Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
883
Views
0
Helpful
2
Replies

Strange issue with MTU and OSPF

roysm
Level 1
Level 1

‎01-24-2019 12:42 AM - edited ‎03-05-2019 11:12 AM

Hi

 

I wonder if anyone has come across this. We have an ASA cluster of 2 * 5585. There is a port-channel interface from the cluster to a Nexus 7706 switch. The port-channel is a trunk interface as there are a lot of vlan interfaces configured on the ASA. We have OSPF configured on 1 of the sub-interfaces between the cluster and switch. 

 

We have had the MTU set to 9000 on the port-channel sub-interface on the cluster and the vlan interface on the Nexus switch. This has been in place and working without an issue for the past 18 months.

 

The other day, the OSPF routes on the ASA stopped being redistributed and users could not access anything behind the firewall. Upon investigation, the ASA and switch neighbor status was in EXSTART and EXCHANGE (Unfortunately, I did not take proper notes as I was under pressure to get it back up but I think it was EXSTART on the switch and EXCHANGE on the ASA).

 

After checking the MTU settings, everything looked correct. Removing the interface configs and re-applying did not resolve the issue. I then remove the MTU settings, which put it back to 1500 and the OSPF neighbors re-established, the routes re-distributed and users could access the servers. If I put the MTU 9000 back on both devices, nothing worked, so I have now had to leave the connection with an MTU of 1500. So far, this is not causing any issues but I will keep monitoring. 

 

Does anyone have any idea why this would suddenly break? Has anybody seen this before? No work was being done on the ASA or switch prior to the issue, so this is a bit of a strange one. 

 

Thanks

Roy

0 Helpful
2 Replies 2

Georg Pauwen
VIP
VIP

‎01-24-2019 01:09 AM

Hello,

 

the ASA has the 'ospf mtu-ignore' interface command, you could try and configure that and check if that makes a difference...

0 Helpful

roysm
Level 1
Level 1
In response to Georg Pauwen

‎01-24-2019 06:42 AM

Unfortunately I became aware of that command after I got it back up with MTU 1500. I am adding it to my list of things to try, if and when I get the chance to test it out but that will require some downtime. 

 

I was just hoping that someone had perhaps seen this issue, where OSPF would just stop because of MTU.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card