Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12812
Views
5
Helpful
18
Replies

Palo Alto to 3850 OSPF failing

Go to solution
smolz
Level 4
Level 4

‎05-31-2018 02:09 PM - edited ‎03-08-2019 03:12 PM

Recently started upgrading our 3850's to 16.3.6 and now seeing OSPF failures every 2-4 days.  Randomly the adjacency will fail after the Palo is not seeing 4 hello. Then it takes 20-30 minutes for the adjacency to come back.

 

Any else seeing this behavior?  Palos are running 7.1.10 except for one that is running 8.0.9

6 people had this problem
Labels:
0 Helpful
18 Replies 18

Go to solution
Stephen Buck
Level 1
Level 1
In response to Harold Ritter

‎05-03-2019 09:02 AM

While we are waiting to upgrade the 3850 code to 16.3.8, we've implemented the "ip ospf lls disable" on the interface facing the Palo to see if the issue goes away. We'll remove the command a couple of days before the switch code upgrade to verify that the upgrade fixes the issue and I'll report back.

 

What's interesting is that we have not run the "ip ospf lls disable" on any of the other cisco switches that are facing Palo Altos in the environment and we don't see the adjacency going down. The site that is running 16.3.6 on the 3850s is the only location where we are seeing this issue.

 

According to a note from Cisco, "You may want to disable LLS on a per-interface basis depending on your network design. For example, disabling LLS on an interface that is connected to a non-Cisco device that may be noncompliant with RFC 2328 can prevent problems with the forming of Open Shortest Path First (OSPF) neighbors in the network."

 

If the Palo was noncompliant with RFC 2328, I would suspect that we'd see the adjacency going down at all our locations, rather than just this one site.

0 Helpful

Go to solution
Stephen Buck
Level 1
Level 1
In response to Stephen Buck

‎05-06-2019 02:10 PM

running the command "ip ospf lls disable" on the interface facing the Palo Alto did not resolve the issue. We're planning on upgrading the 3850 code to 16.3.8 next week and I'll update this thread with the results.

 

@Stephen Buck wrote:

While we are waiting to upgrade the 3850 code to 16.3.8, we've implemented the "ip ospf lls disable" on the interface facing the Palo to see if the issue goes away. We'll remove the command a couple of days before the switch code upgrade to verify that the upgrade fixes the issue and I'll report back.

 

0 Helpful

Go to solution
Steven Williams
Level 4
Level 4
In response to Stephen Buck

‎07-23-2019 01:17 PM

and the solution was?? please update the thread as promised.
0 Helpful

Go to solution
Stephen Buck
Level 1
Level 1
In response to Stephen Buck

‎07-23-2019 03:56 PM

Sorry for the delay. We upgraded to 16.3.8 and the issue has been resolved. It was a bug in the 16.3.6 code.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card