OSPF Adjacencies are Established but the OSPF Routes are Not Received on the Peer Device
Symptom
The Palo Alto Networks firewall and another router are fully adjacent. The firewall and the neighboring router have transitioned through the OSPF stages and have established a full relationship. The firewall has the information of the routes in its Link State Database (LSDB), so it's advertising these routes to the peer. However, the neighbor is not detecting these routes and the networks behind the neighboring router cannot reach the networks advertised by the Palo Alto Networks firewall.
Environment
- Any PAN-OS
- OSPF
Cause
The issue may be caused by a mismatch in the interface "link type" (OSPF network type) between the Palo Alto Networks firewall and the neighboring router.
Resolution
It is always important to verify the Link Type of the interface on the OSPF configuration of the participating routers/firewalls. If there is a mismatch in the link types, correct them to use a common link type setting and commit the changes.
We recommend ‘Broadcast’ when the segment between the router and the Palo Alto Networks firewall is an Ethernet cable. Use ‘p2p’ if you are peering with a neighbor via a tunnel.
To verify the Link Type settings, go to Network > Virtual Routers > OSPF > Areas. Open the Interface and view the Link Type value, as shown below:
To verify if the routes are being learned, use the following commands:
>show routing protocol ospf lsdb
>show routing protocol ospf dumplsdb
>show routing route
owner: kprakash