Monday, May 17, 2010

Understanding the %OSPF-4-CONFLICTING_LSAID Error

hi all,

during my weekend lab I've found an interesting ospf error, and now I'm trying to reproduce and explain it.

Here the topology:



The config is really simple, rip is running between R2 and R3, ospf is running between R1 and R2.
The only particular thing is that the serial link has encapsulation PPP set, and it's using a /31 subnet (192.168.0.0/31) with the ".0" ip on R3.

Here the initial config:

################## R1 Initial config
hostname R1
!
interface FastEthernet0/0
ip address 10.10.10.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
################## END R1 Initial config

################## R2 Initial config
hostname R2
!
interface FastEthernet0/0
ip address 10.10.10.2 255.255.255.0
!
interface Serial1/0
ip address 192.168.0.1 255.255.255.254
encapsulation ppp
!
router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.0.0
no auto-summary
################## END R2 Initial config

################## R3 Initial config
hostname R3
!
interface Serial1/0
ip address 192.168.0.0 255.255.255.254
encapsulation ppp
!
router rip
version 2
network 192.168.0.0
no auto-summary
################## END R3 Initial config


No surprise at this point, now we can try to redistribute between ospf and rip at R2:

R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#router rip
R2(config-router)#redistribute ospf 1 metric 5
R2(config-router)#router ospf 1
R2(config-router)#redistribute rip subnets

*May 17 11:50:48.363: %OSPF-4-CONFLICTING_LSAID: LSA origination prevented by existing LSA with same LSID but a different mask
Existing Type 5 LSA: LSID 192.168.0.0/31
New Destination: 192.168.0.0/32

R2(config-router)#


woops Conflicting LSA ID?

After a little while I realized what's happening: due to ppp encapsulation, R2 has a peer (/32) route on his routing table.

R2#sh ip route | beg Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/32 is directly connected, Serial1/0
C 192.168.0.0/31 is directly connected, Serial1/0
R2#

And so we have two entries for 192.168.0.0, with mask /31 and /32.
When we redistribute rip into ospf, ospf is trying to generate a type 5 LSA (external) for the network 192.168.0.0.
First it generates the external lsa for 192.168.0.0/31, then it try to generate the lsa for 192.168.0.0/32 but it fails to generate the same lsa ID (192.168.0.0)

Looking into the OSPF database on R2:

R2#sh ip ospf database

OSPF Router with ID (192.168.0.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.10.10.1 10.10.10.1 873 0x80000003 0x00F9B9 1
192.168.0.1 192.168.0.1 884 0x80000004 0x00A870 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.10.10.2 192.168.0.1 884 0x80000002 0x001A0B

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
192.168.0.0 192.168.0.1 359 0x80000003 0x001AB1 0

R2#sh ip ospf database external

OSPF Router with ID (192.168.0.1) (Process ID 1)

Type-5 AS External Link States

LS age: 364
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 192.168.0.0 (External Network Number )
Advertising Router: 192.168.0.1
LS Seq Number: 80000003
Checksum: 0x1AB1
Length: 36
Network Mask: /31
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0

R2#


There is only one external lsa for 192.168.0.0/31 as supposed. The 192.168.0.0/32 generation was failed.

The Cisco IOS Release 12.4T System Message Guide ( http://www.cisco.com/en/US/docs/ios/12_4t/system/messages/sm_ht05.html#wp1078361 states:


"Error Message

%OSPF-4-CONFLICTING_LSAID : Process [dec] area [chars]: LSA origination prevented by LSA with same LSID but a different mask
Existing Type [dec] LSA: LSID [IP_address][IP_netmask]
New Destination: [IP_address][IP_netmask]

Explanation An LSA origination was prevented by a conflicit with an existing
LSA with the same LSID but a different mask. The algorithm in RFC 2328, Appendix E is used to resolve conflicts when multiple LSAs with the same prefix and differing masks are advertised. When using this algorithm and host routes are advertised there are situations where conflict resolution is impossible and either the host route or the conflicting prefix is not advertised.

Recommended Action Locate the prefix that is not advertised and the conflicting prefix by entering the show ip route and show ip ospf database comamnds. Decide which route or prefix is more important to advertise and take steps to prevent advertising the conflicting route or prefix.
"

So the only fix proposed is to remove the unnecessary duplicate prefix, in our case the ppp peer route /32.

Quick fix on R2:


R2(config)#int ser 1/0
R2(config-if)#no peer neighbor-route
R2(config-if)#shutdown
*May 17 12:24:54.995: %LINK-5-CHANGED: Interface Serial1/0, changed state to administratively down
R2(config-if)#no shutdown
*May 17 12:24:55.995: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to down
*May 17 12:24:58.043: %LINK-3-UPDOWN: Interface Serial1/0, changed state to up
*May 17 12:24:59.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1/0, changed state to up
R2(config-if)#do sh ip route | beg Gate
Gateway of last resort is not set

10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
192.168.0.0/31 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, Serial1/0

R2(config-if)#router ospf 1
R2(config-router)#redistribute rip subnets
R2(config-router)#do sh ip ospf data

OSPF Router with ID (192.168.0.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
10.10.10.1 10.10.10.1 528 0x80000004 0x00F7BA 1
192.168.0.1 192.168.0.1 499 0x80000005 0x00A671 1

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.10.10.2 192.168.0.1 499 0x80000003 0x00180C

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
192.168.0.0 192.168.0.1 3 0x80000001 0x001EAF 0
R2(config-router)#



If someone wants to read the mentioned RFC2328 appendix E, pag 236 http://www.ietf.org/rfc/rfc2328.txt, there is the algorithm to avoid lsa ID conficts.
Using that algorithm the /32 lsa can have a different LSAID than the /31 by reversing the host bits to 1, from here the error because it's a /32.... there are no host bits to reverse.

have fun
Marco

2 comments:

Paul said...

Nice blog, very helpful thanks!

TheGrave said...

Same stuff happens when BGP->OSPF redistribution takes place and you (mis)configured the same prefix with 2 different masks.