Ronny and LEAF Folks, Most of the problems with OSPF seem to be misconfiguration at this point. There were problems with MD5 authentication which have been resolved and some hardware problems that had nothing to do with Zebra that have also been resolved.
For configuration help check out this site: http://pilot.org.ua/zebra/ Here are the responses that I have received so far and a bit of research from the archives listed at the bottom... [Tim Bulger] Sorry, this isn't exactly what you're looking for, but I've been running zebra OSPF in VPN networks that span the globe since mid-2000 with no significant complaints. The zebra boxes coexist peaceably with Cisco, Foundry, Alcatel, Cabletron, possibly others. Hope this helps, Tim [Tim Bulger] [Stephane Bortzmeyer] If you want to do simple things, you'll probably have no problems. We are very happy with Zebra's OSPF. Things I noticed on that mailing list were often OS-specific: * some Linux drivers (Broadcom cards) have problems with multicast (and it is worse if you have VLANs), * BSD systems have problems with routing (the OSPF /32 route to itself being blindly followed, lack of a default route making BSD believe it cannot multicast, etc) [/Stephane Bortzmeyer] [Paul Cammidge] interestingly, a few people complained about problems with the broadcom network cards, and the latest linux kernel includes a fix for this driver. i dont know whether the fix is relates to the same problem. paul [/Paul Cammidge] [Tesfaye Tariku] Sorry you are in the XYZ comp. (:->) I think you need to look at variables that have impact on packet forwarding. If the iptables or ipchains is not setup to allow the input/output to forward packets to the intended systems, no matter how you setup the ospf, you will be confined in the same box, assuming that you haven't setup your box world accessible, which of course, your system may not last long. If you are sure that the setup of ospf is correct but its not doing as intended, look other variables - iptables (or ipchains), PAM (if pam enabled zebra setup exist in your system), SSH, SSL. You need to look at these variables, which have significant impact on packet i/o. At least it has a tendency to create unstability to the ospf system. I think the zebra/ospf on the beta phase showed great potential and I don't think I'm with you on that. You may need to look at your own ospf setup as well. Good luck TT [/Tesfaye Tariku] +++Here are some other posts that have appeared within the last couple of months. -ek [Jean-Francois Laforest] I've been running OSPF (with zebra) for 2 months now, and from what I noticed, there has been no problem whatsoever with MD5 authentication, but sometimes when a link dies, it takes a little while to see it back up. Other than that, it's rock solid. I have over 9 routers locally and we have over 20 routers on our VPN. I will ask around to see if others got problems, for me it runs fine on Linux and FreeBSD. Zebra also does work fine with cisco routers. [/Jean-Francois Laforest] [Paul Jakma] On Sun, 9 Feb 2003, Vladimir I. wrote: > Hello All, > > It's been more than half a year since I was forced to move away > from OSPF to RIPv2 due to bugs in Zebra's OSPF implementation. > Has the situation improved? I understand that Zebra's official > CVS sees very small change nowadays, however what about Paul > Jakma's releases? Actually, a lot of those fixes are now in CVS. Plus others which were applied directly. > My problem was that OSPF often didn't re-establish adjency after > link failures (e.g., got stuck in various states before FULL). At > least partly that was attributed to a bug in MD5 authentication, > which AFAIK is resolved now. Should be, thanks to Greg Troxel. The other thing to try is (if using MD5): http://people.ie.alphyra.com/~paulj/zebra/20021111/patches/zebra-ospfd-md5au th-seqnum.patch without it, if 2 routers were adjacent for x amount of time, then they will take x amount of time to reestablish adjacency should one ospfd be restarted. > Anybody running Zebra's OSPF on a network with 5+ routers? Yes. http://people.ie.alphyra.com/~paulj/zebra/20021111. There are a couple of Opaque LSA fixes in CVS too. regards, -- Paul Jakma [/Paul Jakma] [Stephane Bortzmeyer] On Sunday 9 February 2003, at 17 h 41, "Vladimir I." <[EMAIL PROTECTED]> wrote: > My problem was that OSPF often didn't re-establish adjency after > link failures (e.g., got stuck in various states before FULL). At > least partly that was attributed to a bug in MD5 authentication, > which AFAIK is resolved now. Anybody running Zebra's OSPF on a > network with 5+ routers? We do, in production, and I did not notice this sort of problems (but we are lucky, we have few link failures). We do not use MD5 auth. [/Stephane Bortzmeyer] [John Frazier] Been running Zebra/ospfd/bgpd in production in our network for several years now. No problems that I can think of at all. I don't use MD5 auth however because there is no need in our environment. simple-password auth does just fine. [/John Frazier] If you want to verify this informationyou can go to http://www.zebra.org/mailing.html and click on marc.theaimsgroup.com then do a search for ospf. Regards, Eric Kiser -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric B Kiser Sent: Tuesday, March 04, 2003 3:04 PM To: Ronny Aasen; leaf Subject: RE: [leaf-user] zebra and bering Hi Ronny, OSPF from Zebra is available for the current version of Bering. There is however some debate as the current stability of Zebra's implementation of OSPF. Below is a copy of the mail that I sent to the Zebra mailing list. [begin] Howdy all, This is a request for comment from anyone that is currently running OSPF successfully. The impression that some folks have is that OSPF is a bit flaky at this point. However, I seem to remember a post from John stating that he has OSPF running on his network and has not had any significant problems with it. Also, If we have some folks with problems and others that don't, what is the discrepancy? I am looking for something along the lines of... If you want to do A, B, C, then it is fine. But, if you want to do X, Y, and Z, then you will likely run into trouble. Thanks in advance, Eric Kiser [/end] I will put together whatever information I get back from them and post the results to the list. Regards, Eric Kiser -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ronny Aasen Sent: Tuesday, March 04, 2003 9:47 AM To: leaf Subject: [leaf-user] zebra and bering hello i have just been given a limit of 15 days to convert my berings into OSPF capable routers, either by software or new boxes. I love linux/bering and would prefer to do this with a zebra package. is there anyone on this list that have implemented zebra in a bering router. (is it possible, or will i need to go to a 2.2.x kernel based distro) mvh Ronny Aasen ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
