Simen Stavdal([email protected]) on 2019.01.14 22:57:19 +0100:
> Hello Sebastian,
>
> So, I am on amd64, 6.4 :
>
> OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
>
> The purpose of my setup, is to play around with redistribution between
> OSPF and BGP and vice versa.
>
> I found an aging article describing ways to achieve this, and got it
> working just fine.
>
> http://openbsd-archive.7691.n7.nabble.com/redistributing-routes-td102714.html
>
>
> Router B does all the redistribution work.
>
> I.e, it takes the routes received from "C" (ibgp) and adds the rtlabel
> so that OSPF can pick it up, and redistribute to its peer.
>
>
> B# bgpctl show rib
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> AI*> N 192.168.1.0/30 0.0.0.0 100 0 i
> AI*> N 192.168.2.0/30 0.0.0.0 100 0 i
> AI*> N 192.168.5.1/32 0.0.0.0 100 0 i
> AI*> N 192.168.5.2/32 0.0.0.0 100 0 i
> I*> N 192.168.5.3/32 192.168.2.2 100 0 i
the first 4 prefixes are routes that "B" itself inserts into the routing
table (generated by network statements in bgpd.conf). You can check that
with "bgpctl show network".
> The last host route is for the loopback on router C (known via 192.168.2.2)
>
> B# bgpctl show fib
> flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic
> N = BGP Nexthop reachable via this route R = redistributed
> r = reject route, b = blackhole route
>
> flags prio destination gateway
> *C 0 127.0.0.0/8 link#0
> *S r 8 127.0.0.0/8 127.0.0.1
> * 1 127.0.0.1/32 127.0.0.1
> *C R 4 192.168.1.0/30 link#2
> *CN 4 192.168.2.0/30 link#1
> * R 32 192.168.5.1/32 192.168.1.1
> * 1 192.168.5.2/32 192.168.5.2
> *B 48 192.168.5.3/32 192.168.2.2
only the last route comes from bgpd (prio = 48). 192.168.5.1/32 is inserted
by ospfd (prio = 32) and the rest are configured localy.
> It gets installed in the FIB too.
>
> The bgpd.conf has a line :
>
> match from 192.168.2.2 set rtlabel zyx
>
> When I look at the global routing table on B :
>
> B# route -v show -inet
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu
> Prio Iface Label
> 224/4 localhost URS 0 19402 32768 8 lo0
> 127/8 localhost UGRS 0 0 32768 8 lo0
> localhost localhost UHhl 1 47 32768
> 1 lo0 192.168.1.0/30 192.168.1.2 UCn 1 0
> - 4 em1
> 192.168.1.1 link#2 UHLch 1 47 - 3 em1
> 192.168.1.2 00:e0:67:05:24:25 UHLl 0 48 - 1 em1
> 192.168.1.3 192.168.1.2 UHb 0 0 -
> 1 em1 192.168.2.0/30 192.168.2.1 UCn 1 0
> - 4 em0
> 192.168.2.1 00:e0:67:05:24:24 UHLl 0 211 - 1 em0
> 192.168.2.2 00:ec:ac:cd:e5:a7 UHLch 2 183 - 3 em0
> 192.168.2.3 192.168.2.1 UHb 0 0 -
> 1 em0 192.168.5.1/32 192.168.1.1 UG 0 169
> - 32 em1
> 192.168.5.2 192.168.5.2 UHl 0 53 32768
> 1 lo100192.168.5.3/32 192.168.2.2 UG 0 9702
> - 48 em0 "zyx"
>
>
> Only the loopback host address from C is labeled.
Yes, the "match from 192.168.2.2 set rtlabel zyx" only applies to routes
received (from neighbor 192.168.2.2), and you only receive 192.168.5.3/32
from there.
Check with "bgpctl sh rib neigh 192.168.2.2".
> In ospfd.conf on B, I have configured :
>
> redistribute rtlabel zyx
>
>
> Moving to router A (the OSPF peer with B), I can see that the route is
> being redistributed (one labelled zyx)
>
> A#route -v show -inet
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu
> Prio Iface Label
> 224/4 localhost URS 0 19425 32768 8 lo0
> 127/8 localhost UGRS 0 0 32768 8 lo0
> localhost localhost UHhl 1 81 32768
> 1 lo0 192.168.1.0/30 192.168.1.1 UCn 1 0
> - 4 em0
> 192.168.1.1 00:e0:67:09:71:3c UHLl 0 51 - 1 em0
> 192.168.1.2 link#1 UHLch 2 47 - 3 em0
> 192.168.1.3 192.168.1.1 UHb 0 0 - 1 em0
> 192.168.5.1 192.168.5.1 UHl 0 371 32768
> 1 lo100192.168.5.2/32 192.168.1.2 UG 0 0
> - 32 em0 192.168.5.3/32 192.168.1.2 UG 0
> 13 - 32 em0
>
>
> But, I cannot see the link network between B and C (192.168.2.0/30).
>
>
> B#cat /etc/bgpd.conf (Comments removed for brevity)
>
> # cat /etc/bgpd.conf | grep -v "^#"
>
> ASN="65001"
>
> AS $ASN
> router-id 192.168.5.2
>
> prefix-set mynetworks { \
> 192.168.5.2/32 \
> 192.168.2.0/30 \
> }
>
> prefix-set bogons {
> 0.0.0.0/8 # 'this' network [RFC1122]
> 10.0.0.0/8 # private space [RFC1918]
> 100.64.0.0/10 # CGN Shared [RFC6598]
> 127.0.0.0/8 # localhost [RFC1122]
> 169.254.0.0/16 # link local [RFC3927]
> 172.16.0.0/12 # private space [RFC1918]
> 192.0.2.0/24 # TEST-NET-1 [RFC5737]
> 192.88.99.0/24 # 6to4 anycast relay [RFC7526]
> #192.168.0.0/16 # private space [RFC1918]
> 198.18.0.0/15 # benchmarking [RFC2544]
> 198.51.100.0/24 # TEST-NET-2 [RFC5737]
> 203.0.113.0/24 # TEST-NET-3 [RFC5737]
> 224.0.0.0/4 # multicast
> 240.0.0.0/4 # reserved for future use
> ::/8 # RFC 4291 IPv4-compatible, loopback, et al
> 0100::/64 # Discard-Only [RFC6666]
> 2001:2::/48 # BMWG [RFC5180]
> 2001:10::/28 # ORCHID [RFC4843]
> 2001:db8::/32 # docu range [RFC3849]
> 2002::/16 # 6to4 anycast relay [RFC7526]
> 3ffe::/16 # old 6bone
> fc00::/7 # unique local unicast
> fe80::/10 # link local unicast
> fec0::/10 # old site local unicast
> ff00::/8 # multicast
> }
>
> network prefix-set mynetworks set large-community $ASN:1:1
> network inet priority 32
>
> group "ibgp mesh v4" {
> remote-as $ASN
> # use loopback for IBGP sessions, assume its distributed in OSPF
> local-address 192.168.2.1
> neighbor 192.168.2.2 # 4nic2
> }
>
> allow to ebgp prefix-set mynetworks large-community $ASN:1:1
>
> deny quick from ebgp prefix-set mynetworks or-longer
>
> allow from ibgp
> allow to ibgp
>
> match from 192.168.2.2 set rtlabel zyx
>
> match from ebgp set { community delete $ASN:* }
> match from ebgp set { large-community delete $ASN:*:* }
>
> allow from any inet prefixlen 8 - 24
> allow from any inet6 prefixlen 16 - 48
>
> match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
>
> deny quick from any prefix-set bogons or-longer
>
> deny quick from any AS 23456
> deny quick from any AS 64496 - 131071
> deny quick from any AS 4200000000 - 4294967295
>
> deny from any max-as-len 100
>
>
> network inet priority 32 is used to redistribute ospf into bgp.
Between A and B you run OSPF.
So B has to send A the information about how 192.168.2.2 is reachable
through OSPF.
add to ospfd.conf on B:
either "redistribute connected"
or
area 0.0.0.0 {
...
interface em0:192.168.2.1 { passive }
...
}
where em0 is the interface where you have 192.168.2.1 configured on.
The second method allows for finer control over what networks get
redistributed.
>
> Hope it makes more sense now.
>
> Simply, how can I get router B to advertise (or label) the directly
> connected network (192.168.2.0/30) so that I can re-advertise into
> OSPF.
>
> Is there a way to add a label to a directly connected network? Can I
> get router C to advertise this, and then use router B to label? etc
>
>
> Cheers,
>
> Simon.
>
>
>
>
> On Mon, 14 Jan 2019 at 22:06, Sebastian Benoit <[email protected]> wrote:
>
> > Hi,
> >
> > Simen Stavdal([email protected]) on 2019.01.14 21:29:43 +0100:
> > > Hello,
> > >
> > > I have three routers connected in a chain.
> > > A<->B<->C
> > >
> > > All routers have a host address as loopback 100 (192.168.5.x/32, A=1,
> > B=2,
> > > C=3).
> > > The segments between the routers are 192.168.1.0/30 (AB) and
> > 192.168.2.0/30
> > > (BC).
> > >
> > > A to B runs OSPF
> > > B to C runs IBGP
> > >
> > > I redistribute the BGP routes into OSPF using the label I append on
> > router
> > > B.
> > > router B : match from <peer> set rtlabel zyx
> > > And this works just fine. I see the tag being applied (but only on the
> > > advertised lo100 host address).
> > > Reverse redistribution is based on route priority (32) for OSPF into bgp.
> > > All good.
> > >
> > > The link network however between B and C is not being advertised, as it
> > is
> > > locally connected for both router B and C. They are added in the network
> > > statement on both sides.
> > > So, on B, I can see the route label on the C loopback interface marked
> > zyx.
> > > 192.168.2.0/30 however does not have any route label, and hence will
> > not be
> > > redistributed into OSPF.
> > >
> > > So, I can ping router C from router B.
> > > When I ping loopback on router C from router A using the loopback
> > interface
> > > as source, all is good.
> > > When I ping with no source interface, the source address is the link
> > > network not being advertised, and hence the far router does not know
> > where
> > > to send the traffic.
> > >
> > > I will continue to play around with this, just wondering if anybody has a
> > > "good practice" way of dynamically advertising the network.
> >
> > Your mail is missing
> >
> > - what version of openbsd you are running, i.e. dmesg
> >
> > - your bgpd.conf and ospfd.conf files would be helpful.
> >
> > - you describe what you have currently configured, but not what your actual
> > intent is. It may be better if you say what you want your network devices
> > to
> > do.
> >
> > That said, if i understand what you are doing right, maybe
> > "network inet connected" on router B bgpd.conf will help.
> > (you may also need filters to allow the prefix to be sent to C).
> >
> > /Benno
> >
>
--
