Re: OSPF help with 'recv bad LSR from neighbor'

Hi,

The log indicates that we recieved the DBD with seq 0x81db7 from neighbor 10.10.10.99  flags are INIT, MORE & MASTER:

## 2018-03-30 22:34:31 : ospf: recv pkt on tunnel.9, 10.10.10.99->224.0.0.5
## 2018-03-30 22:34:31 : ospf: recv DBD from nbr 10.10.10.99 on tunnel.9 seq 0x81db7..
                flags INIT,MORE,MASTER len 0 mtu 1436 state FULL
## 2018-03-30 22:34:31 : ospf: NBR seqmismatch event, case else
## 2018-03-30 22:34:31 : ospf: recv bad LSR from neighbor 10.10.10.99 10.10.10.99 (Id) on tunnel.9
## 2018-03-30 22:34:31 : ospf: neighbor 10.10.10.99 10.10.10.99 (Id) on tunnel.9 state change FULL->EX_START

We then also send DBD to neighbour 10.10.10.99 with deq 0x81db6, flag INIT, MORE, MATER.

## 2018-03-30 22:34:31 : ospf: send DBD to 10.10.10.99 on tunnel.9 seq 0x81db6 flag INIT,MORE,MASTER len 32
## 2018-03-30 22:34:31 : ospf: send pkt to 10.10.10.99 on tunnel.9 len 32

• I- Initial Bit. Indicates this is the first in the series of DBD packets (1-bit)
• M- More bit. Indicates whether the DBD packet is the last in the series of packets. Last packet has a value of 0, while all previous packets have a value of 1. (1-bit)
• MS- Master/ Slave bit. Master=1, Slave=0 (1-bit)

A router with higest Router ID becomes master and initates DBD packet. There is log with router id 0.0.0.1

## 2018-03-30 22:34:31 : ospf: process rx pak len 32 from 10.10.10.99 on tunnel.9 in vr trust-vr router-id 0.0.0.1

Couple of things to check:

• Could you have some specfic router-id, probably set higher locally so that we initaiate the DBD packet.
• Also, did you notice DBD packet from neighbour 10.10.10.99 is with len 0? Not sure it that's alright but doesn't look right that DBD with lenght 0 pkt.
• You should probably check on the Ubiquiti EdgeRoute has to why so.

## 2018-03-30 22:34:31 : ospf: recv DBD from nbr 10.10.10.99 on tunnel.9 seq 0x81db7..
                flags INIT,MORE,MASTER len 0 mtu 1436 state FULL

• Is it possible to run OSPF without the IPsec tunnel? if yes, could you try to get OSPF up without the IPsec just to rule out the tunnel?

There was a post long ago on similar lines; check if that applys to you (I doubt though)

https://forums.juniper.net/t5/Routing/OSPF-ExStart-due-to-SeqMismatch/td-p/26464