Community discussions

 
SwissWISP
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Fri Sep 23, 2011 12:16 pm

OSPF - Invalid sequence number / MD5 authentication failed

Tue Oct 29, 2013 11:33 am

Hi all,

there is something strange happening on our Routers (CCR). Several times per day, the router logs a "Invalid sequence number / MD5 authentication failed" message. (see attached Picture)
It looks like the router receives an OSPF packet that is too "old" and the problem gets worse if I lower the hello times. So I first thought, there must be packet loss or something, but if I disable MD5, everything works like a charm.

The funny thing is that this happens only between Mikrotik routers. Sessions between Cisco and Mikrotik work as expected.
Any Ideas from you guys?

Many Thanks!
- Mat
You do not have the required permissions to view the files attached to this post.
 
leonix
newbie
Posts: 26
Joined: Fri Nov 26, 2010 4:13 pm

Re: OSPF - Invalid sequence number / MD5 authentication fail

Mon Jan 12, 2015 1:16 pm

Had the same message (and not working OSPF): Reason was not enough RAM. My older omnitik shows 7Mib free of 32Mib total RAM, this seems not enough for our 500 routes. My solution was adding an RB2011 with more RAM and switching the omnitik to bridge mode.

Another messages (beside the MD5 error) in the log were
"Database Description packet has init bit set in middle of an exchange"
"invalid sequence number"
and always
"11:36:31 route,ospf,info OSPFv2 neighbor 192.168.xx.xx: state change from Loading to 2-Way "
"11:37:17 route,ospf,info OSPFv2 neighbor 192.168.xx.xx: state change from Loading to 2-Way "
"11:38:03 route,ospf,info OSPFv2 neighbor 192.168.xx.xx: state change from Loading to 2-Way "

Hope this is useful for others... :-)
Leo.
 
SwissWISP
Member Candidate
Member Candidate
Topic Author
Posts: 181
Joined: Fri Sep 23, 2011 12:16 pm

Re: OSPF - Invalid sequence number / MD5 authentication fail

Mon Jan 12, 2015 2:07 pm

Thanks for your reply Leo.
In my case it's most likely not a memory issue. My CCR has over 1.5GB of free memory space.

- Mat
 
User avatar
nz_monkey
Forum Guru
Forum Guru
Posts: 1818
Joined: Mon Jan 14, 2008 1:53 pm
Location: Straya
Contact:

Re: OSPF - Invalid sequence number / MD5 authentication fail

Mon Jan 12, 2015 2:10 pm

Hi Mat,

We are seeing the same issue with our CCR's running OSPF + MD5. We see this issue occurring 2-3 times each day.

We use RouterOS 6.5 and 6.19 on CCR1036 and RouterOS 6.19 on CCR1009.
http://thebrotherswisp.com/ | Mikrotik MTCNA, MTCRE, MTCINE | Fortinet FTCNA, FCNSP, FCT | Extreme Networks ENA
 
User avatar
gilljr
newbie
Posts: 44
Joined: Thu Nov 15, 2012 10:47 pm
Location: Phoenix, AZ USA
Contact:

Re: OSPF - Invalid sequence number / MD5 authentication failed

Mon Nov 16, 2015 2:58 pm

I have now begun seeing this same error between 2 of my CCR (1009 and 1016) routers at random times (a handful of times every 3 days) in Point-to-Point OSPF mode. The errors are showing on both sides of the link but not at the same time. The routers are both running 6.30.4 and are connected via a Metro Ethernet connection about 30miles from each other. The errors are odd because I don't recall seeing these errors on either side of the link when I first set it up a couple months ago.

I will try turning off md5 and see if it resolves the issue for me as well. Is turning off MD5 still working as a solution for you or did the errors come back?

Thanks,
Gilbert
Gilbert T. Gutierrez, Jr.
Phoenix Internet http://phoenixinternet.com
 
jrudrow
just joined
Posts: 9
Joined: Fri Mar 28, 2008 7:27 pm

Re: OSPF - Invalid sequence number / MD5 authentication failed

Thu Dec 03, 2015 5:07 pm

Any solution ever come from anything? I just found this exact issue in my network, CCR1036-12G-4S connected to a RB912/RB912 Station-bridge wireless connection, on the other side another CCR1036-12G-4S. All CCR's and RB912's running v6.30 on Firmware 3.24.
 
User avatar
sri2007
Member Candidate
Member Candidate
Posts: 188
Joined: Wed May 20, 2015 10:14 pm
Location: Quito

Re: OSPF - Invalid sequence number / MD5 authentication failed

Mon Feb 12, 2018 4:15 pm

Hello guys... here is the real answer for the OSPF & MD5 authentication error, this one is a reply to a Mikrotik Support mail:
Hello,

problem may arise if one peer looses connectivity and reestablish adjacency. In this case sequence numbers are not reset and your mentioned error may appear.

Unfortunately there are no fix for this problem in ROS v6, instead I would suggest to use simple authentication untill we finish work on new OSPF code which should fix the problem.
MikroTik Soporte y Consultoría - Español / English +593 98 709 3502
https://www.safenet.ec/consultoria.html/ soporte@safenet.ec

Who is online

Users browsing this forum: No registered users and 6 guests