally NSSAs you configure the no-summary keyword on the
ABR only

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 32
Troubleshooting OSPFv2 Routes
Wrong DR Elected
In a subnet with multiple routers it does not matter which router is elected as the DR (multi-
access Ethernet topology or a full-mesh Frame Relay topology) because every router is able
to reach the DR

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 33
Troubleshooting OSPFv2 Routes
Wrong DR Elected
• It does matter who the DR is over a hub-and-spoke nonbroadcast multi-access (NBMA)
network such as Frame Relay or with a Dynamic Multipoint VPN (DMVPN), because the
underlying Layer 2 topology does not line up with the Layer 3 addressing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 34
Troubleshooting OSPFv2 Routes
Wrong DR Elected (Cont.)
• The DR router needs to be reachable through a single hop because of how OSPF neighbor
relationships are formed and how routers communicate with the DR
• Hellos are established with the multicast address 224.0.0.5, and the DR is reachable at the
multicast address 224.0.0.6
• Packets destined to these two multicast addresses are not relayed by other routers

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 35
Troubleshooting OSPFv2 Routes
Wrong DR Elected (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 36
Troubleshooting OSPFv2 Routes
Wrong DR Elected (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 37
Troubleshooting OSPFv2 Routes
Wrong DR Elected (Cont.)

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 38
Troubleshooting OSPFv2 Routes
Duplicate Router IDs
• The OSPF router ID (RID) is used in forming neighbor relationships and to determine which router
is advertising a specific LSA, it is imperative that the RIDs are unique in the domain

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 39
Troubleshooting OSPFv2 Routes
Duplicate Router IDs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 40
Troubleshooting OSPFv2 Routes
Duplicate Router IDs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 41
Troubleshooting Miscellaneous OSPFv2
Issues

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 42
Troubleshooting Miscellaneous OSPFv2 Issues
Tracking OSPF Advertisements Through a Network

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 43
Troubleshooting Miscellaneous OSPFv2 Issues
Tracking OSPF Advertisements Through a Network
The following steps describe how network 192.168.1.0/24, connected to R1, is learned by the LSDBs of
routers R2, R3, R4, and R5:

Step 1. Router R1 creates a Type 1 LSA for the 192.168.1.0/24 network and floods it into Area 1

Step 2. Router R2 receives the router LSA for 192.168.1.0/24 and places it in the Area 1 LSDB. R2 runs the
SPF algorithm to determine the best path to reach the 192.168.1.0/24 network. The best result is placed in
R2’s routing table (RIB).

Step 3. Router R2 informs Area 0 routers about network 192.168.1.0/24 by injecting a Type 3 LSA about the
network into the LSDB of Area 0 and flooding it into Area 0. This LSA includes the cost to reach the
192.168.1.0/24 network, from the perspective of router R2.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 44
Troubleshooting Miscellaneous OSPFv2 Issues
Tracking OSPF Advertisements Through a Network (Cont.)
Step 4. Each of the other Area 0 routers, R3 and R4, receives the Type 3 LSA and adds it to its Area 0 LSDB.
These routers run the SPF algorithm to determine the cost to reach R2. This cost is then added to the cost
R2 advertised in its Type 3 LSA, and the result is stored in the RIBs

Step 5. Router R4 informs Area 2 routers about network 192.168.1.0/24 by injecting a Type 3 LSA about the
network into the LSDB of Area 2 and flooding it into Area 2. This LSA includes the cost to reach the
192.168.1.0/24 network, from the perspective of R4.

Step 6. Each of the routers in Area 2 receives the Type 3 LSA and adds it to its Area 2 LSDB. These routers
run the SPF algorithm to determine the cost to reach R4. This cost is then added to the cost router R4
advertised in its Type 3 LSA, and the result is stored in the RIB of the routers.

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 45
Troubleshooting Miscellaneous OSPFv2 Issues
Types of OSPFv2 LSAs

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 46
Troubleshooting Miscellaneous OSPFv2 Issues
Route Summarization
• With OSPF, manual route summarization is enabled on an area-by-area basis on an ABR and on an ASBR
to summarize external routes being injected into an area.
• Remember that interarea summaries are created on ABRs with the area area-id range ip-prefix
command and that external summaries are created on ASBRs with the summary-address ip-
prefix/length command

• When a summary route is created on a router, so is a summary route to Null0:

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 47
© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 48
Troubleshooting Miscellaneous OSPFv2 Issues
Discontiguous Areas and Virtual Links
• In a multiarea OSPF network, the backbone area (Area 0) must exist, and all other areas must connect to
Area 0
• If an area is not physically adjacent to Area 0, routes are not successfully learned by all routers in the
OSPF domain

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 49
Troubleshooting Miscellaneous OSPFv2 Issues
Discontiguous Areas and Virtual Links
• In some cases, Area 0 may be discontinguous as well, which also leads to routing issues

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 50
Troubleshooting Miscellaneous OSPFv2 Issues
Discontiguous Areas and Virtual Links
• A virtual link can be a temporary solution to connect discontiguous areas to the rest of the OSPF network
• A virtual link is created between the routers connected to the transit area (Area 1) by using their RIDs and
the transit area number
• The router OSPF configuration mode command on R2 is area 1 virtual-link 4.4.4.4, and the
command on R4 is area 1 virtual-link 2.2.2.2
• Common virtual link mistakes are, not configuring the area with the transit area or incorrectly configuring
the router-ids

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 51
Troubleshooting Miscellaneous OSPFv2 Issues
Discontiguous Areas and Virtual Links

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 52
Troubleshooting Miscellaneous OSPFv2 Issues
Verifying Virtual Links

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 53
Troubleshooting Miscellaneous OSPFv2 Issues
Load Balancing
• OSPF supports only equal-cost load balancing
• Therefore, when troubleshooting load balancing for OSPF, your two primary points of concern are the
overall end-to-end cost and the maximum number of paths permitted for load balancing

© 2016 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 54

You might also like