MX250 H.A. + OSPF NX5K

Tim_Patrick_ADS
Here to help

MX250 H.A. + OSPF NX5K

We have two Nexus 5K's with HSRP between them connected to a pair of MX250's using One Arm running MX14.39 code. 

 

NX5K1-SW1

 

Interface 1/1

 description MX250-1

 switchport access vlan 1000

 

vlan 100

 ip address 10.10.10.1/29

 ip route ospf 100 area 0.0.0.0

 hsrp 100

   preempt

  priority 110

  ip 10.10.10.3

 

NX5K1-SW2

 

Interface 1/1

 description MX250-2

 switchport access vlan 1000

 

vlan 100

 ip address 10.10.10.2/29

 ip route ospf 100 area 0.0.0.0

 hsrp 100

  priority 110

  ip 10.10.10.3

 

 

MX250-1

Internet Interface

IP address 10.10.10.4/29

VRRP 10.10.10.6

Gateway 10.10.10.3

 

MX250-2

Internet Interface

IP address 10.10.10.5/29

VRRP 10.10.10.6

Gateway 10.10.10.3

 

OSPF Settings

Router ID 10.10.10.6

Area ID 0

Cost 1

Hello 10

Dead 50

MD5 auth Disabled

 

Yet On NX5K-SW1 I have a flood that does not appear to stop of the following OSPF errors.

 

OSPF-4-Auth_ERR: ospf-100 received a packet from 10.10.10.2 on vlan 100 with bad authentication 2

 

On NX5K-SW2 I have the following errors

 

OSPF-4-Auth_ERR: ospf-100 received a packet from 10.10.10.1 on vlan 100 with bad authentication 0

OSPF-4-Auth_ERR: ospf-100 received a packet from 10.10.10.4 on vlan 100 with bad authentication 0

 

I have had a TAC case open and it's gone nowhere so I wanted to see if anyone else has this working correctly.

3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal

ps. Are you only running OSPF?  If you are also running BGP you could consider going the BGP Beta and BGP peering with the MX250 instead.  The BGP has been around for a while in MX so should be pretty solid.

Tim_Patrick_ADS
Here to help

Unfortunately only OSPF right now, I used the BGP at my last environment and had good luck with it but this place has complications preventing us from easily moving to BGP.

Tim_Patrick_ADS
Here to help

I think I figured the issue out, on NX5K2 the global ospf statement has digest turned on this is forcing switch 2 to expect an MD5 auth. We are working with our data center team to resolve the issue.

 

 

 

Switch 1

 

router ospf 100
  router-id 10.10.7.40
  redistribute static route-map static-ospf-redist

 

Switch 2

 

router ospf 100
  router-id 10.10.7.41
  redistribute static route-map static-ospf-redist
  area 0.0.0.0 authentication message-digest

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels