OSPF Design/Best practices.
http://ftp.ines.ro/doc/isp-workshops/Routing%20Presentations/3-ospf-for-isps.pdf
https://www.nanog.org/meetings/nanog49/presentations/Sunday/Shamim_Which_Routing_N49.pdf
1) OSPF Troubleshooting flow chart
2) OSPF Networker troubleshooting PPT
Problem :OSPF full neigborship is not coming up between routers
Cause :
1. Hello and Dead timer or Area ID, Authentication password/type/key or Area type are mismatch between router.
2. Trying to build OSPF neigborship on secondary address.
4. OSPF not enabled on correct interface or network command is wrong.
5. Network type is NBMA and no neigbor map configured with broadcast option.
6. High CPU or OSPF packet is dropped by interface due to queuing or high rate or hardware issue from interface to CPU path.
7. Mismatch Subnet mask is configured.
8. "passive interface <> " is configured under "router ospf"for the interface.
9. Mismatch Network type is configured.
10. Router is configured with ip ospf priority 0 on router.
11. Neighborship is getting built over virtual link on sutb area.
OSPF stuck in INIT (one way hello)
Multicast is broken or layer 2 problem.
Access-list is blocking ospf multicast address.
OSPF hello packet getting NAT translated.
Layer 2 is broken.
OSPF stuck in 2-WAY
Normal on ethernet broadcast.
Layer 2 is broken.
All routers are configured with priority 0 so there will not be any election.
OSPF stuck in EXSTART/EXCHANGE
MTU mismatch between neighbor
Duplicate router-ID between routers.
Packet loss can also cause to stuck.
Access-list is blocking unicast communication between router.
OSPF stuck in LOADING
Neigbor is sending bad packet or corrupt packet due to memory.
LS request packet is not accepting by neighbor and ignoring.
Debug command :
debug ip ospf adj
Solution:
a) Make sure hello-dead/ area id, area type,authentication type/password are correct and same.
b) Make sure MTU is same on both router.
c) Make sure neigbor command is configured on remote router with broadcast.
d) Make sure OSPF neigborship build on primary address.
e) Access-list /control plane is not dropping the packet and allowing OSPF multicast and interface ip address communication.
f) Subnet mask should be same on the router.
g) Make sure no corrupted OSPF packet received.
h) Make sure passive interface is not configured under "router ospf".
i) Make sure Virtual -link is not configured over stub area.
Problem : Route is flapping across the network in OSPF.
Cause : Link flapping on the router.
Solution:
a) Use summarization on the router to reduce the impact of flapping route.
b) Use" ip event dampening " on the interface.
Problem : OSPF Route is not learnt in OSPF database.
Cause:
1) Originating router not generating LSA.
2) Routes are redistributed in stub areas.
3) LSA filter-list is configured on ABR.
Solution:
a) Make sure OSPF adjacency is up.
b) Make sure redistribution is used with subnet keyword as well.
e) Do not redistribute external routes in stub area.
f) Make sure LSA are not filtered.
Problem : OSPF Route is not installed in routing table.
Cause :
1) Distribute list is configured.
3)Network type mismatch between router.
4) Adv-router not reachable msg.
5)One side is numbered and the other unnumbered (O, O IA, O E1,O E2).
6)ip addresses are flipped, dual serial (O, O IA, O E1, O E2).
7) Forwarding address is not known or is known via external/static (O E1, O E2) - route s sum and redistribute conn?
8) Backbone area became discontigous (O, OIA, OE1, OE2)
9) OSPF is enabled on secondary but not on primary.
Solution:
a) Make sure distribute-list is configured correctly.
b) Make sure forwarding address is reachable for external route.
c) Make sure forwarding address is not even reachable but also should be learned via inter area and intra area.
c) Make sure network type is correct on both sides.
d) Make sure there is no backbone partition.
Problem : SPF is running constantly on OSPF router and CPU HOG.
Cause:
1) LSA flapping due duplicate router ID/IP address.
2) Constantly Link flapping in an area.
3)All LSA refresh every 30 min (bad!)•4
4)Timers of each LSA get sync (worse!)
5)With group pacing only LSAs that reach max-age get refreshed periodically
Debug:debug ip ospf monitor
show ip ospf stati
show ip ospf database database-sum
Solution:
a) Use sumarization inter area or external routes on the router if too many.
b) Use" ip event dampening " on the interface.
c) Make sure no duplicate router id is on the network.
d) Make sure links are stable on the network. If links can not stay stable, use summarization.
c) Interval is configurable
Problem : OSPF Neighbor is flapping between router.
Cause:
1. Output and input queue drops/error/crc on the interface.
2. Interface is flapping .
3. High CPU on the router.
4. OSPF hello packet is dropping on the platform between interface and CPU.
Solution:
a) Make sure no high CPU.
b) Interface is stable and no packet drops on the interface due to error/crc/input error/input queue/output drops.
c) No packet drops on the line card and platform.
Problem : NSSA ABR not translating Type 7 LSA
Cause:
Solution:
a) hard code the NSSA type 7 translator by using command "area 1 nssa translate type7 always"
Problem: GRE Tunnel OSPF adjacency is flapping
Cause:
1) Tunnel destination are learning over the Tunnel.
Solution :
a) Make sure tunnel destination is not learn over the OSPF adjacency.
Problem : Sequence number mismatch.
Cause :
1. LSA should one of 5 LSAs
2. If LSA is type 5 and the neighbor is associated with a stub area
3. If one of the options change
4. If the state of MS bit is inconsistent with master slave connection
5. If the I-bit is set
6. If the master receives a DBD packet after a dead interval
7. If the requested LSA is not found, then something has gone wrong with the database exchange.
debug ip ospf adjacency
Solution:
Problem: OSPF: Could not allocate router id
Cause:
1)Common new install problem.
2)If no interface up/up with valid ip address.
3)if no ip addresses assigned.
Solution:
1)Configure a loopback with an ip address.
Problem: OSPF unknown routing protocol
Cause:
1)OSPF is not supported on low end platform
2)For 1000 and 1600 routers download plus version
3)800 routes are not supported to run ospf
Problem:OSPF not sending hellos on async interface
Cause:
1)‘async default routing’ is not configured under the interface
Problem: OSPF not redistributing default static route
Cause:
1)Need default-information originate to propagate default
Problem: OSPF-4-ERRRCV msg on the console
Cause:
1)Mismatch area ID, BAD Checksum etc
E bit is 1, Allow externals, option: 0x2(HEX) = 00000010(Bin)
Stub area: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1866 opt 0x0 flag 0x3 len 372
E bit is 0, no external allowed, options: 0x0 = 00000000
MC not supported - ospf ignore lsa mospf command
NSSA: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x118 opt 0x8 flag 0x3 len 372
N/P bit is on, options: 0x8 = 00001000
EA not supported yet
Demand circuit : OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1A1E opt 0x20 flag 0x3 len 392
DC bit is negotiated, options: 0x20 = 00100000
OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0xBC4 opt 0x2 flag 0x3 len 492
Flag 0x7--> 111 means I(Initial) = 0, M = 1(More), MS = 1(Master)
Flag 0x6 --> 110 not possible
Flag 0x5 --> 101 not possible
Flag 0x4 --> 100 not possible
Flag 0x3 --> 011 means master has more data to send
Flag 0x2 --> 010 means slave has more data to send
Flag 0x1 --> 001 means master has no more data left to send
Flag 0x0 --> 000 means slave has no more data left to send
00 00 I MM
http://www.itcertnotes.com/2011/06/ospf-options-field.html ---All OSPF bits are explained.
http://ftp.ines.ro/doc/isp-workshops/Routing%20Presentations/3-ospf-for-isps.pdf
https://www.nanog.org/meetings/nanog49/presentations/Sunday/Shamim_Which_Routing_N49.pdf
1) OSPF Troubleshooting flow chart
2) OSPF Networker troubleshooting PPT
Problem :OSPF full neigborship is not coming up between routers
Cause :
1. Hello and Dead timer or Area ID, Authentication password/type/key or Area type are mismatch between router.
2. Trying to build OSPF neigborship on secondary address.
4. OSPF not enabled on correct interface or network command is wrong.
5. Network type is NBMA and no neigbor map configured with broadcast option.
6. High CPU or OSPF packet is dropped by interface due to queuing or high rate or hardware issue from interface to CPU path.
7. Mismatch Subnet mask is configured.
8. "passive interface <> " is configured under "router ospf"for the interface.
9. Mismatch Network type is configured.
10. Router is configured with ip ospf priority 0 on router.
11. Neighborship is getting built over virtual link on sutb area.
OSPF stuck in INIT (one way hello)
Multicast is broken or layer 2 problem.
Access-list is blocking ospf multicast address.
OSPF hello packet getting NAT translated.
Layer 2 is broken.
OSPF stuck in 2-WAY
Normal on ethernet broadcast.
Layer 2 is broken.
All routers are configured with priority 0 so there will not be any election.
OSPF stuck in EXSTART/EXCHANGE
MTU mismatch between neighbor
Duplicate router-ID between routers.
Packet loss can also cause to stuck.
Access-list is blocking unicast communication between router.
OSPF stuck in LOADING
Neigbor is sending bad packet or corrupt packet due to memory.
LS request packet is not accepting by neighbor and ignoring.
Debug command :
debug ip ospf adj
Solution:
a) Make sure hello-dead/ area id, area type,authentication type/password are correct and same.
b) Make sure MTU is same on both router.
c) Make sure neigbor command is configured on remote router with broadcast.
d) Make sure OSPF neigborship build on primary address.
e) Access-list /control plane is not dropping the packet and allowing OSPF multicast and interface ip address communication.
f) Subnet mask should be same on the router.
g) Make sure no corrupted OSPF packet received.
h) Make sure passive interface is not configured under "router ospf".
i) Make sure Virtual -link is not configured over stub area.
Problem : Route is flapping across the network in OSPF.
Cause : Link flapping on the router.
Solution:
a) Use summarization on the router to reduce the impact of flapping route.
b) Use" ip event dampening " on the interface.
Problem : OSPF Route is not learnt in OSPF database.
Cause:
1) Originating router not generating LSA.
2) Routes are redistributed in stub areas.
3) LSA filter-list is configured on ABR.
Solution:
a) Make sure OSPF adjacency is up.
b) Make sure redistribution is used with subnet keyword as well.
e) Do not redistribute external routes in stub area.
f) Make sure LSA are not filtered.
Problem : OSPF Route is not installed in routing table.
Cause :
1) Distribute list is configured.
3)Network type mismatch between router.
4) Adv-router not reachable msg.
5)One side is numbered and the other unnumbered (O, O IA, O E1,O E2).
6)ip addresses are flipped, dual serial (O, O IA, O E1, O E2).
7) Forwarding address is not known or is known via external/static (O E1, O E2) - route s sum and redistribute conn?
8) Backbone area became discontigous (O, OIA, OE1, OE2)
9) OSPF is enabled on secondary but not on primary.
Solution:
a) Make sure distribute-list is configured correctly.
b) Make sure forwarding address is reachable for external route.
c) Make sure forwarding address is not even reachable but also should be learned via inter area and intra area.
c) Make sure network type is correct on both sides.
d) Make sure there is no backbone partition.
Problem : SPF is running constantly on OSPF router and CPU HOG.
Cause:
1) LSA flapping due duplicate router ID/IP address.
2) Constantly Link flapping in an area.
3)All LSA refresh every 30 min (bad!)•4
4)Timers of each LSA get sync (worse!)
5)With group pacing only LSAs that reach max-age get refreshed periodically
Debug:debug ip ospf monitor
show ip ospf stati
show ip ospf database database-sum
Solution:
a) Use sumarization inter area or external routes on the router if too many.
b) Use" ip event dampening " on the interface.
c) Make sure no duplicate router id is on the network.
d) Make sure links are stable on the network. If links can not stay stable, use summarization.
c) Interval is configurable
Problem : OSPF Neighbor is flapping between router.
Cause:
1. Output and input queue drops/error/crc on the interface.
2. Interface is flapping .
3. High CPU on the router.
4. OSPF hello packet is dropping on the platform between interface and CPU.
Solution:
a) Make sure no high CPU.
b) Interface is stable and no packet drops on the interface due to error/crc/input error/input queue/output drops.
c) No packet drops on the line card and platform.
Problem : NSSA ABR not translating Type 7 LSA
Cause:
Solution:
a) hard code the NSSA type 7 translator by using command "area 1 nssa translate type7 always"
Problem: GRE Tunnel OSPF adjacency is flapping
Cause:
1) Tunnel destination are learning over the Tunnel.
Solution :
a) Make sure tunnel destination is not learn over the OSPF adjacency.
Problem : Sequence number mismatch.
Cause :
1. LSA should one of 5 LSAs
2. If LSA is type 5 and the neighbor is associated with a stub area
3. If one of the options change
4. If the state of MS bit is inconsistent with master slave connection
5. If the I-bit is set
6. If the master receives a DBD packet after a dead interval
7. If the requested LSA is not found, then something has gone wrong with the database exchange.
debug ip ospf adjacency
Solution:
Problem: OSPF: Could not allocate router id
Cause:
1)Common new install problem.
2)If no interface up/up with valid ip address.
3)if no ip addresses assigned.
Solution:
1)Configure a loopback with an ip address.
Problem: OSPF unknown routing protocol
Cause:
1)OSPF is not supported on low end platform
2)For 1000 and 1600 routers download plus version
3)800 routes are not supported to run ospf
Problem:OSPF not sending hellos on async interface
Cause:
1)‘async default routing’ is not configured under the interface
Problem: OSPF not redistributing default static route
Cause:
1)Need default-information originate to propagate default
Problem: OSPF-4-ERRRCV msg on the console
Cause:
1)Mismatch area ID, BAD Checksum etc
Options
Normal area: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0xBC4 opt 0x2 flag 0x3 len 492E bit is 1, Allow externals, option: 0x2(HEX) = 00000010(Bin)
Stub area: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1866 opt 0x0 flag 0x3 len 372
E bit is 0, no external allowed, options: 0x0 = 00000000
MC not supported - ospf ignore lsa mospf command
NSSA: OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x118 opt 0x8 flag 0x3 len 372
N/P bit is on, options: 0x8 = 00001000
EA not supported yet
Demand circuit : OSPF: Send DBD to 141.108.97.1 on Serial0 seq 0x1A1E opt 0x20 flag 0x3 len 392
DC bit is negotiated, options: 0x20 = 00100000
* * DC EA N/P MC E *
Flags
Useful in debugging, defines I, M and MS bitsOSPF: Send DBD to 141.108.97.1 on Serial0 seq 0xBC4 opt 0x2 flag 0x3 len 492
Flag 0x7--> 111 means I(Initial) = 0, M = 1(More), MS = 1(Master)
Flag 0x6 --> 110 not possible
Flag 0x5 --> 101 not possible
Flag 0x4 --> 100 not possible
Flag 0x3 --> 011 means master has more data to send
Flag 0x2 --> 010 means slave has more data to send
Flag 0x1 --> 001 means master has no more data left to send
Flag 0x0 --> 000 means slave has no more data left to send
00 00 I MM
OSPF Facts
- Highest IP address ABR routes convert the type7 into type 5.
- Default route is not generated by default in area nssa unless "are nssa <> default originate " configured.
- Totally stubby NSSA area generate the default route by default.
- DR/BDR does not support the preempt therefore if DR fails BDR will become DR new BDR will be connected. DR does not become DR even when it is high priority.
- With "ip ospf priority 0" router does not participate in DR/BDR.
- OSPF behaves as distance vector protocol when multiple area in use.
- Highest priority/IP address becomes the DR/BDR.
- OSPF hellos are always send from primary interface.
OSPF Troubleshooting commands
Show ip ospf neighbor
show ip ospf neigbor detail
show ip ospf
show ip ospf database
show ip ospf interface
show ip ospf database database-summary
show ip ospf virtual-link
show ip ospf database self-originate.
show ip ospf database adv-router
show ip ospf statistics
show ip ospf request-list
show ip ospf bad
debug ip ospf adj
debug ip ospf monitor
show ip ospf request-list
show ip ospf bad
debug ip ospf adj
debug ip ospf monitor
Technology Concepts
http://www.iana.org/assignments/ospfv2-parameters/ospfv2-parameters.xhtml -All OSPF Parameter by IANA.http://www.itcertnotes.com/2011/06/ospf-options-field.html ---All OSPF bits are explained.
