Date: Fri, 19 Aug 2011 18:32:34 -0500 From: Gary Gatten <Ggatten@waddell.com> To: "'dsrepel@QHRTechnologies.com'" <dsrepel@QHRTechnologies.com>, "'freebsd-questions@freebsd.org'" <freebsd-questions@freebsd.org> Subject: Re: OpenOSPFd replacing network routes Message-ID: <3699_1313796755_4E4EF293_3699_230_1_D9B37353831173459FDAA836D3B43499C521886A@WADPMBXV0.waddell.com> In-Reply-To: <429779FA84C25746813752F506545182A04283F9@QTMail2.QuadrantHR.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I don't have any experience with *BSD and OSPF, only on Cisco. But I can't=
help but wonder if there are not knobs to tune this? Equal costs routes a=
re pretty common, and although I have not read the RFC on OSPF, I'd be surp=
rised if ECR are not mandatory.
----- Original Message -----
From: Danny Srepel [mailto:dsrepel@QHRTechnologies.com]
Sent: Friday, August 19, 2011 06:13 PM
To: 'freebsd-questions@freebsd.org' <freebsd-questions@freebsd.org>
Subject: OpenOSPFd replacing network routes
There's a fundamental difference between OpenBSD and FreeBSD's respective n=
etworking. Specifically, the kernel routing table. In OpenBSD, it is possib=
le to have multiple routes to the same destination, and are differentiated =
by priority. This capability does not exist in FreeBSD.
Let me just get right into the details by outlining a functioning OpenBSD s=
ystem, and where FreeBSD's issues are.
This is my example ospfd.conf,
01|=A0router-id 0.0.0.1
02|=A0redistribute connected
03|=A0redistribute static
04|=A0area 0.0.0.0 {
05|=A0=A0 =A0 =A0 =A0 interface vlan1
06|=A0}
Below is output from `netstat -rn' taken form an OpenBSD machine before the=
OpenOSPFd process was started.=A0The 192.168.11.0/24 network is used to ex=
change OSPF information with its neighbours. 192.168.12.0/24 is a connected=
network to this host. 192.168.13.0/24 is one hop away (via 192.168.11.2, i=
ts only neighbour).
07|=A0Destination =A0 =A0 =A0 =A0Gateway =A0 =A0 =A0 =A0 =A0 =A0Flags =A0 R=
efs =A0 =A0 =A0Use =A0 Mtu =A0Prio Iface
08|=A0127/8 =A0 =A0 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0UGRS =
=A0 =A0 =A0 0 =A0 =A0 =A0 =A00 33160 =A0 =A0 8 lo0
09|=A0127.0.0.1 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0UH =A0 =A0 =
=A0 =A0 1 =A0 =A0 =A0 =A00 33160 =A0 =A0 4 lo0
10|=A0192.168.11/24 =A0 =A0 =A0link#5 =A0 =A0 =A0 =A0 =A0 =A0 UC =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A0 4 vlan1
11|=A0192.168.12/24 =A0 =A0 =A0link#6 =A0 =A0 =A0 =A0 =A0 =A0 UC =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A0 4 vlan2
12|=A0224/4 =A0 =A0 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0URS =A0=
=A0 =A0 =A00 =A0 =A0 =A0 =A00 33160 =A0 =A0 8 lo0
And this is `netstat -rn' taken after OpenOSPFd finished negotiating with i=
ts neighbour,
13|=A0Destination =A0 =A0 =A0 =A0Gateway =A0 =A0 =A0 =A0 =A0 =A0Flags =A0 R=
efs =A0 =A0 =A0Use =A0 Mtu =A0Prio Iface
14|=A0127/8 =A0 =A0 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0UGRS =
=A0 =A0 =A0 0 =A0 =A0 =A0 =A00 33160 =A0 =A0 8 lo0
15|=A0127.0.0.1 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0UH =A0 =A0 =
=A0 =A0 1 =A0 =A0 =A0 =A00 33160 =A0 =A0 4 lo0
16|=A0192.168.11/24 =A0 =A0 =A0link#5 =A0 =A0 =A0 =A0 =A0 =A0 UC =A0 =A0 =
=A0 =A0 2 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A0 4 vlan1
17|=A0192.168.11/24 =A0 =A0 =A0192.168.11.1 =A0 =A0 =A0 UG =A0 =A0 =A0 =A0 =
0 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A032 vlan1
18|=A0192.168.11.1 =A0 =A0 =A0 00:50:56:96:00:89 =A0UHLc =A0 =A0 =A0 1 =A0 =
=A0 =A0 =A00 =A0 =A0 - =A0 =A0 4 lo0
19|=A0192.168.11.2 =A0 =A0 =A0 00:50:56:96:00:90 =A0UHLc =A0 =A0 =A0 2 =A0 =
=A0 =A0 =A07 =A0 =A0 - =A0 =A0 4 vlan1
20|=A0192.168.12/24 =A0 =A0 =A0link#6 =A0 =A0 =A0 =A0 =A0 =A0 UC =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A0 4 vlan2
21|=A0192.168.13/24 =A0 =A0 =A0192.168.11.2 =A0 =A0 =A0 UG =A0 =A0 =A0 =A0 =
0 =A0 =A0 =A0 =A00 =A0 =A0 - =A0 =A032 vlan1
22|=A0224/4 =A0 =A0 =A0 =A0 =A0 =A0 =A0127.0.0.1 =A0 =A0 =A0 =A0 =A0URS =A0=
=A0 =A0 =A00 =A0 =A0 =A0 =A00 33160 =A0 =A0 8 lo0
Notice there are multiple entries for 192.168.11.0/24 (line #16-17). Line #=
17 was added by ospfd.
Before continuing, I'm going to paste the equivalent information on FreeBSD=
's side, so that we can better compare.=A0Below is `netstat -rn' taken befo=
re ospfd is started,
23|=A0Destination =A0 =A0 =A0 =A0Gateway =A0 =A0 =A0 =A0 =A0 =A0Flags =A0 =
=A0Refs =A0 =A0 =A0Use =A0Netif Expire
24|=A0127.0.0.1 =A0 =A0 =A0 =A0 =A0link#3 =A0 =A0 =A0 =A0 =A0 =A0 UH =A0 =
=A0 =A0 =A0 =A00 =A0 =A0 =A0139 =A0 =A0lo0
25|=A0192.168.11.0/24 =A0 =A0link#1 =A0 =A0 =A0 =A0 =A0 =A0 U =A0 =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0em0
26|=A0192.168.11.1 =A0 =A0 =A0 link#1 =A0 =A0 =A0 =A0 =A0 =A0 UHS =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0lo0
27|=A0192.168.12.0/24 =A0 =A0link#9 =A0 =A0 =A0 =A0 =A0 =A0 U =A0 =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 em0_vl
28|=A0192.168.12.1 =A0 =A0 =A0 link#9 =A0 =A0 =A0 =A0 =A0 =A0 UHS =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0lo0
And this is `netstat -rn' taken after OpenOSPFd finished negotiating with i=
ts neighbour,
29|=A0Destination =A0 =A0 =A0 =A0Gateway =A0 =A0 =A0 =A0 =A0 =A0Flags =A0 =
=A0Refs =A0 =A0 =A0Use =A0Netif Expire
30|=A0127.0.0.1 =A0 =A0 =A0 =A0 =A0link#3 =A0 =A0 =A0 =A0 =A0 =A0 UH =A0 =
=A0 =A0 =A0 =A00 =A0 =A0 =A0147 =A0 =A0lo0
31|=A0192.168.11.0/24 =A0 =A0192.168.1.1 =A0 =A0 =A0 =A0U =A0 =A0 =A0 =A0 =
=A0 1 =A0 =A0 =A0 =A06 =A0 =A0em0
32|=A0192.168.11.1 =A0 =A0 =A0 link#1 =A0 =A0 =A0 =A0 =A0 =A0 UHS =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0lo0
33|=A0192.168.12.0/24 =A0 =A0link#9 =A0 =A0 =A0 =A0 =A0 =A0 U =A0 =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 em0_vl
34|=A0192.168.12.1 =A0 =A0 =A0 link#9 =A0 =A0 =A0 =A0 =A0 =A0 UHS =A0 =A0 =
=A0 =A0 0 =A0 =A0 =A0 =A00 =A0 =A0lo0
35|=A0192.168.13.0/24 =A0 =A0192.168.1.2 =A0 =A0 =A0 =A0UG =A0 =A0 =A0 =A0 =
=A00 =A0 =A0 =A0 =A00 =A0 =A0em0
36|=A0192.168.13.1/32 =A0 =A0192.168.1.2 =A0 =A0 =A0 =A0UG =A0 =A0 =A0 =A0 =
=A00 =A0 =A0 =A0 =A00 =A0 =A0em0
Notice there's only one entry for 192.168.11.0/24 (line #25 got replaced wi=
th line #31).
And that's really the cruft of the issue: in FreeBSD you can only have the =
one network route, whereas in OpenBSD, you can have multiple. When a neighb=
our goes away in FreeBSD, the 192.168.11.0/24 route gets deleted. In OpenBS=
D, there's no negative impact, since there are multiple routes to the same =
network. Using our example, line #10 still exists as line #16 in OpenBSD, l=
ine #25 gets deleted and line #31 gets created in FreeBSD.
This isn't really a bug, it's more a difference in capabilities between Fre=
eBSD's and OpenBSD's respective networking. OpenOSPFd doesn't seem to have =
any special considerations for FreeBSD.
The Fix / Workaround
--------------------
The concept is simple: create an IP alias where the network overlaps the ex=
isting IP/network.
In our example, 192.168.11.0/24 is used to exchange OSPF information. Creat=
e an alias of 192.168.10.1/23. That way when the 192.168.11.0/24 route gets=
deleted, the systems will be accessible to each other over the 192.168.10.=
0/23 route. In order for this to work as expected, you'll need to make a co=
uple changes to your ospfd.conf file.
This is the original ospfd.conf file taken from the FreeBSD system,
37|=A0router-id 0.0.0.1
38|=A0redistribute connected
39|=A0redistribute static
40|=A0area 0.0.0.0 {
41|=A0=A0 =A0 =A0 =A0 interface em0
42|=A0}
And this is what it looks like after adding the IP alias,
43|=A0router-id 0.0.0.1
44|=A0no redistribute 192.168.10.0/23
45|=A0redistribute connected
46|=A0redistribute static
47|=A0area 0.0.0.0 {
48|=A0=A0 =A0 =A0 =A0 interface em0:192.168.11.1
49|=A0}
The `no distribute' is critical.
Could people share their comments and experiences with OpenOSPFd on FreeBSD?
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
<font size=3D"1">
<div style=3D'border:none;border-bottom:double windowtext 2.25pt;padding:0i=
n 0in 1.0pt 0in'>
</div>
"This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this email in error, please immediately notify the sender by
return email and delete this email from your system."
</font>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3699_1313796755_4E4EF293_3699_230_1_D9B37353831173459FDAA836D3B43499C521886A>