10-19-2018 08:45 AM
Hi guys.
I'm hitting wield issue with OSPF via DVTI VPN.
Whenever VPN established I got OSPF routing tables populated on both sides. in some different time (it looks like after VPN key renegotiation?) I see tunnel is up from both sides (HUB and spoke) but HUB routing table missed routers from spoke but still keeping them in OSPF topology table and database. So. outputs bellow:
-= HUB =-
gate(config)#do sh cry sess bri
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
K - No IKE
ivrf = (none)
Peer I/F Username Group/Phase1_id Uptime Status
192.206.151.130 Vi2 gate-test.sidko.org 02:01:30 UA
gate(config)#
gate(config)#do sh ip route ospf | e N1
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 198.48.188.1 to network 0.0.0.0
172.16.0.0/16 is variably subnetted, 11 subnets, 5 masks
172.28.0.0/16 is variably subnetted, 2 subnets, 2 masks
-= there is NO routes from spoke router installed to routing table, but they existed in topology table. At the same time database output shows those routes have status "*>" best and installed to routing table!!! =-
gate(config)#
gate(config)#do sh ip ospf rou | b Area 3
gate#sh ip ospf rib
OSPF Router with ID (192.168.172.1) (Process ID 17)
Base Topology (MTID 0)
OSPF local RIB
Codes: * - Best, > - Installed in global RIB
-= ommited for briefly =-
Area 3
Intra-area Route List
*> 192.168.174.49/32, Intra, cost 1001, area 3
via 192.168.174.250, Virtual-Access2
*> 192.168.174.65/32, Intra, cost 1001, area 3
via 192.168.174.250, Virtual-Access2
* 192.168.174.249/32, Intra, cost 1, area 3, Connected
via 192.168.174.249, Loopback3
*> 192.168.174.250/32, Intra, cost 1001, area 3
via 192.168.174.250, Virtual-Access2
-= output ommited for briefly =-
running debug for OSPF didn't help. Everything looks good:
debug ip ospf packets
Oct 19 10:41:11 gate.sidko.org 471585: Oct 19 10:41:10.009: OSPF-17 PAK : rcv. v:2 t:1 l:48 rid:192.168.174.250 aid:0.0.0.3 chk:0 aut:2 keyid:2 seq:0x5BC97DD3 from Virtual-Access2
debug ip ospf adj
Oct 19 10:53:53 gate.sidko.org 472116: Oct 19 10:53:53.303: OSPF-17 ADJ Vi2: Send with youngest Key 2
Oct 19 10:54:31 gate.sidko.org 472126: Oct 19 10:54:30.952: OSPF-17 ADJ Vi2: Send with youngest Key 2
Oct 19 10:54:51 gate.sidko.org 472133: Oct 19 10:54:50.301: OSPF-17 ADJ Vi2: Send with youngest Key 2
Oct 19 10:55:10 gate.sidko.org 472137: Oct 19 10:55:09.042: OSPF-17 ADJ Vi2: Send with youngest Key 2
spoke output bellow and different. spoke routing table populated by hub subnets more than 10 hours but HUB subnets is not pingable (of course, because return path doesn’t exist at hub).
-= spoke =-
gate-test#sh ip int bri
-= committed for briefly =-
GigabitEthernet0 10.5.23.47 YES DHCP up up
Loopback2 192.168.174.250 YES NVRAM up up
Loopback3 192.168.174.49 YES NVRAM up up
Loopback4 192.168.174.65 YES NVRAM up up
NVI0 192.168.174.250 YES unset up up
Tunnel0 192.168.174.250 YES TFTP up up
gate-test#
gate-test#sh cry sess bri
Status: A- Active, U - Up, D - Down, I - Idle, S - Standby, N - Negotiating
K - No IKE
ivrf = (none)
Peer I/F Username Group/Phase1_id Uptime Status
198.48.188.59 Tu0 198.48.188.59 02:02:07 UA
gate-test#
gate-test#sh ip rou ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is 10.5.23.254 to network 0.0.0.0
192.168.172.0/28 is subnetted, 1 subnets
O IA 192.168.172.0 [110/1001] via 192.168.174.249, 10:57:15, Tunnel0
192.168.174.0/24 is variably subnetted, 7 subnets, 3 masks
O 192.168.174.249/32 [110/1001] via 192.168.174.249, 10:57:15, Tunnel0
gate-test#
gate-test#pin 192.168.172.2 re 3
Type escape sequence to abort.
Sending 3, 100-byte ICMP Echos to 192.168.172.2, timeout is 2 seconds:
...
Success rate is 0 percent (0/3)
gate-test#
After I manually reset that VPN tunnel (doesn’t matter side) everything back again (routing tables populated at both sides) and in some e time (I guess after second, third and so on... VPN negotiation. I decrease VPN renegotiation down to 3 hours for both sides and after first renegotiation OSPF always successfully installs spoke routes to hub routing table) routes disappears from HUB routing table but still present in HUB topology table.
Any thoughts?
Thank you.
10-22-2018 07:27 AM
It's been duplicated OSPF ID key issue. This issue resolved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide