Nexus switch cannot establish ospf with IOS.

resourceproit · ‎08-29-2022

Hi Guys,

Recently, I used Nexus 3524-XL as the backup coreswitch to replace my Catalyst switch. However, the Nexus switch cannot learn to establish OSPF neighbor with my 2 IOS routers. I use GNS3 Lab to emulate and get the same issue.

However, when I replace the nexus switch with a normal switch, the neighbor can be learnt by 2 IOS routers[attachment1]:

HUB3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
192.168.245.6 1 FULL/BDR 00:00:39 10.1.15.4 Ethernet0/0

HUB-Router4#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
192.168.245.5 255 FULL/DR 00:00:35 10.1.15.3 Ethernet0/0

Even I try to establish HSRP and get the same issue: when replace nexus with normal switch, the standby neighbor is established:

HUB3#show standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 1 255 Active local unknown 10.1.15.1

HUB-Router4#show standby br
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 1 100 Standby 10.1.15.3 local 10.1.15.1

**********************below is the status of connecting to a nexus switch*************************

HSRP:

HUB3#show standby br
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 1 255 Active local unknown 10.1.15.1

HUB-Router4#show standby br
P indicates configured to preempt.
Interface Grp Pri P State Active Standby Virtual IP
Et0/0 1 100 Active local unknown 10.1.15.1

OSPF:

Nexus-Drill# show ip ospf interface brief
OSPF Process ID 1 VRF default
Total number of interface: 1
Interface ID Area Cost State Neighbors Status
Vlan15 1 0.0.0.0 40 DR 0 up

HUB3#show ip ospf neighbor

HUB-Router4#show ip ospf neighbor

*************Image in GNS3:***************************************************

NX-OS: titanium-final.7.3.0.D1.1.qcow2

IOS:i86bi-linux-l3-adventerprisek9-ms.155-2.T.bin

********************************************************************************

I also attached all configuration for these devices FYI. Can anyone help me to find the root cause and what should I do to make it right?

Thank you very much!

resourceproit · ‎08-29-2022

Below are the ospf status from Nexus and IOS:

Nexus:

Nexus-Drill# show ip ospf

Routing Process 1 with ID 192.168.245.1 VRF default
Routing Process Instance Number 1
Stateful High Availability enabled
Graceful-restart is configured
Grace period: 60 state: Inactive
Last graceful restart exit status: None
Supports only single TOS(TOS0) routes
Supports opaque LSA
This router is an autonomous system boundary
Administrative distance 220
Reference Bandwidth is 40000 Mbps
SPF throttling delay time of 200.000 msecs,
SPF throttling hold time of 1000.000 msecs,
SPF throttling maximum wait time of 5000.000 msecs
LSA throttling start time of 0.000 msecs,
LSA throttling hold interval of 5000.000 msecs,
LSA throttling maximum wait time of 5000.000 msecs
Minimum LSA arrival 1000.000 msec
LSA group pacing timer 10 secs
Maximum paths to destination 8
Number of external LSAs 0, checksum sum 0
Number of opaque AS LSAs 0, checksum sum 0
Number of areas is 1, 1 normal, 0 stub, 0 nssa
Number of active areas is 1, 1 normal, 0 stub, 0 nssa
Install discard route for summarized external routes.
Install discard route for summarized internal routes.
Default Passive Interface is enabled
Area BACKBONE(0.0.0.0) (Inactive)
Area has existed for 00:55:33
Interfaces in this area: 1 Active interfaces: 1
Passive interfaces: 0 Loopback interfaces: 0
No authentication available
SPF calculation has run 6 times
Last SPF ran for 0.000306s
Area ranges are
Number of LSAs: 1, checksum sum 0x5eee

IOS:

HUB-Router4#sho ip ospf
Routing Process "ospf 1" with ID 192.168.245.6
Start time: 00:00:10.083, Time elapsed: 01:10:04.386
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
Supports area transit capability
Supports NSSA (compatible with RFC 3101)
Supports Database Exchange Summary List Optimization (RFC 5243)
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
static, includes subnets in redistribution
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 1. Checksum Sum 0x00DAF5
Number of opaque AS LSA 0. Checksum Sum 0x000000
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support enabled
Cisco NSF helper support enabled
Reference bandwidth unit is 100 mbps
Area BACKBONE(0) (Inactive)
Number of interfaces in this area is 2 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:18:46.046 ago
SPF algorithm executed 5 times
Area ranges are
Number of LSA 3. Checksum Sum 0x020E52
Number of opaque link LSA 0. Checksum Sum 0x000000
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

resourceproit · ‎08-29-2022

Debug from NXOS and IOS:

NXOS:

Nexus-Drill# debug ip ospf all

2022 Aug 29 15:17:32.640646 ospf: 1 [5968] (default) aging slot 164
2022 Aug 29 15:17:32.910693 ospf: 1 [5968] (default) LAN hello out, ivl 10/40, options 0x02, mask /24, prio 1, dr 10.1.15.100, bdr 0.0.0.0 nbrs 0 on Vlan15 (area 0.0.0.0)
2022 Aug 29 15:17:32.910820 ospf: 1 [5968] ip_cl_output (0x82acb00 184 0xf6b9d9a0)
2022 Aug 29 15:17:32.911500 ospf: 1 [5968] ip_cl_output: good send
2022 Aug 29 15:17:32.911573 ospf: 1 [5968] (default) sent: prty:6 HELLO to 224.0.0.5/Vlan15
2022 Aug 29 15:17:41.840715 ospf: 1 [5968] (default) LAN hello out, ivl 10/40, options 0x02, mask /24, prio 1, dr 10.1.15.100, bdr 0.0.0.0 nbrs 0 on Vlan15 (area 0.0.0.0)
2022 Aug 29 15:17:41.840787 ospf: 1 [5968] ip_cl_output (0x82acb00 184 0xf6b9d9a0)
2022 Aug 29 15:17:41.841152 ospf: 1 [5968] ip_cl_output: good send
2022 Aug 29 15:17:41.841192 ospf: 1 [5968] (default) sent: prty:6 HELLO to 224.0.0.5/Vlan15
2022 Aug 29 15:17:42.650884 ospf: 1 [5968] (default) aging slot 165

IOS:

HUB-Router4#debug ip ospf 1 hello
OSPF hello debugging is on for process 1
HUB-Router4#
*Aug 29 15:17:14.277: OSPF-1 HELLO Et0/0: Send hello to 224.0.0.5 area 0 from 10.1.15.4
HUB-Router4#
*Aug 29 15:17:23.847: OSPF-1 HELLO Et0/0: Send hello to 224.0.0.5 area 0 from 10.1.15.4
HUB-Router4#

MHM Cisco World · ‎08-29-2022

check my below comment

Andrea Testino · ‎08-29-2022

I copied your configurations in a simple CML lab and the neighbors established just fine. One difference however is that I am using the NXOS 9000v image (closer to a Nexus 3K) as opposed to what seems to be a Nexus 7K image in your virtualized environment.

Can you share the configurations from the production or pre-production lab instead to make sure we are comparing apples to apples? Include the following as well from the N3K:

show ip interface brief | inc up
show ip ospf neighbors
show ip ospf interface brief
show module 
show version

P.S: layer3 peer-router is NOT required unless you have two Nexus in vPC. Based on your topology, it seems its a standalone Nexus device for now.

Below are the configurations, outputs and topology from my lab matching yours:

Nexus-1

Nexus-1# show run ospf

!Command: show running-config ospf
!Running configuration last done at: Mon Aug 29 16:32:27 2022
!Time: Mon Aug 29 16:38:53 2022

version 9.3(8) Bios:version  
feature ospf

router ospf 1
  router-id 192.168.245.1
  default-information originate
  distance 220
  passive-interface default

interface Vlan15
  no ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0


Nexus-1# show run int e1/1-2

!Command: show running-config interface Ethernet1/1-2
!Running configuration last done at: Mon Aug 29 16:32:27 2022
!Time: Mon Aug 29 16:38:59 2022

version 9.3(8) Bios:version  

interface Ethernet1/1
  switchport access vlan 15

interface Ethernet1/2
  switchport access vlan 15

Nexus-1# show ip int bri | inc up
Vlan15               10.1.15.100     protocol-up/link-up/admin-up       
Lo0                  192.168.245.7   protocol-up/link-up/admin-up       

Nexus-1# show ip ospf neighbors
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 192.168.245.5   255 FULL/DR          00:07:38 10.1.15.3       Vlan15 
 192.168.245.6     1 FULL/DROTHER     00:05:11 10.1.15.4       Vlan15 

Nexus-1# show run int vlan 15

!Command: show running-config interface Vlan15
!Running configuration last done at: Mon Aug 29 16:32:27 2022
!Time: Mon Aug 29 16:39:13 2022

version 9.3(8) Bios:version  

interface Vlan15
  no shutdown
  ip address 10.1.15.100/24
  no ip ospf passive-interface
  ip router ospf 1 area 0.0.0.0

