FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains the reason for the inactivity time expiring message in OSPF debugs.
Scope
FortiGate.
Solution
The default OSPF Hello interval on FortiGate is set to 10 seconds and the Dead interval is 40 seconds.
The inactivity timer indicates that no hello packets have been received from the neighbor within the dead interval. As a result, FortiGate transitions the OSPF neighbor status from Full to Down.
For example:
In the OSPF debugs logs below, the last hello packet was received at 10:12:40, and 40 seconds later the connection was moved to the Down state due to the absence of the subsequent hello packets from the neighbor.
2024-11-20 10:12:40 OSPF: RECV[Hello]: From 10.10.1.1 via port1:10.10.1.2 (10.10.1.1 -> 224.0.0.5) 2024-11-20 10:13:20 OSPF: NFSM[port1:10.10.1.2-10.10.1.1]: Inactivity timer expire 2024-11-20 10:13:20 OSPF: NFSM[port1:10.10.1.2-10.10.1.1]: Status change Full -> Down 2024-11-20 10:13:20 id=20302 msg="OSPF: %OSPF-5-ADJCHANGE: neighbor port1:10.10.1.2-10.10.1.1 Down "
This may happen due to multiple reasons:
If the OSPF Hello and Dead intervals are not the same on the neighboring router.
Packet loss or an unstable network connection can prevent the reception or transmission of Hello packets.
The issue in the multicast packet delivery.
NPU issue or high resource utilization (conserve mode) causing packet loss.
The neighboring router may have failed or undergone a reboot.
