11-01-2011 08:09 AM - edited 03-04-2019 02:07 PM
Hi
I'm having a problem with OSPF, between an ASA 5585 ver. 8.4(2) and a couple of 6509 running
Version 12.2(33)SXI3.
Once or twice a day, the OSPF session goes down to both 6509 boxes, and the ASA loses connection to the
network.
With OSPF displays I can see, that there is retransmissions in both directions, and the log on 6509 states that the neiborship has gone down because of to many retransmissions.
Here is a couple of displays:
From 6509
Oct 30 04:33:23.484 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from FULL to DOWN, Neighbor Down: Too many retransmissions
Oct 30 04:34:23.488 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from DOWN to DOWN, Neighbor Down: Ignore timer expired
Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from DOWN to INIT, Received Hello
Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from INIT to 2WAY, 2-Way Received
Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from 2WAY to EXSTART, AdjOK?
Oct 30 04:34:24.044 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from EXSTART to EXCHANGE, Negotiation Done
Oct 30 04:34:24.076 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from EXCHANGE to LOADING, Exchange Done
Oct 30 04:34:24.076 CET: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.17.129 on Vlan971 from LOADING to FULL, Loading Done
DC1WD01#sh ip ospf nei det vlan 971
Neighbor dcx-asa-test.bdpnet.dk, interface address 10.7.247.254
In the area 0.0.0.0 via interface Vlan971
Neighbor priority is 0, State is FULL, 6 state changes
DR is 10.7.240.1 BDR is 10.7.240.2
Options is 0x2 in Hello (E-bit )
Options is 0x2 in DBD (E-bit )
Dead timer due in 00:00:03
Neighbor is up for 06:58:31 OSPF connection lost to ASA
Index 4/4, retransmission queue length 0, number of retransmission 8
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 20, maximum is 244
Last retransmission scan time is 0 msec, maximum is 0 msec
Neighbor dc2wd01.bdpnet.dk, interface address 10.7.240.2
In the area 0.0.0.0 via interface Vlan971
Neighbor priority is 254, State is FULL, 6 state changes
DR is 10.7.240.1 BDR is 10.7.240.2
Options is 0x12 in Hello (E-bit L-bit )
Options is 0x52 in DBD (E-bit L-bit O-bit)
LLS Options is 0x1 (LR)
Dead timer due in 00:00:03
Neighbor is up for 3w1d But not to the other 6509
Index 16/16, retransmission queue length 0, number of retransmission 0
First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
ASA:
dcx-asa-test/act# sh ospf nei det
Neighbor 10.255.255.244, interface address 10.7.240.1
In the area 0.0.0.0 via interface inside
Neighbor priority is 255, State is FULL, 12 state changes
DR is 10.7.240.1 BDR is 10.7.240.2
Options is 0x52
Dead timer due in 0:00:03
Neighbor is up for 6:59:42
Index 1/1, retransmission queue length 0, number of retransmission 51
First 0x0000000000000000(0)/0x0000000000000000(0) Next 0x0000000000000000(0)/0x0000000000000000(0)
Last retransmission scan length is 22, maximum is 41
Last retransmission scan time is 0 msec, maximum is 0 msec
Neighbor 10.255.255.243, interface address 10.7.240.2
In the area 0.0.0.0 via interface inside
Neighbor priority is 254, State is FULL, 12 state changes
DR is 10.7.240.1 BDR is 10.7.240.2
Options is 0x52
Dead timer due in 0:00:03
Neighbor is up for 6:59:39
Index 2/2, retransmission queue length 0, number of retransmission 0
First 0x0000000000000000(0)/0x0000000000000000(0) Next 0x0000000000000000(0)/0x0000000000000000(0)
Last retransmission scan length is 0, maximum is 0
Last retransmission scan time is 0 msec, maximum is 0 msec
MTU and Auth/MD5 password settings are alined.
There is no errors beeing reported on the physical interfaces 2 times 10 Gig running Etherchannel.
Any ideas why the OSPF connections is lost.??
Thanks in advance.
Jesper Damsgaard / JN DATA Denmark
11-01-2011 09:23 AM
Hi Jesper,
The ASAs are failing almost at the same time. look at the "Neighbor is up" for each ASA.
Neighbor is up for 6:59:39
Neighbor is up for 6:59:42
what is the mask used for vlan 971?
everything is in 10.7.240.x but not this one below
10.7.247.254
HTH
11-02-2011 12:41 AM
Hi Reza
Mask on vlan 971 is /21, so 10.7.247.254 is the last address on the subnet.
I'm running a trace on the etherchannel at the moment, to get a closer look on what happens, when the OSPF neiborship is terminated / established.
Jesper
We have found the reason for the retransmissions, and ultimately the break down of the OSPF session, the interface between the ASA and the 6509, was configured with an MTU of 9216.
It turns out that the ASA only supports MTU up to 9198 Bytes, even though the documentation states 65535 Bytes.
We have reported the error to Cisco.
Message was edited by: JESPER DAMSGAARD
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide