You set up a VPN MPLS with your service provider in order to connect your central site to your remote site, you decide with your ISP to use OSPF between your CE Router and the PE Router of the ISP, the PE router is redistributing a BGP routes learned from the other site into OSPF to your CE Router as a Type-5 LSA.
But after verification on CE router, you see the LSDB populated by a Type-5 LSAs, but it didn’t install the corresponding external OE2 route in the routing table.
You call your service provider to troubleshoot the problem but unfortunately, your ISP is not cooperative at all, this is not good and your dont have the rights to access the PE router.
So with your CE Router under your control:
- how to start troubleshooting?
- How to analyze the LSDB to identify the problem?
- What are the set of commands you should use for this?
Let’s start.
Verify the neighbor relationship with the PE router.
The state is FULL and PE Router with router-id 0.0.0.2 is a DR.
R1#sh ip os nei
Neighbor ID Pri State Dead Time Address Interface
0.0.0.2 1 FULL/DR 00:00:37 12.0.0.2 FastEthernet0/0
R1#
Check the routing table, there are no OSPF routes.
R1#sh ip route | beg Gate
Gateway of last resort is not set
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.0.0.0/24 is directly connected, FastEthernet0/0
L 12.0.0.1/32 is directly connected, FastEthernet0/0
R1#
Since the State of the adjacency is FULL, the LSDB should have LSAs originated by the PE router.
Let’s verify the LSDB of your CE router.
There is a Type-1 LSA of PE router 0.0.0.2, and three Type-5 LSAs for the networks 172.16.1.0/24, 172.16.2.0/24 and 172.16.3.0/24 learned from the PE router.
R1#sh ip os data
OSPF Router with ID (0.0.0.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
0.0.0.1 0.0.0.1 82 0x80000002 0x00D440 1
0.0.0.2 0.0.0.2 83 0x80000006 0x00D527 2
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
172.16.1.0 0.0.0.2 265 0x80000001 0x004B95 0
172.16.2.0 0.0.0.2 265 0x80000001 0x00409F 0
172.16.3.0 0.0.0.2 265 0x80000001 0x0035A9 0
R1#
When a Type-5 LSA is present in the LSDB, a router should have an OE2 route in the routing table. This is what call OSPF database discrepancy.
So why the CE router didn’t install three OE2 routes?
The first thing to check is a host route to the ASBR, in OSPF, when a router receives a Type-5 LSA from an ASBR, it will lookup an intra-area route through a Type-1 LSA s’ ASBR or an inter-area route through a Type-4 LSA’s ABR.
OSPF keeps a second OSPF routing table, this routing table stores the best path to the ABR and ASBR, I like to call it a host routing table.
To display this routing table, execute the sh ip os border-routers command.
It seems the output is empty. So CE Router didn’t have a route to the ASBR.
R1#sh ip os border
OSPF Router with ID (0.0.0.1) (Process ID 1)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i – Intra-area route, I – Inter-area route
R1#
Let s confirm by executing the debug ip os spf external command.
Clear the OSPF process.
R1#debug ip os spf external
OSPF SPF external debugging is on
R1#
R1#clear ip os pro
Reset ALL OSPF processes? [no]: y
R1#
*Aug 16 19:10:43.963: %OSPF-5-ADJCHG: Process 1, Nbr 0.0.0.2 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
R1#
*Aug 16 19:10:44.463: OSPF-1 MON : Schedule Full SPF in area 0, change in LSID 0.0.0.1, LSA type R
R1#
*Aug 16 19:10:49.463: OSPF-1 EXTER: Started Building Type 5 External Routes
*Aug 16 19:10:49.467: OSPF-1 EXTER: Started Building Type 7 External Routes
*Aug 16 19:10:49.467: OSPF-1 EXTER: Entered External route sync for area dummy area
*Aug 16 19:10:49.471: OSPF-1 EXTER: Entered External route sync for area dummy area
*Aug 16 19:10:49.471: OSPF-1 EXTER: Entered NSSA route sync for area 0
*Aug 16 19:10:49.471: OSPF-1 EXTER: Entered NSSA route sync for area 0
R1#
*Aug 16 19:11:26.075: OSPF-1 MON : Schedule Full SPF in area 0, change in LSID 0.0.0.2, LSA type R
*Aug 16 19:11:26.075: OSPF-1 SPF : Do not schedule partial SPF type 5, LSID 172.16.1.0, adv_rtr 0.0.0.2, area dummy area: INTRA/INTER spf scheduled
*Aug 16 19:11:26.075: OSPF-1 SPF : Do not schedule partial SPF type 5, LSID 172.16.2.0, adv_rtr 0.0.0.2, area dummy area: INTRA/INTER spf scheduled
*Aug 16 19:11:26.075: OSPF-1 SPF : Do not schedule partial SPF type 5, LSID 172.16.3.0, adv_rtr 0.0.0.2, area dummy area: INTRA/INTER spf scheduled
*Aug 16 19:11:26.079: %OSPF-5-ADJCHG: Process 1, Nbr 0.0.0.2 on FastEthernet0/0 from LOADING to FULL, Loading Done
R1#
*Aug 16 19:11:26.567: OSPF-1 MON : Schedule Full SPF in area 0, change in LSID 0.0.0.2, LSA type R
R1#
*Aug 16 19:11:31.075: OSPF-1 MON : Schedule Full SPF in area 0, change in LSID 0.0.0.1, LSA type R
*Aug 16 19:11:31.075: OSPF-1 EXTER: Started Building Type 5 External Routes
*Aug 16 19:11:31.075: OSPF-1 EXTER: Start processing Type 5 External LSA 172.16.1.0, mask 255.255.255.0
*Aug 16 19:11:31.075: OSPF-1 EXTER: adv_rtr 0.0.0.2, age 418, seq 0x80000001, metric 20, metric-type 2, fw-addr 0.0.0.0
*Aug 16 19:11:31.075: OSPF-1 EXTER: Did not find route to ASBR 0.0.0.2
*Aug 16 19:11:31.075: OSPF-1 EXTER: Start processing Type 5 External LSA 172.16.2.0, mask 255.255.255.0
*Aug 16 19:11:31.079: OSPF-1 EXTER: adv_rtr 0.0.0.2, age 418, seq 0x80000001, metric 20, metric-type 2, fw-addr 0.0.0.0
*Aug 16 19:11:31.079: OSPF-1 EXTER: Did not find route to ASBR 0.0.0.2
*Aug 16 19:11:31.079: OSPF-1 EXTER: Start processing Type 5 External LSA 172.16.3.0, mask 255.255.255.0
*Aug 16 19:11:31.079: OSPF-1 EXTER: adv_rtr 0.0.0.2, age 418, seq 0x80000001, metric 20, metric-type 2,
R1# fw-addr 0.0.0.0
*Aug 16 19:11:31.079: OSPF-1 EXTER: Did not find route to ASBR 0.0.0.2
R1#
In the debug output, we see a message telling: Did not find route to ASBR 0.0.0.2.
