OSPF Retransmission problems between 6509 and ASA

Unanswered Question
Nov 1st, 2011
User Badges:

Hi


I'm having a problem with OSPF, between an ASA 5585 ver. 8.4(2) and a couple of 6509 running

Version 12.2(33)SXI3.


Once or twice a day, the OSPF session goes down to both 6509 boxes, and the ASA loses connection to the

network.


With OSPF displays I can see, that there is retransmissions in both directions, and the log on 6509 states that the neiborship has gone down because of to many retransmissions.


Here is a couple of displays:


From 6509


Oct 30 04:33:23.484 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from FULL to DOWN, Neighbor Down: Too many retransmissions

Oct 30 04:34:23.488 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from DOWN to DOWN, Neighbor Down: Ignore timer expired

Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from DOWN to INIT, Received Hello

Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from INIT to 2WAY, 2-Way Received

Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from 2WAY to EXSTART, AdjOK?

Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from EXSTART to EXCHANGE, Negotiation Done

Oct 30 04:34:24.076 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from EXCHANGE to LOADING, Exchange Done

Oct 30 04:34:24.076 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from LOADING to FULL, Loading Done


DC1WD01#sh ip ospf nei det vlan 971

Neighbor dcx-asa-test.bdpnet.dk, interface address 10.7.247.254

    In the area 0.0.0.0 via interface Vlan971

    Neighbor priority is 0, State is FULL, 6 state changes

    DR is 10.7.240.1 BDR is 10.7.240.2

    Options is 0x2 in Hello (E-bit )

    Options is 0x2 in DBD (E-bit )

    Dead timer due in 00:00:03

    Neighbor is up for 06:58:31     OSPF connection lost to ASA

    Index 4/4, retransmission queue length 0, number of retransmission 8

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 20, maximum is 244

    Last retransmission scan time is 0 msec, maximum is 0 msec


Neighbor dc2wd01.bdpnet.dk, interface address 10.7.240.2

    In the area 0.0.0.0 via interface Vlan971

    Neighbor priority is 254, State is FULL, 6 state changes

    DR is 10.7.240.1 BDR is 10.7.240.2

    Options is 0x12 in Hello (E-bit L-bit )

    Options is 0x52 in DBD (E-bit L-bit O-bit)

    LLS Options is 0x1 (LR)

    Dead timer due in 00:00:03

    Neighbor is up for 3w1d     But not to the other 6509

    Index 16/16, retransmission queue length 0, number of retransmission 0

    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)

    Last retransmission scan length is 0, maximum is 0

    Last retransmission scan time is 0 msec, maximum is 0 msec


ASA:


dcx-asa-test/act# sh ospf nei det


Neighbor 10.255.255.244, interface address 10.7.240.1

    In the area 0.0.0.0 via interface inside

    Neighbor priority is 255, State is FULL, 12 state changes

    DR is 10.7.240.1 BDR is 10.7.240.2

    Options is 0x52

    Dead timer due in 0:00:03

    Neighbor is up for 6:59:42

    Index 1/1, retransmission queue length 0, number of retransmission 51

    First 0x0000000000000000(0)/0x0000000000000000(0) Next 0x0000000000000000(0)/0x0000000000000000(0)

    Last retransmission scan length is 22, maximum is 41

    Last retransmission scan time is 0 msec, maximum is 0 msec


Neighbor 10.255.255.243, interface address 10.7.240.2

    In the area 0.0.0.0 via interface inside

    Neighbor priority is 254, State is FULL, 12 state changes

    DR is 10.7.240.1 BDR is 10.7.240.2

    Options is 0x52

    Dead timer due in 0:00:03

    Neighbor is up for 6:59:39

    Index 2/2, retransmission queue length 0, number of retransmission 0

    First 0x0000000000000000(0)/0x0000000000000000(0) Next 0x0000000000000000(0)/0x0000000000000000(0)

    Last retransmission scan length is 0, maximum is 0

    Last retransmission scan time is 0 msec, maximum is 0 msec


MTU and Auth/MD5 password settings are alined.

There is no errors beeing reported on the physical interfaces 2 times 10 Gig running Etherchannel.


Any ideas why the OSPF connections is lost.??


Thanks in advance.


Jesper Damsgaard / JN DATA Denmark

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Reza Sharifi Tue, 11/01/2011 - 09:23
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 LAN

Hi Jesper,


The ASAs are failing almost at the same time.  look at the "Neighbor is up" for each ASA.

Neighbor is up for 6:59:39

Neighbor is up for 6:59:42


what is the mask used for vlan 971?

everything is in 10.7.240.x but not this one below

10.7.247.254


HTH

j.damsgaard Wed, 11/02/2011 - 00:41
User Badges:

Hi Reza


Mask on vlan 971 is /21, so 10.7.247.254 is the last address on the subnet.


I'm running a trace on the etherchannel at the moment, to get a closer look on what happens, when the OSPF neiborship is terminated / established.


Jesper


We have found the reason for the retransmissions, and ultimately the break down of the OSPF session, the interface between the ASA and the 6509, was configured with an MTU of 9216.

It turns out that the ASA only supports MTU up to 9198 Bytes, even though the documentation states 65535 Bytes.

We have reported the error to Cisco.


Message was edited by: JESPER DAMSGAARD

Actions

This Discussion