cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4071
Views
5
Helpful
4
Replies

OSPF adjacency flapping on DMVPN after recovery

Ilya Shilov
Level 1
Level 1

So, I have DMVPN Phase 1 network design with no IPSec protection on Tunnel interfaces.

In real net I have multiple spokes in dual cloud DMVPN with 2 DMVPN interfaces (2 ISPs) on one router. But for my problem it doesn't make sense, it exists on one cloud one spoke configuration too.

HUB:

interface Tunnel1

description =[DMVPN-Hub-Megafon]=

ip address 192.168.128.65 255.255.255.192

no ip redirects

ip mtu 1400

ip nhrp map multicast dynamic

ip nhrp network-id 1

ip tcp adjust-mss 1360

ip ospf network point-to-multipoint

ip ospf hello-interval 1

ip ospf dead-interval 15

ip ospf cost 10

load-interval 30

history BPS

tunnel source Port-channel1.550

tunnel mode gre multipoint

tunnel key 1

tunnel path-mtu-discovery

!


SPOKE:

interface Tunnel1

description =[DMVPN-Spoke-Megafon]=

ip address 192.168.128.70 255.255.255.192

no ip redirects

ip mtu 1400

ip nhrp map 192.168.128.65 X.X.X.X

ip nhrp map multicast X.X.X.X

ip nhrp network-id 1

ip nhrp holdtime 60

ip nhrp nhs 192.168.128.65

ip nhrp registration timeout 30

ip tcp adjust-mss 1360

ip ospf network point-to-multipoint

ip ospf hello-interval 1

ip ospf dead-interval 15

ip ospf cost 10

history BPS

if-state nhrp

tunnel source FastEthernet4

tunnel mode gre multipoint

tunnel key 1

tunnel route-via FastEthernet4 mandatory

tunnel path-mtu-discovery

!

ip route X.X.X.X 255.255.255.255 X.X.X.GW

Everything works fine. OSPF adjacency is stable. OSPF hello packet comes every second in both directions.

Then I manually flap a Tunnel interface on hub to test recovery process.

HUB:

conf t

int tun1

shut

no shut

end

After few seconds on spoke NHS entry becomes reachable. Hub becomes accessible from spoke through GRE without packet loss:

spoke#ping 192.168.128.65 re 100

Type escape sequence to abort.

Sending 100, 100-byte ICMP Echos to 192.168.128.65, timeout is 2 seconds:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Success rate is 100 percent (100/100), round-trip min/avg/max = 8/49/220 ms

But... here is the problem. After spoke's OSPF neighbor state becomes FULL on hub, hub receives no hello packets from spoke.

After dead timeout expires OSPF spoke's state becomes DOWN, hub receives hello packet and process goes into loop.

hub#sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.127.0     1   FULL/DR         00:00:39    192.168.128.6   Port-channel1.503

192.168.127.7     0   FULL/  -        00:00:13    192.168.128.70  Tunnel1

hub#sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface

192.168.127.0     1   FULL/DR         00:00:34    192.168.128.6   Port-channel1.503

192.168.127.7     0   FULL/  -        00:00:01    192.168.128.70  Tunnel1

debug ip ospf adj

debug ip ospf hello

HUB:

077702: Aug 10 23:48:18.797: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077703: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Rcv hello from 192.168.127.7 area 0 192.168.128.70

077704: Aug 10 23:48:18.865: OSPF-99 ADJ   Tu1: 2 Way Communication to 192.168.127.7, state 2WAY

077705: Aug 10 23:48:18.865: OSPF-99 ADJ   Tu1: Nbr 192.168.127.7: Prepare dbase exchange

077706: Aug 10 23:48:18.865: OSPF-99 ADJ   Tu1: Send DBD to 192.168.127.7 seq 0x92F opt 0x52 flag 0x7 len 32

077707: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Send immediate hello to nbr 192.168.127.7, src address 192.168.128.70

077708: Aug 10 23:48:18.865: OSPF-99 HELLO Tu1: Send hello to 192.168.128.70 area 0 from 192.168.128.65

