OSPF with MD5: Invalid sequence number

Hi all,

I am having an odd error come up when using OSPF (with MD5) between a Cisco 2821 and several RB450G. OSPF mode is point to multipoint since while everything is on the same Ethernet segment, communication between RB is not allowed.

Clocks on all devices are synced to the same NTP server. I have tried this with RouterOS 4.10 and also 4.13 and even upgraded the firmware version to 2.28 however I am still having this problem.

Is this a known issue, or should I email support?

15:22:56 route,ospf,info Invalid sequence number 
15:22:56 route,ospf,info     mine=1291263188 
15:22:56 route,ospf,info     received=1291263159 
15:22:56 route,ospf,info Discarding packet: MD5 authentication failed 
15:22:56 route,ospf,info     source=10.60.10.1 

15:23:00 route,ospf,info Invalid sequence number 
15:23:00 route,ospf,info     mine=1291263188 
15:23:00 route,ospf,info     received=1291263187 
15:23:00 route,ospf,info Discarding packet: MD5 authentication failed 
15:23:00 route,ospf,info     source=10.60.10.1 

15:29:19 route,ospf,info Invalid sequence number 
15:29:19 route,ospf,info     mine=1291263588 
15:29:19 route,ospf,info     received=1291263550 
15:29:19 route,ospf,info Discarding packet: MD5 authentication failed 
15:29:19 route,ospf,info     source=10.60.10.1 

15:29:37 route,ospf,info Invalid sequence number 
15:29:37 route,ospf,info     mine=1291263588 
15:29:37 route,ospf,info     received=1291263578 
15:29:37 route,ospf,info Discarding packet: MD5 authentication failed 
15:29:37 route,ospf,info     source=10.60.10.1

I’m running md5 authenticated OSPF between a Cisco ASA and 4.11 just fine. I can lab it out between a 2811 on the latest 12.4 and RouterOS on 4.13 and 5.0rc tomorrow.

I believe this is a known issue. I had this problem with ROS 4.13 running MD5 auth’d OSPF with several Cisco IOS 12.2 and 12.4 devices. Downgraded ROS back to 4.11 and its been stable.

There you go. In that case I won’t bother.

I’ll set a reminder to not update that one…

Thanks for the tip, I’ll try out 4.11 and report back.

I have rolled back to 4.11 which didnt seem to help at first but then after 15 minutes it has seemed to settle. I’ll keep watching and post back next week with how it goes.

Spoke too soon, its playing up again.

Does anybody know what the cause is for this issue?

I am having the same issue on 4.10 between ROS devices. In my case, (assuming I have all of the OSPF MD5 settings correct) that because my network is both routed and bridged so that the same devices are looking at each other through several different connections (different subnets, etc) that the sequencing gets off and then I get the errors.

So far, I have just grinned and beared it, but it is coming to a head and I need to get it resolved quickly.

I am considering turning OSPF authentication off and watching the network, but I am sensitive to downtime. I’ll research this more and wait til after-hours to make config changes.

Any one have any feedback?

Hello guys… here is the real answer for that error, this one is a reply to a Mikrotik Support mail:

Hello,

problem may arise if one peer looses connectivity and reestablish adjacency. In this case sequence numbers are not reset and your mentioned error may appear.

Unfortunately there are no fix for this problem in ROS v6, instead I would suggest to use simple authentication untill we finish work on new OSPF code which should fix the problem.