Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1236
Views
0
Helpful
1
Replies

OSPF hello and dead timer

ticonaru
Level 1
Level 1

‎09-10-2008 07:09 AM - edited ‎03-06-2019 01:17 AM

I have one cluster of Juniper firewalls in an OSPF routing domain with Cisco routers. A few weeks ago we put an inline Sourcefire IPS between the firewalls and the routers, and lately we see OSPF neighbor marked down on the firewalls, because of hello timeouts.

Our timers are 2 seconds for hello and 6 seconds for dead interval. My question is, are these timers too low ? Has anybody experienced issues with OSPF with these kind of timers?

Thanks.

Labels:
0 Helpful
1 Reply 1

akbindal
Level 1
Level 1

‎09-10-2008 07:17 AM

Hi,

As we have put IPS in Inline mode there can be 2 possibilities here :

1. Check the signatures and rules on the IPS whether it is allowing the OSPF hello packets to pass through in first place in between the Juniper Firewalls and the Cisco Routers..

2. Also, IPS devices are known to have latency through them..try increasing the OSPF timers to probably the default values on the Broadcast LAN interface and observe again..

As such there is no known issue with lower timer values in OSPF..

You can also try taking debug ip ospf outputs to check whether hello packets are actually received at either ends or at cisco routers end..

HTH

Akhil

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card