[c-nsp] OSPF OOB Resync and peer stuck in EXSTART (SeqNumberMismatch)
Andrew Miehs
andrew at 2sheds.de
Sat Feb 9 00:32:52 EST 2013
Sent from a mobile device
On 09/02/2013, at 15:28, John Neiberger <jneiberger at gmail.com> wrote:
> This is a new one on me. We had a situation where OSPF between a router and
> a firewall seemed to go insane and it involves something I've never heard
> of before: Out of band Resync. Here are the logs from the beginning of the
>
...
>
> Any thoughts?
Don't run dynamic routing protocols with firewalls. Or do you have dynamic rulesets as well?
What I have seen a couple if times now is that a route disappears from a firewall, it then recalculated its forwarding table for all the affected traffic and now sends this via the default route. When the original route comes back, the firewall continues to forward that traffic via the default, as that route doesnt disappear - so no recalculation. This is even more fun when the traffic is dhcp proxy traffic from one if your SVIs.
Don't dynamic route firewall traffic unless you really cant avoid it.
More information about the cisco-nsp
mailing list