OSPF on new link not working

Answered Question
Dec 7th, 2009
User Badges:

Hi,


Currently have ospf running on our network between R1,R2+R3(linear - See diag), ospf is configured on each router to use loop address(/32) as it's router-id.
Introduced a link between R1+R3, and ospf is not working - I see R1 + R3 sending hellos via the new link, but not receiving any reply over this new link(ping connectivity is working fine) - I'm guessing what is happening is that the routes for the loop addresses that ospf is using as router-id, are currently learnt via ospf via R2, and this is causing ospf on the new link to fail?


ospf is definitely enabled on the new interfaces, and have disabled passive interface on them.


Is ospf point-to-multipoint required in this type of scenario?


Any suggestions are greatly appreciated



Correct Answer by Jerry Ye about 7 years 3 months ago

I see both of your routers think they are the DR and your are using a /30 address as IP address for both side. My question is anything blocking the OSPF multicast address? You can try to change it to unicast and let us know the result


int xxxx

ip ospf network non-broadcast

router ospf xx

neighbor x.x.x.x


Regards,

jerry

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Mon, 12/07/2009 - 17:43
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I'm assuming the new link is a serial connection?


What kind of encapsulation are you using? Frame-Relay, PPP or HDLC?


If you issue 'show ip ospf interface', you should see the network OSPF type - if it set to NON-BROADCAST, you must configure a neighbor statement under the OSPF process or change the OSPF network to 'broadcast' or 'point-to-point'.


Regards


Edison.

johnelliot6 Mon, 12/07/2009 - 17:48
User Badges:

Thanks for the reply Edison.


No - All links are Ethernet


Both Interfaces(R1+R3) are reporting "BROADCAST" as type:


#sh ip ospf interface port-channel 1.86
Port-channel1.86 is up, line protocol is up
  Internet Address nnn.nnn.66.1/30, Area 0.0.0.0
  Process ID 100, Router ID nnn.nnn.76.238, Network Type BROADCAST, Cost: 80
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) nnn.nnn.76.238, Interface address nnn.nnn.66.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:04
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 4/43, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 10




#sh ip ospf 100 interface port-channel 1.86
Port-channel1.86 is up, line protocol is up
  Internet Address nnn.nnn.66.2/30, Area 0.0.0.0
  Process ID 100, Router ID nnn.nnn.76.248, Network Type BROADCAST, Cost: 80
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) nnn.nnn.76.248, Interface address nnn.nnn.66.2
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:03
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 5/5, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 10

Edison Ortiz Mon, 12/07/2009 - 19:19
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

I noticed you have MD5 authentication enabled on these links.

Try disabling MD5 and see if the OSPF comes up, if it does make sure the same MD5 password is entered on both devices.

johnelliot6 Mon, 12/07/2009 - 19:28
User Badges:

Hi,


Had tried with+without md5 auth, both unfortunately make no difference.


Thanks for the suggestion though.

johnelliot6 Mon, 12/07/2009 - 20:22
User Badges:

Thanks - Been hit with mtu miss-match before on ospf


ip mtu 1500 is set on both Ints.

Correct Answer
Jerry Ye Mon, 12/07/2009 - 20:31
User Badges:
  • Cisco Employee,

I see both of your routers think they are the DR and your are using a /30 address as IP address for both side. My question is anything blocking the OSPF multicast address? You can try to change it to unicast and let us know the result


int xxxx

ip ospf network non-broadcast

router ospf xx

neighbor x.x.x.x


Regards,

jerry

Anupam Datta Mon, 12/07/2009 - 23:43
User Badges:

Or else you can try by setting priority in one interface.Which could made one Router as DR , another with lowest priority as BDR.


interface XXXX

ip ospf priority X (range value 0-255)


Another thing you can try by configuring both the interface as OSPF Point to Point .


interface XXXX

ip ospf network point-to-point


Regards,

Anupam

johnelliot6 Tue, 12/08/2009 - 18:22
User Badges:

Thanks Jerry - That appears to be the problem...the new link(Provided by another carrier) appears to be blocking the OSPF multicast address - Changed to unicast, and after election, have active neighbour over the new link.


Are there any downsides to running unicast over multicast?(I will take the multicast blocking up with carrier)


Thanks!

Jerry Ye Tue, 12/08/2009 - 18:45
User Badges:
  • Cisco Employee,

Not really, the only problem is if you want to send multicast over that link, you have to use GRE to tunnel the traffic across.


Regards,

jerry

Actions

This Discussion