Field Notice: FN74009 - OSPFv2 and OSPFv3 Database Overload Protection and Redistribution Protection Are Enabled By Default - Configuration Change Recommended

Available Languages

Updated:June 28, 2024
Document ID:FN74009

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected


Affected Software Product Affected Release Affected Release Number Comments
IOS XE Software 17 17.11.1  

Defect Information


Defect IDHeadline
CSCwc58001ospf redistributes all the routes without default limit

Problem Description


In Cisco IOS XE Software releases earlier than 17.11.1, the OSPFv2 max-lsa and redistribute maximum-prefix commands were not enabled by default.

In Cisco IOS XE Software Release 17.11.1 and later, the OSPFv2 max-lsa command is enabled by default with a value of 50,000, and the redistribute maximum-prefix command is enabled by default with a value of 10,240. This protects the router's resources, like CPU and memory, from misconfigurations like redistributing Border Gateway Protocols (BGPs) that contain internet routes into OSPF without any filter.

The following table lists the OSPFv2 and OSPFv3 configurations that are affected by this change:

Command Default Value

router ospf <process>

  max-lsa <max-lsa-value>

 50,000

router ospf <process>

  redistribute maximum-prefix <max-prefix-value>

 10,240

router ospfv3 <process>

  max-lsa <max-lsa-value>

 50,000

router ospf <process>

  address-family ipv6 unicast

    redistribute maximum-prefix <max-prefix-value>

 10,240

Background


In Cisco IOS XE Software releases earlier than 17.11.1, the OSPFv2 and OSPFv3 Database Overload Protection and Redistribution Protection features were available. However, they were not enabled by default.

In Cisco IOS XE Software Release 17.11.1 and later, these features are enabled by default.


Problem Symptom


If the number of non-self-generated link-state advertisements (LSAs) is more than 50,000 and an appropriate value is not configured for the max-lsa command, then upon upgrading to Cisco IOS XE Software Release 17.11.1, OSPFv2 and OSPFv3 will enter max-lsa ignore-state and adjacencies will start flapping, causing service disruption.

OSPFv2 will generate the following message:

%OSPF-1-OSPF_MAX_LSA: Maximum number of non self-generated LSA has been exceeded "ospf 1" - 50000 LSAs

OSPFv3 will generate the following message:

%OSPFv3-1-MAX_LSA_LIM: OSPFv3-1-IPv6 Maximum number of non self-generated LSA has been exceeded - 50000 LSAs

If the number of redistributed routes is more than 10,240 and an appropriate value is not configured for the redistribute maximum-prefix command, upon updating to Cisco IOS XE Software Release 17.11.1, OSPFv2 and OSPFv3 IPv6 will redistribute only 10,240 routes and ignore the rest, causing service disruption.

OSPFv2 will generate the following message:

%IPRT-4-REDIST_MAX_PFX: Redistribution prefix limit has been reached "ospf 1" - 10240 prefixes

OSPFv3 will generate the following message:

%IPV6_ROUTING-4-REDIST_MAX_PFX: Redistribution prefix limit has been reached "OSPFv3-1-IPv6" - 10240 prefixes

Workaround/Solution


Workaround

Customers should manually set limits for OSPF.

Determine the number of non-self-generated LSAs and the number of redistributed prefixes using the show ip ospf database database-summary or show ospfv3 database database-summary command and the show ip ospf rib redistribution or show ospfv3 rib redistribution command, as shown in the following example:

Device# show ip ospf database database-summary

             OSPF Router with ID (1.1.1.1) (Process ID 1)
Area 0 database summary
  LSA Type      Count    Delete   Maxage
.
.
.
Process 1 database summary
  LSA Type      Count    Delete   Maxage
.
.
.
    Prefixes redistributed in Type-5  0
  Opaque AS     0        0        0        
  Non-self      16       
  Total         19       2        2  

Device# show ip ospf rib redistribution

            OSPF Router with ID (1.1.1.1) (Process ID 1)


Base Topology (MTID 0)

OSPF Redistribution
10.77.130.0/24, type 2, metric 20, tag 0, from connected
   via GigabitEthernet1

Device# show ip ospf rib red | count from
Number of lines which match regexp = 1

If the number of non-self-generated LSAs and the number of redistributed prefixes are above their default values, use the following configuration commands for OSPFv2 and OSPFv3 before upgrading:

Device(config)#router ospf <process>
Device(config-router)#max-lsa <max-lsa-value>

Device(config)#router ospf <process>
Device(config-router)# redistribute maximum-prefix <max-prefix-value>

Device(config)#router ospfv3 <process>
Device(config-router)#max-lsa <max-lsa-value>

Device(config)#router ospfv3 <process>
Device(config-router)#address-family ipv6 unicast
Device(config-router-af)# redistribute maximum-prefix <max-prefix-value>

How to Identify Affected Products


Determine the number of non-self-generated LSAs and the number of redistributed prefixes using the show ip ospf database database-summary or show ospfv3 database database-summary command and the show ip ospf rib redistribution or show ospfv3 rib redistribution command, as shown in the following example:

Device# show ip ospf database database-summary

             OSPF Router with ID (1.1.1.1) (Process ID 1)

Area 0 database summary

  LSA Type      Count    Delete   Maxage

.
.
.

Process 1 database summary

  LSA Type      Count    Delete   Maxage

.
.
.

    Prefixes redistributed in Type-5  0

  Opaque AS     0        0        0      

  Non-self      16     

  Total         19       2        2


Device# show ip ospf rib redistribution


            OSPF Router with ID (1.1.1.1) (Process ID 1)



               Base Topology (MTID 0)


OSPF Redistribution

10.77.130.0/24, type 2, metric 20, tag 0, from connected

   via GigabitEthernet1


Device# show ip ospf rib red | count from

Number of lines which match regexp = 1

If the number of non-self-generated LSAs and the number of redistributed prefixes are above their default values, follow the directions provided in the Workaround section of this field notice.


Revision History


VersionDescriptionSectionDate
1.0Initial Release2024-JUN-28

For More Information

For further assistance or for more information about this field notice, contact the Cisco Technical Assistance Center (TAC) using one of the following methods:

Receive Email Notification About New Field Notices

To receive email updates about Field Notices (reliability and safety issues), Security Advisories (network security issues), and end-of-life announcements for specific Cisco products, set up a profile in My Notifications.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco