Hi all,
Something I wanted to share with you in my testing phase of ospf & troubleshooting. The cogs started turning when I was looking at one of the full-scale DC workbooks labs, where the requiremeant is 'to get ospf adjacency by whatever means possible'. Now I've not actually been able to do this lab yet because of bookings, but I did setup a test with equipment I do have.
My assumption for this lab question of 'get ospf adjacency by whatever means possible' is that you do not have access to look at the remote config of the device you need to get an ospf adjacency with (am I correct on this?).
Now, in order to lab it up, clearly I had to have a sneak at the answer, to work out the same scenario in the workbook. It turns out that 'ip ospf mtu-ignore' is what is needed to get the adjacency up.
So with that in mind, the code I put on on my 'hidden' switch (the one in the lab you won't be able to/can't see) was the following:
interface Vlan10
no shutdown
mtu 1492
vrf member ospfvrf
ip address 10.0.0.1/24
ip ospf authentication message-digest
ip ospf authentication-key 3 8cef5b43538c7cd6
ip ospf network point-to-point
no ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
So clearly, I know when I put the below code onto my switch, I won't get an ospf adjacency:
interface Vlan10
no shutdown
vrf member ospfvrf
ip address 10.0.0.2/24
ip ospf authentication message-digest
ip ospf authentication-key 3 8cef5b43538c7cd6
ip ospf network point-to-point
no ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
But, if I add the command 'ip ospf mtu-ignore', to int vl 10 then the adjacency should come up right?
interface Vlan10
no shutdown
vrf member ospfvrf
ip address 10.0.0.2/24
ip ospf authentication message-digest
ip ospf authentication-key 3 8cef5b43538c7cd6
ip ospf network point-to-point
no ip ospf passive-interface
ip ospf mtu-ignore
ip router ospf 1 area 0.0.0.0
Well not quite so....
OSPF starts to from an adjacency, but gets stuck at this:
N7K-3-2(config-if)# sh ip ospf neighbors vrf ospfvrf
OSPF Process ID 1 VRF ospfvrf
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
10.0.0.1 1 EXCHANGE/ - 00:00:08 10.0.0.1 Vlan10
Now, I decide I can't touch the config on 'the hidden' switch, and actually I am now a bit stumped. Why the hell won't my adjacency come up? Or more to the point, why is my switch ignoring the 'ip ospf ignore-mtu' command (I know that this is the problem, as I've configured the other side with a lower mtu).
Okay, so you R&S guys have probably realised by now, what the actual problem is. Yep, you've guessed it. The config on my 'hidden' switch should have a higher than (NOT lower than) mtu of 1500.
How to get it working? Easy. I lowered the mtu on my switch to 1491 (1 lower than 1492 on my 'hidden' switch). Basically only the side with the lower MTU does not form the OSPF neighbor. The router or switch that has a higher MTU is more than willing to form a neighbor relationship. This is why the ‘ip ospf mtu-ignore’ usually only needs to appear on the lower mtu side; because the other end has the higher mtu.
Of course, when I first labbed it up, my switch with the higher mtu also had the 'ignore-mtu' command, which is why it got stuck in the EXCHANGE state.
The alternative to this (and this probably the config on the hidden switch in the workbook labs), is that the mtu on the hidden switch is higher than 1500, so you don't actually have to alter the mtu on your switch and the 'ignore-mtu' command will work fine.
The final configs I had were this (I did go back and change the mtu on the 'hidden' switch to 1600):
HIDDEN SWITCH:
interface Vlan10
no shutdown
mtu 1600
vrf member ospfvrf
ip address 10.0.0.1/24
ip ospf authentication message-digest
ip ospf authentication-key 3 8cef5b43538c7cd6
ip ospf network point-to-point
no ip ospf passive-interface
ip router ospf 1 area 0.0.0.0
MY SWITCH:
interface Vlan10
no shutdown
vrf member ospfvrf
ip address 10.0.0.2/24
ip ospf authentication message-digest
ip ospf authentication-key 3 8cef5b43538c7cd6
ip ospf network point-to-point
no ip ospf passive-interface
ip ospf mtu-ignore
ip router ospf 1 area 0.0.0.0
VERIFICATION:
N7K-3-2(config-if)# sh ip ospf neighbors vrf ospfvrf
OSPF Process ID 1 VRF ospfvrf
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
10.0.0.1 1 FULL/ - 00:14:14 10.0.0.1 Vlan10
Hope this helps.
Rgds
Dominic