OSPF neighbors in VRF

What is the command to check all ospf nieghbors in a VRF in a Cisco 6509 switch

Hi,
I believe IOS supports the 'vrf' keyword in show-commands only for OSPFv3 with AFI-support.
But you can use the process ID instead, which also is easier to type:
(config-rtr)# router ospf 5 vrf VRF-5
# show ip ospf 5 neighbor
HTH
Rolf

Similar Messages

Redistribution of "global" OSPF into a VRF

Im' trying to redistribute several routes learned via OSPF into a VRF. This VRF use EIGRP as routing protocol.
I'm not able to see any entry in the vrf table.
Have anybody done a similar things or can point me to samples and tips ?
Thanks
Marco
This is what I have done:
ip vrf 1
rd 1000:1
route-target export 1000:1
route-target import 1000:1
ip vrf 2
rd 1001:2
route-target export 1001:2
route-target import 1001:2
interface FastEthernet0/0
description connessione al porta 4/12
no ip address
duplex full
speed 100
interface FastEthernet0/0.1
description VLAN 1 per test
encapsulation dot1Q 34
ip vrf forwarding 1
ip address 192.168.230.1 255.255.255.248
ip nat inside
standby 1 ip 192.168.230.6
standby 1 priority 110
standby 1 track GigabitEthernet6/0.2
interface FastEthernet0/0.2
description VLAN 2 per test SNASW
encapsulation dot1Q 35
ip vrf forwarding 2
ip address 192.168.230.57 255.255.255.248
interface GigabitEthernet6/0.1
description vlan TEST_NAT
encapsulation dot1Q 42
ip address 192.168.230.9 255.255.255.248
standby 2 ip 192.168.230.14
standby 2 priority 110
interface GigabitEthernet6/0.2
description vlan NAT
encapsulation dot1Q 43
ip address 192.168.230.17 255.255.255.248
standby 3 ip 192.168.230.22
standby 3 priority 110
standby 3 track FastEthernet0/0.1
router eigrp 2000
auto-summary
address-family ipv4 vrf 2
network 192.168.230.56 0.0.0.3
no auto-summary
autonomous-system 1001
exit-address-family
address-family ipv4 vrf 1
network 192.168.230.0 0.0.0.3
no auto-summary
autonomous-system 1000
exit-address-family
no eigrp log-neighbor-changes
router ospf 1000
log-adjacency-changes
passive-interface FastEthernet0/0.1
passive-interface GigabitEthernet6/0.1
network 192.168.230.16 0.0.0.7 area 100.100.100.100

Hi,
I don't understand very well your question, because I really don't know if you are trying to configure VPN's over MPLS but, maybe this can help you.
When you are configuring VPN's over MPLS:
- Supported by VPN aware routing protocols: eBGP, OSPF, RIPv2, Static Routes. The EIGRP is not a supported VPN, vrf Protocol.
- When you are configuring VPN's over MPLS you have to configure BGP and the address family for BGP.
- Also you have to be very careful when you are assigning OSPF to a vrf.
An example:
router ospf 1000 vrf Customer_ABC
network 192.168.230.16 0.0.0.7 area z
redistribute bgp xxx
router bgp xxx
address-family ipv4 vrf Customer_ABC
redistribute ospf 1000
There's more to configure in bgp, like neighbors address family vpnv4, etc.
Sorry if this don't help you or if you already knew this.
Regards,
Hector

Monitor the OSPF neighbors via snmp

Hello,
I monitor the OSPF neighbors via snmp. On the 3750 it works correctly.
http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a00801177ff.shtml
On 3750X via snmp I do not see that OSPF neighbors in the VRF. How to see through snmp??
I use the IOS C3750E-UNIVERSALK9-M 15.0(2)SE on 3750X
best regard

The solution is to update to 12.2(55)SE5

BGP to OSPF redistribution with VRFs

I am having a problem with redistribution of routes between BGP and OSPF when using VRFs mapping to VLANs between the PE and CE.
In this lab I've put together I have R4 and R5 communicating with eachother via BGP with MPLS. If I redistribute the BGP into OSPF and delivering the connection to the CE without VLANs it works fine. If I want to essentially keep the same primary network going into the other side of the BGP but send the VRF over a VLAN to the next router the redistribution doesn't happen.
In this example I have
192.168.100.0/24 (R6) --ospf-- (R4) --BGP-- (R5) --ospf-- (R7) 192.168.200.0/24
Between R4 and R5 is the core network running ospf (R1 - R3).
Can anyone point me in the right direction why this isn't working? I am obviously missing something here.
Thanks,
Mike

Hi Mike,
You need to add capability vrf-lite under ospf process of R6 and R7 because they are configured with VRF-lite. This command will disable the check usually done on the PE to avoid routing loops.
HTH
Laurent.

