OSPF Link-State Database Overload Protection

OSPF Link-State Database Overload Protection

The OSPF Link-State Database Overload Protection is an enhancement feature that limits the number of non-self-generated Link-State Advertisements (LSAs) for an OSPF or OSPFv3 process.

This feature safeguards the device from CPU and memory exhaustion by limiting the number of non-self-generated LSAs it will accept and process.

Limit the number of non self-generated LSAs for an OSPF process

You can perform this task to configure the maximum number of non self-generated LSAs the switch can receive.

When the configured maximum number of LSAs is exceeded:

  • the switch sends a notification and stops accepting any new LSAs. If the count of received LSAs is still higher than the configured maximum, then the OSPF process takes down all adjacencies, clears the OSPF database, and enters the IGNORE state.

    You can configure the ignore-time minutes to set the time for which the OSPF process can remain in the IGNORE state.

  • Each time the OSPF process enters the IGNORE state, a counter is incremented.

    You can set the count on the number of times the OSPF process has entered the IGNORE state using the ignore-count count-number . When the configured count is exceeded, the OSPF process remains in the IGNORE state. You must restart the OSPF process to restore normal operation.

  • If the OSPF process has returned to its normal state of operation, you can configure the reset-time minutes to specify the duration to wait before the IGNORE state counter is reset.

Additionally if you require warning messages to be displayed, you can use threshold-percentage and warning-only .

Procedure

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

router ospf process-id [vrf vrf-name]

Example:

Device(config)# router ospf 15

Enables OSPF routing and enters router configuration mode.

  • process-id : The process ID is an internally used identification parameter that is locally assigned. Each OSPF process has a unique process ID.

    Process ID can be a positive integer from 1 to 65535.

  • vrf: Indicates that the OSPF process is being configured for a specific VRF.

  • vrf-name : Specifies the name of the VRF for which this OSPF process is being created.

Step 4

router-id ip-address

Example:

Device(config-router)# router-id 10.0.0.1

Specifies a fixed router ID for an OSPF process.

ip-address : The IP address to identify the device in the routing domain.

Step 5

log-adjacency-changes [detail]

Example:

Device(config-router)# log-adjacency-changes

Configures the device to send a syslog message when an OSPF neighbor goes up or down.

detail : Logs all adjacency state changes, including states like DOWN, INIT, 2EXCHANGE, LOADING, and so on.

Step 6

max-lsa maximum-number [threshold-percentage] [warning-only [ignore-time minutes] [ignore-countcount-number] [reset-time minutes]

Example:

Device(config-router)# max-lsa 12000

Limits the number of non self-generated LSAs that an OSPF routing process can keep in the OSPF link-state database (LSDB).

  • maximum-number : Maximum number of non-self-generated LSAs allowed in the LSDB.

  • threshold-percentage : (Optional) Percentage of the maximum number at which a warning message is logged. Default is 75%.

  • warning-only : (Optional) If specified, only a warning message is logged when the limit is exceeded; the OSPF process does not enter the ignore state. Disabled by default.

  • ignore-time minutes : (Optional) Time in minutes to ignore all neighbors after the maximum LSA limit is exceeded. Default is 5 minutes.

  • ignore-countcount-number : (Optional) Number of times the OSPF process can consecutively enter the ignore state. Default is 5 times.

  • reset-time minutes : (Optional) Time in minutes after which the ignore count is reset to zero. Default is 10 minutes (or 2 times ignore-time in some platforms).

Step 7

network ip-address wildcard-mask area area-id

Example:

Device(config-router)# network 10.1.1.1 255.240.0.0 area 20

Defines an interface on which OSPF runs and the area ID for that interface.

  • address wild-card-mask : Addresses of the networks that belong to a particular OSPF area. The wildcard-mask allows you to use a single command to define one or more multiple interfaces to be associated with a specific OSPF area.

    area-id : The area identifer. The area identifier can be a decimal value or an IP address.

Step 8

end

Example:

Device(config-router)# end

Returns to privileged EXEC mode.

Step 9

show ip ospf [process-id area-id]] database database-summary

Example:

Device(config)# show ip ospf 2000 database database-summary

Displays lists of information related to the OSPF database for a specific device.

Use this command to verify the number of non self-generated LSAs on a device.

Configuration example set a limit for LSA generation

In this example, the device is configured to stop accepting non self-generated LSAs after the maximum of 14,000 has been exceeded:

Device(config)# router ospf 1
Device(config-router)# router-id 192.168.0.1
Device(config-router)# log-adjacency-changes
Device(config-router)# max-lsa 14000
Device(config-router)# area 33 nssa
Device(config-router)# network 192.168.0.10.0.0.0 area 1
Device(config-router)# network 192.168.5.10.0.0.0 area 1
Device(config-router)# network 192.168.2.10.0.0.0 area 0
In this example, the device is configured to stop accepting non self-generated LSAs once a maximum of 12,000 has been exceeded for an OPSFv3 process:

Device> enable
Device# configure terminal
Device(config)# router ospfv3 1
Device(config-router)# router-id 10.0.0.1
Device(config-router)# log-adjacency-changes
Device(config-router)# max-lsa 12000

In this example, the show ip ospf command is entered to confirm the configuration: 

Device# show ip ospf 1
Routing Process "ospf1" with ID 192.168.0.1 
Supports only single TOS(TOS0)routes 
Supports opaque LSA 
Supports Link-local Signaling(LLS)
Supports area transit capability 
Maximum number of nonself-generated LSA allowed 14000 
Threshold for warning message75% 
Ignore-time 5minutes,reset-time 10minutes 
Ignore-countallowed 5,currentignore-count 0

In this example, the output is displayed when the show ip ospf command is entered when the device is in the ignore state: 

Device# show ip ospf 1
Routing Process "ospf1" with ID 192.168.0.1
Supports only single TOS(TOS0)routes 
Supports opaque LSA 
Supports Link-local Signaling(LLS) 
Supports area transit capability 
Maximum number of nonself-generated LSA allowed 14000 
Threshold for warning message 75% 
Ignore-time 5minutes, reset-time 10minutes
Ignore-count allowed 5,current ignore-count 1
Ignoring all neighbors due to max-lsa limit, time remaining: 00:04:52

This output is displayed when the show ip ospf command is entered after the device left the ignore state: 

Device# show ip ospf 1
Routing Process "ospf 1" with ID 192.168.0.1 
Supports only single TOS(TOS0) routes 
Supports opaque LSA Supports Link-local Signaling (LLS) 
Supports area transit capability 
Maximum number of non self-generated LSA allowed 14000 
Threshold for warning message 75% 
Ignore-time 5 minutes, reset-time 10 minutes 
Ignore-count allowed 5, current ignore-count 1- time remaining: 00:09:51

This output is displayed when the show ip ospf command is entered for a device that is permanently in the ignore state: 

Device# show ip ospf 1
Routing Process "ospf 1" with ID 192.168.0.1 
Supports only single TOS(TOS0) routes 
Supports opaque LSA Supports Link-local Signaling (LLS) 
Supports area transit capability 
Maximum number of non self-generated LSA allowed 14000 
Threshold for warning message 75% 
Ignore-time 5 minutes, reset-time 10 minutes 
Ignore-count allowed 5, current ignore-count 6 
Permanently ignoring all neighbors due to max-lsa limit