077709: Aug 10 23:48:18.925: OSPF-99 ADJ   Tu1: Rcv DBD from 192.168.127.7 seq 0x23E opt 0x52 flag 0x7 len 32  mtu 1400 state EXSTART

077710: Aug 10 23:48:18.925: OSPF-99 ADJ   Tu1: NBR Negotiation Done. We are the SLAVE

077711: Aug 10 23:48:18.925: OSPF-99 ADJ   Tu1: Nbr 192.168.127.7: Summary list built, size 23

077712: Aug 10 23:48:18.925: OSPF-99 ADJ   Tu1: Send DBD to 192.168.127.7 seq 0x23E opt 0x52 flag 0x2 len 492

077713: Aug 10 23:48:18.941: OSPF-99 ADJ   Tu1: Rcv DBD from 192.168.127.7 seq 0x23F opt 0x52 flag 0x1 len 492  mtu 1400 state EXCHANGE

077714: Aug 10 23:48:18.941: OSPF-99 ADJ   Tu1: Exchange Done with 192.168.127.7

077715: Aug 10 23:48:18.941: OSPF-99 ADJ   Tu1: Synchronized with 192.168.127.7, state FULL

077716: Aug 10 23:48:18.941: %OSPF-5-ADJCHG: Process 99, Nbr 192.168.127.7 on Tunnel1 from LOADING to FULL, Loading Done

077717: Aug 10 23:48:18.941: OSPF-99 ADJ   Tu1: Send DBD to 192.168.127.7 seq 0x23F opt 0x52 flag 0x0 len 32

077718: Aug 10 23:48:18.949: OSPF-99 ADJ   Tu1: Rcv LS REQ from 192.168.127.7 length 36 LSA count 1

077719: Aug 10 23:48:19.733: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077721: Aug 10 23:48:20.713: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077722: Aug 10 23:48:21.673: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077723: Aug 10 23:48:22.637: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077724: Aug 10 23:48:23.573: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077726: Aug 10 23:48:24.477: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077727: Aug 10 23:48:25.445: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077728: Aug 10 23:48:26.433: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077729: Aug 10 23:48:27.393: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077730: Aug 10 23:48:28.333: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077731: Aug 10 23:48:29.309: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077733: Aug 10 23:48:30.225: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077734: Aug 10 23:48:31.185: OSPF-99 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.65

077735: Aug 10 23:48:31.241: OSPF-99 ADJ   Tu1: 192.168.127.7 address 192.168.128.70 is dead

077736: Aug 10 23:48:31.241: OSPF-99 ADJ   Tu1: 192.168.127.7 address 192.168.128.70 is dead, state DOWN

077737: Aug 10 23:48:31.241: %OSPF-5-ADJCHG: Process 99, Nbr 192.168.127.7 on Tunnel1 from FULL to DOWN, Neighbor Down: Dead timer expired

077738: Aug 10 23:48:31.241: OSPF-99 ADJ   Tu1: Nbr 192.168.127.7: Clean-up dbase exchange

SPOKE:

Aug 10 23:48:18.666 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:18.838 MSK: OSPF-1 ADJ   Tu1: Cannot see ourself in hello from 192.168.127.2, state INIT

Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Send immediate hello to nbr 192.168.127.2, src address 192.168.128.65

Aug 10 23:48:18.838 MSK: OSPF-1 HELLO Tu1: Send hello to 192.168.128.65 area 0 from 192.168.128.70

Aug 10 23:48:18.930 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:18.930 MSK: OSPF-1 ADJ   Tu1: 2 Way Communication to 192.168.127.2, state 2WAY

Aug 10 23:48:18.930 MSK: OSPF-1 ADJ   Tu1: Nbr 192.168.127.2: Prepare dbase exchange

Aug 10 23:48:18.930 MSK: OSPF-1 ADJ   Tu1: Send DBD to 192.168.127.2 seq 0x23E opt 0x52 flag 0x7 len 32

Aug 10 23:48:18.930 MSK: OSPF-1 ADJ   Tu1: Rcv DBD from 192.168.127.2 seq 0x92F opt 0x52 flag 0x7 len 32  mtu 1400 state EXSTART

