OSPF and Local Address Spoofing

Martijn · ‎2021-03-01

Hi All,

On a 44K dual chassis setup in VSX mode we are seeing drops by Local Address Spoofing on all Virtual Systems for OSPF packets. OSPF seems te work and routes are learned, but the log fills up with these log messages. It is not just a drop, but also a connection alert.

So, the source is the gateway and destination the OSPF network address.

We have checked many knowledge base articles, but none of them seems relevant. With fw monitor we looked at the traffic and we are seeing the OSPF packet leave the gateway (o, O), but also see it enter the gateway (i, I).

When we configure the parameyet fw_local_interface_anti_spoofing to 0, the message are gone.

We have checked routes which are OK and there are no host on the network with IP addresses that belong to the gateways.

Software version is R80.20SP take 304.

Not sure what the cause is and how we can solve this.

Regards,
Martijn

G_W_Albrecht · ‎2021-03-01

Did you involve TAC already ?

Martijn · ‎2021-03-01

Hello,

I did not involve TAC yet. Customers policy does not allow me to send any data (cpinfo, logs, debugs, traces) outside the organization. So CheckMates and SK atricles are the first options for me.

If TAC is needed, I can open a SR but I am limited on what I can tell and provide them.

Martijn

PhoneBoy · ‎2021-03-01

The fact that the traffic is re-entering the gateway is what is causing the local interface spoofing checks to be triggered.
Disabling the check is one option, figuring out what’s causing the traffic to re-enter the gateway is the other.

andymong

What device are you pairing OSPF with ?

OSPF and Local Address Spoofing

Are you still running R76SP.50 - Upgrade now

OSPF and Local Address Spoofing

What comes after R80.20SP for Chassis

is it possible /supported to run fw ctl zdebug on ...

Migrating from 10G to 40G interfaces