Guest

Preview Tool

Cisco Bug: CSCuj35576 - ASA OSPF route stuck in database and routing table

Last Modified

May 01, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

8.4(6)

Description (partial)

Symptom:
Under certain conditions, the an OSPF route may be stuck in the ASA's routing table and OSPF database:

O E2 10.1.1.0 255.255.255.240 [20/20] via 192.168.1.1, 54:46:33, inside
O E2 10.1.1.0 255.255.255.252 [20/20] via 192.168.1.1, 54:46:33, inside

We have an issue where the /28 route is not being removed from the OSPF 
database table even though the route stops being advertised by the peer. 
Below is the output of "show route" after the route has stopped being 
advertised by the Fortinet. The age of the route is very old:
asa(config)#   show opsf  route | i 10.1.1.0
O E2 10.1.1.0 255.255.255.240 [20/20] via 192.168.1.1, 93:02:44, inside


The OSPF database shows that the route is marked for deletion, but its 
never deleted. Notice the MAXAGE is very old ( > 3600).
asa01(config)# show ospf database
         Type-5 AS External Link States
10.1.1.1     192.168.1.1   3709        0x800000cb 0xb942 0

   Delete flag is set for this LSA
   Routing Bit Set on this LSA
   LS age: MAXAGE(3718)
   Options: (No TOS-capability, No DC)
   LS Type: AS External Link
   Link State ID: 10.1.1.1 (External Network Number )
   Advertising Router: 192.168.1.1
   LS Seq Number: 800000cb
   Checksum: 0xb942
   Length: 36
   Network Mask:255.255.255.240
     Metric Type: 2 (Larger than any link state path)
     TOS: 0
     Metric: 20
     Forward Address: 0.0.0.0
     External Route Tag: 0

Conditions:
This seems to only occur for OSPF routes that are redistributed and advertised to the ASA. This issue only occurs with overlapping routes.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.