EEM script to monitor OSPF neighbor not working

I'm trying to monitor a OSPF neighbor syslog notification event to trigger actions to remove a network statement. I shut down the interface to the monitored neighbor and it removes the network statement which is good. I am also trying to monitor the neighbor to come back up and then re add the removed network statement which is not working. This may be a two part problem but I am receiving warnings that not enough vty lines are available. I am not seeing that the network addition is working at all. Here is my configuration.
event manager applet ospf-watch-down
event syslog pattern "OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.2 on FastEthernet1/0 from FULL to DOWN"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "router ospf 100"
action 4.0 cli command "no network 2.2.2.0 0.0.0.255 area 0"
action 5.0 cli command "end"
action 6.0 cli command "exit"
event manager applet ospf-watch-up
event syslog pattern "OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on FastEthernet1/0 from LOADING to FULL"
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "router ospf 100"
action 4.0 cli command "network 2.2.2.0 0.0.0.255 area 0"
action 5.0 cli command "end"
action 6.0 cli command "exit"
Here is the EM syslog error message " %HA_EM-3-FMPD_ERROR: Error executing applet ospf-watch-down statement 3.0" I am having the EM end and exit so I'm not sure why it's running out of CLI sessions. I'm also getting this one too " %HA_EM-3-FMPD_CLI_CONNECT: Unable to establish CLI session: no tty lines available, minimum of 2 required by EEM"
I've tested the ospf-watch-up and ospf-watch-down on its own after clearing all of the sessions and they each work on their own. I think this is a bug where eem won't release the session.
R1#show users
Line User Host(s) Idle Location
* 0 con 0 idle 00:00:00
130 vty 0 idle 00:02:13 EEM:ospf-watch-up
131 vty 1 idle 00:00:10 EEM:ospf-watch-up
132 vty 2 idle 00:00:28 EEM:ospf-watch-down
Interface User Mode Idle Peer Address
R1#

I know this is a old post. I was able to use the solution below, but I am having one problem.
Using the below config I am able to receive a email anytime my voice port is in any other state than ON HOOK. The problem I have is the script runs every 30 seconds and I receive an email every 30 seconds the line is in any other state than "ON-HOOK".
Is there a way to have only one email generated ONLY when the state changes from the previous state?
example : the line is on-hook, changes to off-hook or park or whatever- a email would be generated. ( only One email). not one every 30 seconds...
The line goes from Off-Hook back to IDLE. - A email would be generated to advise the line has been restored to a IDLE state.
scheduler allocate 20000 1000
event manager environment _email_from [email protected]
event manager environment _email_to email [email protected]
event manager environment _email_server smtp-server.isp.net
event manager applet check_1/0/0_if_NOT_ONHOOK
event timer watchdog time 30
action 001 cli command "enable"
action 002 cli command "show voice port summ | include 1/0/0"
action 003 foreach line "$_cli_result" "\n"
action 004 regexp "on-hook" "$line"
action 005 if $_regexp_result eq "1"
action 006 exit 0
action 007 end
action 008 end
action 009 syslog msg "PORT_1_is_in_any_other_state_then_on-HooK!"
action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time:Test EEM port 1/0/0 is SHORTED ie IN ALARM" body "TEST Body"
end
Any ideas?

Controling OSPF Neighbors

Let's say I have 4 routers on the same network segment all running OSPF
but I do not want them all to become neighbors, just 2 and 2 is there a way to do this in OSPF ?
without using access lists on interface to block ospf or such methods

Passive interface would work on a interface . If you are saying that there is one interface to another router then if you don't want the particular router to be a ospf participant then then passive interface the router interface or don't setup ospf at all on the router is which case you will need default static routes pointing to the next hop and somewhere on a ospf router you will need statics pointing back to the boxes that are not running ospf for the subnets on that router. . Not sure why you want to do this.

VRF & OSPF passive interfaces

Hello,
if configuring OSPF for a VRF you cannot configure passive interfaces! The command does not even exist!
This seems to be related to CSCeb86068.
Does anyone have experiences with that issue??
Any intelligent solution??
Thanks
Juerg

1.For no neighbor in your VPN, you can try BGP as PE-CE routing protocol.
router bgp 65000
address-family ipv4 vrf school
network x.x.x.x mask x.x.x.x
no auto-summary
no synchronization
exit-address-family
R1#v all 172.16.1.0
BGP routing table entry for 172:16:172.16.1.0/24, version 373
Paths: (1 available, best #1, table school)
Flag: 0x820
Advertised to update-groups:
1 2
Local
0.0.0.0 from 0.0.0.0 (172.16.0.1)
Origin IGP, metric 0, localpref 100, weight 32768, valid, sourced, local, best
Extended Community: RT:172:16
2.If you still need use ospf and passive interface in your ospf vrf, upgrade to 12.4.2 or above. :)