Aug 10 23:48:18.930 MSK: OSPF-1 ADJ   Tu1: First DBD and we are not SLAVE

Aug 10 23:48:18.958 MSK: OSPF-1 ADJ   Tu1: Rcv DBD from 192.168.127.2 seq 0x23E opt 0x52 flag 0x2 len 492  mtu 1400 state EXSTART

Aug 10 23:48:18.958 MSK: OSPF-1 ADJ   Tu1: NBR Negotiation Done. We are the MASTER

Aug 10 23:48:18.958 MSK: OSPF-1 ADJ   Tu1: Nbr 192.168.127.2: Summary list built, size 23

Aug 10 23:48:18.958 MSK: OSPF-1 ADJ   Tu1: Send DBD to 192.168.127.2 seq 0x23F opt 0x52 flag 0x1 len 492

Aug 10 23:48:18.970 MSK: OSPF-1 ADJ   Tu1: Rcv DBD from 192.168.127.2 seq 0x23F opt 0x52 flag 0x0 len 32  mtu 1400 state EXCHANGE

Aug 10 23:48:18.970 MSK: OSPF-1 ADJ   Tu1: Exchange Done with 192.168.127.2

Aug 10 23:48:18.970 MSK: OSPF-1 ADJ   Tu1: Send LS REQ to 192.168.127.2 length 36 LSA count 1

Aug 10 23:48:18.982 MSK: OSPF-1 ADJ   Tu1: Rcv LS UPD from 192.168.127.2 length 76 LSA count 1

Aug 10 23:48:18.982 MSK: OSPF-1 ADJ   Tu1: Synchronized with 192.168.127.2, state FULL

Aug 10 23:48:18.982 MSK: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.127.2 on Tunnel1 from LOADING to FULL, Loading Done

Aug 10 23:48:18.982 MSK: OSPF-1 ADJ   Tu1: Nbr 192.168.127.2: Clean-up dbase exchange

Aug 10 23:48:19.626 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:19.786 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:20.578 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:20.754 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:21.542 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:21.718 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:22.486 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:22.670 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:23.414 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:23.602 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:24.390 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:24.518 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:25.346 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:25.470 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:26.274 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:26.470 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:27.262 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:27.422 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:28.214 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:28.362 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:29.198 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:29.346 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:30.110 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:30.254 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:31.030 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Aug 10 23:48:31.230 MSK: OSPF-1 HELLO Tu1: Rcv hello from 192.168.127.2 area 0 192.168.128.65

Aug 10 23:48:31.947 MSK: OSPF-1 HELLO Tu1: Send hello to 224.0.0.5 area 0 from 192.168.128.70

Only way to make OSPF adjacency become stable is manually flap Tunnel interface on spoke.

Is there any mistake in my configuration?

4 Replies 4

chr6is000
Level 1
Level 1

hello i could be wrong but it looks like your vpn's over lap

your 192.168.10.65 is on the 64 sub

and your 192.168.10.70 is on the same sub of 64, maybe change that to 192.168.128.129 so it is on the 128 sub

then make sure you set up vtp for vlan communications

Chris, thank you for suggestion.

192.168.128.65/26 - on Tunnel1 interface on Hub router.

192.168.128.70/26 - on Tunnel1 interface on Spoke router.

So I think that is ok.

Hi,

I had the same problem but in a test environment, to solve the issue i change the network type on the interfaces to broadcast, just make sure that the hub router become the DR:

HUB configuration:

interface Tunnel0
description HUB-DMVPN
ip address 10.100.0.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map multicast dynamic
ip nhrp network-id 100
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 255
ip ospf 1 area 51
tunnel source GigabitEthernet0/4
tunnel mode gre multipoint
tunnel key 100
end

SPOKE

interface Tunnel0
ip address 10.100.0.2 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp map 10.100.0.1 190.1.0.100
ip nhrp map multicast 190.1.0.100
ip nhrp network-id 100
ip nhrp nhs 10.100.0.1
ip tcp adjust-mss 1360
ip ospf network broadcast
ip ospf priority 0
ip ospf 1 area 51
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100
end

Ilya Shilov
Level 1
Level 1

Problem already described as CSCug63013.

Solution to delete 'if-state nhrp' from interface configuration on spoke.

Thanks TAC for help!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: