Solved: Re: Help with OSPF and DMVPN - Page 2

paul_shiner · ‎01-08-2013

Hi All,

Wonder if someone could help me or point me in the right direction. Basically I'm trying to setup and learn different VPNs and routing protocols but I'm stuck setting up OSPF over DMVPN. EIGRP over DMVPN worked fine for me but then I am aware it's easier to setup.

Ok so basically I have a simple setup in GNS3 with 4 3725 routers. They have serial links and then a DMVPN setup with ip range 10.255.253.0/24, they have they own IP "LAN" subnets.

With EIGRP it all just works but just setting up the first OSPF area 0 for DMVPN (10.255.253.0/24) network on all devices fails. I setup ospf process with network statement on DMVPN hub router and then one spoke and it works fine, but as soon as I add another spoke router to the OSPF process, it constantly flaps between setting up a neighborship between the spoke routers. I see this on the routers:

(PS: I've tried fiddling with router-id's and priorities but nothing helps - HUB router is 10.10.10.10, spoke 1 is 1.1.1.1 and spoke 2 is 2.2.2.2)

HUB:

R2(config-if)#

*Mar 1 17:19:04.051: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:06.375: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:06.627: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:10.123: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:10.223: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:10.243: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 1.1.1.1

R2(config-if)#

*Mar 1 17:19:10.335: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:13.707: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:13.975: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:16.439: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:16.551: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 1.1.1.1

R2(config-if)#

*Mar 1 17:19:16.623: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:20.111: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:20.223: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:20.327: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from LOADING to FULL, Loading Done

R2(config-if)#

*Mar 1 17:19:23.719: %OSPF-5-ADJCHG: Process 100, Nbr 2.2.2.2 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:19:23.863: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 2.2.2.2

R2(config-if)#

*Mar 1 17:19:24.007: %OSPF-5-ADJCHG: Process 100, Nbr 1.1.1.1 on Tunnel100 from LOADING to FULL, Loading Done

Spoke1:

DMVPNSPOKE01(config-if)#

*Mar 1 17:18:39.067: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE01(config-if)#

*Mar 1 17:18:51.243: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE01(config-if)#

*Mar 1 17:19:01.239: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE01(config-if)#

*Mar 1 17:19:11.179: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE01(config-if)#

*Mar 1 17:19:21.263: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

Spoke2:

DMVPNSPOKE02(config-router)#

*Mar 1 17:18:50.799: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#

*Mar 1 17:18:54.567: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#

*Mar 1 17:19:00.831: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#

*Mar 1 17:19:04.499: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#

*Mar 1 17:19:10.835: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#

*Mar 1 17:19:14.499: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from LOADING to FULL, Loading Done

DMVPNSPOKE02(config-router)#no network 10.255.253.0 0.0.0.255 area 0

DMVPNSPOKE02(config-router)#

*Mar 1 17:19:19.139: %OSPF-5-ADJCHG: Process 100, Nbr 10.10.10.10 on Tunnel100 from EXSTART to DOWN, Neighbor Down: Interface down or detached

and if it helps I enabled "debug ip ospf adj" on the hub and go this when two spoke routers are added to OSPF:

OSPF adjacency events debugging is on

R2(config-if)#

*Mar 1 17:01:46.875: OSPF: 192.168.1.1 address 10.255.253.1 on Tunnel100 is dead, state DOWN

*Mar 1 17:01:46.879: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.1 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:01:46.935: OSPF: 192.168.2.1 address 10.255.253.2 on Tunnel100 is dead, state DOWN

*Mar 1 17:01:46.939: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.2.1 on Tunnel100 from INIT to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:01:46.943: OSPF: 2 Way Communication to 192.168.1.1 on Tunnel100, state 2WAY

*Mar 1 17:01:46.943: OSPF: Send DBD to 192.168.1.1 on Tunnel100 seq 0x850 opt 0x52 flag 0x7 len 32

R2(config-if)#

*Mar 1 17:01:46.955: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 192.168.2.1

*Mar 1 17:01:47.019: OSPF: 192.168.1.1 address 10.255.253.1 on Tunnel100 is dead, state DOWN

*Mar 1 17:01:47.023: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.1 on Tunnel100 from EXSTART to DOWN, Neighbor Down: Adjacency forced to reset

R2(config-if)#

*Mar 1 17:01:47.027: OSPF: 2 Way Communication to 192.168.2.1 on Tunnel100, state 2WAY

*Mar 1 17:01:47.027: OSPF: Send DBD to 192.168.2.1 on Tunnel100 seq 0x3E7 opt 0x52 flag 0x7 len 32

*Mar 1 17:01:47.383: OSPF: Build router LSA for area 0, router ID 172.16.20.10, seq 0x80000036

R2(config-if)#

*Mar 1 17:01:51.931: OSPF: Rcv DBD from 192.168.2.1 on Tunnel100 seq 0x1808 opt 0x52 flag 0x7 len 32 mtu 1400 state EXSTART

*Mar 1 17:01:51.935: OSPF: NBR Negotiation Done. We are the SLAVE

*Mar 1 17:01:51.939: OSPF: Send DBD to 192.168.2.1 on Tunnel100 seq 0x1808 opt 0x52 flag 0x2 len 92

*Mar 1 17:01:51.975: %OSPF-4-NONEIGHBOR: Received database description from unknown neighbor 192.168.1.1

R2(config-if)#

*Mar 1 17:01:51.979: OSPF: Rcv DBD from 192.168.2.1 on Tunnel100 seq 0x1809 opt 0x52 flag 0x3 len 92 mtu 1400 state EXCHANGE

*Mar 1 17:01:51.983: OSPF: Send DBD to 192.168.2.1 on Tunnel100 seq 0x1809 opt 0x52 flag 0x0 len 32

*Mar 1 17:01:52.047: OSPF: Rcv DBD from 192.168.2.1 on Tunnel100 seq 0x180A opt 0x52 flag 0x1 len 32 mtu 1400 state EXCHANGE

*Mar 1 17:01:52.047: OSPF: Exchange Done with 192.168.2.1 on Tunnel100

*Mar 1 17:01:52.051: OSPF: Send LS REQ to 192.168.2.1 length 12 LSA count 1

*Mar 1 17:01:52.055: OSPF: Send DBD to 192.168.2.1 on Tunnel100 seq 0x180A opt 0x52 flag 0x0 len 32

*Mar 1 17:01:52.063: OSPF: Rcv LS REQ from 192.168.2.1 on Tunnel100 length 48 LSA count 2

*Mar 1 17:01:52.067: OSPF: Send UPD to 10.255.253.2 on Tunnel100 length 112 LSA count 2

*Mar 1 17:01:52.095: OSPF: Rcv LS UPD from 192.168.2.1 on Tunnel100 length 76 LSA count 1

*Mar 1 17:01:52.099: OSPF: Synchronized with 192.168.2.1 on Tunnel100, state FULL

*Mar 1 17:01:52.099: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.2.1 on Tunnel100 from LOADING to FULL, Loading Done

*Mar 1 17:01:52.515: OSPF: 192.168.2.1 address 10.255.253.2 on Tunnel100 is dead, state DOWN

*Mar 1 17:01:52.519: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.2.1 on Tunnel100 from FULL to DOWN, Neighbor Down: Adjacency forced to reset

*Mar 1 17:01:52.523: OSPF: 2 Way Communication to 192.168.1.1 on Tunnel100, state 2WAY

*Mar 1 17:01:52.523: OSPF: Send DBD to 192.168.1.1 on Tunnel100 seq 0x623 opt 0x52 flag 0x7 len 32

R2(config-if)#

*Mar 1 17:01:56.959: OSPF: Rcv DBD from 192.168.1.1 on Tunnel100 seq 0x2448 opt 0x52 flag 0x7 len 32 mtu 1400 state EXSTART