OSPF problem: Neighbor Down 1-2 times per day

Hi
We have 4 devices are running OSPF (3 cisco routers and 1 Juniper firewall as show in attachment file). In last few months, we got Neighbot Down message almost 1-2 times per day. Network between them interrupt for a short time and even monitoring mechanism does not aware the interruption(down time is too short). Could I have your advice of any possible root cause to this problem?
Timer intervals configured to all devices are same: Hello 10, Dead 40, Wait 40, Retransmit 5
Neighbor A
Neighbor A#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.255.128 1 FULL/DROTHER 00:00:34 172.16.108.11 GigabitEthernet0/11
172.16.255.130 1 FULL/DR 00:00:33 172.16.108.2 GigabitEthernet0/11
172.16.255.64 1 FULL/DROTHER 00:00:34 172.16.107.1 GigabitEthernet0/12
172.16.255.128 1 FULL/DROTHER 00:00:38 172.16.107.11 GigabitEthernet0/12
172.16.255.130 1 FULL/DR 00:00:38 172.16.107.7 GigabitEthernet0/12
Neighbor A#show log
Mar 16 06:03:33.159: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.128 on GigabitEthernet0/12 from FULL to DOWN, Neighbor Down: Dead timer expired
Mar 16 06:03:50.137: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.128 on GigabitEthernet0/12 from LOADING to FULL, Loading Done
Mar 16 21:15:05.509: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.64 on GigabitEthernet0/12 from LOADING to FULL, Loading Done
Neighbor B
Neighbor B#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.255.128 1 FULL/DROTHER 00:00:36 172.16.108.11 GigabitEthernet0/11
172.16.255.129 1 FULL/BDR 00:00:35 172.16.108.1 GigabitEthernet0/11
172.16.255.64 1 FULL/DROTHER 00:00:39 172.16.107.1 GigabitEthernet0/12
172.16.255.128 1 FULL/DROTHER 00:00:30 172.16.107.11 GigabitEthernet0/12
172.16.255.129 1 FULL/BDR 00:00:35 172.16.107.6 GigabitEthernet0/12
Neighbor B#show log
Mar 16 06:03:33.143: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.128 on GigabitEthernet0/12 from FULL to DOWN, Neighbor Down: Dead timer expired
Mar 16 06:03:50.122: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.128 on GigabitEthernet0/12 from LOADING to FULL, Loading Done
Mar 16 21:14:58.054: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.64 on GigabitEthernet0/12 from LOADING to FULL, Loading Done
Mar 16 21:15:03.800: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.128 on GigabitEthernet0/12 from LOADING to FULL, Loading Done
Neighbor C
Neighbor C#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
172.16.255.129 1 FULL/BDR 00:00:35 172.16.108.1 FastEthernet0/1/0
172.16.255.130 1 FULL/DR 00:00:38 172.16.108.2 FastEthernet0/1/0
172.16.255.64 1 2WAY/DROTHER 00:00:30 172.16.107.1 FastEthernet0/0/1
172.16.255.129 1 FULL/BDR 00:00:35 172.16.107.6 FastEthernet0/0/1
172.16.255.130 1 FULL/DR 00:00:33 172.16.107.7 FastEthernet0/0/1
Neighbor C#show log
Mar 16 06:03:23.571: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.130 on FastEthernet0/0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
Mar 16 06:03:25.479: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.129 on FastEthernet0/0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
Mar 16 06:03:29.415: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.64 on FastEthernet0/0/1 from EXSTART to DOWN, Neighbor Down: Dead timer expired
Mar 16 06:03:50.112: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.129 on FastEthernet0/0/1 from LOADING to FULL, Loading Done
Mar 16 06:03:50.112: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.130 on FastEthernet0/0/1 from LOADING to FULL, Loading Done
Mar 16 21:14:53.740: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.130 on FastEthernet0/0/1 from FULL to DOWN, Neighbor Down: Dead timer expired
Mar 16 21:15:03.793: %OSPF-5-ADJCHG: Process 1, Nbr 172.16.255.130 on FastEthernet0/0/1 from LOADING to FULL, Loading Done

