topic Re: VM Series on ESXi not receving OSPF hello packets when connected to EVE-NG in VM-Series in the Private Cloud

VM Series on ESXi not receving OSPF hello packets when connected to EVE-NG

Spiterman — Sat, 27 May 2023 01:50:37 GMT

Hello,

I have set up a PA-VM version 10.2.5 on VMware ESXi as I was not able to get it to work properly on EVE-NG. On ESXi I did the following:

Added new Port Group to the Virtual Switch
Added a Network Adapter to PA-VM and associated it to the new Port Group
1. This is to configure an interface as Outside on the FW to connect it to my EVE-NG environment
Added a 2nd Network Adapter to EVE-NG and associated it to the new Port Group
1. This is to add a Network (Cloud1) on EVE-NG to link it the PA-VM

I have a Cisco vIOS router running Version 15.8(3)M2 that connects to (Cloud1) and in turn connects to other VMs on the same Port Group including a Cisco C9800-CL-K9_IOSXE. Version 16.12.4a, which can also run OSPF, running directly on my ESXi host, which I also added into the same Port Group.

I am able to form a full OSPF adjacency with the C9800, but am not able to do so with the PA-VM. The configuration on the PA-VM appears to be correct as I followed the steps to configure OSPF on the PA-VM and I am seeing the Hello messages arrive on the Cisco router running on EVE-NG as well as the C9800 running on ESXi.

From Cisco router on EVE-NG:

From C9800 on ESXi:

EVE-NG topology:

As you can see. This is a rather simple setup. It appears that the PA-VM is not receiving the Hello packets from the other devices and thus not responding with updated Hello packets to the other devices to include their own Router-IDs. Hence why the it remains in the INIT state.

Basically, the PA-VMs Hello messages get out, but it is not able to receive them so that it updates it own Hello messages to the other devices and thus proceed to the 2-WAY state and so on.

Has anyone seen this before? If so, can you help me out or provide some feedback as to what I can try?

I've included the PA-VM configuration.

Thank you all in advance!

Re: VM Series on ESXi not receving OSPF hello packets when connected to EVE-NG

PavelK — Wed, 31 May 2023 13:18:06 GMT

Hello @Spiterman

could you please go through this KB ?

Could you also check whether intrazone-default security policy has action set to allow?

Kind Regards

Pavel

Re: VM Series on ESXi not receving OSPF hello packets when connected to EVE-NG

Spiterman — Wed, 31 May 2023 14:21:24 GMT

Hello Pavel,

I appreciate the suggestions.

I've reviewed the document regarding troubleshooting OSPF adjacencies. It is in fact very helpful. I'm lead to believe that the PA-VM is not receiving the OSPF hello packets and thus not including the other router's Router-ID in the hello packets. I've done Wireshark captures that show that the PA-VM does not initiate a unicast to the Cisco router.

The intrazone-default security policy action is set to allow. The behavior I'm seeing on the PA-VM is that traffic can exit but return traffic is not able to get through.

Are you aware of anything else that's worth checking out?

Regards

Re: VM Series on ESXi not receving OSPF hello packets when connected to EVE-NG

PavelK — Wed, 31 May 2023 22:20:21 GMT

Thank you for reply @Spiterman

To me it looks like that initial OSPF neighbor discovery to 224.0.0.5 does not get to PA-VM. Would it be possible to look into logs: tail follow yes mp-log routed.log to see whether it can provide more insight. Also, would it be possible for a test to change OSPF network type to p2mp (point to multipoint)? With this interface type you have to configure all neighbors manually and initial discovery will be sent by unicast instead of multicast. You will have to match the interface type on Cisco side (I think the interface type will be: ip ospf network point-to-multipoint non-broadcast).

Kind Regards

Pavel