I am fortunate to have access to enough FortiGear that I can have a lab set up and not impact production. This allows me to test out certain scenarios, before recommending them in production or for my customers.
One of these instances that came up is this:
This is one of the reasons I advocate reading the release notes prior to upgrading. I upgraded my main lab FortiGate to 7.0.1 (from 6.4.6) and had been blissfully unaware of any issues, until I was debugging some traffic and noticed that it was being dropped because of an RPF failure.
"Wait wut? I have OSPF running" A quick get router info ospf neighbors told me all I needed to know why RPF was failing. All 3 of my OSPF neighbors were in ExStart and never going to full. Thanks to a recent experience - one that made me question my existence - I knew the first thing I needed to check was my MTU size.
Bingo! I ran get router info ospf interface on both ends, lo and behold! The far end still running 6.4.6 had an MTU of 1438, while my newly upgraded FortiGate had an MTU of 1420!
A quick tweak of the MTU - I hate setting MTU ignore, I'd rather be precise - and we were back in business.
Quick reminder, the rules of OSPF adjacency:
Potential neighbors must be in the same area
Potential neighbors must be on the same subnet
Potential neighbors must have valid authentication settings (if configured)
The hello/dead intervals must match on potential neighbors
Stub flags must match on potential neighbors
Hope this helps, mad man out!
Comments