Thursday, November 3, 2011

DMVPN Tunnel Stuck in Exstart/BDR

We have a network consisting of 13 routers all of which connect via DMVPN. Two of the routers are hubs, one with an OSPF priority of 255 and the other 253. All spoke routers form an adjacency (FULL/DR) with the router with a priority of 255. All routers trying to form an adjacency with the other hub stay stuck in the EXSTART/BDR state and eventually transition to DOWN/DROTHER due to "too many retransmissions."

We have tried using the ip ospf mtu-ignore on both the hub and spoke router. We have ran debug ip ospf adj on both hub and spoke and I don't see any error signifying mtu mismatch. We have also tried increasing the retransmit-interval on the spoke. We have verified that the hello, dead, wait, and retransmit timers are the same.

Here are possible reasons for why you get stuck on EXSTART phase:
  1. MTU problem, meaning the routers can only ping a packet of a certain length.
  2. Access list is blocking the unicast packet.
  3. NAT is running on the router and is translating the unicast packet.
  4. Both routers have the same router ID (mis-configuration).
  5. You can try adding "tunnel path-mtu-discovery" on all of your interfaces.
  6. It could be that your nhrp maps and/or you nhs configs are a bit off. double check them making sure they are correct.
  7. Also, you can do a debug ip ospf events on both routers and see who is not sending the hellos.

Citation - This blog post does not reflect original content from the author. Rather it summarizes content that are relevant to the topic from different sources in the web. The sources might include any online discussion boards, forums, websites and others.

