Hello Bradley,
if I add that route to /etc/hostname.vr3 I have no access to 10.1.111.11, even
from the local router.
After reboot I have to delete and add that route again by hand to make
everything work (sometimes I have to repeat delete/add few times to make it
work). It's 7.2/i386.
Any idea?
[10.109.3.15] $ cat /etc/hostname.vr3
inet 10.1.111.1 255.255.255.0
!sleep 60
!route add 10.1.111.11 10.1.111.1
[10.109.3.15] $ route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.109.3.254 UGS 5 10 - 8 vr0
224/4 127.0.0.1 URS 0 56 32768 8 lo0
10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1
10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1
10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1
10.1.111/24 10.1.111.1 UCn 0 0 - 4 vr3
10.1.111.1 00:00:24:cb:4f:cf UHLhl 1 2 - 1 vr3
10.1.111.11 10.1.111.1 UGHS 0 104 - 8 vr3
10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3
10.1.222/24 10.109.3.16 UG 0 0 - 32 vr0
10.109.3/24 10.109.3.15 UCn 3 18 - 4 vr0
10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 11 - 3 vr0
10.109.3.15 00:00:24:cb:4f:cc UHLl 0 13 - 1 vr0
10.109.3.16 00:00:24:cd:90:10 UHLch 1 11 - 3 vr0
10.109.3.254 00:0d:b9:35:39:29 UHLch 1 16 - 3 vr0
10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0
then...
[10.109.3.15] $ route delete 10.1.111.11 10.1.111.1
delete host 10.1.111.11: gateway 10.1.111.1
[10.109.3.15] $ route add 10.1.111.11 10.1.111.1
add host 10.1.111.11: gateway 10.1.111.1
[10.109.3.15] $ route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 10.109.3.254 UGS 5 11 - 8 vr0
224/4 127.0.0.1 URS 0 137 32768 8 lo0
10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1
10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1
10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1
10.1.111/24 10.1.111.1 UCn 1 0 - 4 vr3
10.1.111.1 00:00:24:cb:4f:cf UHLhl 1 15 - 1 vr3
10.1.111.11 00:00:24:cb:4f:d0 UHLc 0 172 - 3 vr3
10.1.111.11 10.1.111.1 UGHS 0 0 - 8 vr3
10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3
10.1.222/24 10.109.3.16 UG 0 170 - 32 vr0
10.109.3/24 10.109.3.15 UCn 3 28 - 4 vr0
10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 22 - 3 vr0
10.109.3.15 00:00:24:cb:4f:cc UHLl 0 24 - 1 vr0
10.109.3.16 00:00:24:cd:90:10 UHLch 1 33 - 3 vr0
10.109.3.254 00:0d:b9:35:39:29 UHLch 1 24 - 3 vr0
10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0
On Thu, 9 Feb 2023 07:47:33 +1100
Bradley Latus <brad.la...@gmail.com> wrote:
> Hi,
> I see a small mistake
>
> You need to add that route to vr3 interface when you bring it up, vr0 will
> most likely be up before vr3 so that is why your route adding in the
> hostname.vr0 is wrong.
>
> Cheers
>
> On Thu, 9 Feb 2023, 01:36 Radek, <r...@int.pl> wrote:
>
> > Hello Bradley,
> > thank you, your setup works the way I need.
> >
> > I can't deal with adding the static route permanently. I have to add the
> > static route by hand (route add 10.1.111.11/32 10.1.111.1) after reboot.
> > Did I missed something?
> >
> > [10.109.3.15] $ cat /etc/hostname.vr0
> > -inet
> > dhcp
> > #inet 10.109.3.15 255.255.255.0
> > !sleep 60
> > !route add 10.1.111.11/32 10.1.111.1
> >
> > After reboot it looks like this:
> >
> > [10.109.3.15] $ route -n show
> > Routing tables
> >
> > Internet:
> > Destination Gateway Flags Refs Use Mtu Prio
> > Iface
> > default 10.109.3.254 UGS 5 15 - 8 vr0
> > 224/4 127.0.0.1 URS 0 59 32768 8 lo0
> > 10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1
> > 10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1
> > 10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1
> > 10.1.111/24 10.1.111.1 UCn 1 0 - 4 vr3
> > 10.1.111.1 00:00:24:cb:4f:cf UHLl 0 3 - 1 vr3
> > 10.1.111.11 00:00:24:cb:4f:d0 UHLc 0 2 - 3 vr3
> > 10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3
> > 10.1.222/24 10.109.3.16 UG 0 0 - 32 vr0
> > 10.109.3/24 10.109.3.15 UCn 3 40 - 4 vr0
> > 10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 29 - 3 vr0
> > 10.109.3.15 00:00:24:cb:4f:cc UHLl 0 13 - 1 vr0
> > 10.109.3.16 00:00:24:cd:90:10 UHLch 1 26 - 3 vr0
> > 10.109.3.254 00:0d:b9:35:39:29 UHLch 1 31 - 3 vr0
> > 10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0
> > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
> > 127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0
> >
> >
> > On Tue, 7 Feb 2023 17:54:27 +1100
> > Bradley Latus <brad.la...@gmail.com> wrote:
> >
> > > Hi all,
> > >
> > > I have done an experiment.
> > >
> > > If your interface is part of an area, it will be advertised always.
> > >
> > > If you wanted to advertise only /32 this is how I got mine to work.
> > > Ensure your interface vr3 is not in your ospf area
> > >
> > > Add a static route to the one you wish to advertise, it appears that
> > unless
> > > a route exists on the machine you cannot redistribute a random ip.
> > >
> > > So route add 10.1.111.11/32 10.1.111.1
> > >
> > > Then you can redistribute your /32
> > >
> > >
> > >
> > > router-id 10.109.3.15
> > > redistribute 10.1.111.11/32
> > >
> > > area 0.0.0.0 {
> > > interface vr0
> > > }
> > >
> > >
> > >
> > > On Tue, 7 Feb 2023, 02:46 Radek, <r...@int.pl> wrote:
> > >
> > > > Hello,
> > > > > I’d check the databases on both sides.
> > > > > And flush/reload the config and fibs.
> > > > I reloaded and restarted OSPFd on both sides - nothing changes. Then, I
> > > > rebooted routers on both sides - nothing changes.
> > > > I still can see/ping the whole 10.1.111.0/24 subnet from the far end.
> > > >
> > > > [10.109.3.15]$ ospfctl show database router
> > > >
> > > > Router Link States (Area 0.0.0.0)
> > > >
> > > > LS age: 238
> > > > Options: -|-|-|-|-|-|E|-
> > > > LS Type: Router
> > > > Link State ID: 10.109.3.15
> > > > Advertising Router: 10.109.3.15
> > > > LS Seq Number: 0x80000016
> > > > Checksum: 0x6d0a
> > > > Length: 48
> > > > Flags: *|*|*|*|*|-|E|-
> > > > Number of Links: 2
> > > >
> > > > Link connected to: Stub Network
> > > > Link ID (Network ID): 10.1.111.0
> > > > Link Data (Network Mask): 255.255.255.0
> > > > Metric: 10
> > > >
> > > > Link connected to: Transit Network
> > > > Link ID (Designated Router address): 10.109.3.16
> > > > Link Data (Router Interface address): 10.109.3.15
> > > > Metric: 10
> > > >
> > > > LS age: 239
> > > > Options: -|-|-|-|-|-|E|-
> > > > LS Type: Router
> > > > Link State ID: 10.109.3.16
> > > > Advertising Router: 10.109.3.16
> > > > LS Seq Number: 0x80000016
> > > > Checksum: 0xb058
> > > > Length: 36
> > > > Flags: *|*|*|*|*|-|E|-
> > > > Number of Links: 1
> > > >
> > > > Link connected to: Transit Network
> > > > Link ID (Designated Router address): 10.109.3.16
> > > > Link Data (Router Interface address): 10.109.3.16
> > > > Metric: 10
> > > >
> > > >
> > > > [10.109.3.16]$ ospfctl show fib
> > > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > > Flags Prio Destination Nexthop
> > > > *S 8 0.0.0.0/0 10.109.3.254
> > > > *O 32 10.1.111.0/24 10.109.3.15
> > > >
> > > >
> > > > On Sun, 5 Feb 2023 22:20:07 +0100
> > > > Diederik Schouten <dsch...@high5.net> wrote:
> > > >
> > > > > Hello,
> > > > >
> > > > > I’d check the databases on both sides.