Nexus-1# show run int loo0

!Command: show running-config interface loopback0
!Running configuration last done at: Mon Aug 29 16:32:27 2022
!Time: Mon Aug 29 16:39:15 2022

version 9.3(8) Bios:version  

interface loopback0
  ip address 192.168.245.7/24

Nexus-1# show cdp neighbors
Capability Codes: R - Router, T - Trans-Bridge, B - Source-Route-Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater,
                  V - VoIP-Phone, D - Remotely-Managed-Device,
                  s - Supports-STP-Dispute

Device-ID          Local Intrfce  Hldtme Capability  Platform      Port ID
Hub-3               Eth1/1         138    R B                     Gig0/1        
Hub-4               Eth1/2         129    R B                     Gig0/2        

Total entries displayed: 2

Hub-3

Hub-3#show run int g0/1
Building configuration...

Current configuration : 153 bytes
!
interface GigabitEthernet0/1
 description LAN
 ip address 10.1.15.3 255.255.255.0
 ip ospf priority 255
 duplex auto
 speed auto
 media-type rj45
end

Hub-3#show run int loo0
Building configuration...

Current configuration : 90 bytes
!
interface Loopback0
 description Hubself
 ip address 192.168.245.5 255.255.255.255
end

Hub-3#show run | s r o
router ospf 1
 passive-interface default
 no passive-interface GigabitEthernet0/1
 network 10.1.15.0 0.0.0.255 area 0
 network 192.168.245.0 0.0.0.255 area 0
 default-information originate
 distance ospf external 220
Hub-3#show ip int bri | inc up
GigabitEthernet0/1         10.1.15.3       YES manual up                    up      
Loopback0                  192.168.245.5   YES manual up                    up      
Hub-3#show ip ospf neig
Hub-3#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.245.1     1   FULL/BDR        00:00:39    10.1.15.100     GigabitEthernet0/1
192.168.245.6     1   FULL/DROTHER    00:00:37    10.1.15.4       GigabitEthernet0/1
Hub-3#

Hub-4

Hub-4#show run int g0/2
Building configuration...

Current configuration : 131 bytes
!
interface GigabitEthernet0/2
 description LAN
 ip address 10.1.15.4 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
end

Hub-4#show run int loo0
Building configuration...

Current configuration : 90 bytes
!
interface Loopback0
 description Hubself
 ip address 192.168.245.6 255.255.255.255
end

Hub-4#show run | s r o
router ospf 1
 passive-interface default
 no passive-interface GigabitEthernet0/2
 network 10.1.15.0 0.0.0.255 area 0
 network 192.168.245.0 0.0.0.255 area 0
 default-information originate
 distance ospf external 220
Hub-4#show ip int bri | inc up
GigabitEthernet0/2         10.1.15.4       YES manual up                    up      
Loopback0                  192.168.245.6   YES manual up                    up      

Hub-4#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
192.168.245.1     1   FULL/BDR        00:00:36    10.1.15.100     GigabitEthernet0/2
192.168.245.5   255   FULL/DR         00:00:32    10.1.15.3       GigabitEthernet0/2
Hub-4#

- Andrea, CCIE #56739 R&S

MHM Cisco World · ‎08-29-2022

interface Ethernet2/3
  switchport
  switchport access vlan 15
  no shutdown

I think He miss add no passive-interface under e2/3.
@resourceproit add it and You will be OK

Andrea Testino · ‎08-29-2022

That is actually a typo on his Eth2/1 interface:

interface Ethernet2/1
switchport
switchport access vlan 15
no ip ospf passive-interface <<<
no shutdown

That CLI is not possible on an interface with "switchport" configuration on it. In other words, you cannot configure L3 features on a switchport (L2) interface... If you tried it in the lab you will see it will not parse. The SVI (interface vlan 15) has "no ip ospf passive-interface" correctly and as you can see, works perfectly fine.

- Andrea, CCIE #56739 R&S

MHM Cisco World · ‎08-29-2022

thanks for answer,
so still one point, as I mention before and I read about NSK
the TTL =1 pass thorough NSK
this issue with routing protocol run vPC NSK, but same principle.
Hub send OSPF with TTL =1 to other Hub,
the NSK decrease the TTL which now be Zero and hence the packet drop
may be he need peer-router command to make NSK deal with TTL issue.

MHM Cisco World · ‎08-29-2022

I spent hours figure out what issue here
Area BACKBONE(0) (Inactive)<<-
this what I get, the ospf is inactive ?? this case only happened when the ospf shutdown or feature not enter
but It appear in both IOS and NSK ?
can you share more info ?
check the interface status is it UP/UP or not.
also if you use fiber then use UDLD to check if both direction is work or not.