Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

How to debug ScreenOS OSPF protocol at the basic level using "debug ospf basic"

0

0

Article ID: KB7870 KB Last Updated: 31 Aug 2010Version: 3.0
Summary:
Debug ScreenOS OSPF Protocol at the basic level
Symptoms:
OSPF neighbor issue.
Solution:
Introduction:
The following information  is used to debug ScreenOS OSPF protocol issues at the basic level.  It is useful when troubleshooting Route Redistribution issues associated with using route map.
  

Platforms:
All Platforms in NAT/Route mode running OSPF protocol

Requirements
Command-line Access to the firewall via Console / Telnet / SSH.  JTAC recommends running this command from the Console


Commands:
To enable the debug option :  debug ospf basic
To disable or turn off the debug:  undebug all or  press the [ESC] key
To display the output:  get db st

Limitations
If there is heavy OSPF activity, enabling debug can increase CPU
           
Topology:
                 (Area 0.96.0.0)            
NS-1                                 NS-2
10.142.17.1                          10.96.127.26     


NS-1 has adjacency with NS-2.

At this point, the administrator has enabled the debug to capture the adjacency interaction. The command shown below provides the adjacency status information that will be used with the debug information that follows.
 

NS-1-> get vr trust-vr proto ospf neigh

VR: trust-vr RouterId: 10.142.17.1
----------------------------------
                Neighbor(s) on interface ethernet1/1.1 (Area 0.96.0.0)
IpAddr/IfIndex  RouterId        Pri State    Opt  Up           StateChg    
------------------------------------------------------------------------------
10.96.127.26    10.96.127.26      1 Full     E    00:00:12     (+6 -0)

After enabling the neighbor's physical interface, inspect the event logs:

NS-1-> get event
…..
Date       Time     Module Level  Type Description
2006-01-31 23:35:23 system info  00541 Neighbor routerId - 10.96.127.26
                                       IpAddress - 10.96.127.26 changed its
                                       state to state FULL
2006-01-31 23:34:45 system info  00541 Neighbor routerId - 10.96.127.26
                                       IpAddress - 10.96.127.26 changed its
                                       state to state DOWN


Below is the output  ( get db st ) of the same event displayed in the event log above.  Recall, debug was enabled by running the "debug ospf basic" command :

NS-1-> get db st
## 23:35:22 : ospf: process rx pak len 44 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:22 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:22 : ospf: process rx pak len 1152 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:23 : ospf: process rx pak len 32 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:23 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:23 : ospf: process rx pak len 44 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:23 : ospf: process rx pak len 64 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:28 : ospf: process rx pak len 64 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:32 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:33 : ospf: process rx pak len 64 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:42 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:35:52 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:36:02 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:36:12 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:36:22 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
## 23:36:32 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1
NS-1-> 

How do I read this?:
The numbers following the ## symbol in the output is the timestamp based on the current clock of the firewall.  The data that follows indicates:

  • Received packet (rx),
  • Packet length of 48 bytes (len 48)
  • From the Neighbor 10.96.127.26
  • Coming in on Interface 1/1.1
  • Neighbor's router ID is 10.142.17.1

## 23:35:22 : ospf: process rx pak len 48 from 10.96.127.26 on ethernet1/1.1 in vr trust-vr router-id 10.142.17.1

          
More information about the OSPF implementation within the NetScreen devices can be found in the Concepts and Examples Guide.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search