This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Enterprise
Community Forums Switches
[Troubleshooting Series] ...

[Troubleshooting Series] Case 49 OSPF neighbor cannot establish

515 0 0 0
display all floors #1


Physical Network Topology

As shown in the figure, two CE12800 directly connected devices are configured with OSPF to establish OSPF neighbors.

Figure 1-1 OSPF neighbor cannot establish

090543ekwwwx2xxtw442o2.png

 

Fault Description

The OSPF neighbor relationship between the two devices cannot be established and the neighbor device cannot be discovered. The phenomenon is as follows:

[~R4U13-CE12800-SWITCH-A]dis ospf peer

After querying the command line, there is no echo.

Configuration Files

#
dfs-group 1
 source ip 10.1.1.1 
#
bridge-domain 10
 vxlan vni 5010
#
interface Vlanif100
 ip address 10.1.1.1 255.255.255.0
#
interface Vlanif1000
 ipv6 enable
 ip address 100.100.1.102 255.255.255.0
 ipv6 address 1000:1000::102/64
 ipv6 address auto link-local
 vrrp vrid 1 virtual-ip 100.100.1.101
 vrrp6 vrid 2 virtual-ip FE80::1 link-local
 vrrp6 vrid 2 virtual-ip 1000:1000::1000
#
interface Eth-Trunk1
 peer-link 1
 port vlan exclude 1000 
#
interface Eth-Trunk10
 port default vlan 1000
 dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
 encapsulation dot1q vid 4000
 bridge-domain 10
#
interface 10GE2/0/1
 undo portswitch
 ip address 102.1.1.2 255.255.255.0
 device transceiver 10GBASE-FIBER
#  
interface 10GE2/0/20
 eth-trunk 10
 device transceiver 10GBASE-FIBER
#
interface 10GE2/0/22
 eth-trunk 1    
 device transceiver 10GBASE-FIBER
#
interface LoopBack1
 ip address 5.5.5.5 255.255.255.255
#
interface Nve1
 source 5.5.5.5
 vni 5010 head-end peer-list 1.1.1.1
#
bgp 10088
 peer 102.1.1.1 as-number 10086
 #
 ipv4-family unicast
  import-route direct  
  peer 102.1.1.1 enable
#
ospf 100
 import-route direct
 import-route static
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 102.1.1.0 0.0.0.255

Troubleshooting Procedure

                               Step 1      Check the OSPF neighbors

[~R4U13-CE12800-SWITCH-A]dis ospf peer
[~R4U13-CE12800-SWITCH-A]

The OSPF neighbor was not found.

                               Step 2      Query OSPF error count:

[~R4U13-CE12800-SWITCH-A] display  ospf error
OSPF Process 100 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0           : IP: received my own packet     45          : Bad packet
0           : Bad version                    0           : Bad checksum
0           : Bad area id                    0           : Drop on unnumbered interface
0           : Bad virtual link               45          : Bad authentication type
0           : Bad authentication key         0           : Packet too small
0           : Packet size > ip length        0           : Transmit error
0           : Interface down                 0           : Unknown neighbor
HELLO packet errors:
0           : Netmask mismatch               0           : Hello timer mismatch
0           : Dead timer mismatch            0           : Extern option mismatch
0           : Router id confusion            0           : Virtual neighbor unknown
0           : NBMA neighbor unknown          0           : Invalid Source Address
DD packet errors:
1           : Neighbor state low             0           : Router id confusion
0           : Extern option mismatch         0           : Unknown LSA type
0           : MTU option mismatch
 
LS ACK packet errors:
0           : Neighbor state low             0           : Unknown LSA type
 
LS REQ packet errors:
0           : Neighbor state low             0           : Empty request
0           : Bad request
LS UPD packet errors:
0           : Neighbor state low             0           : Newer self-generate LSA
0           : LSA checksum bad               0           : Received less recent LSA
0           : Unknown LSA type
2           : Received LSA within LSA Arrival interval
Opaque errors:
0           : 9-out of flooding scope        0           : 10-out of flooding scope
0           : 11-out of flooding scope
Retransmission for packet over Limitation errors:
0           : Number for DD Packet           0           : Number for Update Packet
0           : Number for Request Packet
Receive Grace LSA errors:
0           : Number of invalid LSAs         0           : Number of policy failed LSAs
0           : Number of wrong period LSAs
Configuration errors:
0           : Tunnel cost mistake
0           : The network type of the neighboring interface is not consistent

As shown above, there is a statistical count of authentication failures in the statistics count and is rising all the time.

Continue to query the command line display ospf error packets

[~R4U13-CE12800-SWITCH-A-diagnose]  display ospf error packet
Bad packet index           :1
Packet source              :102.1.1.1
Packet destination         :224.0.0.5
Packet recorded interface  :10GE2/0/1 (40)
Packet drop reason         :AUTHENTICATION_TYPE_MISMATCH
Received time              :2018-07-29 10:56+02:00
Packet length              :80
Packet content             :
45 C0 00 3C 03 5C 00 00 01 59 6E 32 66 01 01 01
E0 00 00 05 02 01 00 2C 11 01 01 01 00 00 00 00
00 00 00 02 00 00 01 10 00 23 B9 E6 FF FF FF 00
00 0A 02 01 00 00 00 28 66 01 01 01 00 00 00 00
90 F3 78 2A AE 0B F9 96 35 0B E4 86 8F D8 A9 65

The reason why the OSPF neighbor cannot be established is that the authentication fails.

Modify the authentication mode:

interface 10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
ospf authentication-mode md5 1 cipher test

After the modification, the OSPF neighbor relationship can be established. The details are as follows:

[~R4U13-CE12800-SWITCH-A-10GE2/0/1]ospf authentication-mode md5  1 cipher test
[*R4U13-CE12800-SWITCH-A-10GE2/0/1]comm
[~R4U13-CE12800-SWITCH-A-10GE2/0/1]dis this
#
interface 10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
ospf authentication-mode md5 1 cipher %^%#Ek*C$***5I(]>;@wV050o/hQ$MmQz5MIDL;wZ-=>%^%#
device transceiver 10GBASE-FIBER
#
return
[~R4U13-CE12800-SWITCH-A]dis ospf peer
OSPF Process 100 with Router ID 10.1.1.1
Area 0.0.0.0 interface 102.1.1.2 (10GE2/0/1)'s neighbors
Router ID: 17.1.1.1           Address : 102.1.1.1
State    : Full               Mode    : Nbr is Master      Priority: 1
DR       : 102.1.1.1          BDR     : None               MTU     : 0
Dead timer due (in seconds) : 38
Retrans timer interval      : 5
Neighbor up time            : 00h00m03s
Authentication Sequence     : 2341510

----End

Root Cause

The OSPF authentication mode configured on the devices at both ends does not match.

 


  • x
  • convention:

Helpful (0) Favorite(0) Share Report
Back to list

Reply

Reply
Advanced
B Color Image Link Quote Code Smilies
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy Terms of Use
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.

Fast reply Scroll to top