Support Center > Search Results > SecureKnowledge Details
How to Troubleshoot OSPF Problems on IPSO OS
Solution

OSPF (Open Shortest Path First) is a commonly used routing protocol.

This resolution describes some steps one can take to troubleshoot OSPF problems.

When opening a case with Check Point Support for assistance in troubleshooting OSPF problems, please gather the following debug information.

OSPF Debug Logs

  1. In Voyager, go to 'Configuration > Routing > Routing Options'. 
  2. Under the OSPF drop-down list, select "All" and click "Apply". This will generate ipsrd.log.* files under /var/log
  3. Collect the logs when OSPF errors occur. There might be multiple files created. Please send each one of them to us.

Packet Traces of OSPF Traffic

On the incoming and outgoing interfaces, use tcpdump or fw monitor to verify that OSPF packets are arriving at the device. An example tcpdump command that does this on interface eth-s3p1 is:

nokia[admin]# tcpdump -s 0 -i eth-s3p1 -w dump.dat ip proto ospf

To do something similar with fw monitor:

nokia[admin]# fw monitor -e 'accept ip_p=89;'

For more information about fw monitor, refer to sk30583.

Check Firewall Logs

It may be necessary to enable logging on all rules in order to see if the traffic is being dropped inappropriately.

Don't forgot to enable logging of the Security Gateway's interface-based anti-spoofing functionality, if it is being used. 

Don't forget to enable logging of implicit rules.

Collect OSPF Routing Table Debug Using CLISH Commands

The OSPF Route Database can be dumped to a file easily using clish:

nokia[admin]# clish -c "show ospf database detailed" > ospfdb.txt

If you are running a version of IPSO prior to 3.6, use the following commands:

nokia[admin]# iclid

iclid> show version

iclid> show ospf database database-summary

iclid> show ospf neighbors

iclid> show ospf interfaces

iclid> show ospf errors brief

iclid> show ospf events

iclid> show ospf packets

iclid> show ospf

OSPINFO Script (Optional)

The following script will gather information about the state of the OSPF database and the OSPF router relationships, as perceived by the device. The resulting file can be compressed and provided to Check Point Support, if need be.

#! /bin/csh -f
#
# ospfinfo
# usage: ospfinfo
# Set the environment variables
#
if ( -f /var/etc/pm_cshrc ) then
  source /var/etc/pm_cshrc
endif
set CURR_DATE=`date +%m.%d-%H%M`
set THISINFO=ospfinfo-`uname -n`-${CURR_DATE}.txt
echo "OSPF info taken " $CURR_DATE > $THISINFO
echo " >> $THISINFO
echo "================ ifconfig -a:" >> $THISINFO
ifconfig -a >> $THISINFO
echo " >> $THISINFO
echo "================ ospf database database-summary: " >> $THISINFO
iclid -n "show ospf database database-summary" >> $THISINFO
echo " >> $THISINFO
echo "================ ospf database router: " >> $THISINFO
iclid -n "show ospf database router" >> $THISINFO
echo " >> $THISINFO
echo "================ show ospf database area: ">> $THISINFO
iclid -n "show ospf database area" >> $THISINFO
echo " >> $THISINFO
echo "================ ospf database type: " >> $THISINFO
iclid -n "show ospf database type" >> $THISINFO
echo " >> $THISINFO
Imported from Nokia support database

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment