OSPF is stuck in Exstart or Exchange with more than 50 routes.

OSPF is stuck in Exstart or Exchange with more than 50 routes.

9337
Created On 10/31/23 02:07 AM - Last Modified 04/22/24 04:39 AM


Symptom


  • Affects large OSPF network with more than 50 routes being advertised.
  • OSPF will be stuck in Exstart/Exchange state causing OSPF not to come up.
  • Global counter (show counter global) show  drops as "flow_fwd_mtu_exceeded"
  • Cisco Debug show neighbor is down 
    UTC: %OSPF-5-ADJCHG: Process 1, Nbr 10.x.x.7 on Vlan1000 from EXCHANGE to DOWN, Neighbor Down: Too many retransmissions
UTC: %OSPF-5-ADJCHG: Process 1, Nbr 10.x.x.7 on Vlan1000 from DOWN to DOWN, Neighbor Down: Ignore timer expired

     

Environment


  • Palo Alto 5450 Firewall
  • PAN-OS 11.0.2, 11.1.0, 10.2.5, 10.1.10.
  • OSPF

Cause


  • When OSPF network has more than 40 routes with large LS Update, the LS update/Acknowledgment will reach  maximum1500 packet size limit. 
  • When this packet travels through the firewall internal backplane between dataplane and management plane, the additional header will be prepended which will exceed 1500 MTU limit. 

Resolution


  1. The issue addressed under PAN-225240 and fixed in PAN-OS 11.1.0, 11.0.3, 10.2.6.
  2. Upgrade of the PAN-OS will resolve the issue.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008VgXCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language