*Mar 1 17:01:56.963: OSPF: NBR Negotiation Done. We are the SLAVE

*Mar 1 17:01:56.967: OSPF: Send DBD to 192.168.1.1 on Tunnel100 seq 0x2448 opt 0x52 flag 0x2 len 92

*Mar 1 17:01:57.055: OSPF: Rcv DBD from 192.168.1.1 on Tunnel100 seq 0x2449 opt 0x52 flag 0x3 len 92 mtu 1400 state EXCHANGE

*Mar 1 17:01:57.059: OSPF: Send DBD to 192.168.1.1 on Tunnel100 seq 0x2449 opt 0x52 flag 0x0 len 32

*Mar 1 17:01:57.127: OSPF: Rcv DBD from 192.168.1.1 on Tunnel100 seq 0x244A opt 0x52 flag 0x1 len 32 mtu 1400 state EXCHANGE

*Mar 1 17:01:57.131: OSPF: Exchange Done with 192.168.1.1 on Tunnel100

*Mar 1 17:01:57.135: OSPF: Send LS REQ to 192.168.1.1 length 12 LSA count 1

*Mar 1 17:01:57.139: OSPF: Send DBD to 192.168.1.1 on Tunnel100 seq 0x244A opt 0x52 flag 0x0 len 32

*Mar 1 17:01:57.147: OSPF: Rcv LS REQ from 192.168.1.1 on Tunnel100 length 48 LSA count 2

*Mar 1 17:01:57.155: OSPF: Send UPD to 10.255.253.1 on Tunnel100 length 100 LSA count 2

*Mar 1 17:01:57.199: OSPF: Rcv LS UPD from 192.168.1.1 on Tunnel100 length 76 LSA count 1

*Mar 1 17:01:57.203: OSPF: Synchronized with 192.168.1.1 on Tunnel100, state FULL

*Mar 1 17:01:57.203: %OSPF-5-ADJCHG: Process 100, Nbr 192.168.1.1 on Tunnel100 from LOADING to FULL, Loading Done

*Mar 1 17:01:57.711: OSPF: Build router LSA for area 0, router ID 172.16.20.10, seq 0x80000037

*Mar 1 17:01:57.783: OSPF: Rcv LS UPD from 192.168.1.1 on Tunnel100 length 88 LSA count 1

As soon as I take off the network statement on the secondary spoke all comes back to life and stable for hub and spoke 1.

Please help if you can.

Thanks,

Paul

Peter Paluch · ‎01-14-2013

Hi Paul,

You are welcome!

indeed my spokes only had neighrbourships with hub router.

Well, OSPF adjacencies will remain in a hub-to-spoke fashion regardless of the DMVPN version, Phase2 or Phase3. It's the routing tables that matter. In point-to-multipoint, they will point from spokes to hub for all other spoke networks. In broadcast, they will point from one spoke to other spokes.

Anyway, good luck with your experiments, and keep us informed how it works for you

Best regards,

Peter

RaghasNaveed · ‎05-14-2018

Great description 👍🏻 Thanks alot

wellitonjesus · ‎01-31-2024

Thanks @Giuseppe Larosa

I had the same problem in a lab and your tip was valuable

darchival3 · ‎01-27-2021

The problem is that the hub's WAN interface is getting multiple multicast hellos; from the spoke tunnel IP and the spoke WAN interface IP so it keeps resetting or trying to reform the adjacency on the tunnel interface and the WAN interface. With Non-Broadcast network type, Hellos are supposed to be generated as unicasts by the DR/HUB's using specific neighbor statements, not network statements that include the tunnel overlay network.

Trim the network statement on the spokes to only include networks that the hub, and other spokes, are NOT directly connected to. ie: a LAN, host route

Specify neighbors/spokes via their underlay/physical interface IP address on the hub in router-config for OSPF