Purpose
In this scenario OSPF is running between other vendor router device and a FortiGate
192.168.1.0/24 Network is not being propagating over the network.
192.168.1.0/24 Network is attached and properly configured in 'other vendor router'. access to this device is denied.
For this case,access to the third party device is limited.
Verification
FortiGate verification commands:
Router 1 :
Router 1:
Troubleshooting
The problem is that Network 192.168.1.0/24 is not being propagated.
Confirm if problem is in Fortinet side.
Solution:
Every Router within the area is sending a LSA Type 1.
Router 1:
Details of every LSA Type 1 are shown with the command below:
LSA Type 1, contains all network prefixes attached to every router.
According to the LSA type 1 details of 3.3.3.3, the details of network 192.168.1.0/24 is not in the list.
That means that 'other vendor router', is not generating the LSA Type properly and is not propagating network 192.168.1.0/24 properly:
After checking configuration in 'other device vendor', network 192.168.1.0/24, now is into the LSA Type 1, and FortiGates now can put this network in their routing table:
Fortigate Routing table after problem solved:
Router 1:
Router 2:
In this scenario OSPF is running between other vendor router device and a FortiGate
192.168.1.0/24 Network is not being propagating over the network.
192.168.1.0/24 Network is attached and properly configured in 'other vendor router'. access to this device is denied.
For this case,access to the third party device is limited.
This article describes how a device which runs OSPF is propagating a Network prefix properly.
Scope
The purpose of this document is to explain how to read OSPF Link State Database to confirm what is causing this problem.
Diagram
Expectations, Requirements
Sometimes access to other networkis are limited.
No access to 'other vendor router', so troubleshoot this problem in Fortinet network side is needed.
OSPF uses different types of LSAs (Link States Advertisements) to build a LSDB (Link State Database), which is like a map of the OSPF network topology.
These are the most common LSAs:
LSA Type 1: Router LSA.
LSA Type 2: Network LSA.
LSA Type 3: Summary LSA.
LSA Type 4: Summary ASBR LSA.
LSA Type 5: Autonomous system external LSA.
LSA Type 6: Multicast OSPF LSA.
LSA Type 7: Not-so-stubby area LSA.
LSA Type 8: External attribute LSA for BGP.
Analyze LSA Type 1 (ROUTER LSA) for the troubleshooting:
LSA Type 1 Description:
Every router within an area will flood a type 1 router LSA within the area.
The LSA (Type 1) will list with all the directly connected links of this router.
LSA Type 1 will stays within the area .
Configuration
Other vendor configuration:
'Other vendor router', OSPF configuration seems to be properly done.#router ospf 1
network 10.10.10.0 0.0.0.255 area 0.0.0.0
network 10.180.50.0 0.0.0.255 area 0.0.0.0
network 172.16.1.0 0.0.0.255 area 0.0.0.0
network 192.168.1.0 0.0.0.255 area 0.0.0.0
Configuration router 1:# show router ospf
# config router ospf
set router-id 1.1.1.1
config area
edit 0.0.0.0
next
end
# config ospf-interface
edit "10"
set interface "port10"
set network-type point-to-point
next
edit "20"
set interface "port1"
set network-type point-to-point
next
end
# config network
edit 10
set prefix 10.10.10.0 255.255.255.0
next
edit 20
set prefix 10.20.20.0 255.255.255.0
next
end
Configuration router 2:# config router ospf
set router-id 2.2.2.2
config area
edit 0.0.0.0
next
end
# config ospf-interface
edit "20"
set interface "port1"
set network-type point-to-point
next
end
# config network
edit 20
set prefix 10.20.20.0 255.255.255.0
next
end
Verification
FortiGate verification commands:
All adjacencies are being established fine.
Router 1 :
# get router info ospf neighborRouter 2:
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 Full/ - 00:00:32 10.10.10.2 port10
2.2.2.2 1 Full/ - 00:00:32 10.20.20.2 port1
# get router info ospf neighborRoutes for network 10.180.50.0/24 and network 172.16.1.0/24, are being received, and installed in router 1 and router 2.
