Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
journeyman
Contributor

Created on ‎11-16-2025 10:27 PM

OSPF area problem, requesting debug guidance

We have two Fortigates of interest FGT1 and FGT2 participating in both area 0 and area 12.

FGT1 receives a route from FGT3 via FGT2 via area 0 (as expected).

But FGT2 receives a route from FGT1 via area 12 (not expected).

This creates asymmetric routing. Any guidance on debugging would be appreciated.

 

Area 0 is a managed network, we do not control the Cisco routers. There is nothing in the wan1 cloud other than interconnects.

 

FGT1 at Site 1 originates a VM subnet /30. FGT1 participates in both area 0 and area 12.

FGT2 at Site 2 also participates in both area 0 and area 12.

FGT2 at Site 2 routing table shows the /30 via area 12. My expectation is the route would be learned via area 0.

FGT3 originates a /24 route that appears at FGT1 via area 0 as expected.

FGT4 is only on area 0 and receives the /30 route via area 0 as expected.

 

The core issue here is that we have asymmetric routing at FGT2.

 

I understand that intra-area OSPF traffic is preferred over inter-area traffic. However, the /30 route originates at FGT1 and as far as I can see is not in an area (yet?). LANs connected at FGT1 are redistributed with metric = 600.

 

FGT1 and FGT2 are both ABR and ASBR
FGT3 is neither ABR nor ASBR
FGT4 is ASBR but not ABR
ASBR is not relevant to this problem, mentioned for completeness.

 

How can I diagnose the issue to see the reason FGT2 does not prefer the route via area 0? I have had a go using get routing info ospf commands but not found what I need.

 

Many thanks in advance

 

simplified networksimplified network

Labels:
82
0 Kudos
2 REPLIES 2
Carson_Daniels
New Contributor

Created on ‎11-17-2025 12:29 AM

Verify OSPF Database

Check the LSDB (Link-State Database) on FGT2 to see how the /30 route is advertised in each area:

get router info ospf database


Look for the Type-1 LSAs (Router LSAs) and Type-3 LSAs (Summary LSAs).

Confirm which area is advertising the /30 subnet and with what metric.

Goal: Determine whether FGT2 sees the /30 route from area 0, area 12, or both.

2. Check OSPF Route Preferences

OSPF prefers intra-area over inter-area. But summary LSAs from ABRs can override preference if the metric is lower.

get router info ospf route


Look at metric and source area of the /30 route.

Check if the area 0 route has a higher cost than the area 12 route.

3. Compare Metrics

FGT1 redistributes the /30 route with metric = 600.

If the route via area 12 ends up with a lower metric (less than 600), FGT2 will prefer it.

Use:

diagnose debug enable
diagnose debug ospf log


Then trigger a route advertisement or check the logs to see LSA metric calculation.

4. Confirm ABR Behavior

Since FGT1 and FGT2 are ABRs, check if the /30 route is being advertised into area 12 by FGT1. Sometimes an ABR will inject routes into a non-originating area with a lower metric than intra-area routes.

Check ABR summary LSA injection:

get router info ospf abr


Look for summary LSAs of the /30 subnet.

5. Optional: OSPF Route Filtering

If you want FGT2 to prefer area 0:

Consider OSPF route filtering on FGT1 to prevent advertising the /30 into area 12.

Or adjust metric of inter-area injection to ensure intra-area is always preferred.

63
0 Kudos
Yurisk
SuperUser
SuperUser

Created on ‎11-17-2025 04:00 AM

Statically analyzing OSPF topologies bad for the health :), just run real time debug on the FGT2 and see what it learns from whom and why. If it is not a production environment you may need to clear OSPF routing process to speed up the process (this will delete all OSPF routes).

 

diagnose ip router ospf level info

diagnose ip router ospf all

dia deb enable

 

Some other options for dia ip router ospf:

FGT2 # diagnose ip router ospf
all       Enable all debugging. [Take 0-1 arg(s)]
lsa       OSPF Link State Advertisement. [Take 0-2 arg(s)]
nfsm      OSPF Neighbor State Machine. [Take 0-2 arg(s)]
packet    OSPF Packets. [Take 0-2 arg(s)]
events    OSPF events. [Take 0-2 arg(s)]
ifsm      OSPF Interface State Machine. [Take 0-2 arg(s)]
nfsm      OSPF Neighbor State Machine. [Take 0-2 arg(s)]
nsm       OSPF NSM interface. [Take 0-2 arg(s)]
route     OSPF route information. [Take 0-2 arg(s)]
show      Show status of OSPF debugging.
level     Debug level.

 

https://yurisk.info
https://yurisk.info
42
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.