Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2690
Views
0
Helpful
7
Replies

ACI fabric L3OUT interface is pingable but no OSPF hello recieved from it.

atcapaev
Cisco Employee
Cisco Employee

‎10-23-2018 10:59 AM - edited ‎03-01-2019 05:40 AM

 Hello Experts.

 

I have a pretty obscure issue with ACI L3out configuration.

I have configured an OSPF on a routed interface and attached to the LEAF 101 inteface 1/1.

 

I connected a Nexus switch to the interface 1/1.

 

I can ping the interface IP address from the Nexus switch. However, the OSPF session has never formed.

In the debus I see that Nexus sends OSPF hello packets but does not recieve them from the leaf.

 

I connected to the LEAF and issued show ip ospf interfcae vrf all and see that the interfcae was added to OSPF but stay in the wait state.

 

May I ask you if any of you experienced the same issue? To me it looks like the leaf might be dropping such packets.

But, once again, the ping works to the IP address which I specified in the OPSF L3OUT configuration.

 

Any suggestion on what I am missing or what to check will be highly appriciated.

1 person had this problem
Labels:
0 Helpful
7 Replies 7

lawesso2011
Level 1
Level 1

‎10-23-2018 01:45 PM

Do you mind sharing OSPF configurations from both sides ?
Also share the MTU settings on the ACI side.

0 Helpful

atcapaev
Cisco Employee
Cisco Employee
In response to lawesso2011

‎10-24-2018 01:54 AM

Hello Lawesso,

 

 

Thhank you for taking a look into the issue.

 

I am not 100% sure how to share OSPF config from the Leaf, but MTU should not be an issue here because 1) I made it equally on both site 2) MTU check happens during adj process to which I don't get yet. The issue is OSPF hellos are notr seen.

 

 

Let me copy paste some outputs

 

 

The interface is ready on ACI

 

leaf101# show ip ospf interface vrf all
 loopback8 is up, line protocol is up
    IP address 0.0.0.1/32, Process ID default VRF AL:ALEX, area 0.0.0.1
    Enabled by interface configuration
    State LOOPBACK, Network type LOOPBACK, cost 1

 Ethernet1/1 is up, line protocol is up
    IP address 192.168.1.1/24, Process ID default VRF AL:ALEX, area 0.0.0.1
    Enabled by interface configuration
    State WAITING, Network type BROADCAST, cost 4
    Index 5, Transmit delay 1 sec, Router Priority 1
    No designated router on this network
    No backup designated router on this network
    0 Neighbors, flooding to 0, adjacent with 0
    Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
      Hello timer due in 00:00:02
    No authentication
    Number of opaque link LSAs: 0, checksum sum 0

leaf101#

 

 

N3K-C3172PQ-XL# show ip ospf interface brief vrf A
 OSPF Process ID A VRF A
 Total number of interface: 1
 Interface               ID     Area            Cost   State    Neighbors Status
 Eth1/1                  1      0.0.0.1         4      DR       0         up  

N3K-C3172PQ-XL# show ip ospf neighbors vrf A
N3K-C3172PQ-XL#

 

Ping works from the Nexus to the LEAF N3K-C3172PQ-XL# ping 192.168.1.1 vrf A
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=63 time=0.625 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=0.385 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=63 time=0.394 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=63 time=0.407 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=63 time=0.438 ms

--- 192.168.1.1 ping statistics ---

 

But if I run debug I can only see OSPF hellos being send.

If anybody has any ideas.

0 Helpful

micgarc2
Cisco Employee
Cisco Employee

‎10-23-2018 07:45 PM

What is the state of the adjacency for "show ip ospf neighbors vrf x" ? Typically if it is stuck in waiting it means it is trying to determine the BDR for the network.  If this is just a P2P link for the OSPF adjacency can you verify what type of link this is set to? Broadcast or P2P? 

 

-Michael G

0 Helpful

atcapaev
Cisco Employee
Cisco Employee
In response to micgarc2

‎10-24-2018 01:57 AM - edited ‎10-24-2018 02:10 AM

Hello Michal,

Thank you very much for looking into it.

 

 

 

Let me copy paste some outputs

 The adjacency was never formed(((

 

Here are some outputs from the ACI leaf

leaf101# show ip ospf neighbors vrf all
leaf101#

 

The interface is ready on ACI

 

leaf101# show ip ospf interface vrf all
 loopback8 is up, line protocol is up
    IP address 0.0.0.1/32, Process ID default VRF AL:ALEX, area 0.0.0.1
    Enabled by interface configuration
    State LOOPBACK, Network type LOOPBACK, cost 1

 Ethernet1/1 is up, line protocol is up
    IP address 192.168.1.1/24, Process ID default VRF AL:ALEX, area 0.0.0.1
    Enabled by interface configuration
    State WAITING, Network type BROADCAST, cost 4
    Index 5, Transmit delay 1 sec, Router Priority 1
    No designated router on this network
    No backup designated router on this network
    0 Neighbors, flooding to 0, adjacent with 0
    Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
      Hello timer due in 00:00:02
    No authentication
    Number of opaque link LSAs: 0, checksum sum 0

leaf101#

 

 Here is the Nexus outputs

N3K-C3172PQ-XL# show ip ospf interface brief vrf A
 OSPF Process ID A VRF A
 Total number of interface: 1
 Interface               ID     Area            Cost   State    Neighbors Status
 Eth1/1                  1      0.0.0.1         4      DR       0         up  

N3K-C3172PQ-XL# show ip ospf neighbors vrf A
N3K-C3172PQ-XL#

 

Ping works from the Nexus to the LEAF N3K-C3172PQ-XL# ping 192.168.1.1 vrf A
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=63 time=0.625 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=63 time=0.385 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=63 time=0.394 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=63 time=0.407 ms
64 bytes from 192.168.1.1: icmp_seq=4 ttl=63 time=0.438 ms

--- 192.168.1.1 ping statistics ---

 

But if I run debug I can only see OSPF hellos being send but no OSPF hellos being recieved.

 

Unfortunately, it seems to be a problem send multicast ping from Nexus (

 

N3K-C3172PQ-XL# ping 224.0.0.5 source-interface ethernet 1/1 vrf A
ping: either multicast replicate flag or source interface needs to be specified
N3K-C3172PQ-XL#

 

Personally I don't believe there is potential issue with any OSPF parameters since we don't get to such check yet.

 

 

 

If you have any further ideas.

0 Helpful

Jose Maroto Grande
Level 1
Level 1
In response to atcapaev

‎04-01-2019 08:57 AM

I had the same issue, I had to delete the authenticattion on APIC GUI and configure again. This worked fine, if aci see a wrong password doesn´t send a hello packect. 

0 Helpful

micgarc2
Cisco Employee
Cisco Employee
In response to atcapaev

‎04-03-2019 08:46 PM - edited ‎04-03-2019 08:59 PM

What is the output of show ip ospf interface x/x vrf x on the 3K? Without the "brief"

0 Helpful

dtekaccount10
Level 1
Level 1

‎04-04-2019 03:55 AM

Hello!

Do you have L3EPG configured in your L3Out? I had same issue but with EIGRP. ACI didn't establish neighbor connection until I created L3EPG with network behind neighbor device.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License