Forum Discussion
PJH_CDW
Nimbostratus
NimbostratusOSPFv2 Neighbour not forming
Hi,
I'm working on the basis that I'm doing something stupid but here we go :)...
Lab environment, VMWare Workstation, 14.1.2 LTM VE <-> VyOs Router, LTM vLAN EXT_1, SelfIP 100.100.100.100/24, VyOS IP 100.100.100.1/24.
LTM can ping VyOS:
# ping -I EXT_1 100.100.100.1
PING 100.100.100.1 (100.100.100.1) from 100.100.100.100 EXT_1: 56(84) bytes of data.
64 bytes from 100.100.100.1: icmp_seq=1 ttl=255 time=2.18 ms
64 bytes from 100.100.100.1: icmp_seq=2 ttl=255 time=1.46 ms
64 bytes from 100.100.100.1: icmp_seq=3 ttl=255 time=0.519 ms
^C
--- 100.100.100.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.519/1.390/2.184/0.682 ms
VyOS can also ping LTM.
OSPF enabled on VyOS Router, show ip ospf on VyOS shows neighbour with F5 stuck in INIT, which indicates VyOS is receiving HELLOs from F5.
OSPF enabled on F5, show ip ospf neighbour shows nothing, and show ip ospf interfact EXT_1 indicates no HELLO packets received:
#show ip ospf neighbor
OSPF process 1:
Neighbor ID Pri State Dead Time Address Interface
#show ip ospf interface EXT_1
EXT_1 is up, line protocol is up
Interface ID 144
Host Interface ID 10
Internet Address 100.100.100.100/24, Area 0.0.0.0, MTU 1500
Process ID 1, Router ID 100.100.100.100, Network Type BROADCAST, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
Designated Router (ID) 100.100.100.100, Interface Address 100.100.100.100
No backup designated router on this network
Timer intervals configured, Hello 1, Dead 3, Wait 3, Retransmit 5
Hello due in 00:00:01
Neighbor Count is 0, Adjacent neighbor count is 0
Crypt Sequence Number is 3250
Hello received 0 sent 5146, DD received 0 sent 0
LS-Req received 0 sent 0, LS-Upd received 0 sent 0
LS-Ack received 0 sent 0, Discarded 0
Running tcpdump on F5 (100.100.100.100), I can see OSPF HELLO's from VyOS (100.100.100.1) received on both data plane and tmm (hello 1 sec, dead 3 sec):
# tcpdump -ni 0.0:nnn -s0 -vv host 100.100.100.1
tcpdump: listening on 0.0:nnn, link-type EN10MB (Ethernet), capture size 65535 bytes
13:54:34.484733 IP (tos 0xc0, ttl 1, id 64651, offset 0, flags [none], proto OSPF (89), length 68)
100.100.100.1 > 224.0.0.5: OSPFv2, Hello, length 48
Router-ID 2.2.2.2, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 1s, Dead Timer 3s, Mask 255.255.255.0, Priority 1
Designated Router 100.100.100.1
Neighbor List:
100.100.100.100 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
13:54:35.486675 IP (tos 0xc0, ttl 1, id 64652, offset 0, flags [none], proto OSPF (89), length 68)
100.100.100.1 > 224.0.0.5: OSPFv2, Hello, length 48
Router-ID 2.2.2.2, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 1s, Dead Timer 3s, Mask 255.255.255.0, Priority 1
Designated Router 100.100.100.1
Neighbor List:
100.100.100.100 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
13:54:36.485903 IP (tos 0xc0, ttl 1, id 64653, offset 0, flags [none], proto OSPF (89), length 68)
100.100.100.1 > 224.0.0.5: OSPFv2, Hello, length 48
Router-ID 2.2.2.2, Backbone Area, Authentication Type: none (0)
Options [External]
Hello Timer 1s, Dead Timer 3s, Mask 255.255.255.0, Priority 1
Designated Router 100.100.100.1
Neighbor List:
100.100.100.100 in slot1/tmm0 lis= flowtype=0 flowid=0 peerid=0 conflags=0 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:00000000:00000000 peerlocal=00000000:00000000:00000000:00000000 remoteport=0 localport=0 proto=0 vlan=0
port-lockdown on EXT_1 is set to permit default (have tried permit all - no difference).
NB: I thought there may be an issue in VM Workstation with multicast but I set up a 2nd VyOS router on the same vLAN - This forms a FULL OSPF peering with the original VyOS device, and again INIT with the F5. Have also confirmed MTUs on F5 and VyOS etc. all match.
The issue is the routing process on the F5 is not receiving the OSPF HELLO's fom the VyOS (as observed from show ip ospf interface output) but tcpdump shows the OSPF HELLO packets are received at the network level.
Any thoughts? Many Thanks!
Hi,
What did you configure for port lock down on the self-ip on the BIG-IP? (100.100.100.100/24). You need to allow OSPF.
Cheers,
Kees
PJH_CDWHi Kees, I originally left to “default”, then changed to “accept all” and then manually set it to allow OSPF (protocol 89) – No change in behaviour! Kind regards, Phil Harrison
boneyardMVP
have you gone through the details of this
https://devcentral.f5.com/s/articles/Troubleshooting-OSPF-on-BIG-IP-systems
it sounds obscure but vmware workstation is not supported, so perhaps there is something going on there.
would it be possible to set this up on a support platform, i.e. ESXi, Hyper-V, ..?
- PJH_CDWHi Boneyard, Thanks for response. Yes, I went through this document – couldn’t pinpoint the issue. It may well be a VMWare Workstation issue – if I get a chance, I’ll move it to my ESXi lab and test on there. It’s just Workstation is more convenient ☺. Kind regards, Phil Harrison
