On Mon, Aug 03, 2009 at 09:53:00AM -0400, Matthew Haas wrote:
> Good day.
>
> I hope this is the appropriate forum for my questions. It is both
> OpenBSD and OpenOSPFD related, but quite networking-centric. My
> apologies if there is a better forum.
Which version of OpenBSD are you using. There was a multicast fix going
into bridge(4) some time ago (IIRC after 4.5) that is necessary in your
case. On the other hand I don't understand why you need to have the
bridge, why not use two different networks one for em(4) and one for
tun(4) and let ospfd handle the rest. Running a dynamic routing protocol
allows you to do that without much issues.
>
> I've scoured the various examples out on the internet, referenced
> relevant information in the various OpenBSD FAQs and elsewhere, yet
> still am experiencing problems.
>
> Basically, I am trying to run OpenOSPFD to manage my routes between
> 4 routers (2 local, 2 remote, each managing a unique network). I
> have a backbone network on each of the routers for router
> communication, and the remote routers have backbone network IP
> addresses via an OpenVPN connection.
>
> I know pictures are preferred, but with the amount of information
> it seemed daunting, so here's a semi-picture (where the connection
> between all routers is via the 10.10.10.x network):
>
> local routers
> ----------------------------------------
> router A (OBSD4.4) router B (OBSD 4.4)
> ------------------ -------------------
> em0: 10.80.1.0/24 xl0: 10.80.2.0/24
> em1: 10.10.10.1 em0: 10.10.10.2
> tun1: backbone VPN
> bridge1: em0 + tun1
>
> remote routers
> ----------------------------------------
> router C (OBSD4.3) router D (FBSD 7.2)
> ------------------ -------------------
> re0: 10.81.1.0/24 xl1: 10.82.1.0/24
> tun1: 10.10.10.4 tap1: 10.10.10.5
>
> router B bridge1:
> /etc/bridgename.bridge1
> -----------------------
> add em0
> add tun1
> up
>
> *** IP forwarding is enabled on all routers.
>
> *** In pf rules on all routers, I am telling pf to skip the backbone
> and tun interfaces (so it doesn't somehow complicate things).
>
> Objective: Trying to run OSPF to manage routes between the routers,
> each of which manages a 10.8x.y.0/24 network.
>
> * the 10.10.10.x network is designated as the communications network
> between the routers (aka "backbone network").
>
> * the remote routers join the backbone via an OpenVPN connection
> hosted by "router B" (the tun1 interface on "router B").
>
> * tun1 and em0 on "router B" are bridged, in the belief that it
> will facilitate communication from routers C and D communicating
> on the backbone network.
>
> * the backbone VPN works. I can set static routes as appropriate and
> traffic routes as desired.
>
> * although I have 4 routers, I am playing with A, B, and C at this
> point, as I still have to figure out how to get OpenOSPFD on a
> FreeBSD box (it doesn't seem to be actively supported in ports
> anymore?)
>
> --------------------------------------------------------------------
>
> OpenOSPFD config (/etc/ospfd.conf)
> ----------------------------------
> router A (OpenOSPFD 4.4.1)
> --------------------------
> router-id 10.10.10.1
> redistribute connected
>
> area 0.0.0.0 {
> auth-type none
> interface em1
> }
>
> router B (OpenOSPFD 4.4.1)
> --------------------------
> router-id 10.10.10.2
> redistribute connected
>
> area 0.0.0.0 {
> auth-type none
> interface em0
> }
>
> router C (native OpenOSPFD to OBSD4.3)
> --------------------------------------
> router-id 10.10.10.4
> redistribute connected
>
> area 0.0.0.0 {
> auth-type none
> interface tun1
> }
>
> --------------------------------------------------------------------
>
> Observations: There appears to be problems on "router B" when OSPFd
> is trying to establish full communication amongst all the routers.
>
> Output of "ospfctl show neighbor" when all 3 are running
> --------------------------------------------------------
> router A
> --------
> 10.10.10.4 1 FULL/DR 00:00:31 10.10.10.4 em1 09:55:14
> 10.10.10.2 1 FULL/OTHER 00:00:31 10.10.10.2 em1 16:11:21
>
> router B
> --------
> 10.10.10.4 1 DOWN/OTHER 00:02:04 10.10.10.4 tun1 -
> 10.10.10.1 1 FULL/BCKUP 00:00:30 10.10.10.1 em0 16:11:47
>
> router C
> --------
> 10.10.10.1 1 FULL/BCKUP 00:00:34 10.10.10.1 tun1 09:55:50
> 10.10.10.2 1 INIT/OTHER 00:00:34 10.10.10.2 tun1 -
>
> If I just run ospfd on routers A and C, they seem to talk just fine.
> When I start ospfd on router B, if I tell it to use "interface em0"
> it seems to be able to talk okay with router A (but has issues
> talking to router C), whereas if it is using "interface tun1", it
> can talk to router C, but has issues talking to router A (I see lots
> of "unknown neighbor ID" messages from ospfd-- a tcpdump seems to
> show traffic destined to router A from B is going down tun1, never
> getting to the right place-- but this is usually when I tell router
> B to use BOTH em0 and tun1, just two consecutive interface
> statements in the area stanza).
>
> When I have "router B" use tun1 (the backbone VPN link), I have to
> assign it an IP (10.10.10.6 for the sake of experimenting). This
> tends to have an effect of popping up on routers A and C as a
> neighbor.
>
> I thought what might be a way to solve the problem was to tell
> router B to use the bridge1 interface... but I cannot seem to apply
> an IP address to it.
>
> The questions I think I have are:
>
> - Do I need to do something more with the bridge to somehow get it
> talking transparently between the two interfaces on router B?
>
> - Is it possible to apply an IP address to an OpenBSD bridge? If so,
> how?
>
> - Any suggestions for dealing with OpenOSPFD communications through this
> scenario?
>
> - I can use OSPF on more than 2 routers, right? I don't see anything
> that specifically says "max/only 2", but I do see some status messages
> that refer to "2-WAY", and all the examples found out on the internet
> make use of only 2 routers. I do have a 3rd local router (not
> mentioned) that I'd also like to join in on the fun once I get things
> going.
>
> - I do want OSPF in this scenario, right? I read up on BGP and OSPF and
> arrived at the conclusion that I am dealing with interior routing.
>
> - Random OT question: Does anyone know the current state of OpenOSPFD on
> non-OpenBSD systems (and FreeBSD 7.2 in particular)? From what I can
> see, OpenOSPFD was removed from ports a year or so ago, citing lack of
> maintainer. I see other mentions that people should favor OpenOSPFD
> over Quagga's OSPFD due to a more active community.
>
> Thanks for any help, suggestions, pointers, etc. that can be offered.
>
> -Matthew
>
--
:wq Claudio
