Firewall Dynamic Routing For Dummies – Part Tres

Debugging…

Oh you will know when it dies. You’ll be sleeping at 3am and every router geek in your org will be at your house with torches. When OSPF dies, it goes out with a bang because not only does it die on the firewall, the adjacent neighbors will say to themselves “Hmmmm…I haven’t seen any HELLO packets from the firewall lately let’s assume he’s dead” and pull all the routes and then broadcast to the world YOUR firewall’s dynamic routing sucks.

You laugh now grasshopper.

Debugging OSPF can only really be done with a peer routing geek at your side. So make sure you stay on good terms with this person, or else you are the walking dead. Buy them beer but not guns, they get dangerous when they combine the two.

Right now I don’t have a cool VM setup to show you demos. Sorry. Maybe in the future when I get back from Morocco this summer (my sweetheart wants to go sleep with camels in the desert go figure).

Here are the magic commands:

GAIA clish:

  • show ospf neighbor – These are the DR and BDR where your LSAs go to. Look to make sure they are in FULL state and not sucking air in EXSTART trying to start the handshake.  Should look something like this. Only 2 routers will be in FULL state on an interface. They are the DR and BDR. In case one of them crash the others in 2way will vote and become a DR and BDR.

    neighbor

  • show ospf database – dump what OSPF knows about
  • show ospf summary – short form of database
  •  show configuration OSPF – OSPF configuration commands
  • show route all – all routes
  • show route ospf – ospf routes – NOTE: sometimes I get random results. Unix SPLAT netstat -nr shows all the routes, but this command comes up blank. Not sure.
  • show route static – just static routes
  • drouter stop/start – when its 3am and you just want to go home.

Basically you sit there with the routing geeks and they will tell you if its working after typing in all these commands.

And then there is clustering……

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: