ospf troubleshoot lab
DESCRIPTION
OSPF Troubleshooting LabTRANSCRIPT
GNS3 Lab: Troubleshoot and Resolve Routing Issues OSPFOpen Shortest Path First (OSPF) is one of the most widely used IGP routing protocols. Implementing OSPF may not be a big deal but it is always a big deal to trouble-shoot OSPF. A network engineer has to take care of many aspects of configuration in order to deal with OSPF troubleshooting. And I know all of you are now very comfortable with OPSF implementation (Thanks to previous articles published here about OSPF).
In this article, we are going to learn how to trouble-shoot and resolve OSPF routing. Before i I start, I want to tell you that I made a GNS3 topology for you, which is configured with IP addresses and hostname so you can get the GNS3 file from the download link posted here and start with described configuration in this article.In the real environment, our OSPF neighborship often goes down, and we have to check some common possible causes for the breakdown. The most common problems with OSPF neighborship are:1. Reachability2. Neighbors must be in same area3. Neighbors must be using same primary subnet4. Authentication must be properly implemented on both neighbors (if configured)5. Timers (hello and dead interval) must be same on neighbors6. MTU (Maximum Transmission Unit) must be same7. Router Id must be unique on neighbors8. Area flags (stub, nssa NSSA, etc.) must be same on OSPF neighbors
Fig.1 shows a scenario where OSPF is configured with Process_id 1 and Area 1 between two routers, in New York and Washington.I already configured IP addresses, so just start the devices in GNS3 and enable OSPF routing with the following commands:NewYork(config)#router ospf 1NewYork(config-router)#network 12.1.1.1 0.0.0.0 area 1NewYork(config-router)#network 1.1.1.1 0.0.0.0 area 1Washington(config)#router ospf 1Washington(config-router)#network 12.1.1.2 0.0.0.0 area 1Washington(config-router)#network 2.2.2.2 0.0.0.0 area 1After configuring the above commands, you will get following log message for OSPF neighborship formation:*Mar 1 00:03:44.511: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on Serial0/0 from LOADING to FULL, Loading DoneOkay, for now your OSPF routing is configured, so its time to prove OSPF neighborship conditions, which will make you more confident while resolving OSPF issues in a real environment. So lets start with the first one,1. Reachability:: To check this condition, just shut down the serial interface of any router.NewYork(config)#int serial 0/0NewYork(config-if)#shutdownYou will get this log message: *Mar 1 00:37:11.335: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from FULL to DOWN, Neighbor Down: Interface down or detachedTo get your OSPF neighborship up again, bring up your interface:NewYork(config)#int s0/0NewYork(config-if)#no shutdown1. Neighbor must be in same area: To check this condition, just advertise the serial interface network under OSPF configuration with any area-id other than 1; for example, just configure Router New York as:NewYork(config)#router ospf 1NewYork(config-router)#network 12.1.1.1 0.0.0.0 area 2After advertising the network in area 2, you will see that your neighborship will goes down. Advertise it in area 1 again to form your neighborship.And if you use debug ip OSPF adj , you will get the following log message, which indicates mismatch area-id: *Mar 1 02:02:30.151: OSPF: Rcv pkt from 12.1.1.2, Serial0/0, area 0.0.0.0mismatch area 0.0.0.1 in the headerUseful Tshoot commands for area mismatch: show ip ospfOSPF interface interface-id (eg- sh ip ospf int s0/0) show ip protocol debug ip ospf adj2. Neighbors must be using same primary subnet: definitely, if your neighbor is in a different subnet, then your OSPF neighborship will definitely not be formed because it will not be reachable at all. I dont think I need to prove this point, since we already covered this at in the reachability section. If you want, then change the serial interface ip address of Router Washington to 13.1.1.2/30 and then check.3. Authentication must be properly configured on both neighbors: You can configure three kinds of authentication with OSPF. The first one is Null (use no authentication, just like description), the second one is plain text authentication, and the third one is the most important and widely used MD5 Authentication. You can configure OSPF authentications by using the following commands:For Null Authentication,NewYork(config)#interface s0/0NewYork(config-if)#ip ospf authentication nullFor Plain Text Authentication,NewYork(config)#interface s0/0NewYork(config-if)#ip ospf authentication /* to enable plain text authenticationNewYork(config-if)#ip ospf authentication-key cisco123 /* to set passwordFor MD5 Authentication,NewYork(config)#interface s0/0NewYork(config-if)#ip ospf authentication message-digest /* to enable md5 authentication.NewYork(config-if)#ip ospf message-digest-key 1 md5 cisco123 /to set passwordNote: For plain text authentication, key-string (cisco123 in my eg) must be the same on OSPF neighbors but, for MD5 authentication, key-id and key-string must be same (key-id is 1 and key-string is cisco123 in my description)If OSPF authentication is not properly configured (a mismatch of key-id or key string) then you can debug OSPF adjacency (debug ip ospf adj) and you will get logs for mismatch authentication key, as shown in fig. 2.
Useful Tshoot commands to check OSPF authentication: * show ip OSPF interface interface-id (eg- sh ip ospf int s0/0) * show run interface interface-id (eg sh run int s0/0) * debug ip ospf adj2. OSPF hello and dead intervals must be the same: Timers plays an important role for OSPF neighborship formation. Both hello and dead intervals must match on OSPF neighbors. By default, the hello interval is 10 sec and the dead interval is 40 sec for fast links; for slow links, the hello interval is 30 sec and the dead interval is 120 sec. Fig. 3 displays the output of the show ip ospf int s0/0 command, where you can check multiple useful configurations.
To configure OSPF timers:NewYork(config)#int s0/0NewYork(config-if)#ip ospf hello-interval SecondsNewYork(config-if)#ip ospf dead-interval SecondsUseful Tshoot Commands to show OSPF Timers :: * show ip OSPF interface interface-id (eg- sh ip ospf int s0/0) * show run interface interface-id (eg sh run int s0/0)2. MTU (Maximum Transmission Unit): If the MTU is not the same between OSPF neighbors, then your neighborship can be stuck in exstart state. Fig. 4 shows the result of checking the MTU. And you can change the MTU by using the following commands:
Washington(config)#int s0/0Washington(config-if)#ip mtu 1490Washington(config-if)#shut /* MTU takes effect only with reload so reload interfaceWashington(config-if)#no shut
Note: You will get a Log message for MTU mismatch like *Mar 1 01:02:40.955: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Serial0/0 from EXCHANGE to DOWN, Neighbor Down: Too many retransmissionsBut it is always better to use ip opsf mtu-ignore for an interface which is configured with least MTU.1. Router-Id must be unique on neighbors: If the OSPF router-id is the same on neighbors, then they will not form an OSPF neighborship and you will get OSPF detected duplicate router-id log message, as follows:Log Message for same router-id*Mar 1 01:15:42.855: %OSPF-4-DUP_RTRID_NBR: OSPF detected duplicate router-id 1.1.1.1 from 12.1.1.1 on interface Serial0/0 Useful Tshoot commands to check the OSPF router-id: * show ip ospfOSPF interface interface-id (eg- sh ip ospf int s0/0) * show ip protocol
1. Area flags (stub, NSSA, etc.) must be the same on OSPF neighbors: if an area is configured as stub or NSSA, then OSPF neighbors must be configured with the same area flag. Fig. 6 shows the output of show ip protocol that results when an area is configured as stub.Note: OSPF network type should the same on neighbors for proper OSPF database exchange.There are many commands to check OSPF status and configuration, but I personally recommend the following commonly used commands that will help you to troubleshoot most OSPF issues.For neighbor relationships, local configuration issues, and routing problems you can use the following commands for OSPF troubleshooting.1. * show ip ospf neighborsDisplays adjacent neighbors, router ID of neighbors, neighbor state/DR-BDR state, IP addresses/interfaces, and dead time of neighbors.2. * show ip ospf interfacesDisplays OSPF interfaces. You can also use show ip ospf intinterface-id for eg. sh ip ospf s0/0, as shown in Fig. 3.3. * show ip protocolsYou can check OSPF process-id, status, and networks that are being advertised and, most important, you can check the router-id with this command. It also provide information for area types configured (normal, stub, NSSA, etc.)For missing routes and filtering problems, you can use following commands to resolve OSPF issues:1. * show ip ospf databaseDisplays LSA types per area, advertising router, Link ID (subnet), and age.2. * show ip route ospfDisplays OSPF routes that are being received from neighbors and their administrative distances, with cost.The following debug commands can also useful in troubleshooting OSPF issues:1. * debug ip ospf adjacency is used to debug neighbor adjacencies2. * debug ip ospf events is used to debug OSPF network eventsI always enjoy technology with my work and, day to day. I try to make it easier so everyone can understand it. I personally believe that, without understanding, one cannot be comfortable with technologies.If you really like this article, then please say thanks to intenseschool.com for providing you with such technologies from the best of technical professionals from all over the world.References : Guide to Cisco Certified Network Associate Certification by Todd Lammle Routing TCP/IP Vol. 1 by Jeff Doyle CCNPRoute Quick Reference by Denis Donohou, Ciscopress.com Cisco Certified Internetwork Expert by Wendell Odom and others, Ciscopress.com Cisco Certified Internetwork Expert Quick Reference by Brad Ellis, Ciscopress.com http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/12151-trouble-main.html
GNS3TroubleshootingOSPF/.DS_Store
__MACOSX/GNS3TroubleshootingOSPF/._.DS_Store
GNS3TroubleshootingOSPF/configs/NewYork.cfg!!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname NewYork!boot-start-markerboot-end-marker!