I think no L2 loops in the network. We have spanning tree configured on switches connecting to router A & B.
VLAN0108
Spanning tree enabled protocol ieee
Root ID    Priority    32876
             Address     5c50.15a3.8480
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32876 (priority 32768 sys-id-ext 108)
             Address     5c50.15a3.8480
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/0/45            Desg FWD 4         128.45   P2p Edge
Gi1/0/47            Desg FWD 19        128.47   P2p Edge
Gi1/0/48            Desg FWD 4         128.48   P2p Edge
VLAN0107
Spanning tree enabled protocol ieee
Root ID    Priority    32875
             Address     5c50.15ec.f000
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority    32875 (priority 32768 sys-id-ext 107)
             Address     5c50.15ec.f000
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec
Interface           Role Sts Cost      Prio.Nbr Type
Gi1/0/45            Desg FWD 4         128.45   P2p Edge
Gi1/0/47            Desg FWD 19        128.47   P2p Edge
Gi1/0/48            Desg FWD 4         128.48   P2p Edge

OSPF link update-Basic Query

I am new to OSPF. I have 2 basic querys on OSPF link update.
1. How does one router communicates with every router in the OSPF area. Is it that each router communicates only with its directly connected neighbours? example.
ROUTERA-------ROUTERB-----ROUTERC-----ROUTERD----ROUTERE
Lets say link on RouterB connected to ROUTERA goes down. How does "ROUTERE" get to know about this? Is the communication is from RouterB to ROUTERC then to ROUTERD and then to ROUTERE?
2. How does router handle(forward) multicast packets?
Thanks

Hello Avil,
the way OSPF communicates depends on how your network is set up. In your case, it looks like all routers are connected back-to-back with point-to-point links. OSPF uses the concept of adjacencies: an OSPF router has an adjacency with a connected router, which means that they have the exact same view of the entire network. If you do a 'show ip ospf neighbor' on your RouterA and your RouterE, it tells you the adjacencies these routers have with other connected routers. Now let's say the link between RouterA and RouterB goes down. RouterC notifies RouterD, and RouterD notifies RouterE immediately by exchanging link-state packets.
Keep in mind that on a multiaccess segment (where multiple OSPF routers are directly connected on the same segment), the concept of DR (Designated Router) and BDR (Backup Designated Router) comes into play: on a multiaccess segment, a DR and a BDR are elected, and all other routers have full adjacencies only with the DR and the BDR.
Regarding the multicast traffic: it is handled just as unicast traffic (unless you specifically block it).
Does that make sense ? If you are just starting with OSPF, have a look at the link below, which contains a pretty good introduction of the basic concepts.
OSPF Design Guide
http://www.cisco.com/warp/public/104/2.html#4.0
HTH,
GNT

OSPF load balancing across multiple port channels

I have googled/searched for this everywhere but haven't been able to find a solution. Forgive me if I leave something out but I will try to convey all relevant information. Hopefully someone can provide some insight and many thanks in advance.
I have three switches (A, B, and C) that are all running OSPF and LACP port channelling among themselves on a production network. Each port channel interface contains two physical interfaces and trunks a single vlan (so a vlan connecting each switch over a port channel). OSPF is running on each vlan interface.
Switch A - ME3600
Switch B - 3550
Switch C - 3560G
This is just a small part of a much larger topology. This part forms a triangle, if you will, where A is the source and C is the destination. A and C connect directly via a port channel and are OSPF neighbors. A and B connect directly via a port channel and are OSPF neighbors. B and C connect directly via a port channel and are OSPF neighbors. Currently, all traffic from A to C traverses B. I would like to load balance traffic sourced from A with a destination of C on the direct link and on the links through B. If all traffic is passed through B, traffic is evenly split on the two interfaces on the port channel. If all traffic is pushed onto the direct A-C link, traffic is evenly balanced on the two interfaces on that port channel. If OSPF load balancing is configured on the two vlans from A (so A-C and A-B), the traffic is divided to each port channel but only one port on each port channel is utilized while the other one passes nothing. So half of each port channel remains unused. The port channel on B-C continues to load balance, evenly splitting the traffic received from half of the port channel from A.
A and C port channel load balancing is configured for src-dst-ip. B is a 3550 and does not have this option, so it is set to src-mac.
Relevant configuration:
Switch A:
interface Port-channel1
description Link to B
port-type nni
switchport trunk allowed vlan 11
switchport mode trunk
interface Vlan11
ip address x.x.x.134 255.255.255.254
interface Port-channel3
description Link to C
port-type nni
switchport trunk allowed vlan 10
switchport mode trunk
interface Vlan10
ip address x.x.x.152 255.255.255.254
Switch B:
interface Port-channel1
description Link to A
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 11
switchport mode trunk
interface Vlan11
ip address x.x.x.135 255.255.255.254
interface Port-channel2
description Link to C
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 12
switchport mode trunk
interface Vlan12
ip address x.x.x.186 255.255.255.254
Switch C:
interface Port-channel1
description Link to B
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 12
switchport mode trunk
interface Vlan12
ip address x.x.x.187 255.255.255.254
interface Port-channel3
description Link to A
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10
switchport mode trunk
interface Vlan10
ip address x.x.x.153 255.255.255.254

