cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1236
Views
12
Helpful
9
Replies

OSPF fails in EXSTART to Nokia from Cisco3750

Jim Bell
Level 1
Level 1

Hi There,

We are having issues getting OSPF up between a Nokia and a Cisco 3750. Basically stuck in EXSTART mode (see attachment).

NOKIA Interface is a Logical Interface (vlan) and OSPF MTU is 1500 same as on Cisco 3750.Firewall rule created to allow OSPF and multicast etc.

Any ideas ?

Thanks in advance.

9 Replies 9

John Blakley
VIP Alumni
VIP Alumni

What type of firewall do you have? Can you allow, for testing, all traffic (not just ospf and multicast) from the 10.0.0.1 to 10.0.0.2?

HTH,

John

HTH, John *** Please rate all useful posts ***

Hi John,

FW is CP NGX R65 - not able to allow for any traffic at moment.

Harold Ritter
Cisco Employee
Cisco Employee

Jim,

Can you try configuring "no capability lls" under the ospf process. I have seen this as an issue with Nokia interoperability in the past. The Nokia should just ignore the lls information but it doesn't in certain level of code.

Just for your information LLS is used for graceful restart and is defined by RFC4813.

http://tools.ietf.org/html/rfc4813

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold,

We tried that on the 3750 without success.

Jim.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jim,

from the log you have provided we see:

Jul 9 07:49:29.089: OSPF: Retransmitting DBD to 10.0.0.1 on vlan222 [1]

Jul 9 07:49:29.106: OSPF: Rcv DBD from 10.0.0.1 on vlan222 seq 0x4A559AE1 opt 0x2 flag 0x7 len 32 mtu 1500 state EXSTART

Jul 9 07:49:29.106: OSPF: First DBD and we are not SLAVE

it looks like the C3750 is disappointed of receiving a DBD from other side when it thinks to be the master in the exstart communication.

It is the master that should start to talk according to RFC2328 it looks like they don't agree on master role.

Hope to help

Giuseppe

Hi Guiseppe,

Thanks for the reply - it may well be an Ospf compatability issue. Found the following for our version of IPSO 4.2

IPSO 4.2

Table 33 Global Settings for OSPF Parameter Description

RFC1583 Compatibility This implementation of OSPF is based on RFC2178, which fixed some looping problems in an earlier specification of OSPF. If your implementation is running in an environment with OSPF implementations based on RFC1583 or earlier, enable RFC 1583 compatibility to ensure backwards compatibility.

We did try with RFC1583 compatabilty set on both ASA and Nokia with same results.

Jim.

Update - Issue now resolved.

Network capture indicated OSPF DBD packets were being delivered to the firewall interface, but no indication of this in the FW logs.

A FW stealth rule was silently dropping (& not logging) OSPF DBD packets directed to FW interface. OSPF rules moved to before stealth rule and all now working.

Thanks

Hello Jim,

you have been kind to provide the happy end of this story.

This makes this thread complete and useful.

Best Regards

Giuseppe

You can detect this problem using these methods:

1- Run tcpdump on the Nokia and look for proto 69.

2- run checkpoint "fw monitor" and you can see if the packet being dropped.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: