Hi guys.

I'm hitting wield issue with OSPF via DVTI VPN.

Whenever VPN established I got OSPF routing tables populated on both sides. in some different time (it looks like after VPN key renegotiation?) I see tunnel is up from both sides (HUB and spoke) but HUB routing table missed routers from spoke but still keeping them in OSPF topology table and database. So. outputs bellow:

-= HUB =-

gate(config)#do sh cry sess bri

Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating

        K - No IKE

ivrf = (none)

           Peer     I/F        Username          Group/Phase1_id   Uptime Status

192.206.151.130     Vi2                      gate-test.sidko.org 02:01:30    UA

gate(config)#

gate(config)#do sh ip route ospf | e N1

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override

Gateway of last resort is 198.48.188.1 to network 0.0.0.0

      172.16.0.0/16 is variably subnetted, 11 subnets, 5 masks

      172.28.0.0/16 is variably subnetted, 2 subnets, 2 masks

-= there is NO routes from spoke router installed to routing table, but they existed in topology table. At the same time database output shows those routes have status "*>" best and installed to routing table!!! =-

gate(config)#

gate(config)#do sh ip ospf rou | b  Area 3

gate#sh ip ospf rib

            OSPF Router with ID (192.168.172.1) (Process ID 17)

                Base Topology (MTID 0)

OSPF local RIB

Codes: * - Best, > - Installed in global RIB

-= ommited for briefly =-

    Area 3

    Intra-area Route List

*>  192.168.174.49/32, Intra, cost 1001, area 3

      via 192.168.174.250, Virtual-Access2

*>  192.168.174.65/32, Intra, cost 1001, area 3

      via 192.168.174.250, Virtual-Access2

*   192.168.174.249/32, Intra, cost 1, area 3, Connected

      via 192.168.174.249, Loopback3

*>  192.168.174.250/32, Intra, cost 1001, area 3

      via 192.168.174.250, Virtual-Access2

-= output ommited for briefly =-

running debug for OSPF didn't help. Everything looks good:

debug ip ospf packets

Oct 19 10:41:11 gate.sidko.org 471585: Oct 19 10:41:10.009: OSPF-17 PAK  : rcv. v:2 t:1 l:48 rid:192.168.174.250 aid:0.0.0.3 chk:0 aut:2 keyid:2 seq:0x5BC97DD3 from Virtual-Access2

debug ip ospf adj

Oct 19 10:53:53 gate.sidko.org 472116: Oct 19 10:53:53.303: OSPF-17 ADJ   Vi2: Send with youngest Key 2

Oct 19 10:54:31 gate.sidko.org 472126: Oct 19 10:54:30.952: OSPF-17 ADJ   Vi2: Send with youngest Key 2

Oct 19 10:54:51 gate.sidko.org 472133: Oct 19 10:54:50.301: OSPF-17 ADJ   Vi2: Send with youngest Key 2

Oct 19 10:55:10 gate.sidko.org 472137: Oct 19 10:55:09.042: OSPF-17 ADJ   Vi2: Send with youngest Key 2

spoke output bellow and different. spoke routing table populated by hub subnets more than 10 hours but HUB subnets is not pingable (of course, because return path doesn’t exist at hub).

-= spoke =-

gate-test#sh ip int bri

-= committed for briefly =-

GigabitEthernet0           10.5.23.47      YES DHCP   up                    up

Loopback2                  192.168.174.250 YES NVRAM  up                    up

Loopback3                  192.168.174.49  YES NVRAM  up                    up

Loopback4                  192.168.174.65  YES NVRAM  up                    up

NVI0                       192.168.174.250 YES unset  up                    up

Tunnel0                    192.168.174.250 YES TFTP   up                    up

gate-test#

gate-test#sh cry sess bri

Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating

        K - No IKE

ivrf = (none)

           Peer     I/F        Username          Group/Phase1_id   Uptime Status

  198.48.188.59     Tu0                            198.48.188.59 02:02:07    UA

gate-test#

gate-test#sh ip  rou ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override

Gateway of last resort is 10.5.23.254 to network 0.0.0.0

      192.168.172.0/28 is subnetted, 1 subnets

O IA     192.168.172.0 [110/1001] via 192.168.174.249, 10:57:15, Tunnel0

      192.168.174.0/24 is variably subnetted, 7 subnets, 3 masks

O        192.168.174.249/32 [110/1001] via 192.168.174.249, 10:57:15, Tunnel0

gate-test#

gate-test#pin 192.168.172.2 re 3

Type escape sequence to abort.

Sending 3, 100-byte ICMP Echos to 192.168.172.2, timeout is 2 seconds:

...

Success rate is 0 percent (0/3)

gate-test#

After I manually reset that VPN tunnel (doesn’t matter side) everything back again (routing tables populated at both sides) and in some e time (I guess after second, third and so on... VPN negotiation. I decrease VPN renegotiation down to 3 hours for both sides and after first renegotiation OSPF always successfully installs spoke routes to hub routing table) routes disappears from HUB routing table but still present in HUB topology table.

Any thoughts?

Thank you.