Support Center > Search Results > SecureKnowledge Details
OSPFv3 LS updates of the default route are not accepted by the Firewall for Stub/TSA areas
Symptoms
  • Area Border Router and Area Router sends correct DB descriptions.
  • OSPF neighborship never becomes in 'FULL' state.
  • Area Border Router and Area Router send correct and complete LS requests and updates.
  • Area Router acknowledges all LSAs except the Inter-Area-Prefix representing the default route (::/0)
  • Area Router sends LS requests for single Inter-Area-Prefix representing the default route.
  • Area Border Router send correct update for Inter-Area-Prefix representing the default route.
  • Area Router does not acknowledge the LS update from Area Border router.
  • Looping over points 5-7.
  • Packet captures shows that CHKP Gaia adds 4-Byte of zeros as a padding scheme for the Inter-Area-Prefix representing the default route (::/0)
    LSA-type 3 (Inter-Area-Prefix-LSA), len 32
    .000 0001 1111 0001 = LS Age (seconds): 497
    0... .... .... .... = Do Not Age: False
    LS Type: 0x2003
    Link State ID: 0.0.0.0
    Advertising Router: 192.168.0.61
    Sequence Number: 0x80000001
    Checksum: 0x3a59
    Length: 32
    Reserved: 00
    Metric: 1
    PrefixLength: 0
    PrefixOptions: 0x00
    Reserved: 0000 -- > shows CHKP addes 4-byte padding in the pcap.
    Address Prefix: ::
Cause

According to the OSPFv3 RFC, prefixes need to be padded to an even number of 4 byte words. Check Point gateways do this even for the ::/0 prefix, meaning that they pad 4 bytes of 0's.

Because of how routed deals with ::/0, it was assuming that the minimum size of an inter area prefix LSA is 4 bytes bigger than it should have been. Therefore when it was getting the default route it was ignoring it and recording that as a "Bad Inter Area Prefix LSA size" error.


Solution
Note: To view this solution you need to Sign In .