SRX Services Gateway
Reply
8I
Visitor
8I
Posts: 5
Registered: ‎09-10-2009
0

SRX240 --> Cisco 3560 OSPF Issue?

Here is a summary of what I'm seeing...

 

The devices establish OSPF adjacency but it goes down every 40 seconds. When the OSPF adjacency goes down the SRX reports that OSPF timers expired:

 

Sep  9 12:07:28.307230 RPD_OSPF_NBRDOWN: OSPF neighbor 10.1.10.2 (realm ospf-v2 vlan.10 area 0.0.0.0) state changed from Full to Down due to InActiveTimer (event reason: neighbor was inactive and declared dead)

   

At the same time the Cisco device reports the following:

 

*Mar  2 02:36:31: OSPF: Cannot see ourself in hello from 1.1.1.1 on Vlan10, state INIT

   

This seems to indicate that the Cisco device is not sending hello packets but the output of "debug ip ospf hello" shows that the Cisco is sending hello packets every 10 seconds (default ospf timers)

 

*Mar  2 01:40:12: OSPF: Send hello to 224.0.0.5 area 0 on Vlan10 from 10.1.10.2    <-- Hello packet received

*Mar  2 01:40:22: OSPF: Send hello to 224.0.0.5 area 0 on Vlan10 from 10.1.10.2    <-- Hello packets sent every 10sec

 

   

The output of "monitor traffic interface ge-0/0/15.0 no-resolve detail" confirms that the Cisco device is sending and that the SRX is receiving these hello packets:

 

17:09:12.099523  In IP (tos 0xc0, ttl   1, id 55612, offset 0, flags [none], proto: OSPF (89), length: 80) 10.1.10.2 > 224.0.0.5: OSPFv2, Hello, length 60 [len 48]  <-- Hello packet received

        Router-ID 10.1.10.2, Backbone Area, Authentication Type: none (0)

        Options [External, LLS]

          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 150

          Designated Router 10.1.10.2, Backup Designated Router 10.1.10.1

          Neighbor List:

            1.1.1.1

          LLS: checksum: 0xfff6, length: 3

            Extended Options (1), length: 4

              Options: 0x00000001 [LSDB resync]

17:09:22.106560  In IP (tos 0xc0, ttl   1, id 55616, offset 0, flags [none], proto: OSPF (89), length: 80) 10.1.10.2 > 224.0.0.5: OSPFv2, Hello, length 60 [len 48]   <-- Hello packet received every 10 secs matching Cisco "debug ip ospf hello" output

        Router-ID 10.1.10.2, Backbone Area, Authentication Type: none (0)

        Options [External, LLS]

          Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.0, Priority 150

          Designated Router 10.1.10.2, Backup Designated Router 10.1.10.1

          Neighbor List:

            1.1.1.1

          LLS: checksum: 0xfff6, length: 3

            Extended Options (1), length: 4

              Options: 0x00000001 [LSDB resync]

    

When I "monitor traffic interface vlan.10 no-resolve detail" I only see hello packets every 40 secs. Are ospf hello packets getting lost between the physical interface and the vlan interface?

 

I tried to include more info but message exceeded the 20K character limit :smileyhappy:

Distinguished Expert
mikep
Posts: 483
Registered: ‎06-30-2009

Re: SRX240 --> Cisco 3560 OSPF Issue?

Hi,

 

could you please attache your configuration? Thanks!

 

Kind Regards

Michael Pergament

8I
Visitor
8I
Posts: 5
Registered: ‎09-10-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

Attached.
Distinguished Expert
mikep
Posts: 483
Registered: ‎06-30-2009

Re: SRX240 --> Cisco 3560 OSPF Issue?

Hi,

 

IMHO you should open a Case for this issue. I cannot find any problem report regarding OSPF for 9.5. Any chance you could try 9.6 (however I cannot give you any guarantee it will work)?  Sorry that I cannot help your further on this!

 

Kind Regards

Michael Pergament

8I
Visitor
8I
Posts: 5
Registered: ‎09-10-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

We were running 9.6 and downgraded to 9.5 for testing purposes. This is a demo box. A ticket was opened a couple of days ago and still waiting on a resolution. I just wanted to see if anyone else had experienced a similar problem.
Contributor
Hedia
Posts: 93
Registered: ‎05-28-2008
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

Hello,

 

I'm currently doing some config with OSPF between clusters of SRX240 running JunOS 9.6 and Cisco Catalyst 3750...

No problem !!

 

Regards,

 

Hedi

 

 

8I
Visitor
8I
Posts: 5
Registered: ‎09-10-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

[ Edited ]

Mind sharing configs/diagram? Is my config similar to yours? Are you configuring physical ports as L2 trunks with vlan interfaces?

 

 

Message Edited by 8I on 09-10-2009 01:35 PM
Distinguished Expert
aarseniev
Posts: 1,677
Registered: ‎08-21-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

There is a known issue with Cisco OSPF LLS capability and firewalls. And your debug indicates that Cisco advertises this capability in OSPF Hellos.

Please try this on Cisco side:

 

!

router ospf XYZ

no capability lls

!

 

I am not sure though if such command exists in Cisco 3560 IOS but it does exist on Cisco router IOSes.

___________________________________
Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
8I
Visitor
8I
Posts: 5
Registered: ‎09-10-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

That didn't do it.

 

There now is a PR (451249) for this issue:

 

RELEASE NOTE    L3 control protocols(like OSPF, using Multicast destination MAC address) on Vlan L3 interface will work only with Access ports on SRX100.This is due to a chip limitation.

 

This information will be included in the release notes of the next JUNOS release (9.6r2)

 

The fix for the bug will definitely be included in JUNOS 10.0r1 which is scheduled for release on 10/19 and may be included in 9.5r3 and 9.6r3 who's releases (tentative) are 10/16 and 11/16 respectively.

 

 

Contributor
jantkowiak
Posts: 19
Registered: ‎10-09-2009
0

Re: SRX240 --> Cisco 3560 OSPF Issue?

I seem to be also affected by this issue on the SRX 240's...

 

I'm running 9.6R2.11 here...

 

any ideas when 10 will be available?

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.