0.0.0.2 is our PE router.
Since there is no host route to the ASBR and since the CE router is connected to PE router in the same area. We should check the Type-1 LSA’s ASBR PE router.
Let’s verify the Type-1 LSA’s PE router.
There is many pieces of the puzzle we can retrieve from the output.
We see in the LSA Header : Adv Router is not-reachable, this means that the PE Router advertising the LSA is not reachable through OSPF, there are some parameters that do not match, or a mis-configuration.
Let’s verify how PE router sees CE router,in the LSA’s Body, we see two Links, one link is strange. PE router originates a Type-1 LSA with a Link Type 1 that describes a connexion to a Another Router in Point-to-Point.
Link Type represents the kind of attached network.
We can conclude that the neighboring router PE has its interface to CE router in a point-to-point , the PE Router does not recognize a transit network.
R1#sh ip os data router adv 0.0.0.2
OSPF Router with ID (0.0.0.1) (Process ID 1)
Router Link States (Area 0)
Adv Router is not-reachable in topology Base with MTID 0
LS age: 110
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 0.0.0.2
Advertising Router: 0.0.0.2
LS Seq Number: 80000008
Checksum: 0xD129
Length: 48
AS Boundary Router
Number of Links: 2
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 0.0.0.1
(Link Data) Router Interface address: 12.0.0.2
Number of MTID metrics: 0
TOS 0 Metrics: 1
Link connected to: a Stub Network
(Link ID) Network/subnet number: 12.0.0.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 1
R1#
Let’s verify how CE router sees PE router,in the LSA’s Body, we see one Link, it indicates that the CE router is connected a Transit Network. CE router originates a Type-1 LSA with a Link Type 2 that describes a connexion to a Transit network where a DR is elected.
R1#sh ip os data router self
OSPF Router with ID (0.0.0.1) (Process ID 1)
Router Link States (Area 0)
LS age: 125
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 0.0.0.1
Advertising Router: 0.0.0.1
LS Seq Number: 80000004
Checksum: 0xD042
Length: 36
Number of Links: 1
Link connected to: a Transit Network
(Link ID) Designated Router address: 12.0.0.2
(Link Data) Router Interface address: 12.0.0.1
Number of MTID metrics: 0
TOS 0 Metrics: 1
R1#
To summarize, the PE router sees a its neighbor through a Link Type 1 “connected to CE as a point-to-point”, while CE sees its neighbor through a Link Type 2 “link connected to PE as a Transit Network”. This creates a discrepancy in the link-state database, which means no routes are installed in the routing table.
There is obviously a Network Type Mismatch.
Let’s verify the CE router’s f0/0 interface, we should have a network type broadcast since its Type-1 LSA shown a Link Type 2.
R1#sh ip os int f0/0 | s Type
Process ID 1, Router ID 0.0.0.1, Network Type BROADCAST, Cost: 1
R1#
Of course the network type is Broadcast.
So let’s configure the CE’s F0/0 interface as a point-to-point.
R1(config-router)#int f0/0
R1(config-if)#ip os net point-to-point
Let’s check the routing table of CE router.
R1#sh ip route | beg Gate
Gateway of last resort is not set
12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 12.0.0.0/24 is directly connected, FastEthernet0/0
L 12.0.0.1/32 is directly connected, FastEthernet0/0
172.16.0.0/24 is subnetted, 3 subnets
O E2 172.16.1.0 [110/20] via 12.0.0.2, 00:01:00, FastEthernet0/0
O E2 172.16.2.0 [110/20] via 12.0.0.2, 00:01:00, FastEthernet0/0
O E2 172.16.3.0 [110/20] via 12.0.0.2, 00:01:00, FastEthernet0/0
R1#
Now the External routes are installed in the routing table because CE has a route to the ASBR as shown by the sh ip os bord command.
R1#sh ip os border-routers
OSPF Router with ID (0.0.0.1) (Process ID 1)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i – Intra-area route, I – Inter-area route
i 0.0.0.2 [1] via 12.0.0.2, FastEthernet0/0, ASBR, Area 0, SPF 15
R1#
Demystify and Simplify 