No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The OSPF Neighbor Relationship Cannot Be Set Up Between the NE20 and the S8505

Publication Date:  2012-07-27 Views:  74 Downloads:  0
Issue Description
OSPF is run on the network and the network type is P2P. The firewall runs in combined mode. Two firewalls perform load balancing and the upstream and downstream interfaces are configured with the trunk. OSPF is run between two NE20s, and between the NE20 and the S8505. The firewalls are not enabled with OSPF and transparently transmit OSPF packets only. The trunk vlan all command is configured between two S8505s.            
Alarm Information

Null

Handling Process

According to the collect debugging information on NE20-2, the neighbor relationship between NE20-2 and S85-2 is not set up and remains Init. Run the reset ospf command on NE20-2, and the relationship fails to be set up. Other neighbor relationships are normal.

At the time, NE20-2 receives a Hello packet from S85-2 and the firewall does not discard the packets.
NE20-2 needs to set up the neighbor relationship with S85-2, but it does not use the source address 10.87.15.105 to send the Hello packet to S85-2. Instead, NE20-2 passes 10.87.15.105 -> FW2 -> S85-2 -> S85-1 -> FW-1 -> NE20-1. It sends the Hello packet to NE20-1. In this case, only S85-2 sends a Hello packet to NE20-2, but NE20-2 does not send the Hello packet to S85-2. The neighbor relationship cannot be set up.
The debugging information on NE20-2 is as follows:
The packet is sent from NE20-2 to NE20-1 through the source address 10.87.15.105. The packet is not sent to S85-2 whose router ID is 10.87.15.123. NE20-2 does not send the Hello packet to S85-2.
OSPF 1: SEND Packet.                 
  Source Address: 10.87.15.105       ��》source IP address
  Destination Address: 224.0.0.5     
  Ver# 2, Type: 1 (Hello)            
  Length: 48, Router: 10.87.15.121   ��》Router ID
  Area: 0.0.0.0, Chksum: c829        
  AuType: 00                         
  Key(ascii): 0 0 0 0 0 0 0 0        
  Net Mask: 255.255.255.252          
  Hello Int: 2, Option: _E_          
  Rtr Priority: 1, Dead Int: 6       
  DR: 0.0.0.0                        
  BDR: 0.0.0.0                       
  # Attached Neighbors: 1            
    Neighbor: 10.87.15.120 ��》Router ID of the neighbor
  Hello Extended Options:  _         
The packet is sent from S85-2 to NE20-2.
OSPF 1: RECV Packet.         
  Source Address: 10.87.15.106
  Destination Address: 224.0.
  Ver# 2, Type: 1 (Hello)    
  Length: 48, Router: 10.87.15.123
  Area: 0.0.0.0, Chksum: c826
  AuType: 00                 
  Key(ascii): 0 0 0 0 0 0 0 0
  Net Mask: 255.255.255.252  
  Hello Int: 2, Option: _E_  
  Rtr Priority: 1, Dead Int: 
  DR: 0.0.0.0                
  BDR: 0.0.0.0               
  # Attached Neighbors: 1    
    Neighbor: 10.87.15.121   
  Hello Extended Options:  _
Analysis:
1. From the debugging information on NE20-2, the packet that is sent by S85-2 is not discarded by the firewall. The multicast packets are increasing in the inbound and outbound interfaces of the firewall. When the network is P2P, packets are multicast ones. The firewall transparently transmits multicast packets even packet filtering is disabled.
2. The neighbor relationship between NE20-2 and S85-2 fails to be set up.
3. NE20-2 receives the Hello packet of S85-1 in broadcast mode. Because the network is P2P, a loop occurs and the neighbor relationship fails to be set up.
It is confirmed that the trunk vlan all command is configured between two S8505s. The Hello packet is broadcast. As a result, NE20-2 receives the Hello packet of S85-1. The neighbor relationship is not set up.

The S8505s transparently transmit packets of the VLAN only. After the configuration changes, the problem is solved and the neighbor relationship is set up. 

      
Root Cause

1. The configuration fails.

2. The version of the device is incorrect. 

Suggestions

Null

END