Hello Sebastian,
So, I am on amd64, 6.4 :
OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
The purpose of my setup, is to play around with redistribution between
OSPF and BGP and vice versa.
I found an aging article describing ways to achieve this, and got it
working just fine.
http://openbsd-archive.7691.n7.nabble.com/redistributing-routes-td102714.html
Router B does all the redistribution work.
I.e, it takes the routes received from "C" (ibgp) and adds the rtlabel
so that OSPF can pick it up, and redistribute to its peer.
B# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete
flags ovs destination gateway lpref med aspath origin
AI*> N 192.168.1.0/30 0.0.0.0 100 0 i
AI*> N 192.168.2.0/30 0.0.0.0 100 0 i
AI*> N 192.168.5.1/32 0.0.0.0 100 0 i
AI*> N 192.168.5.2/32 0.0.0.0 100 0 i
I*> N 192.168.5.3/32 192.168.2.2 100 0 i
The last host route is for the loopback on router C (known via 192.168.2.2)
B# bgpctl show fib
flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic
N = BGP Nexthop reachable via this route R = redistributed
r = reject route, b = blackhole route
flags prio destination gateway
*C 0 127.0.0.0/8 link#0
*S r 8 127.0.0.0/8 127.0.0.1
* 1 127.0.0.1/32 127.0.0.1
*C R 4 192.168.1.0/30 link#2
*CN 4 192.168.2.0/30 link#1
* R 32 192.168.5.1/32 192.168.1.1
* 1 192.168.5.2/32 192.168.5.2
*B 48 192.168.5.3/32 192.168.2.2
It gets installed in the FIB too.
The bgpd.conf has a line :
match from 192.168.2.2 set rtlabel zyx
When I look at the global routing table on B :
B# route -v show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Prio Iface Label
224/4 localhost URS 0 19402 32768 8 lo0
127/8 localhost UGRS 0 0 32768 8 lo0
localhost localhost UHhl 1 47 32768
1 lo0 192.168.1.0/30 192.168.1.2 UCn 1 0
- 4 em1
192.168.1.1 link#2 UHLch 1 47 - 3 em1
192.168.1.2 00:e0:67:05:24:25 UHLl 0 48 - 1 em1
192.168.1.3 192.168.1.2 UHb 0 0 -
1 em1 192.168.2.0/30 192.168.2.1 UCn 1 0
- 4 em0
192.168.2.1 00:e0:67:05:24:24 UHLl 0 211 - 1 em0
192.168.2.2 00:ec:ac:cd:e5:a7 UHLch 2 183 - 3 em0
192.168.2.3 192.168.2.1 UHb 0 0 -
1 em0 192.168.5.1/32 192.168.1.1 UG 0 169
- 32 em1
192.168.5.2 192.168.5.2 UHl 0 53 32768
1 lo100192.168.5.3/32 192.168.2.2 UG 0 9702
- 48 em0 "zyx"
Only the loopback host address from C is labeled.
In ospfd.conf on B, I have configured :
redistribute rtlabel zyx
Moving to router A (the OSPF peer with B), I can see that the route is
being redistributed (one labelled zyx)
A#route -v show -inet
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu
Prio Iface Label
224/4 localhost URS 0 19425 32768 8 lo0
127/8 localhost UGRS 0 0 32768 8 lo0
localhost localhost UHhl 1 81 32768
1 lo0 192.168.1.0/30 192.168.1.1 UCn 1 0
- 4 em0
192.168.1.1 00:e0:67:09:71:3c UHLl 0 51 - 1 em0
192.168.1.2 link#1 UHLch 2 47 - 3 em0
192.168.1.3 192.168.1.1 UHb 0 0 - 1 em0
192.168.5.1 192.168.5.1 UHl 0 371 32768
1 lo100192.168.5.2/32 192.168.1.2 UG 0 0
- 32 em0 192.168.5.3/32 192.168.1.2 UG 0
13 - 32 em0
But, I cannot see the link network between B and C (192.168.2.0/30).
B#cat /etc/bgpd.conf (Comments removed for brevity)
# cat /etc/bgpd.conf | grep -v "^#"
ASN="65001"
AS $ASN
router-id 192.168.5.2
prefix-set mynetworks { \
192.168.5.2/32 \
192.168.2.0/30 \
}
prefix-set bogons {
0.0.0.0/8 # 'this' network [RFC1122]
10.0.0.0/8 # private space [RFC1918]
100.64.0.0/10 # CGN Shared [RFC6598]
127.0.0.0/8 # localhost [RFC1122]
169.254.0.0/16 # link local [RFC3927]
172.16.0.0/12 # private space [RFC1918]
192.0.2.0/24 # TEST-NET-1 [RFC5737]
192.88.99.0/24 # 6to4 anycast relay [RFC7526]
#192.168.0.0/16 # private space [RFC1918]
198.18.0.0/15 # benchmarking [RFC2544]
198.51.100.0/24 # TEST-NET-2 [RFC5737]
203.0.113.0/24 # TEST-NET-3 [RFC5737]
224.0.0.0/4 # multicast
240.0.0.0/4 # reserved for future use
::/8 # RFC 4291 IPv4-compatible, loopback, et al
0100::/64 # Discard-Only [RFC6666]
2001:2::/48 # BMWG [RFC5180]
2001:10::/28 # ORCHID [RFC4843]
2001:db8::/32 # docu range [RFC3849]
2002::/16 # 6to4 anycast relay [RFC7526]
3ffe::/16 # old 6bone
fc00::/7 # unique local unicast
fe80::/10 # link local unicast
fec0::/10 # old site local unicast
ff00::/8 # multicast
}
network prefix-set mynetworks set large-community $ASN:1:1
network inet priority 32
group "ibgp mesh v4" {
remote-as $ASN
# use loopback for IBGP sessions, assume its distributed in OSPF
local-address 192.168.2.1
neighbor 192.168.2.2 # 4nic2
}
allow to ebgp prefix-set mynetworks large-community $ASN:1:1
deny quick from ebgp prefix-set mynetworks or-longer
allow from ibgp
allow to ibgp
match from 192.168.2.2 set rtlabel zyx
match from ebgp set { community delete $ASN:* }
match from ebgp set { large-community delete $ASN:*:* }
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 16 - 48
match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
deny quick from any prefix-set bogons or-longer
deny quick from any AS 23456
deny quick from any AS 64496 - 131071
deny quick from any AS 4200000000 - 4294967295
deny from any max-as-len 100
network inet priority 32 is used to redistribute ospf into bgp.
Hope it makes more sense now.
Simply, how can I get router B to advertise (or label) the directly
connected network (192.168.2.0/30) so that I can re-advertise into
OSPF.
Is there a way to add a label to a directly connected network? Can I
get router C to advertise this, and then use router B to label? etc
Cheers,
Simon.
On Mon, 14 Jan 2019 at 22:06, Sebastian Benoit <[email protected]> wrote:
> Hi,
>
> Simen Stavdal([email protected]) on 2019.01.14 21:29:43 +0100:
> > Hello,
> >
> > I have three routers connected in a chain.
> > A<->B<->C
> >
> > All routers have a host address as loopback 100 (192.168.5.x/32, A=1,
> B=2,
> > C=3).
> > The segments between the routers are 192.168.1.0/30 (AB) and
> 192.168.2.0/30
> > (BC).
> >
> > A to B runs OSPF
> > B to C runs IBGP
> >
> > I redistribute the BGP routes into OSPF using the label I append on
> router
> > B.
> > router B : match from <peer> set rtlabel zyx
> > And this works just fine. I see the tag being applied (but only on the
> > advertised lo100 host address).
> > Reverse redistribution is based on route priority (32) for OSPF into bgp.
> > All good.
> >
> > The link network however between B and C is not being advertised, as it
> is
> > locally connected for both router B and C. They are added in the network
> > statement on both sides.
> > So, on B, I can see the route label on the C loopback interface marked
> zyx.
> > 192.168.2.0/30 however does not have any route label, and hence will
> not be
> > redistributed into OSPF.
> >
> > So, I can ping router C from router B.
> > When I ping loopback on router C from router A using the loopback
> interface
> > as source, all is good.
> > When I ping with no source interface, the source address is the link
> > network not being advertised, and hence the far router does not know
> where
> > to send the traffic.
> >
> > I will continue to play around with this, just wondering if anybody has a
> > "good practice" way of dynamically advertising the network.
>
> Your mail is missing
>
> - what version of openbsd you are running, i.e. dmesg
>
> - your bgpd.conf and ospfd.conf files would be helpful.
>
> - you describe what you have currently configured, but not what your actual
> intent is. It may be better if you say what you want your network devices
> to
> do.
>
> That said, if i understand what you are doing right, maybe
> "network inet connected" on router B bgpd.conf will help.
> (you may also need filters to allow the prefix to be sent to C).
>
> /Benno
>
