Schlagwort-Archive: mtu

When you get a MTU Mismatch in OSPF….

…you will always see that the adjacency will stuck in ExStart/ExChange.

OSPF doesn’t check the configured MTU size on an interface with the hello packets. But it must make sure, that the OSPF database exchange works completly. To avoid an MTU problem, the MTU will be exchanged in the Database Description (DBD) packets. If the MTU doesn’t match (RFC 2328 section 10.6) the routers never start exchanging Link-State Advertisements (LSA).

The reason:
OSPF itself doesn’t define a fragmention, but every OSPF router should be able to split multiple LSAs into several packets (see RFC 2328 Appendix A.1).  The size of these LSAs is determined by the MTU of your outgoing interface. To avoid fragementation your router will always build smaller LSAs to fit into MTU.  But if your packets will be bigger as your neighbor could receive, they got lost and your neighbor could never get your database. 

Here is an example of an MTU mismatch beween R1 and R2.

MTU Mismatch between R1 and R2
MTU Mismatch between R1 and R2

We see that both routers stuck in ExStart:

admin@router> show ospf neighbor logical-system R1
Address Interface State ID Pri Dead
10.0.1.2 fe-0/2/2.50 ExStart 10.0.2.2 128 36

admin@router> show ospf neighbor logical-system R2
Address Interface State ID Pri Dead
10.0.1.1 fe-0/2/3.50 ExStart 10.0.2.1 128 35

The „show ospf interface“ command give us some hints:

admin@router> show ospf interface detail logical-system R1
Interface State Area DR ID BDR ID Nbrs
fe-0/2/2.50 BDR 0.0.0.0 10.0.2.2 10.0.2.1 1
 Type: LAN, Address: 10.0.1.1, Mask: 255.255.255.252, MTU: 1200, Cost: 1
 DR addr: 10.0.1.2, BDR addr: 10.0.1.1, Priority: 128
 Adj count: 0
 Hello: 10, Dead: 40, ReXmit: 5, Not Stub
 Auth type: None
 Protection type: None
 Topology default (ID 0) -> Cost: 1

admin@router> show ospf interface detail logical-system R2
Interface State Area DR ID BDR ID Nbrs
fe-0/2/3.50 DR 0.0.0.0 10.0.2.2 10.0.2.1 1
 Type: LAN, Address: 10.0.1.2, Mask: 255.255.255.252, MTU: 1500, Cost: 1
 DR addr: 10.0.1.2, BDR addr: 10.0.1.1, Priority: 128
 Adj count: 0
 Hello: 10, Dead: 40, ReXmit: 5, Not Stub
 Auth type: None
 Protection type: None
 Topology default (ID 0) -> Cost: 1
fe-0/2/3.53 Down 0.0.0.0 0.0.0.0 0.0.0

And we can see it in tcpdump in the DBD but not in the Hello packets:

admin@router> monitor traffic interface fe-0/2/3.50 no-resolve detail Address resolution is OFF. Listening on fe-0/2/3.50, capture size 1514 bytes

13:03:15.100618 In IP (tos 0xc0, ttl 1, id 23483, offset 0, flags [none], proto: OSPF (89), length: 68) 10.0.1.1 > 224.0.0.5: OSPFv2, Hello, length 48 Router-ID 10.0.2.1, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128 Designated Router 10.0.1.2, Backup Designated Router 10.0.1.1 Neighbor List: 10.0.2.2

13:03:18.269589 Out IP (tos 0xc0, ttl 1, id 23514, offset 0, flags [none], proto: OSPF (89), length: 68) 10.0.1.2 > 224.0.0.5: OSPFv2, Hello, length 48 Router-ID 10.0.2.2, Backbone Area, Authentication Type: none (0) Options [External] Hello Timer 10s, Dead Timer 40s, Mask 255.255.255.252, Priority 128 Designated Router 10.0.1.2, Backup Designated Router 10.0.1.1 Neighbor List: 10.0.2.1

13:03:18.301879 Out IP (tos 0xc0, ttl 1, id 23517, offset 0, flags [none], proto: OSPF (89), length: 52) 10.0.1.2 > 10.0.1.1: OSPFv2, Database Description, length 32 Router-ID 10.0.2.2, Backbone Area, Authentication Type: none (0) Options [External, Opaque], DD Flags [Init, More, Master], MTU: 1500, Sequence: 0x0a01e9de

13:03:18.623449 In IP (tos 0xc0, ttl 1, id 23520, offset 0, flags [none], proto: OSPF (89), length: 52) 10.0.1.1 > 10.0.1.2: OSPFv2, Database Description, length 32 Router-ID 10.0.2.1, Backbone Area, Authentication Type: none (0) Options [External, Opaque], DD Flags [Init, More, Master], MTU: 1200, Sequence: 0x0a01cae3

 

Test your MTU size with ping (JunOS/IOS and some more)

Here are some examples for testing MTU size with ICMP request/reply (aka Ping) and different operating systems. The list show the options to test your MTU with 1500 byte packets and don’t fragment bit set. If you get a reply, your MTU is fine.

OS Version Size option DF-bit option Example command
IOS (Cisco) 12.4 size 1500 df-bit ping ip 10.0.0.1 size 1500 df-bit
JunOS (Juniper) 11.4 size 1472 do-not-fragment ping 10.0.0.1 size 1472 do-not-fragment
VRP (Huawei) 5.70 -s 1472 -f ping -s 1472 -f 10.0.0.1
Windows XP -l 1472 -f ping 10.0.0.1 -l 1472 -f -t
Linux Open-SuSE 11.4 -s 1472 -M do ping 10.0.0.1 -s 1472 -M do
Solaris 11 1480 not implemented ping 10.0.0.1 1480