no aaa new-modelmemory-size iomem 5ip cef!!!!!multilink bundle-name authenticated!!!!!!!!!!!!!!!!!!!!!archive log config hidekeys! !!!!!!!interface Loopback1 ip address 1.1.1.1 255.255.255.255!interface FastEthernet0/0 no ip address shutdown duplex auto speed auto!interface Serial0/0 ip address 12.1.1.1 255.255.255.252 clock rate 2000000!interface FastEthernet0/1 no ip address shutdown duplex auto speed auto!interface Serial0/1 no ip address shutdown clock rate 2000000!ip forward-protocol nd!!ip http serverno ip http secure-server!!!!!!!control-plane!!!!!!!!!!line con 0line aux 0line vty 0 4 login!!end
GNS3TroubleshootingOSPF/configs/Washington.cfg!!version 12.4service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Washington!boot-start-markerboot-end-marker!
no aaa new-modelmemory-size iomem 5ip cef!!!!!multilink bundle-name authenticated!!!!!!!!!!!!!!!!!!!!!archive log config hidekeys! !!!!!!!interface Loopback1 ip address 2.2.2.2 255.255.255.255!interface FastEthernet0/0 no ip address shutdown duplex auto speed auto!interface Serial0/0 ip address 12.1.1.2 255.255.255.252 clock rate 2000000!interface FastEthernet0/1 no ip address shutdown duplex auto speed auto!interface Serial0/1 no ip address shutdown clock rate 2000000!ip forward-protocol nd!!ip http serverno ip http secure-server!!!!!!!control-plane!!!!!!!!!!line con 0line aux 0line vty 0 4 login!!end
GNS3TroubleshootingOSPF/topology.netautostart = Falseversion = 0.8.3[127.0.0.1:7200] workingdir = C:\Users\Scorpio\AppData\Local\Temp udp = 10000 [[3725]] image = D:\Gurgaon\GNS3\C3725-AD.BIN ram = 256 idlepc = 0x60bf8ba0 sparsemem = True ghostios = True [[ROUTER NewYork]] model = 3725 console = 2001 aux = 2501 cnfg = configs\NewYork.cfg wic0/0 = WIC-2T s0/0 = Washington s0/0 x = -400.0 y = -67.0 z = 1.0 hx = 3.5 hy = 39.0 [[ROUTER Washington]] model = 3725 console = 2002 aux = 2502 cnfg = configs\Washington.cfg wic0/0 = WIC-2T s0/0 = NewYork s0/0 x = -24.0 y = -81.0 z = 1.0 hx = -1.5 hy = 39.0[GNS3-DATA] configs = configs [[NOTE 1]] text = "Loopback 1\n2.2.2.2/32" x = 46.0 y = -84.0 font = "MS Shell Dlg 2,11,-1,5,75,0,0,0,0,0" color = "#aa007f" [[NOTE 2]] text = "AREA 1" x = -209.0 y = -29.0 font = "MS Shell Dlg 2,12,-1,5,75,0,0,0,0,0" color = "#b30000" [[NOTE 3]] text = "Loopback 1\n1.1.1.1/32" x = -496.0 y = -72.0 font = "MS Shell Dlg 2,11,-1,5,75,0,0,0,0,0" color = "#aa007f" [[NOTE 4]] text = "12.1.1.0/30" x = -224.0 y = -93.0 font = "MS Shell Dlg 2,11,-1,5,75,0,0,0,0,0" color = "#00a87b" [[NOTE 5]] text = ".1" x = -327.0 y = -82.0 [[NOTE 6]] text = "OSPF 1" x = -202.0 y = -121.0 font = "MS Shell Dlg 2,12,-1,5,75,0,0,0,0,0" color = "#0000ab" [[NOTE 7]] text = ".2" x = -51.0 y = -82.0 [[SHAPE 1]] type = ellipse x = -355.0 y = -151.0 width = 370.0 height = 200.0 fill_color = "#ffff7f" border_color = "#009fee" border_style = 2 z = -1.0