OSPF Loading time Stream 1.5 q1

Jake · September 20, 2025, 4:04am

We’re testing vyos 1.5 to be a BNG replacement for our cisco gear. When we’ve configured OSPF with the following

set protocols ospf area 1.0.0.0 network ‘1.2.3.4/28’<ip’s redacted>
set protocols ospf interface bond0 passive disable
set protocols ospf interface bond0 priority ‘0’
set protocols ospf log-adjacency-changes
set protocols ospf passive-interface ‘default’
set protocols ospf redistribute connected

the ospf adjacencies almost immediately enter the loading DR and BDR, however it sits there for around 11 minutes before entering full, and seeming to work properly after that. This happens every OSPF restart, or device reboot.

The juniper devices we’re connecting to are showing full within about 10seconds, however we’re not receiving any routes from the vyos box at that time, once vyos shows full, all things start to ping.

We’ve fully checked MTU, firewall rules(even removing and allowing everything), and have a ton of logs, we haven’t tried updating to q2 yet, as q2 has some configuration differences that I have to report separately, (set firewall zone subscriber interface ‘l2tp*’ doesn’t work as a command).

Timers from vyos: Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5

Timers from junos: Hello: 10, Dead: 40, ReXmit: 5, Not Stub

Apachez · September 20, 2025, 4:37am

You say after restart of service and device reboot.

Is this time you mention the full time or time after VyOS itself finished loading?

Because there is this issue I reported about 2 years ago:

And since you mention you use this box for BNG I assume there can be more than “a handful of routes” (or firewall rules) to get loaded?

If it is this case one thing you could try out (to verify) would be to just remove all but lets say 1-2 routes/firewall rules, reboot and see if it still takes about 11 minute for the box to rejoin the rest of your network?

Jake · September 20, 2025, 6:19am

It’s the time after VyOS finishes loading, it’s the time from neighbor discovery, exstart, exchange(about 2 seconds), then loading for about 11 min

In this specific area, there’s only about 80 routes for it to load, I’ve removed all the firewall rules, so there’s nothing there causing that. I should mention there’s an OpenBSD router in that same area, and vyos sets up that router and achieves full in about 10 seconds. The two junipers it’s connecting to are only sending defaults as well.

Full boot times are very short

Apachez · September 20, 2025, 6:29am

I would probably try to do some packet captures using tcpdump either locally on your VyOS box or better yet setup a portmirror on a switch along the road to figure out whats really going on.

Like is it the VyOS box who takes 11 minutes before sending out the first OSPF frame or is it like the OpenBSD box who takes 11 minutes to reply?

Jake · September 20, 2025, 9:57pm

Packets seem fine, there’s nothing out of the ordinary, default logs show

Sep 20 14:42:45 ospfd[67356]: [VTVCM-Y2NW3] Configuration Read in Took: 00:00:00
Sep 20 14:42:45 ospfd[67356]: [G6NKK-8C6DV] end_config: VTY:0x55ec5bf34370, pending SET-CFG: 0
Sep 20 14:42:46 ospfd[67356]: [T08NC-EWX63][EC 134217741] Link State Acknowledgment: Unknown Neighbor 1.1.1.1
Sep 20 14:42:50 watchfrr[1406]: [QDG3Y-BY5TN] ospfd state → up : connect succeeded
Sep 20 14:42:52 ospfd[67356]: [S5PCG-77H23] Packet[DD]: Neighbor 1.1.1.1 Negotiation done (Master).
Sep 20 14:42:55 ospfd[67356]: [S5PCG-77H23] Packet[DD]: Neighbor 2.2.2.2 Negotiation done (Master).
Sep 20 14:52:40 ospfd[67356]: [Y05P2-YJVXY] AdjChg: Nbr 1.1.1.1, NbrIP 1.1.1.1 (default) on bond0:4.4.4.4: Loading → Full (LoadingDone)
Sep 20 14:52:40 ospfd[67356]: [Y05P2-YJVXY] AdjChg: Nbr 2.2.2.2, NbrIP 2.2.2.2 (default) on bond0:4.4.4.4: Loading → Full (LoadingDone)

show ip ospf nei

Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
1.1.1.1 128 Loading/Backup 3m06s 34.502s 1.1.1.1 bond0:4.4.4.4 0 130 0
2.2.2.2 128 Loading/DR 3m04s 36.083s 2.2.2.2 bond0:4.4.4.4 0 130 0
3.3.3.3 0 2-Way/DROther 3m05s 34.486s 3.3.3.3 bond0:4.4.4.4 0 0 0

1.1.1.1 and 2.2.2.2 are juniper, 3.3.3.3 is openbsd, and 4.4.4.4 is the vyos test

I also think I found a bug that I’ll submit separately.

jake@vanpgslns01:~$ monitor protocol ospf enable packet all recv
% Unknown command: debug ospf ospf

I can’t set monitor on the ospf packets.

Apachez · September 20, 2025, 10:33pm

What timers have you setup on this device and the others regarding OSPF?

Do you get the same behaviour if you would split up that bond0 and try with one interface at a time?

I found this case, dunno if its related to what you experience?

github.com/FRRouting/frr

FRR v10.3 - OSPF routes not being installed in kernel routing table

opened 03:36PM - 27 Mar 25 UTC

PrimeYeti

triage

### Description I am using Rocky Linux 9.5 with FRR 10.3 and seemingly when I r…eboot the server and it comes back up, FRR learns all its OSPF routes from its neighbors but doesn't install these routes in the Linux routing table. If I then restart only the FRR process, after about 30 seconds the routes are installed into the kernel. This issue doesn't happen on the latest FRR 8 build. ### Version ```text v10.3 ``` ### How to reproduce See above ### Expected behavior I would expect the routes to be installed in the kernel routing table ### Actual behavior see above ### Additional context _No response_ ### Checklist - [x] I have searched the open issues for this bug. - [x] I have not included sensitive information in this report.

Other things to try out in the blue:

Set router-id for your devices?
Change the global distance value so learned OSPF routes get priority?
Try to manually set various timers even if they are default?

Jake · September 24, 2025, 8:57am

We tried setting all defaults manually just in case, we did find a way to speed it up significantly, however the way is by entering vtysh, then clearing one of the ospf sessions manually, sometimes makes it renegotiate them all much quicker.