|
Problem Description
GGSN Vervsion: V900R008C01SPH316,
Firewall: juniper
After integration between GGSN and Firewall, the services are down
No alarm
Handling Process
Current GGSN configuration
#
interface Eth-Trunk16
workmode backup
ip binding vpn-instance vrf-gimm
ip address 10.213.5.226 255.255.255.252
ospf network-type p2p
#
ospf 400 vpn-instance vrf-gimm
import-route wlr cost 200 route-policy WLR2OSPF
vpn-instance-capability simple
route-tag 0
area 0.0.0.0
network 10.213.5.224 0.0.0.3
Ping physical OK. Display routing table show that OSPF is not up.
<GGSN>display ospf routing
OSPF Process 400 with Router ID 10.213.5.246
Routing Tables Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.213.5.224/30 1 Stub 10.213.5.226 10.213.5.246 0.0.0.0
It shows that only physical subnet import to OSPF. GGSN has not imported IP pool to OSPF, it has not studied any OSPF network from peer side either.
Root Cause N/A
Solution
Ask customer to debug OSPF in 2 minutes
debugging ospf packet
t m
t d
The check sending and receiving packet Sending:
OSPF 400: SEND Packet.
*0.132832701 GGNH02 RM/6/RMDEBUG: Source Address: 10.213.5.230
*0.132832701 GGNH02 RM/6/RMDEBUG: Destination Address: 224.0.0.5
*0.132832701 GGNH02 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
*0.132832702 GGNH02 RM/6/RMDEBUG: Length: 48, Router: 10.213.5.246
*0.132832702 GGNH02 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: d2d3
*0.132832702 GGNH02 RM/6/RMDEBUG: AuType: 00
*0.132832702 GGNH02 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
*0.132832703 GGNH02 RM/6/RMDEBUG: Net Mask: 255.255.255.252
*0.132832703 GGNH02 RM/6/RMDEBUG: Hello Int: 1, Option: _E_
*0.132832703 GGNH02 RM/6/RMDEBUG: Rtr Priority: 1, Dead Int: 4
*0.132832703 GGNH02 RM/6/RMDEBUG: DR: 0.0.0.0
*0.132832703 GGNH02 RM/6/RMDEBUG: BDR: 0.0.0.0
*0.132832704 GGNH02 RM/6/RMDEBUG: # Attached Neighbors: 1
*0.132832704 GGNH02 RM/6/RMDEBUG: Neighbor: 10.213.13.88
*0.132832704 GGNH02 RM/6/RMDEBUG: Hello Extended Options: _
Receving
OSPF 400: RECV Packet.
*0.132832921 GGNH02 RM/6/RMDEBUG: Source Address: 10.213.5.233
*0.132832921 GGNH02 RM/6/RMDEBUG: Destination Address: 224.0.0.5
*0.132832921 GGNH02 RM/6/RMDEBUG: Ver# 2, Type: 1 (Hello)
*0.132832921 GGNH02 RM/6/RMDEBUG: Length: 48, Router: 10.213.13.88
*0.132832922 GGNH02 RM/6/RMDEBUG: Area: 0.0.0.0, Chksum: a0d7
*0.132832922 GGNH02 RM/6/RMDEBUG: AuType: 00
*0.132832922 GGNH02 RM/6/RMDEBUG: Key(ascii): 0 0 0 0 0 0 0 0
*0.132832922 GGNH02 RM/6/RMDEBUG: Net Mask: 255.255.255.252
*0.132832923 GGNH02 RM/6/RMDEBUG: Hello Int: 1, Option: _E_
*0.132832923 GGNH02 RM/6/RMDEBUG: Rtr Priority: 128, Dead Int: 4
*0.132832923 GGNH02 RM/6/RMDEBUG: DR: 10.213.5.233
*0.132832923 GGNH02 RM/6/RMDEBUG: BDR: 10.213.5.234
*0.132832923 GGNH02 RM/6/RMDEBUG: # Attached Neighbors: 1
*0.132832924 GGNH02 RM/6/RMDEBUG: Neighbor: 10.213.5.246
*0.132832924 GGNH02 RM/6/RMDEBUG: Hello Extended Options: _L_LR_
From debugging packet DR and BDR, we can see that network type in GGSN is P2P but network type Firewall side is broadcast. After ask Juniper engineer check again, they change configure to P2P, the problem was solve.
Suggestions and Summary
OSPF network type must be match between GGSN and Firewall
Before analyzing, I have ask customer about network type but the confirm that network type is P2P in both 2 side,
but finally i check that Firewall is still broadcast type. Some time we should not trust peer side, It is better if we can make sure from the log file
| 
Favorite (0)
Reply
