Need understanding on Wireshark Capture from LSA update of a link.PCAP attached

ospfwireshark

Consider OSPF in Area 0 is running on all routers and interfaces.
I advertise a route 223.0.0.1/24 from R4 in the diagram.
PCAP i shared is between r2 and r1 where R2 sends "LS Update"
I'm unable to understand the Contents of LSA Type 1 which has 5 links.
Please help me to understand why 40.0.0.0 is in that LSA update although it is being advertised earlier and there was convergence before the advertisment of 223.0.0.1 link?

and what are the Other links for in that Update

Here is a Topology given Below
And PCAP is also given Below from Wire shark

https://1drv.ms/u/s!AlVb30iwW7P5qkWiMSC9wOdFmai5

Link is from One drive

Best Answer

For each interface state change a new Router-LSA is created containing the collected states of the router's interfaces.

According to RFC2328:

section 4.4

  1      Router-LSAs        Originated by all routers.
                              This LSA describes
                              the collected states of the
                              router's interfaces to an
                              area. Flooded throughout a
                              single area only.

section 12.4

    (2) An interface's state changes (see Section 9.1).  This may
        mean that it is necessary to produce a new instance of the
        router-LSA.

Related Solutions

JUNIPER: Why is OSPF adjacency breaking when I enable FBF on an OSPF interface

So, after working with JTAC yesterday, "I", as in I really didn't need JTAC since I figured out the issue on my own.. realized that my firewall filter was a bit redundant and was lacking a "permit any" statement.

OSPF adjacency was breaking because the firewall filter was taking the "else" traffic (term DEFAULT) and sending it to routing-instance PATH-2, which didn't help either way since it was sending traffic right back to SW-2, something a "then accept" statement would have done easily

So, to repair the issue..

New SW-2 & RTR-2 corrected configlets:

delete routing-instances PATH-2
delete firewall family inet filter FBF-TEST term DEFAULT
set firewall family inet filter FBF-TEST term PERMIT-ANY then accept

New config snips for SW-2:

routing-options {
    nonstop-routing;
    interface-routes {
        rib-group inet STAGING-RIB;
    }
    static {
        route 10.100.190.0/24 next-hop 10.100.100.2;
        route 10.100.191.0/24 next-hop 10.100.100.2;
    }
    rib-groups {
        STAGING-RIB {
            import-rib [ inet.0 PATH-1.inet.0 ];
        }
    }
    router-id 10.100.254.1;
}
firewall {
    family inet {
        filter FBF-TEST {
            term TERM-1 {
                from {
                    source-address {
                        10.100.190.0/24;
                        10.100.191.0/24;
                    }
                }
                then {
                    routing-instance PATH-1;
                }
            }
            term PERMIT-ANY {
                then accept;
            }
        }
    }
}
routing-instances {
    PATH-1 {
        instance-type forwarding;
        routing-options {
            static {
                route 10.100.30.0/24 {
                    next-hop 10.100.254.2;
                    qualified-next-hop 10.10.10.1 {
                        preference 100;
                    }
                }
            }
        }
    }
}

New config snips for RTR-2:

routing-options {
    interface-routes {
        rib-group inet STAGING-RIB;
    }
    rib-groups {
        STAGING-RIB {
            import-rib [ inet.0 PATH-1.inet.0 ];
        }
    }
    router-id 200.200.200.2;
    autonomous-system 1;
}
firewall {
    family inet {
        filter FBF-TEST {
            term TERM-1 {
                from {
                    source-address {
                        10.100.190.0/24;
                        10.100.191.0/24;
                    }
                }
                then {
                    routing-instance PATH-1;
                }
            }
            term PERMIT-ANY {
                then accept;
            }
        }
    }
}
routing-instances {
    PATH-1 {
        instance-type forwarding;
        routing-options {
            static {
                route 10.100.30.0/24 {
                    next-hop 200.200.200.1;
                    qualified-next-hop 10.100.254.1 {
                        preference 100;
                    }
                }
            }
        }
    }
}

Split OSPF Area 0 Behavior – What happens

After more thoroughly combing through the RFC, I'm certain that the expected behavior I mentioned in my post is accurate.

Intra-area routing within each area (area 1, area 0(a), and area 0(b)) will work as expected.

Area 0 summaries will still flood to area 1 from each area 0 partition, giving area 1 all necessary routing information for both area 0 partitions.

Area 1 summaries will still flood to both area 0 partitions from area 1, allowing both area 0 partitions to know about area 1 routes.

Area 1 will not send area 0 summaries back into area 0, so split area 0 partitions will no longer know about each other and will not try to transit area 1 to get to each other (unless a virtual link through area 1 is created).

This is my desired behavior for a failure scenario based on my circumstances. If all of the redundant links between my data centers go down, or I need to perform certain types of maintenance, I don't want data center to data center traffic (mostly backups / off-site replication) saturating my branch site WAN links. I could apply policing on the WAN links for transit traffic between data centers, but the little bit of bandwidth I could give that traffic would be useless anyway - and that would require my team to maintain more config.

If anyone has any questions about this, feel free to comment and I will try to find the answers.

Best Answer

Related Solutions

JUNIPER: Why is OSPF adjacency breaking when I enable FBF on an OSPF interface

Split OSPF Area 0 Behavior – What happens

Related Topic