OSPF – Troubleshooting Ping Issues Across Network Segments

icmpnetwork accessospfpingvyatta

I'm trying to setup a very simple OSPF network with Vyatta. From the best of my knowledge they let all traffic in by default, and I haven't set any firewall rules. The vyatta instances are launched as virtual instances inside DevStack, and I've allowed ICMP messages to get inside them.

The network looks like this:

I'm able to ping from:
* 10.0.1.4 (R1 eth1) to 10.0.1.6 (R2 eth0) and vice versa
* 10.0.2.7 (R3 eth0) to 10.0.2.5 (R2 eth1) and vice versa

However, when I try to ping from R1 to R2 on the address 10.0.2.5 I never get back any reply on R1. When sniffing traffic with tcpdump on R2 I can see the following:

16:31:29.540951 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 14, length 64
16:31:29.541297 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 14, length 64
16:31:30.540303 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 15, length 64
16:31:30.540536 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 15, length 64
16:31:31.541623 IP 10.0.1.4 > 10.0.2.5: ICMP echo request, id 7301, seq 16, length 64
16:31:31.542315 IP 10.0.2.5 > 10.0.1.4: ICMP echo reply, id 7301, seq 16, length 64

It seems that the request is received and a reply is sent back, but it never gets back to R1. I can verify this by sniffing on eth0 on R0 without seeing any traffic going trough the interface. This is a big confusion for me.

The same thing happens when I try to ping from R3 to 10.0.1.6.

When I try to ping from R1 to R3 and sniff traffic with tcpdump on both R2 and R3 I can see that the requests goes trough R2 but never reaches R3.

Output from tcpdump on R2:

16:38:13.230972 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 5, length 64
16:38:14.230283 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 6, length 64
16:38:15.232537 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 7, length 64
16:38:16.241314 IP 10.0.1.4 > 10.0.2.7: ICMP echo request, id 7302, seq 8, length 64

The routing table on R1 shows that it should send the requests with destination of 10.0.2.0/24 to R2 on ip 10.0.1.6 and routing table on R3 shows that it should send the requests with destinations of 10.0.1.0/24 to R2 on ip 10.0.2.5. This is also confirmed with the output from above.

Below is output from the ip route and configuration from R1, R2, R3

ip route for R1:

vyatta@R1:~$ show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

C>* 10.0.0.0/24 is directly connected, eth0
O   10.0.1.0/24 [110/10] is directly connected, eth1, 17:04:56
C>* 10.0.1.0/24 is directly connected, eth1
O   10.0.1.4/32 [110/10] is directly connected, lo, 16:15:49
C>* 10.0.1.4/32 is directly connected, lo
O>* 10.0.2.0/24 [110/20] via 10.0.1.6, eth1, 17:03:23
C>* 127.0.0.0/8 is directly connected, lo

ip route for R2:

vyatta@R2:~$ show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

    O   10.0.1.0/24 [110/10] is directly connected, eth0, 01:39:14
C>* 10.0.1.0/24 is directly connected, eth0
O   10.0.1.4/32 [110/20] via 10.0.1.4 inactive, 00:51:29
O   10.0.2.0/24 [110/10] is directly connected, eth1, 01:39:08
C>* 10.0.2.0/24 is directly connected, eth1
C>* 127.0.0.0/8 is directly connected, lo

ip route for R3:

vyatta@R3:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O>* 10.0.1.0/24 [110/20] via 10.0.2.5, eth0, 17:07:20
O>* 10.0.1.4/32 [110/30] via 10.0.2.5, eth0, 16:20:33
O   10.0.2.0/24 [110/10] is directly connected, eth0, 17:08:05
C>* 10.0.2.0/24 is directly connected, eth0
C>* 127.0.0.0/8 is directly connected, lo

R1 configuration

vyatta@R1:~$ show configuration                                                 
interfaces {
    ethernet eth0 {
        address 10.0.0.5/24
    }
    ethernet eth1 {
        address 10.0.1.4/24
    }
    loopback lo {
        address 10.0.1.4/32
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            network 10.0.1.0/24
        }
    }
}
service {
    ssh {
    }
}
system {
    config-management {
        commit-revisions 20
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name R1
    login {
        user vyatta {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.vyatta.pool.ntp.org {
        }
        server 1.vyatta.pool.ntp.org {
        }
        server 2.vyatta.pool.ntp.org {
        }
    }
    package {
        repository community {
            components main
            distribution stable
            url http://packages.vyatta.com/vyatta
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }

R2 configuration

vyatta@R2:~$ show configuration                               
interfaces {
    ethernet eth0 {
        address 10.0.1.6/24
        hw-id 00:0c:29:9f:5f:22
    }
    ethernet eth1 {
        address 10.0.2.5/24
        hw-id 00:0c:29:9f:5f:23
    }
    loopback lo {
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            network 10.0.1.0/24
            network 10.0.2.0/24
        }
    }
}
service {
    ssh {
    }
}
system {
    config-management {
        commit-revisions 20
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name R2
    login {
        user vyatta {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.vyatta.pool.ntp.org {
        }
        server 1.vyatta.pool.ntp.org {
        }
        server 2.vyatta.pool.ntp.org {
        }
    }
    package {
        repository community {
            components main
            distribution stable
            url http://packages.vyatta.com/vyatta
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug

Configuration for R3

vyatta@R3:~$ show configuration                               
interfaces {
    ethernet eth0 {
        address 10.0.2.7/24
    }
    loopback lo {
    }
}
protocols {
    ospf {
        area 0.0.0.0 {
            network 10.0.2.0/24
        }
    }
}
service {
    ssh {
    }
}
system {
    config-management {
        commit-revisions 20
    }
    console {
        device ttyS0 {
            speed 9600
        }
    }
    host-name R3
    login {
        user vyatta {
            authentication {
                encrypted-password ****************
            }
            level admin
        }
    }
    ntp {
        server 0.vyatta.pool.ntp.org {
        }
        server 1.vyatta.pool.ntp.org {
        }
        server 2.vyatta.pool.ntp.org {
        }
    }
    package {
        repository community {
            components main
            distribution stable
            url http://packages.vyatta.com/vyatta
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
}

Can someone tell me what I'm missing? It's a really simple configuration but from what I've read it should work.

Thanks,
Muff

Best Answer

On R1, you have :

ethernet eth1   address 10.0.1.4/24
loopback lo address 10.0.1.4/32

Change the loopback IP address, it should be better.

Related Solutions

OSPF – Why Can’t I Ping the Other Router Using OSPF Protocol

working ospf drawing

(I imagine your setup to be something like this)

Your OSPF adjacency is not coming up because the IP addresses on the facing interfaces between R1 and R2 are not in the same subnet.

As soon as you use two IP addresses that are in the same subnet (as in the drawing above), you will have IP connectivity between R1 and R2, and your OSPF adjacency can be established :

Router R1

!
interface GigabitEthernet0/0
 ip address 72.40.42.1 255.255.254.0
 duplex full
 speed 1000
 media-type gbic
 negotiation auto
!
interface GigabitEthernet1/0
 ip address 72.40.40.1 255.255.254.0
 negotiation auto
!
<...>
!
router ospf 1
 router-id 1.1.1.1
 network 72.40.40.0 0.0.1.255 area 0
 network 72.40.42.0 0.0.1.255 area 0
!

Router R2

!
interface GigabitEthernet0/0
 ip address 72.40.43.1 255.255.254.0
 duplex full
 speed 1000
 media-type gbic
 negotiation auto
!
interface GigabitEthernet1/0
 ip address 72.40.46.1 255.255.254.0
 negotiation auto
!
<...>
!
router ospf 1
 router-id 2.2.2.2
 network 72.40.42.0 0.0.1.255 area 0
 network 72.40.46.0 0.0.1.255 area 0
!

(Please note that 72.40.42.1/23 and 72.40.43.1/23 are in the same subnet) << as pointed out above, this is the crucial point

Your OSPF comes up now :

R1#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           1   FULL/DR         00:00:38    72.40.43.1      GigabitEthernet0/0
R1#

and

R2#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/BDR        00:00:37    72.40.42.1      GigabitEthernet0/0
R2#

And you are able to check the reachability of the OSPF-learned network by pinging :

R2#ping 72.40.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.40.40.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/32/48 ms

The crucial point is that the IP addresses on the link between R1 and R2 have to be in the same subnet (or you need to configure static routes or other less elegant tricks). Otherwise, R1 will have no way to know how to reach R2, and vice-versa.

Routing – Sonicwall TZ105 Site to Site VPN Created can ping gateways but can’t ping network from other site

Check to make sure you put the remote network into both sides go to VPN->Configure-> Newtwork and make sure you have the correct networks selected and that they have the whole network range not just the gateway address object. For what I expect you are doing I would setup the local networks to Firewalled Subnets on both, and note what you have for the REMOTE network name. Then go to Firewall-> Address Objects-> Select Custom radio button. This will show you your remote networks and look for the remote network name, and make sure its a Range not a host and that it has the correct range.

You technically don't have to create a VLAN. Depending on the number of phones and how important quality is you can get by with just plugging the phones in. I have a small office (4 Phones and 5 pcs) that I have all on the same subnet no fancy VLAN and no issues. I only use VLAN if I only have one network cable run to each desk. IE passing through the phones to the computers. If I have the cable already ran(or the time to do so myself) A central PoE switch will save you lots of headache in the future.

Best Answer

Related Solutions

OSPF – Why Can’t I Ping the Other Router Using OSPF Protocol

Routing – Sonicwall TZ105 Site to Site VPN Created can ping gateways but can’t ping network from other site

Related Topic