This is more FYI. 10.82.4.0/24 is a subnet on switch C. The path to it is split across vlans 10 and 11 but once it hits the port channel interfaces only one side of each is chosen. I'd like to avoid creating more vlan interfaces but right now that appears to be the only way to load balance equally across the four interfaces out of switch A.
ME3600#sh ip route 10.82.4.0
Routing entry for 10.82.4.0/24
Known via "ospf 1", distance 110, metric 154, type extern 1
Last update from x.x.x.153 on Vlan10, 01:20:46 ago
Routing Descriptor Blocks:
x.x.x.153, from 10.82.15.1, 01:20:46 ago, via Vlan10
Route metric is 154, traffic share count is 1
* x.x.x.135, from 10.82.15.1, 01:20:46 ago, via Vlan11
Route metric is 154, traffic share count is 1
ME3600#sh ip cef 10.82.4.0
10.82.4.0/24
nexthop x.x.x.135 Vlan11
nexthop x.x.x.153 Vlan10
ME3600#sh ip cef 10.82.4.0 internal
10.82.4.0/24, epoch 0, RIB[I], refcount 5, per-destination sharing
sources: RIB
ifnums:
Vlan10(1157): x.x.x.153
Vlan11(1192): x.x.x.135
path 093DBC20, path list 0937412C, share 1/1, type attached nexthop, for IPv4
nexthop x.x.x.135 Vlan11, adjacency IP adj out of Vlan11, addr x.x.x.135 08EE7560
path 093DC204, path list 0937412C, share 1/1, type attached nexthop, for IPv4
nexthop x.x.x.153 Vlan10, adjacency IP adj out of Vlan10, addr x.x.x.153 093A4E60
output chain:
loadinfo 088225C0, per-session, 2 choices, flags 0003, 88 locks
flags: Per-session, for-rx-IPv4
16 hash buckets
< 0 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
< 1 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
< 2 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
< 3 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
< 4 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
< 5 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
< 6 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
< 7 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
< 8 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
< 9 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
<10 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
<11 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
<12 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
<13 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
<14 > IP adj out of Vlan11, addr x.x.x.135 08EE7560
<15 > IP adj out of Vlan10, addr x.x.x.153 093A4E60
Subblocks:
None

MPLS VRF configuartion on CE router

I have following Secinario.
CE1----PE1---P---PE2---CE1
---CE2
From PE2 to CE2 there two links.
Customer want VRF configuartion on the CE2 router on one link.
I have confirgured the VRF in between PE2 and CE2 on one link.Also configured Rd and RT parameter in the VRF.
I am useing BGP as routing protocol in between PE and CE.Can you please let me know should i have to configure MP-BGP in between PE2 and CE2 to carry RD and RT values from CE2 to PE2 ?

only if you extending MPLS VPN down to your CE. MP-BGP propgates VPNv4 updates tagged with a VPN label among PE routers only.
Normally an IGP protocol such as OSPF is used between PE-CE. You can configure OSPF in the VRF associated with the VPN and associate the interface connected to the CE with the VRF. OSPF routes can then propagate from a CE to a PE when an OSPF adjacency has formed between the two routers. OSPF adds routes to the VRF's forwarding table at the PE side with routes learned from the CE.
see this http://www.juniper.net/techpubs/software/erx/erx50x/swconfig-routing-vol2/html/bgp-mpls-vpns-config5.html

ASA Stops sending OSPF hellos

ASA Stops sending OSPF hellos
Dear Support,
Wondering if anyone else has come across this problem, but have two Cisco ASA 5510s ASA V7.2(1), DM V5.2(1) (in active/passive failover configuration). These are connected to a pair of 3750G-48-EMIs in a stack, OSPF is running on both, The ASAs are redistributing the outside, and DMZ interfaces by a defined route-map.
Everything normally works fine, but today I found that the neighbour relationship between the ASAs and 3750s had broke. I tried clearing the OSPF process on both the ASAs and 3750, but this would not resolve the problem. The 3750 would not show the ASAs in the neighbour list, but did have other devices (via a point-to-point link) as FULL state. The ASAs however would show the 3750s as INIT/DROTHER state.
Debugs showed that the ASAs were receiving hellos from the 3750s but was not sending any. The 3750s showed it was sending hellos but not receiving any from the ASAs
To resolve I had to reboot the ASAs. This is not my preferred solution as should not need to do this.
Has anyone else come across this problem, and is there a resolution? Or a bug track id?
Thank you in advance for your assistance.
I always rate helpful replies.
Best regards, Adrian

