某局点V7MSR5660替换V5MSR5040对接思科起ospf邻居不能正常建立的经验案例

现场本来是V5的MSR5040直连思科设备，并于思科设备正常建立OSPF邻居。客户目前设备有更新需求，计划将V5的MSR设备替换更新为V7的MSR5660设备。

客户现场将原本的MSR5040替换成MSR5660并完成网络互通及ospf相关配置之后，发现MSR5660无法与对端思科设备正常建立OSPF邻居，其OSPF邻居状态一直卡在exchange状态。

[MSR5660]dis ospf peer

         OSPF Process 65091 with Router ID 1.1.1.1

               Neighbor Brief Information

 Area: 0.0.0.0       

 Router ID       Address         Pri Dead-Time  State             Interface

 2.2.2.2     10.0.0.2   1   40         Exchange/ -       GE2/0/0

对于OSPF邻居关系停滞于Exstart或Exchange状态，一般可能有以下原因：

1、两端的MTU值不匹配；

2、中间有传输，传输MTU值限制太小，两端MTU比较大，导致大包过不去。

但是在这个问题当中，现场MSR设备和对端的思科设备是直连的，且经过现场确认，现场我们设备以及对端思科设备的互联接口的MTU均为默认的1500，所以不存在MTU的这个问题。现场的配置基本如下，可以看到现场两端设备的Hello定时器、邻居失效时间等配置均是一致的：

MSR5660主要相关配置：

#

 router id 1.1.1.1

#

ospf 65091 router-id 1.1.1.1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 10.0.0.1 0.0.0.0

#

#

interface GigabitEthernet2/0/0

 port link-mode route

 combo enable copper

 ip address 10.0.0.1 255.255.255.252

 ospf network-type p2p

#

对端思科设备相关信息;

CISCO# sh ip ospf nei 
 OSPF Process ID 65091 VRF default 
 Total number of neighbors: 8 
 Neighbor ID     Pri State            Up Time  Address         Interface 
 1.1.1.1    1 EXSTART/ -       00:15:05 10.0.0.1   Eth9/30 
CISCO# 
CISCO# 
CISCO# sh ip ospf inter 
interface   internal     
CISCO# sh ip ospf interface et9/30 
 Ethernet9/30 is up, line protocol is up 
    IP address 10.0.0.2/30, Process ID 65091 VRF default, area 0.0.0.0 
    Enabled by interface configuration 
    State P2P, Network type P2P, cost 10 
    Index 9, Transmit delay 1 sec 
    1 Neighbors, flooding to 0, adjacent with 0 
    Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5 
      Hello timer due in 00:00:05 
    No authentication 
    Number of opaque link LSAs: 0, checksum sum 0 

接下来我们提供debug信息来确认，建议现场收集OSPF邻居建立过程的debugging ospf event和debugging ospf packet的信息。

通过对比MSR5040正常情况下的debug以及MSR5660异常情况下的debug信息，我们看到：

对于MSR5040：

*Oct 24 00:24:22:747 2021MSR5040 RM/6/RMDEBUG: OSPF 65091: SEND Packet.

*Oct 24 00:24:22:847 2021MSR5040 RM/6/RMDEBUG: Source Address: 10.0.0.1

*Oct 24 00:24:22:947 2021MSR5040 RM/6/RMDEBUG: Destination Address: 224.0.0.5

*Oct 24 00:24:23:047 2021MSR5040 RM/6/RMDEBUG: Ver# 2, Type: 2, Length: 32.

*Oct 24 00:24:23:147 2021MSR5040 RM/6/RMDEBUG: Router: 1.1.1.1, Area: 0.0.0.0, Checksum: 659.

*Oct 24 00:24:23:247 2021MSR5040 RM/6/RMDEBUG: AuType: 00, Key(ascii): 0 0 0 0 0 0 0 0.

*Oct 24 00:24:23:347 2021MSR5040 RM/6/RMDEBUG: MTU: 0, Option: _E_, R_I_M_MS Bit: _I_M_MS_.

*Oct 24 00:24:23:497 2021MSR5040 RM/6/RMDEBUG: DD SeqNumber: bf80e05.

  OSPF 65091: Nbr 10.0.0.2 Rcv 2WayReceived State Init -> ExStart.             

*Oct 24 00:24:27:636 2021MSR5040 RM/6/RMDEBUG: OSPF 65091: RECV Packet.

*Oct 24 00:24:27:636 2021MSR5040 RM/6/RMDEBUG: Source Address: 10.0.0.2

*Oct 24 00:24:27:636 2021MSR5040 RM/6/RMDEBUG: Destination Address: 10.0.0.1

*Oct 24 00:24:27:637 2021MSR5040 RM/6/RMDEBUG: Ver# 2, Type: 2, Length: 32.

*Oct 24 00:24:27:637 2021MSR5040 RM/6/RMDEBUG: Router: 2.2.2.2, Area: 0.0.0.0, Checksum: 24065.

*Oct 24 00:24:27:637 2021MSR5040 RM/6/RMDEBUG: AuType: 00, Key(ascii): 0 0 0 0 0 0 0 0.

*Oct 24 00:24:27:637 2021MSR5040 RM/6/RMDEBUG: MTU: 1500, Option: _E_, R_I_M_MS Bit: _I_M_MS_.

*Oct 24 00:24:27:637 2021MSR5040 RM/6/RMDEBUG: DD SeqNumber: 3dd0bb30.

  OSPF 65091: Nbr 10.0.0.2 Rcv NegotiationDone State ExStart -> Exchange.

而对于MSR5660：

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Receiving packets.                                                 

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.2                                                   

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.1                                             

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 32.                                                 

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: Router: 2.2.2.2, Area: 0.0.0.0, Checksum: 39419.                           

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                          

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: MTU: 1500, Option: _O_E_, R_I_M_MS Bit: _I_M_MS_.                              

*Oct 24 08:17:40:098 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.                                                   

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Sending packets.                                                   

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.1                                                   

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.2                                             

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 52.                                                

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: Router: 1.1.1.1, Area: 0.0.0.0, Checksum: 3531.                         

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                          

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: MTU: 0, Option: _O_E_, R_I_M_MS Bit: _M_.                                      

*Oct 24 08:17:40:099 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.

MSR5040

通过对比可以看出，V5的MSR5040发出和接收到的OSPF DD报文option字段都是不带 O 位的，而V7的MSR5660发出和接收到的DD报文的option字段是带O位的。这里的O位，是用来表明始发路由器支持Opaque LSA。

经过确认，V5的MSR5040缺省情况下，未使能OSPF的Opaque LSA能力，对于V7的MSR5660设备，OSPF的Opaque LSA发布接收能力处于开启状态。但是在debug信息里也看到，无论我们发出的DD报文是否带O位，对端总能回应对应的DD报文，也就是说在是否支持Opaque LSA这一点上，对端思科设备是可以自适应并正常与我们本端设备进行协商的，所以不涉及是否支持Opaque LSA这个问题。

接下来我们又对debug进行了分析，发现如下：

*Oct 24 08:17:18:107 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Receiving packets.                                                 

*Oct 24 08:17:18:107 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.2                                                  

*Oct 24 08:17:18:107 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.1                                             

*Oct 24 08:17:18:107 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 32.                                                

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Router: 2.2.2.2, Area: 0.0.0.0, Checksum: 39419.                           

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                           

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: MTU: 1500, Option: _O_E_, R_I_M_MS Bit: _I_M_MS_.                              

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.                                                   

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Sending packets.                                                   

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.1                                                   

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.2                                             

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 52.                                                 

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Router: 1.1.1.1, Area: 0.0.0.0, Checksum: 3553.                         

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                          

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: MTU: 0, Option: _O_E_, R_I_M_MS Bit: _M_.                                      

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.                                                  

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: LSA type: 1.                                                                   

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: LinkStateId: 1.1.1.1.                                                   

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Advertising Rtr: 1.1.1.1.                                               

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: LSA age: 75 Options: External routing:ON.                                      

*Oct 24 08:17:18:108 2021MSR5660 OSPF/7/DEBUG: Length: 48 Sequence number: 80000002 Checksum: 37004.                          

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Receiving packets.                                                 

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.2                                                  

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Destination address: 224.0.0.5                                                 

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 1, Length: 48.                                                

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Router: 2.2.2.2, Area: 0.0.0.0, Checksum: 48479.                           

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                          

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Network mask: 255.255.255.252, Hello interval: 10, Option: _E_.                

*Oct 24 08:17:21:937 2021MSR5660 OSPF/7/DEBUG: Router priority: 1, Dead Interval: 40, DR: 0.0.0.0, BDR: 0.0.0.0.              

*Oct 24 08:17:21:938 2021MSR5660 OSPF/7/DEBUG: Neighbor ID: 1.1.1.1.                                                   

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Receiving packets.                                                  

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.2                                                  

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.1                                              

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 32.                                                

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: Router: 2.2.2.2, Area: 0.0.0.0, Checksum: 39419.                           

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                           

*Oct 24 08:17:23:457 2021MSR5660 OSPF/7/DEBUG: MTU: 1500, Option: _O_E_, R_I_M_MS Bit: _I_M_MS_.                              

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.                                                   

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: OSPF 65091: Sending packets.                                                   

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Source address: 10.0.0.1                                                   

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Destination address: 10.0.0.2                                             

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Version 2, Type: 2, Length: 52.                                                 

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Router: 1.1.1.1, Area: 0.0.0.0, Checksum: 3548.                         

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Authentication type: 00, Key(ASCII): 0 0 0 0 0 0 0 0.                          

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: MTU: 0, Option: _O_E_, R_I_M_MS Bit: _M_.                                      

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: DD Sequence number: 71484bbe.                                                  

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: LSA type: 1.                                                                   

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: LinkStateId: 1.1.1.1.                                                   

*Oct 24 08:17:23:458 2021MSR5660 OSPF/7/DEBUG: Advertising Rtr: 1.1.1.1.                                               

可以看到，现场DD报文交互，但是序号没有增加，对端思科一直在重传DD报文。应该是我们发送的DD报文没有收到，而这一点在当时的思科设备上debug看或者抓包看比较明显。

H3C  V5  /V7  DD报文存在差异，V5设备是组播发送，V7是单播发送。经过确认，对端思科设备上对单播报文做了过滤，对端思科的接口下配有访问控制列表，原来只允许 224.0.0.5 和224.0.0.6（组播地址）的数据包通过，其他地址只允许业务地址通过，ospf如果用单播建立邻居关系确实无法通过。

对于OSPF的DD报文，V5设备是组播发送，V7是单播发送。需要在思科侧修改访问控制列表配置，使得V7单播DD报文可以正常通过，之后OSPF邻居可以正常建立。