OSPF over IPSEC between Huawei Firewall and Cisco Router

-


 


A network Engineer always has two solutions for a problem either search over the internet or go for TAC support. As per my practice i try both sometime first one gets failed, so you know failover happen. I am writing this blog so guys searching to solve OSPF problem can use first option. I was creating OSPF neighborship between Huawei Firewall and Cisco router, but it was in init state always so started debugging on router as well as on firewall what i found was interesting.

Below are the steps of Troubleshooting:

1)Cisco router was sending the Hello Packets towards the peer but no Hello reach at Cisco end over the IPSEC tunnel.
2)Huawei Firewall playing well was receiving the Hello packets on tunnel interface and also sending back (only in debug) so I was like All well at Huawei end so start looking at Cisco end and also on Huawei firewall policies, as it was IPSEC tunnel, so policies was ruled out now culprit was Cisco Router and i was into it to find out.
3)I try my best to get logs but couldn't see any errors on OSPF Neighbour in Hello nor in adjacency.
4)So i seek Cisco TAC support and they extract the logs in which we were not receiving any Hello Packets at all from Huawei end platform debug shows that only packets are sent no hearing from Huawei end and i was more than agree with the TAC, Areej was quick to make the point. At this point in blogs and over internet Cisco support ospf over IPSEC IPv4

5)So Cisco is all ok, Ask Huawei TAC to look into it and Huawei TAC was sorry we do not support OSPF over IPSEC go for GRE over IPSEC.
6)When change the protocol from IPSEC to GRE issue was resolved, Point is that one OEM supported the feature set other one didn't also how come Huawei was able to receive the Hello packets it was multicast so when you receive it you must be able to send it.
7)While doing troubleshooting do use debug first if you are still stuck then go for platform debug if you have prior experience with it. As it can affect performance of network devices.
  

Raja Shajeel Ahmad
Enterprise DC Engineer
Happy Learning
The limit is the sky.

Comments

Post a Comment

Popular posts from this blog

Flow with respect to Networks in AWS

-
Image
Flow with respect to Networks in AWS which need to be clear to expose any application on AWS and having some of services in on-premises. I will compare AWS services with on-prem technology, so it become ease to understand.                                                           Building Block of AWS Networking VPC: Consider it as a switch place in multiple Data center and all switches are connected with each other we can further have small subnets on it which can be part of all switches or only one depend upon the planning and requirements. Route Tables : Each subnet we create in VPC can have each route table or all subnets have one, Route table is used to control the routing of subnets and how traffic will be routed for any workload on the subnets. Route table can be attached to few other services of AWS as per requirements. NAT Gateway: I...
Read more

Important concepts in ACI Physical/Access polices Concepts

-
Image
I know Cisco ACI has been around for a long time. The first time I got into it was in 2021. It was not that hard to relate the legacy concepts with ACI but doing a job via CLI and doing it via GUI have a lot of differences. In this particular blog, I will discuss the key concepts without explaining the ACI core components like leaf switches, spine switches, and APIC. Cisco ACI is a policy-driven solution in which everything has an object assigned to it, and you need to connect all those dots to make your network work. In a legacy network, we have devices like bare metal servers, L2 switches, L3 switches, routers, and firewalls. We connect the networks using different protocols to make our network work, but sometimes there are physical requirements that need to be fulfilled to get the required topology. In Cisco ACI, we have all these kinds of devices, and they are connected to our fabric. However, in ACI, we have a term called "domains," which include four different types: Ph...
Read more

1 sec and Team work Story

-
Image
 I n the world of IT, a single second can be the difference between success and failure. Recently, I experienced this firsthand when a 1-second delay caused a critical application flow to shut down. Through intense troubleshooting, collaboration, and respect for diverse opinions, we identified and resolved the issue. This experience taught me the importance of: - Active listening among all stakeholders - Exploring all options and possibilities - Embracing the value of diverse perspectives - The power of collaboration and teamwork - The crucial role of TCP dumps in troubleshooting In IT, every problem requires a unique solution, and collaboration is key to finding it. Delay we Observe at Client end server end had no delay though Raja Shajeel Ahmad Enterprise DC Engineer Happy Learning The limit is the sky. #TeamWork#TCPDump#HappyLearning
Read more