Re: OSPF fails in EXSTART to Nokia from Cisco3750

Jim Bell · ‎07-09-2009

Hi There,

We are having issues getting OSPF up between a Nokia and a Cisco 3750. Basically stuck in EXSTART mode (see attachment).

NOKIA Interface is a Logical Interface (vlan) and OSPF MTU is 1500 same as on Cisco 3750.Firewall rule created to allow OSPF and multicast etc.

Any ideas ?

Thanks in advance.

John Blakley · ‎07-09-2009

What type of firewall do you have? Can you allow, for testing, all traffic (not just ospf and multicast) from the 10.0.0.1 to 10.0.0.2?

HTH,

John

HTH, John *** Please rate all useful posts ***

Jim Bell · ‎07-09-2009

Hi John,

FW is CP NGX R65 - not able to allow for any traffic at moment.

Harold Ritter · ‎07-09-2009

Jim,

Can you try configuring "no capability lls" under the ospf process. I have seen this as an issue with Nokia interoperability in the past. The Nokia should just ignore the lls information but it doesn't in certain level of code.

Just for your information LLS is used for graceful restart and is defined by RFC4813.

http://tools.ietf.org/html/rfc4813

Regards

Regards,
Harold Ritter, CCIE #4168 (EI, SP)

Jim Bell · ‎07-09-2009

Harold,

We tried that on the 3750 without success.

Jim.

Giuseppe Larosa · ‎07-10-2009

Hello Jim,

from the log you have provided we see:

Jul 9 07:49:29.089: OSPF: Retransmitting DBD to 10.0.0.1 on vlan222 [1]

Jul 9 07:49:29.106: OSPF: Rcv DBD from 10.0.0.1 on vlan222 seq 0x4A559AE1 opt 0x2 flag 0x7 len 32 mtu 1500 state EXSTART

Jul 9 07:49:29.106: OSPF: First DBD and we are not SLAVE

it looks like the C3750 is disappointed of receiving a DBD from other side when it thinks to be the master in the exstart communication.

It is the master that should start to talk according to RFC2328 it looks like they don't agree on master role.

Hope to help

Giuseppe

Jim Bell · ‎07-10-2009

Hi Guiseppe,

Thanks for the reply - it may well be an Ospf compatability issue. Found the following for our version of IPSO 4.2

IPSO 4.2

Table 33 Global Settings for OSPF Parameter Description

RFC1583 Compatibility This implementation of OSPF is based on RFC2178, which fixed some looping problems in an earlier specification of OSPF. If your implementation is running in an environment with OSPF implementations based on RFC1583 or earlier, enable RFC 1583 compatibility to ensure backwards compatibility.

We did try with RFC1583 compatabilty set on both ASA and Nokia with same results.

Jim.

Jim Bell · ‎07-15-2009

Update - Issue now resolved.

Network capture indicated OSPF DBD packets were being delivered to the firewall interface, but no indication of this in the FW logs.

A FW stealth rule was silently dropping (& not logging) OSPF DBD packets directed to FW interface. OSPF rules moved to before stealth rule and all now working.

Thanks

Giuseppe Larosa · ‎07-15-2009

Hello Jim,

you have been kind to provide the happy end of this story.

This makes this thread complete and useful.

Best Regards

Giuseppe

cisco24x7 · ‎07-15-2009

You can detect this problem using these methods:

1- Run tcpdump on the Nokia and look for proto 69.

2- run checkpoint "fw monitor" and you can see if the packet being dropped.