Hello Mark you need to give more detail on the IP address types are you using b roadcast networks or point to point / tunnel type addresses are you seeing anything in also can you be certain your hypervisor switches (real switches in the datacentre allow for vm -vm communication and dont filter certain types of traffic (OSPF)
/var/log/messages when you run the daemons, are you allowing ip protocol 89 (OSPF) on your PF rules on boxes running pf ? have you configured loopback ips on each router (on a separate loopback interface) on each open BSD Router (so as not to have 127.0.0.0/8 routes advertised have you confirmed you dont have a network conflict 2 routers with the same ip range on interfaces that are not connected .. you can start ospfd with -df switches to see if there are any warnings / messages that might hint what is up and running only other high level things I can thing of is check your neighbour adjacencies are they forming, and focus where they are not forming and usual things for OSPF adjacencies not forming MTU of interfaces not matching between neighbours Authentication key authentication type authentication key id usually = 1 switch between routers with a smaller MTU / L2MTU than what the neighbour routers have configured on their interfaces if ospf neighbours are forming are you learning any routes.. avoid static default routes they are the spawn of satan and you can run into issues learning and propagating default routes otherwise ... Peace out and Happy new year On Fri, 8 Jan 2021 at 23:08, Mark <m...@protonmail.com> wrote: > > I'll try this message one more time. > > I have a question regarding the use of ospf with OpenBSD 6.8. > > > I have a network that consists of 23 OpenBSD 6.8 based routers (created, > > within a virtualbox environment on a GNU/Linux server, to match the > > physical network I manage - the only different being that the physical > > network consists of FreeBSD based routers rather than OpenBSD ones). I set > > this up after have replaced a FreeBSD based router with an OpenBSD based > > one in the real network and immediately experiencing an issue accessing > > parts of the network. > > > > Within my setup there is one router (router22) that is six hops away from > > the designated default gateway (which I'll call the firewall) and there are > > two paths (going different ways around the network) to get to it. I am able > > to run a traceroute to router22, but am not able to ping it or ssh onto it. > > If I ssh to the router connected to the firewall then I can ping and ssh to > > router22 (at that point it's only 5 hops away). If I reboot any router that > > lies within the path to router22 then I am subsequently able to ping and > > ssh router22 from the firewall. > > > > I have also subsequently duplicated the entire network again using FreeBSD > > 12.2 and the problem does not occur, so as far as I can see it's just an > > OpenBSD ospf issue. > > > > I first set this up after replacing a FreeBSD based router with an OpenBSD > > based one and experiencing another strange issue. In this instance the > > shortest path from my server network (accessible from router01) to > > router08, router11 and router12 was router01 <-> router13 <-> router21 <-> > > router08 <-> router11 <-> router12, when I put the OpenBSD router in as > > router13 I could no longer ping router08, router11 or router12 (though I > > could still ping router21). If I connected to a router in a different part > > of the network I was able to ping each of the inaccessible ones, so it was > > only when the OpenBSD based router was along the shortest path the issue > > manifested itself. > > > > Is anyone aware of incompatibilities between the OSPF implementation within > > OpenBSD and that provided by quagga on FreeBSD? Or of any limitations of > > OSPF on OpenBSD? > > > > In each setup I have the same hello and dead interval and have md5 crypt > > authentication in place on each link between routers. Each router is in > > area 0.0.0.0. > > > > regards, > > Mark -- Kindest regards, Tom Smyth.
