Physical Network Topology
As shown in the figure, two CE12800 directly connected devices are configured with OSPF to establish OSPF neighbors.
Figure 1-1 OSPF neighbor cannot establish
Fault Description
The OSPF neighbor relationship between the two devices cannot be established and the neighbor device cannot be discovered. The phenomenon is as follows:
[~R4U13-CE12800-SWITCH-A]dis ospf peer
After querying the command line, there is no echo.
Configuration Files
#
dfs-group 1
source ip 10.1.1.1
#
bridge-domain 10
vxlan vni 5010
#
interface Vlanif100
ip address 10.1.1.1 255.255.255.0
#
interface Vlanif1000
ipv6 enable
ip address 100.100.1.102 255.255.255.0
ipv6 address 1000:1000::102/64
ipv6 address auto link-local
vrrp vrid 1 virtual-ip 100.100.1.101
vrrp6 vrid 2 virtual-ip FE80::1 link-local
vrrp6 vrid 2 virtual-ip 1000:1000::1000
#
interface Eth-Trunk1
peer-link 1
port vlan exclude 1000
#
interface Eth-Trunk10
port default vlan 1000
dfs-group 1 m-lag 500
#
interface Eth-Trunk10.1 mode l2
encapsulation dot1q vid 4000
bridge-domain 10
#
interface 10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
device transceiver 10GBASE-FIBER
#
interface 10GE2/0/20
eth-trunk 10
device transceiver 10GBASE-FIBER
#
interface 10GE2/0/22
eth-trunk 1
device transceiver 10GBASE-FIBER
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
interface Nve1
source 5.5.5.5
vni 5010 head-end peer-list 1.1.1.1
#
bgp 10088
peer 102.1.1.1 as-number 10086
#
ipv4-family unicast
import-route direct
peer 102.1.1.1 enable
#
ospf 100
import-route direct
import-route static
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 102.1.1.0 0.0.0.255
#
Troubleshooting Procedure
Step 1 Check the OSPF neighbors
[~R4U13-CE12800-SWITCH-A]dis
ospf peer
[~R4U13-CE12800-SWITCH-A]
The OSPF neighbor was not found.
Step 2 Query OSPF error count:
[~R4U13-CE12800-SWITCH-A]
display ospf error
OSPF Process 100 with Router ID 10.1.1.1
OSPF error statistics
General packet errors:
0 : IP: received my
own packet
45 : Bad packet
0 : Bad
version 0
: Bad checksum
0 : Bad area
id
0 : Drop on
unnumbered interface
0 : Bad virtual
link
45 : Bad
authentication type
0 : Bad
authentication key 0
: Packet too small
0 : Packet size
> ip length
0 : Transmit error
0 : Interface
down
0 : Unknown neighbor
HELLO packet errors:
0 : Netmask
mismatch
0 : Hello
timer mismatch
0 : Dead timer
mismatch
0 : Extern option
mismatch
0 : Router id
confusion
0 : Virtual
neighbor unknown
0 : NBMA neighbor
unknown
0 : Invalid Source
Address
DD packet errors:
1 : Neighbor state
low
0 : Router id
confusion
0 : Extern option
mismatch
0 : Unknown LSA
type
0 : MTU option
mismatch
LS ACK packet errors:
0 : Neighbor state
low
0 : Unknown LSA
type
LS REQ packet errors:
0 : Neighbor state
low
0 : Empty request
0 : Bad request
LS UPD packet errors:
0 : Neighbor state
low
0 : Newer
self-generate LSA
0 : LSA checksum
bad
0 : Received less
recent LSA
0 : Unknown LSA
type
2 : Received LSA
within LSA Arrival interval
Opaque errors:
0 : 9-out of
flooding scope
0 : 10-out of
flooding scope
0 : 11-out of
flooding scope
Retransmission for packet over Limitation errors:
0 : Number for DD
Packet
0 : Number for
Update Packet
0 : Number for
Request Packet
Receive Grace LSA errors:
0 : Number of
invalid LSAs
0 : Number of
policy failed LSAs
0 : Number of wrong
period LSAs
Configuration errors:
0 : Tunnel cost mistake
0 : The network
type of the neighboring interface is not consistent
As shown above, there is a statistical count of authentication failures in the statistics count and is rising all the time.
Continue to query the command line display ospf error packets
[~R4U13-CE12800-SWITCH-A-diagnose]
display ospf error packet
Bad packet index :1
Packet
source
:102.1.1.1
Packet destination :224.0.0.5
Packet recorded interface :10GE2/0/1 (40)
Packet drop reason :AUTHENTICATION_TYPE_MISMATCH
Received
time
:2018-07-29 02:56+02:00
Packet
length
:80
Packet
content
:
45 C0 00 3C 03 5C 00 00 01 59 6E 32 66 01 01 01
E0 00 00 05 02 01 00 2C 11 01 01 01 00 00 00 00
00 00 00 02 00 00 01 10 00 23 B9 E6 FF FF FF 00
00 0A 02 01 00 00 00 28 66 01 01 01 00 00 00 00
90 F3 78 2A AE 0B F9 96 35 0B E4 86 8F D8 A9 65
The reason why the OSPF neighbor cannot be established is that the authentication fails.
Modify the authentication mode:
interface
10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
ospf authentication-mode md5 1 cipher test
After the modification, the OSPF neighbor relationship can be established. The details are as follows:
[~R4U13-CE12800-SWITCH-A-10GE2/0/1]ospf
authentication-mode md5 1 cipher test
[*R4U13-CE12800-SWITCH-A-10GE2/0/1]comm
[~R4U13-CE12800-SWITCH-A-10GE2/0/1]dis this
#
interface 10GE2/0/1
undo portswitch
ip address 102.1.1.2 255.255.255.0
ospf authentication-mode md5 1 cipher %^%#Ek*C$***5I(]>;@wV050o/hQ$MmQz5MIDL;wZ-=>%^%#
device transceiver 10GBASE-FIBER
#
return
[~R4U13-CE12800-SWITCH-A]dis ospf peer
OSPF Process 100 with Router ID 10.1.1.1
Area 0.0.0.0 interface 102.1.1.2 (10GE2/0/1)'s neighbors
Router ID: 17.1.1.1
Address : 102.1.1.1
State :
Full
Mode : Nbr is Master Priority:
1
DR :
102.1.1.1
BDR :
None
MTU : 0
Dead timer due (in seconds) : 38
Retrans timer interval : 5
Neighbor up time :
00h00m03s
Authentication Sequence : 2341510
----End
Root Cause
The OSPF authentication mode configured on the devices at both ends does not match.