Hi,
Your symptoms seem to indicate you may be affected by this bug. If you are running one of the affected codes then apply the workaround suggested.
CSCsg00914 Bug Details
Headline OSPF neighbors dont form due to corrupted arp entry
Product pix-asa
Feature Unicast Routing Components Duplicate of
Severity 3 Severity help Status Verified Status help
First Found-in Version 7.2(1), 7.0(6) First Fixed-in Version 7.2(2), 7.2(1.26), 7.1(2.30), 7.0(6.10), 8.0(0.111) Version help
Release Notes
Symptom:
OSPF neighbors don't form
Conditions:
show ospf neighbors on the ASA running
7.2.1 displays the neighbors in INIT/DROTHER state.
The ASA may be attempting to send OSPF packets to a MAC address other than the
intended one, though non broadcast is disabled on the interface.
Workaround:
Clear the arp cache on the asa. If clearing the arp does not work, try adding a
static arp entry.
Further Problem Description:
A show arp should list the multicast address on the ASA.
HTH
Sundar

Ospf retransmission packet over transparent fwsm

Hello everyone!
I have a problem, ospf packets are lost over fwsm in transparent mode. my scheme cisco 6513 (vlan 602) - FWSM (transparent mode)- juniper mx 480 (vlan 1602)
sh ip ospf neighbor 10.25.78.102
Neighbor 10.25.78.102, interface address 10.25.4.49
In the area 0.0.0.25 via interface Vlan602
Neighbor priority is 0, State is FULL, 6 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x12 in Hello (E-bit L-bit )
Options is 0x52 in DBD (E-bit L-bit O-bit)
LLS Options is 0x1 (LR)
Dead timer due in 00:00:38
Neighbor is up for 00:34:26
Index 13/13, retransmission queue length 1377, number of retransmission 1829
First 0x56B71B24(22845)/0x541589D4(1980410) Next 0x56B71B24(22845)/0x53145CDC(1982479)
Last retransmission scan length is 1, maximum is 3
Last retransmission scan time is 0 msec, maximum is 0 msec
Link State retransmission due in 170 msec
fwsm version 4.1(15)
On fwsm there is a separate transparent context
interface Vlan1602
nameif outside_vos2
bridge-group 5
security-level 100
interface Vlan602
nameif inside_vos2
bridge-group 5
security-level 100
mtu outside_vos2 1600
mtu inside_vos2 1600
same-security-traffic permit inter-interface
access-group outside_vos2 in interface outside_vos2
access-group inside_vos2 in interface inside_vos2
vld-fwsm-3/Acon# sh access-list inside_vos2
access-list inside_vos2; 7 elements
access-list inside_vos2 line 1 extended permit icmp any any (hitcnt=3013) 0xdc0494dc
access-list inside_vos2 line 2 extended permit ospf any any (hitcnt=11870) 0x1a46fe16
access-list inside_vos2 line 3 extended permit ip any any (hitcnt=1) 0x8be5ad9f
access-list inside_vos2 line 4 extended permit ospf host 224.0.0.5 any (hitcnt=0) 0x96c6702
access-list inside_vos2 line 5 extended permit ospf host 224.0.0.6 any (hitcnt=0) 0xc8bc65d9
access-list inside_vos2 line 6 extended permit ospf any host 224.0.0.6 (hitcnt=0) 0xa6831776
access-list inside_vos2 line 7 extended permit ospf any host 224.0.0.5 (hitcnt=0) 0x1c1248b
vld-fwsm-3/Acon# sh access-list outside_vos2
access-list outside_vos2; 7 elements
access-list outside_vos2 line 1 extended permit icmp any any (hitcnt=3010) 0xda598b52
access-list outside_vos2 line 2 extended permit ospf any any (hitcnt=7886) 0x112dad2b
access-list outside_vos2 line 3 extended permit ip any any (hitcnt=10) 0x910c4a5a
access-list outside_vos2 line 4 extended permit ospf host 224.0.0.5 any (hitcnt=0) 0x2d6480d7
access-list outside_vos2 line 5 extended permit ospf host 224.0.0.6 any (hitcnt=0) 0x4a8401c0
access-list outside_vos2 line 6 extended permit ospf any host 224.0.0.5 (hitcnt=0) 0x70f8cbba
access-list outside_vos2 line 7 extended permit ospf any host 224.0.0.6 (hitcnt=0) 0x60783961
FWSM logs(there is no drops):
6|Apr 11 2014|14:47:40|302023|||||Teardown IP protocol 89 connection 12379739847668082336 for outside_vos2:10.25.4.49 to inside_vos2:10.25.4.54 duration 0:00:06 bytes 1520
6|Apr 11 2014|14:47:40|302022|||||Built IP protocol 89 connection 12379739847668082338 for inside_vos2:10.25.4.49 (10.25.4.49) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:38|302022|||||Built IP protocol 89 connection 12379739847668082337 for inside_vos2:224.0.0.5 (224.0.0.5) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:36|302023|||||Teardown IP protocol 89 connection 12379739847668082335 for inside_vos2:10.25.4.54 to outside_vos2:10.25.4.49 duration 0:00:05 bytes 164
6|Apr 11 2014|14:47:34|302022|||||Built IP protocol 89 connection 12379739847668082336 for outside_vos2:10.25.4.49 (10.25.4.49) to inside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:31|302023|||||Teardown IP protocol 89 connection 12379739847668082332 for outside_vos2:10.25.4.49 to inside_vos2:10.25.4.54 duration 0:00:05 bytes 1520
6|Apr 11 2014|14:47:31|302022|||||Built IP protocol 89 connection 12379739847668082335 for inside_vos2:10.25.4.49 (10.25.4.49) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:29|302023|||||Teardown IP protocol 89 connection 12379739847668082329 for inside_vos2:10.25.4.54 to outside_vos2:224.0.0.5 duration 0:00:09 bytes 196
6|Apr 11 2014|14:47:26|302023|||||Teardown IP protocol 89 connection 12379739847668082330 for inside_vos2:10.25.4.54 to outside_vos2:10.25.4.49 duration 0:00:05 bytes 164
6|Apr 11 2014|14:47:25|302022|||||Built IP protocol 89 connection 12379739847668082332 for outside_vos2:10.25.4.49 (10.25.4.49) to inside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:21|302023|||||Teardown IP protocol 89 connection 12379739847668082328 for outside_vos2:10.25.4.49 to inside_vos2:10.25.4.54 duration 0:00:05 bytes 1520
6|Apr 11 2014|14:47:21|302022|||||Built IP protocol 89 connection 12379739847668082330 for inside_vos2:10.25.4.49 (10.25.4.49) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:19|302022|||||Built IP protocol 89 connection 12379739847668082329 for inside_vos2:224.0.0.5 (224.0.0.5) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:17|302023|||||Teardown IP protocol 89 connection 12379739847668082327 for inside_vos2:10.25.4.54 to outside_vos2:10.25.4.49 duration 0:00:05 bytes 164
6|Apr 11 2014|14:47:15|302022|||||Built IP protocol 89 connection 12379739847668082328 for outside_vos2:10.25.4.49 (10.25.4.49) to inside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:12|302023|||||Teardown IP protocol 89 connection 12379739847668082324 for outside_vos2:10.25.4.49 to inside_vos2:10.25.4.54 duration 0:00:04 bytes 1520
6|Apr 11 2014|14:47:11|302022|||||Built IP protocol 89 connection 12379739847668082327 for inside_vos2:10.25.4.49 (10.25.4.49) to outside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:10|302023|||||Teardown IP protocol 89 connection 12379739847668082322 for inside_vos2:10.25.4.54 to outside_vos2:224.0.0.5 duration 0:00:10 bytes 196
6|Apr 11 2014|14:47:07|302022|||||Built IP protocol 89 connection 12379739847668082324 for outside_vos2:10.25.4.49 (10.25.4.49) to inside_vos2:10.25.4.54 (10.25.4.54)
6|Apr 11 2014|14:47:07|302023|||||Teardown IP protocol 89 connection 12379739847668082323 for inside_vos2:10.25.4.54 to outside_vos2:10.25.4.49 duration 0:00:05 bytes 164
on svi interface cisco 6500 and juniper mx480 - ip mtu 1400.
when traffic goes without FWSM no packet loss
sh ip ospf neighbor 10.25.78.102
Neighbor 10.25.78.102, interface address 10.25.4.49
In the area 0.0.0.25 via interface Vlan1602
Neighbor priority is 0, State is FULL, 6 state changes
DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x12 in Hello (E-bit L-bit )
Options is 0x52 in DBD (E-bit L-bit O-bit)
LLS Options is 0x1 (LR)
Dead timer due in 00:00:38
Neighbor is up for 00:00:36
Index 13/13, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec

Hi Mike,
Thanks for the reply. One of my colleagues had logged a TAC case recently and the advise was to redesign OSPF networking to reduce size of DBD packets and prevent fragmentation.
I accept this as a valid recommendation - the network does need work but was also looking for real life experiences where people had fixed similar issues.
I am looking at introducing another OSPF area and summarising as many routes as possible. I am also investigating / confirming MTU sizes on switch between ASA and FWSM. Based on some other research I am wondering whether I can increase MTU on FWSM,ASA and the interconnecting 3750 to alleviate issue.
The ASA has another neighbour with no problems - but very few routes recieved on the other network.
Thanks,
Pete

Are this OSPF LSA relate to each other ???