> > > > > And flush/reload the config and fibs.
> > > > > Then check again which link state advertisements are in the database.
> > > > > To make sure you now get the /32 advertised.
> > > > >
> > > > > Sent from my iPhone
> > > > >
> > > > > > On 5 Feb 2023, at 21:15, Radek <r...@int.pl> wrote:
> > > > > >
> > > > > > Hello Diederik, hello Tom,
> > > > > > this is a simple lab/testing configuration, that's why there is no
> > > > "passive" and other...
> > > > > > The purpose of this configuration is to allow access to certain IP
> > > > address and restrict access to the rest of the subnet.
> > > > > > I can use PF to block/pass what I need... but I'm trying make sure
> > if
> > > > I can do it by announcing "not more than needed" over OSPF.
> > > > > >
> > > > > > "redistribute 10.1.111.11/32" seems to be what I need, but
> > probally I
> > > > missed something, because this option doesn't work for me as expected.
> > > > > >
> > > > > > $ cat /etc/ospfd.conf
> > > > > > router-id 10.109.3.15
> > > > > > redistribute 10.1.111.11/32
> > > > > >
> > > > > > area 0.0.0.0 {
> > > > > > interface vr0
> > > > > > interface vr3
> > > > > > }
> > > > > >
> > > > > > Then, I can still see/ping other IPs in 10.1.111.0/24 from the far
> > > > end network.
> > > > > >
> > > > > > On the far router I can see the whole subnet instead of somthing
> > like
> > > > " *O 32 10.1.111.11/24 10.109.3.15".
> > > > > >
> > > > > > $ ospfctl show fib
> > > > > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > > > > Flags Prio Destination Nexthop
> > > > > > *S 8 0.0.0.0/0 10.109.3.254
> > > > > > *O 32 10.1.111.0/24 10.109.3.15
> > > > > >
> > > > > > Any clues?
> > > > > >
> > > > > >> On Sat, 4 Feb 2023 23:16:57 +0000
> > > > > >> Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> > > > > >>
> > > > > >> Hi Radek,
> > > > > >>
> > > > > >> it is better practice to add ospf network statements to
> > ospfd.conf
> > > > > >> (if you dont want to send / recieve ospf messages on an interface
> > set
> > > > the
> > > > > >> interface to passive in ospfd.conf
> > > > > >> avoid redistribute connected
> > > > > >> (add the network you want to be added to your ospf network) and
> > leave
> > > > the
> > > > > >> other network ommitted from your ospfd.conf
> > > > > >>
> > > > > >>
> > > > > >> I hope this helps,
> > > > > >>
> > > > > >>
> > > > > >>> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote:
> > > > > >>>
> > > > > >>> Hello,
> > > > > >>> is it possible to announce over OSPF only one (or a few
> > specific) IP
> > > > > >>> address instead of the whole subnet?
> > > > > >>> If yes.. an ospfd.conf example would be appreciated.
> > > > > >>>
> > > > > >>> $ cat /etc/hostname.vr3
> > > > > >>> inet 10.1.111.1 255.255.255.0
> > > > > >>>
> > > > > >>> $ cat /etc/ospfd.conf
> > > > > >>> router-id 10.109.3.15
> > > > > >>> redistribute connected
> > > > > >>>
> > > > > >>> area 0.0.0.0 {
> > > > > >>> interface vr0
> > > > > >>> interface vr3
> > > > > >>> }
> > > > > >>>
> > > > > >>> Thanks,
> > > > > >>> Radek
> > > > > >>>
> > > > > >>>
> > > > > >>
> > > > > >> --
> > > > > >> Kindest regards,
> > > > > >> Tom Smyth.
> > > > > >
> > > > > >
> > > > > > Radek
> > > > > >
> > > > >
> > > >
> > > >
> > > > Radek
> > > >
> > > >
> >
> >
> > Radek
> >
> >
Radek
