https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305783#M79478 <P>Check your logs and (if this is an ISP link) get the ISP to check their router logs, to make sure you weren't hit by a UDP flood or other DoS/DDoS attack.</P><P>&nbsp;</P><P>Prior to configuring Zone Protection and DoS Protection Profiles, and having our ISP configure DoS protection/monitoring on their end, we'd lose OSPF due to UDP floods preventing OSPF packets from getting through.</P><P>&nbsp;</P><P>UDP flood attacks are generally very short in duration, under a minute or two, so they won't always show up in logs/monitoring tools unless you specifically look for them, but they'll easily saturate a gigabit link.&nbsp; We had several of these attacks over the past year, and our PA-3020s couldn't handle the traffic (overload the session table) and we'd lose OSPF on our internal network.&nbsp; We switches to PA-5220s this fall, and still suffered OSPF drops due to link saturation on our gigabit link.&nbsp; We now have ZPP/DoS enabled, and our ISP is monitoring for DDoS attacks (anything over 3 minutes in length is automatically shutdown at the ISP side).</P> Mon, 06 Jan 2020 18:29:01 GMT fjwcash 2020-01-06T18:29:01Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305632#M79432 <P>I'm currently running 8.1.10 on PA-820 firewalls. They are in A/P failover pair. Last night, all of a sudden primary firewall started showing "( eventid eq routed-OSPF-neighbor-down )" in system logs and OSPF went down. I failed over to secondary and connections were restored. These 2 firewalls are connected to 2 switchports which are both part of same VLAN and SVI.I verified both the switchports are sending ospf hello packets for every 10 seconds and verified them on packet capture. I interchanged the cables going to firewalls between switchports and that didn't recreate the issue.so this ruled out the switch/router from the equation.&nbsp;</P><P>I am wondering if this is a software bug? if it is, why didn't both firewalls get hit?</P><P>or is it a hardware bug? please post your ideas.</P><P>thanks.</P> Fri, 03 Jan 2020 22:22:24 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305632#M79432 SThatipelly 2020-01-03T22:22:24Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305725#M79460 <P>One switch or two switches ?</P><P>Checked STP topology changes ?</P><P>Checked logs on the switch ?</P><P>Do you have EtherChannel configured ?</P><P>&nbsp;</P><P>Looking at the release notes, Can't spot any known issues related to OSPF.&nbsp;</P> Mon, 06 Jan 2020 08:07:10 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305725#M79460 Nehmaan 2020-01-06T08:07:10Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305746#M79466 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/97720">@Nehmaan</a>&nbsp;I interchanges the cables to make sure it's not switching/routing issue. last night after a reboot and failover, adjacency came back up again. so, I think it's clearly a software bug.</P> Mon, 06 Jan 2020 13:57:01 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305746#M79466 SThatipelly 2020-01-06T13:57:01Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305748#M79468 <P>Are these ports in aggregate or are you using spanning tree for fail-over (probably not a great idea in this situation).</P> Mon, 06 Jan 2020 14:24:29 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305748#M79468 jeremy.larsen 2020-01-06T14:24:29Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305783#M79478 <P>Check your logs and (if this is an ISP link) get the ISP to check their router logs, to make sure you weren't hit by a UDP flood or other DoS/DDoS attack.</P><P>&nbsp;</P><P>Prior to configuring Zone Protection and DoS Protection Profiles, and having our ISP configure DoS protection/monitoring on their end, we'd lose OSPF due to UDP floods preventing OSPF packets from getting through.</P><P>&nbsp;</P><P>UDP flood attacks are generally very short in duration, under a minute or two, so they won't always show up in logs/monitoring tools unless you specifically look for them, but they'll easily saturate a gigabit link.&nbsp; We had several of these attacks over the past year, and our PA-3020s couldn't handle the traffic (overload the session table) and we'd lose OSPF on our internal network.&nbsp; We switches to PA-5220s this fall, and still suffered OSPF drops due to link saturation on our gigabit link.&nbsp; We now have ZPP/DoS enabled, and our ISP is monitoring for DDoS attacks (anything over 3 minutes in length is automatically shutdown at the ISP side).</P> Mon, 06 Jan 2020 18:29:01 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/305783#M79478 fjwcash 2020-01-06T18:29:01Z https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/306481#M79622 <P>Last week I rebooted the problem firewall and failed-over to it. It was to my surprise that the issue was fixed and working fine now.</P><P>&nbsp;</P> Mon, 13 Jan 2020 13:36:11 GMT https://live.paloaltonetworks.com/t5/general-topics/quot-ospf-neighbor-down-quot-software-bug/m-p/306481#M79622 SThatipelly 2020-01-13T13:36:11Z