OSPF neighbor relationships progress
1) Down State
2) Init State
OSPF routers send Type 1 (hello)
3) Two-Way State
4) ExStart State (Type 2)
5) Exchange State
6) Loading State (type 3)
7) Full Adjacency
ALSO,
OSPF Area Types also use LSA exchange between routers or area
Type 1 generate by each router for each area it belongs to, flood only within particular area, describe the states of the routers link to the area.
Type 2 generate by DR in multi-access networks, flood only within the area that contain the network, describe the set of routes attched to a particular network.
Type 3 Orgin by ABR, flood throughout the backbone area to other ABRs, describe the links between ABR and the internal routes of a local area.
Type 4 Orgin by ABR, flood throughout the backbone area to other ABRs, describe routes to ASBRs.
Type 5 Orgin by ASBR, describe the routes to destinations external to the AS, flood throughout an OSPF AS.
The questions are this LSA relate to each other or it just happen like this ???

Hi Friend,
There is no relation between the type of LSA (1,2,3,4,5,7) exchanged between the routers within an area and between the areas to exchange the link state information and the packets which are used to form an ospf neigh and adjancy relationship.
Taking an example LSA 5 which is used to carry the external route information into an area is not at all related to type 5 LSA which you are talking for formaing a naighbor relationship.
I think the neighbor relationship is formed using hello packet, dd packet and LSU and LSR packets which you may name as type of LSA's. but these are not at all related to LSA's which are used to carry route information between the areas and within areas.
HTH
Ankur

OSPF setup problem

Hello everyone!
Im trying to configure a simple example of OSPF between three routers (R1, R2, R3),
which are interconnected via serial ports, using DCE cables.
Each router is connected to a switch via an Ethernet port.
Each switch has PCs attached to it.
Im using Cisco Packet Tracer.
R1 serial 1/0 interface is connected to R2 serial 1/0, using a network 192.168.10.0/30.
R1 serial 1/1 interface is connected to R3 serial 1/0, using a network 192.168.10.6/30.
R2 serial 1/1 interface is connected to R3 serial 1/1, using a network 192.168.10.8/30.
R1 fa 0/0 interface is connected to switch S1 using 172.16.1.16/28 network, and in the
meantime I configured this router as a DHCP server (with the network 172.16.1.16/28)
and the router fa 0/0 as a default gateway with IP address 172.16.1.17/28.
R2 fa 0/0 interface is connected to switch S2 using 10.10.10.0/24 network, and similarly,
it is configured as a DHCP server with a default gateway 10.10.10.1/24 (fa0/0 IP).
R3 fa 0/0 interface is connected to switch S3 using 172.16.1.32/29 network, and again,
it is configured as a DHCP server with default gateway 172.16.1.33 (fa 0/0 IP).
The clock rate is configured for R1 interfaces se 1/0 and 1/1 (I tried 64000 and
other values).
When I try the show ip ospf neighbor command on each of the routers,
R2 and R3 can see each other, however they do not recognize R1 as a neighbor.
Also, R1 cannot see any neighbor at all...
First I tried to check if the OSPF is set up correctly at each router (the loopback
interfaces, router IDs, netwok connection types).
R2's serial interface can ping R1's directly connected serial interface. But it cannot ping
any other interface of R1.
Similarly, R3's serial interface can ping only R1's directly connected serial interface.
But R2 and R3 can ping each other's any interface (serial, fa).
When I try to ping a PC connected to R1 from any device that is connected to the R2 or
R3 fa interfaces, I get "Destination host unreachable."
I checked the default gateway of R1, checked that the fa 0/0 of R1 and the DHCP are
configured properly.
What could it be? Am I missing something here with respect to the OSPF configurations?
But if it was the case, why other routers see each other?
It seems that the problem comes from R1, whose serial interfaces are the ones who set up
the clock rate. Could the clock rate be the reason?
Ping 224.0.0.5 from any of the routers does not show anything.
Tracert works only for the routers R2 and R3 (from R1 I cannot see any routes)
For example when I make traceroute from R2 to a serial interface of R2, it works:
R2#traceroute 192.168.10.6
Type escape sequence to abort.
Tracing the route to 192.168.10.6
1   192.168.10.10   5 msec    5 msec    6 msec
Also, the ping and traceroute from R1's se 1/1 to R2's se 1/0 for example works too:
R1#ping 192.168.10.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.6, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/8 ms
R1#traceroute 192.168.10.6
Type escape sequence to abort.
Tracing the route to 192.168.10.6
1   192.168.10.9    7 msec    7 msec    7 msec
2   192.168.10.10   7 msec    5 msec    4 msec
Thanks a lot for reading all this, and thanks for any suggestions!
Anna

duplicate post, try avoiding posting duplicate posts for same problem.
Regards
Alain
Don't forget to rate helpful posts.

OSPF neighbors in VRF

Similar Messages

Maybe you are looking for