No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Troubleshooting OSPF Neighbor Establishment Failure

Publication Date:  2012-07-27 Views:  36 Downloads:  0
Issue Description
Version: NE80E V300R002C06B325
Network topology: The S8505 is connected with the NE80E through four GE links. OSPF is enabled on each link to establish four neighbors.
Fault symptom: Only two OSPF neighbors are established, and the other two fail to be established.
19.129.22.254  19.129.22.98   1    36          Vlan-interface235   Full/DR
19.129.22.254  19.129.22.102  1    37          Vlan-interface236   Full/DR
19.129.22.10   21.10.116.53   1    40          Vlan-interface202   Init
19.129.22.10   19.129.22.225  1    36          Vlan-interface229   Init
 
Alarm Information
Null
Handling Process
Capture packets at the downlink of NP. The source IP address of the packets is the IP address of Gigabit 2/0/1 and the destination IP address is 244.0.0.5. The packets are multicast packets.
[NE80E-diag-ne5000]efu me slo 2 e d ring-packet fwd_to_cp h 10
[PACKET DATA]:
0100 5E00 0005 0018 821F 7833 0800 45C0
0040 3701 0000 0159 B3AB XXXX XXXX E000
0005 0201 002C DB81 160A 0000 0000 1C23
0000 0000 0000 0000 0000 FFFF FFFC 000A
The source IP address is a local IP address, which indicates that the packets are attack packets. Configure an ACL to filter out the attack packets. After the packets are filtered out, the OSPF neighbors can be established. The problem is solved.
19.129.22.10   21.10.116.53   1    40          Vlan-interface202   full
19.129.22.10   19.129.22.225  1    36          Vlan-interface229   full
 
Root Cause
Configure an ACL rule on the NE80E to check whether the NE80E can receive OSPF packets from the S8505. The test shows that the NE80E receives no such packets.
[NE80E]acl 2008
[NE80E-acl-basic-2008]rule 5 permit source 21.10.X.X 0
<NE80E>debug ip packet acl 2008
<NE80E>dis debugging
OSPF global debugging state:
OSPF EVENT debugging is on
IP packet debugging is on ( ACL:2008 )
<NE80E>t m
Info:Current terminal monitor is on
<NE80E>t d
Info:Current terminal debugging is on
Enable the debugging of the messages, but no information can be displayed. Therefore, no packet sent from S8505 is received at the OSPF layer. The packets may be lost on the links, or discarded at a lower layer. Check whether there is abnormal count for discarded packets at the lower layer. There is no abnormal discarding, but a large number of OSFP packets are delivered to the upper layer.
[NE80E-diag-ne5000]efu me slo 2 i d c a c
[ EXCP_ID_IPV4_RESERVED_MC_OSPF ] = 2411654 ( 0x24CC86 )
Delivering a large number of OSPF packets will cause packet loss on CP-CAR. Display the count of CP-CAR packet loss.
[NE80E-diag-ne5000]efu qos cp-car cnt_show 2 clear
Excp ID : Green : Yellow : Red
16 P : 0x00000000000024ba : 0x0000000000000000 : 0x000000000025e077
B : 0x00000000000b30ac : 0x0000000000000000 : 0x000000000b8a6364
Delivering a large number of packets prevents normal packets from being sent to the upper layer. Therefore, all the OSPF neighbors of the interfaces on the interface board cannot be established (on slot 2). 
 
Suggestions
To solve such problems caused by OSPF attack packets, configure ACLs to filter out attack packets. 

END