OSPF process 0:
Neighbor ID Pri State Dead Time Address Interface
1.1.1.1 1 Full/ - 00:00:33 10.20.20.1 port1
Router 1:
# get router info routing-table ospfRouter 2:
10.180.50.0/24 [110/2] via 10.10.10.2, port10, 00:46:39
172.16.1.0/24 [110/2] via 10.10.10.2, port10, 00:46:39
# get router info routing-table ospf
10.180.50.0/24 [110/3] via 10.20.20.1, port1, 00:41:08
172.16.1.0/24 [110/3] via 10.20.20.1, port1, 00:41:08
Troubleshooting
The problem is that Network 192.168.1.0/24 is not being propagated.
Confirm if problem is in Fortinet side.
Solution:
Every Router within the area is sending a LSA Type 1.
Router 1:
# get router info ospf database brief
Router Link States (Area 0.0.0.0)
Link ID ADV Router Age Seq# CkSum Flag Link count
1.1.1.1 1.1.1.1 874 8000000f 68ed 0012 4
2.2.2.2 2.2.2.2 783 80000003 487e 0031 2
3.3.3.3 3.3.3.3 275 80000004 7084 0002 4
Details of every LSA Type 1 are shown with the command below:
# get router info ospf database router lsa
<A.B.C.D> LSA id
LSA Type 1, contains all network prefixes attached to every router.
According to the LSA type 1 details of 3.3.3.3, the details of network 192.168.1.0/24 is not in the list.
That means that 'other vendor router', is not generating the LSA Type properly and is not propagating network 192.168.1.0/24 properly:
# get router info ospf database router lsa 3.3.3.3
Router Link States (Area 0.0.0.0)
LS age: 814
Options: 0x22 (*|-|DC|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 3.3.3.3
Advertising Router: 3.3.3.3
LS Seq Number: 80000004
Checksum: 0x7084
Length: 72
Number of Links: 4
Link connected to: Stub Network
(Link ID) Network/subnet number: 172.16.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.180.50.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 1.1.1.1
(Link Data) Router Interface address: 10.10.10.2
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.10.10.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
After checking configuration in 'other device vendor', network 192.168.1.0/24, now is into the LSA Type 1, and FortiGates now can put this network in their routing table:
# get router info ospf database router lsa 3.3.3.3
Router Link States (Area 0.0.0.0)
LS age: 6
Options: 0x22 (*|-|DC|-|-|-|E|-)
Flags: 0x0
LS Type: router-LSA
Link State ID: 3.3.3.3
Advertising Router: 3.3.3.3
LS Seq Number: 80000005
Checksum: 0x5325
Length: 84
Number of Links: 5
Link connected to: Stub Network
(Link ID) Network/subnet number: 192.168.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 172.16.1.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.180.50.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 1.1.1.1
(Link Data) Router Interface address: 10.10.10.2
Number of TOS metrics: 0
TOS 0 Metric: 1
Link connected to: Stub Network
(Link ID) Network/subnet number: 10.10.10.0
(Link Data) Network Mask: 255.255.255.0
Number of TOS metrics: 0
TOS 0 Metric: 1
Fortigate Routing table after problem solved:
Router 1:
# get router info routing-table ospf
10.180.50.0/24 [110/2] via 10.10.10.2, port10, 01:07:23
172.16.1.0/24 [110/2] via 10.10.10.2, port10, 01:07:23
192.168.1.0/24 [110/2] via 10.10.10.2, port10, 00:03:41
Router 2:
# get router info routing-table ospf
10.180.50.0/24 [110/3] via 10.20.20.1, port1, 01:01:25
172.16.1.0/24 [110/3] via 10.20.20.1, port1, 01:01:25
192.168.1.0/24 [110/3] via 10.20.20.1, port1,
