Bug in Palo Alto PANOS 8.0.4 prevents OSPF peering with Cisco Nexus

One of my customers had an issue with exchange of OSPF information between a Palo Alto firewall and Cisco Nexus switch. While OSPF worked fine for about a week since the OSPF relation was made, after a new network link was made we saw issues with OSPF exchange. The Cisco switch reported ‘bad sequence number’ and ‘Misformed link state packets’

Bad sequence number indicates issues with the MTU size.

What we concluded was when LSDB (link state database) packets exceeded the MTU size of 1500, we saw OSPF peering issues. Since the new link was made operational, additional routing information was exchanged.

When we enlarged the MTU the issue disappeared. The firewall was running PANOS 8.0.4.

After we upgraded to PANOS 8.0.5 and set the MTU size back to 1500 the issue disappeared.

So PANOS 8.0.4 has a bug!

 

Add a Comment

Your email address will not be published. Required fields are marked *

Current ye@r *