Solved: OSPF- MTU and Multicast question

siddhartham · ‎10-22-2013

I did a search for this topic and read couple of posts but didn't get a clear idea- Can someone explain my below questions

1- Why does the MTU mismatch make the routers stuck between 2-way and exstart state- OSPF build a DB or LSU with more than 1500 bytes and OSPF doesn't hava capability to fragment the packets but the IP layer will fragment the packets if the Link's MTU is less than the packet created by OSPF- If thats the why does the neighborship fail?

2. All the OSPF packets (hello, DB,LSR,LSU) are sent to Dst address 224.0.0.5 multicast address-Doest that mean any device with that multicast mac adress cann see that OSPF packets?

Siddhartha

Nagendra Kumar Nainar · ‎10-24-2013

Sidarth,

Lets say- Router A creates an OSPF packet of 3000 bytes but the LINK MTU on Router A is configured as 2000 bytes,

Router A will not send a packet of size 3000 bytes before moving from Exstart to Exchange state in OSPF neighbor state machine.

After Router A and B learn about each otehr via OSPF hello (whcih is 2 WAY), they send Database Desription packet which will be of size around 100 bytes. THis packet doesnt carry any LSA. Instead, it is like a negotiation phase to perform the below,

1. Master/Slave election.

2. MTU information.

DDB will carry the egress interface MTU in MTU field. Receiving router will check if the MTU sent by neighbor is less than or more than its incoming interface MTU. If it is more, it realizes that it cannot receive any OSPF apcket sent from neighbor of that MTU size and so will ignore the packet and will not respond back. This is to ensure that neighbors dont get stuck trying to send bulk DDB packets (with LSA details).

Then the IP layer will fragment the OSPF packet packet and puts them on the link

Not required. Router A will originate teh packet based on its egress interface MTU. In your example, the egress interface MTU is 2000 and so OSPF packet will be generated based on the same.

Now Lets say Router B's link MTU is set at 1500 bytes- When Router B gets the OSPF packet from Router-A, it will discard the packet- why doesn't the Router B send a IP fragmentation needed message?

Any router on receiving a packet of size S and if the egress interface is less than S, it by default fragment and send it out. WHile fragmenting, this happens @ layer 3 (IP layer) and it will include necessary information like offset so that receiver and rejoin the packet. But this is possible ONLY if the packet reaches the control plane of the router. In your example, the incoming interface doesnt process the packet and the interface ASIC is the one whcih will be dropping the packet. Interface ASIC, per my understanding doenst have any intelligence otehr than forwarding. So there is no ICMP message or fragmentation happens. As mentioned above, fragmentation or ICMP error origination happens nly if the apcket reaches Layer 3 whcih is not your case

HTH,

Nagendra

View solution in original post

Rolf Fischer · ‎10-22-2013

Hi Siddhartha,

1) A OSPF hello packet doesn't have a field for the MTU; hellos are small, so a neighborship can be established after biderectional hello communication (there is no PMTUD done like TCP does). DBDs, in contrast, have a MTU field. Here you can find a very interesting document regarding that topic:

https://supportforums.cisco.com/docs/DOC-14722

2) The scope of 244.0.0.x multicast addresses is link-local (*), so actually all devices in the segment will receive this packets. This is why authentication is recommended. With OSPFv3 (IPv6) you can even encrypt the packets with IPSec ESP.

HTH

Rolf

(*): See RFC 4541 2.1.2.2

siddhartham · ‎10-23-2013

Thanks Rolf, I already read that document but didn't get a clear idea---for example- two routers are connected to each other and if router-A creates a OSPF packet bigger than the link MTU size the IP layer should fragment the packet and send it to Router-B unless the GF bit is set. If thats the case why does the neighborship fail?

Siddhartha

Vignesh Rajendran Praveen · ‎10-24-2013

Hi Siddhartha,

"if router-A creates a OSPF packet bigger than the link MTU size" - kindly confirm what is the MTU size that you have in mind.

With respect to the second question yes you are correct.

Thanks & Regards,

Vignesh R P

Vignesh Rajendran Praveen · ‎10-24-2013

Hi Siddhartha,

Regarding Question 1 -

Section 10.6 of RFC 2328 says:

If the Interface MTU field in the Database Description packet indicates an IP datagram size that is larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected.

Regarding Question 2 -

Yes you are correct.

***********Plz do rate this post if you found it helpful*************************

Thanks & Regards,

Vignesh R P

siddhartham · ‎10-24-2013

Thanks Vignesh

Lets say- Router A creates an OSPF packet of 3000 bytes but the LINK MTU on Router A is configured as 2000 bytes, Then the IP layer will fragment the OSPF packet packet and puts them on the link. Now Lets say Router B's link MTU is set at 1500 bytes- When Router B gets the OSPF packet from Router-A, it will discard the packet- why doesn't the Router B send a IP fragmentation needed message?

Siddhartha

Nagendra Kumar Nainar · ‎10-24-2013

Sidarth,

Lets say- Router A creates an OSPF packet of 3000 bytes but the LINK MTU on Router A is configured as 2000 bytes,

Router A will not send a packet of size 3000 bytes before moving from Exstart to Exchange state in OSPF neighbor state machine.

After Router A and B learn about each otehr via OSPF hello (whcih is 2 WAY), they send Database Desription packet which will be of size around 100 bytes. THis packet doesnt carry any LSA. Instead, it is like a negotiation phase to perform the below,

1. Master/Slave election.

2. MTU information.

DDB will carry the egress interface MTU in MTU field. Receiving router will check if the MTU sent by neighbor is less than or more than its incoming interface MTU. If it is more, it realizes that it cannot receive any OSPF apcket sent from neighbor of that MTU size and so will ignore the packet and will not respond back. This is to ensure that neighbors dont get stuck trying to send bulk DDB packets (with LSA details).

Then the IP layer will fragment the OSPF packet packet and puts them on the link

Not required. Router A will originate teh packet based on its egress interface MTU. In your example, the egress interface MTU is 2000 and so OSPF packet will be generated based on the same.

Now Lets say Router B's link MTU is set at 1500 bytes- When Router B gets the OSPF packet from Router-A, it will discard the packet- why doesn't the Router B send a IP fragmentation needed message?

Any router on receiving a packet of size S and if the egress interface is less than S, it by default fragment and send it out. WHile fragmenting, this happens @ layer 3 (IP layer) and it will include necessary information like offset so that receiver and rejoin the packet. But this is possible ONLY if the packet reaches the control plane of the router. In your example, the incoming interface doesnt process the packet and the interface ASIC is the one whcih will be dropping the packet. Interface ASIC, per my understanding doenst have any intelligence otehr than forwarding. So there is no ICMP message or fragmentation happens. As mentioned above, fragmentation or ICMP error origination happens nly if the apcket reaches Layer 3 whcih is not your case

HTH,

Nagendra