[c-nsp] ASA 8.4.2-8 OSPF Bug
Antonio Soares
amsoares at netcabo.pt
Tue Jun 12 12:58:22 EDT 2012
Hello group,
I was troubleshooting a network down issue I had a few days ago, basically a
cluster of ASAs running 8.4.2-8 didn't behave as expected. The
primary/active went down and the secondary went active but the OSPF
adjacency with a 3750 switch remained down.
Today I was playing with a pair of ASA5540 running this release and I found
a potential bug that could be related with the problem I had.
After issuing the command "clear ospf process" on the active ASA, the
adjacency never comes up again.
Basic lab I have:
ASA1(Pri/Act)===Trunk===Cisco3550===Access===7200(R1)
ASA2(Sec/Stby)===Trunk===Cisco3550===Access===7200(R2)
On the ASA side I see the OSPF State moving from EXSTART to DOWN and on the
7200's side I see it moving from EXSTART to INIT. And this repeats over and
over until I switch the active ASA or I do the magical "reload" command. The
problem happens if the Active is the Primary or Secondary Unit. I was able
to reproduce the problem with only one ASA but configured with failover.
Has someone seen something like this ? If someone wants to reproduce the
problem, you may need to issue the "clear ospf process" several times.
Maybe this is expected, the HA feature was introduced with 8.4... :)
"Stateful Failover with Dynamic Routing Protocols
Routes that are learned through dynamic routing protocols (such as OSPF and
EIGRP) on the active unit are now maintained in a Routing Information Base
(RIB) table on the standby unit. Upon a failover event, traffic on the
secondary active unit now passes with minimal disruption because routes are
known.
We modified the following commands: show failover, show route, show route
failover."
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
More information about the cisco-nsp
mailing list