Saturday, June 25, 2011

OSPF Link-State Database Overload Protection

A misconfigured OSPF router may generate large numbers of LSAs and these excessive LSAs can drain the CPU and memory resources on other routers. OSPF LSDB Overload Protection can be configured with the max-lsa max-num [threshold-percentage] [warning-only | ignore-time minutes , ignore-count count-num , reset-time minutes] OSPF router subcommand which available on Cisco IOS Release 12.3(7)T and later to protect against the mentioned issue by defining the maximum number of received (non-self-generated) LSAs that an OSPF process will receive and keep in the OSPF LSDB.

Note: When the max-lsa OSPF router subcommand is entered for the first time or when any parameter is changed, the OSPF process would undergo a soft-reset procedure.

Below describes the parameters of the max-lsa OSPF router subcommand:
Parameter Description
max-num The maximum number of received (non-self-generated LSAs) that an OSPF process will receive and keep in the OSPF LSDB.
threshold-percentage (Optional) The percentage of the maximum LSA number as specified by the max-num parameter, at which a warning message is logged. Default is 75%.
warning-only (Optional) Specifies that only a warning message is sent when the maximum LSA limit is exceeded. The OSPF process never enters into the ignore state and continues in its normal operation. Disabled by default.
ignore-time (Optional) Specifies the period (in minutes) to remains in the ignore state when the maximum LSA limit is exceeded. Default is 5 minutes.
ignore-count (Optional) Specifies the number of times that an OSPF process can consecutively be placed into the ignore state before it remains in the ignore state permanently and requires manual intervention. Default is 5 times.
reset-time (Optional) Specifies the period (in minutes) in which the ignore state counter is reset to 0 if the OSPF process remains normal for the defined period after returned from the ignore state back to normal state. Default is 10 minutes.

An error message is logged when the number of received (non-self-generated) LSAs in the LSDB has exceeded the configured threshold value. If the threshold being exceeded for 1 minute, the OSPF process will enter into the ignore state which will tear down all OSPF adjacencies and clear the OSPF LSDB. No OSPF packets will be sent nor received by interfaces that belong to the OSPF process for the period that is defined by the ignore-time parameter

To prevent an OSPF process from endlessly switching from the normal state of operation to ignore state after it returns from the ignore state to the normal state of operation for 1 minute due to the maximum LSA limit is exceeded, the OSPF process keeps a counter for the number of times the process went into the ignore state – ignore count. The OSPF process remains in the ignore state permanently once the count-num parameter is exceeded. The clear ip ospf privileged command must be issued to recover the OSPF process to the normal state of operation.

When an OSPF router is being placed into the permanent ignore state, try to identify the router that is generating the excessive LSAs and correct the problem. It is also recommended to increase the limit that has been configured by the max-lsa command before try to bring the router back to normal operation.

No comments:

Post a Comment