How to Determine a Type-5 OSPF Route Being Flushed from Link State Database

How to Determine a Type-5 OSPF Route Being Flushed from Link State Database

29060
Created On 09/25/18 19:24 PM - Last Modified 06/15/23 21:49 PM


Symptom


  • Under normal circumstances, every Link State Advertisement (LSA) in the link-state database is updated at least once every 30 minutes.
  • If an LSA has not been updated after an hour, it is assumed to be no longer valid and is removed from the database.
  • The LS Age field in the LSA header indicates the length of time since the LSA was last updated.
  • If the age of an LSA reached 30 minutes, the originating router will refresh the LSA by flooding a new instance of the LSA., incrementing the LS sequence number and setting the LS age to 0 again.
  • If the originating router has failed or the route itself is deleted, the age of the LSA continues to increase until the value of MaxAge (1 hour) is reached.
  • At that time, the LSA is deleted from the database, as 3600 seconds is the maximum value that the LS Age field can attain.
  • To ensure that all routers remove the LSA at around the same time and without depending on a synchronized clock, the LSA is re-flooded.
  • ​​​ All other routers will then remove their database copies on seeing the MaxAge LSA being flooded.
  • This document explains how to determine when a re-distributed route into OSPF is getting deleted from a link state database.

Environment


  • Palo Alto Firewall.
  • Supported PAN-OS.
  • OSPF configured.

Resolution


In an example scenario, the Palo Alto Networks firewall has formed an adjacency with a Cisco router (router id: 134.141.107.1) on the eth1/2 interface.
The Palo Alto Networks eth1/2 IP address is 134.141.102.65 and the Cisco router IP address is 134.141.102.66 on the same network.
The Cisco router redistributes the 134.141.76.0/24 static route into OSPF and the firewall updates this route in its LSDB as a type 5 external route.

> show routing protocol ospf lsdb

VIRTUAL ROUTER: default (id 1)
==============================
VR Area ID         Orig RTR ID              LS ID              LSA Type         Seq Number CheckSum     Age  Size

1 0.0.0.0         134.141.102.65     134.141.102.65       type-1 (Router)      0x80000001 0x0000366C   907    36
1 0.0.0.0         134.141.102.66     134.141.102.66       type-1 (Router)      0x80000002 0x0000696F   797    36
1                 134.141.107.1      134.141.76.0/24      type-5 (External)    0x80000061 0x0000F2EA  1721



> show routing protocol ospf dumplsdb

VIRTUAL ROUTER: default (id 1)
==============================
VR Area ID         Orig RTR ID              LS ID              LSA Type          Seq Number CheckSum     Age  Size

1 0.0.0.0         134.141.102.65     134.141.102.65        type-1 (Router)      0x80000001 0x0000366C  1361    36
            Options: [External]
            Router LSA Options: [ASBR]
            Stub Network: 10.66.24.0 Netmask 255.255.254.0, tos 0, metric: 10

1 0.0.0.0         134.141.102.66     134.141.102.66        type-1 (Router)      0x80000002 0x0000696F  1251    36
            Options: [External]
            Router LSA Options: [ASBR]
            Transit Network: DR (IP: 10.66.24.22) on Interface 10.66.24.70, tos 0, metric: 10

1                 134.141.107.1     134.141.76.0/24        type-5 (External)    0x80000001 0x0000FD29   209  
            Options: [External]
            Mask 255.255.255.255, type 2, tos 0 metric: 1, forward 0.0.0.0, tag 0.0.0.0

 

When this route is deleted from the Cisco router, the Cisco router updates this LSA with the LS age of 3600, to inform its peers to flush this route from the database
 

> show routing protocol ospf lsdb |  match 134.141.76.0

VIRTUAL ROUTER: default (id 1)
==============================
VR Area ID      Orig RTR ID           LS ID              LSA Type             Seq Number CheckSum     Age  Size
1              134.141.107.1     134.141.76.0/24        type-5 (External)    0x80000061 0x0000F2EA  3600



> show routing protocol ospf dumplsdb | match 134.141.76.0
VIRTUAL ROUTER: default (id 1)
==============================

VR Area ID      Orig RTR ID           LS ID              LSA Type             Seq Number CheckSum     Age  Size
1              134.141.107.1     134.141.76.0/24        type-5 (External)    0x80000001 0x0000FD29  3600
            Options: [External]
            Mask 255.255.255.255, type 2, tos 0 metric: 1, forward 0.0.0.0, tag 0.0.0.0

 

Note: The output of any command with "match" will only display the lines matching the value. The output given above is to show the associated information. In reality the command displays the line as below
1              134.141.107.1     134.141.76.0/24        type-5 (External)    0x80000061 0x0000F2EA  3600

When the LSA is flooded to peers they  update the database by removing the route since the max age has reached.

Additional Information


The same information can viewed through packet capture while debugging:

 

 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClXqCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language