Hi, On Mon, 1 May 2017 07:21:26 +0200 Patrick Oeschger <patrick.oesch...@bluewin.ch> wrote:
> Anybody with experience in connecting Cisco IOS to Quagga NHRPD? I did extensive testing of opennhrp vs. Cisco, but quagga/nhrp is mostly tested against itself and opennhrp only. I have not had opportunity to do testing against Cisco, so this is good info. > IOS config: > > interface Tunnel10 > ip address 10.0.0.3 255.255.255.255 > no ip redirects > no ip unreachables > no ip proxy-arp > ip mtu 1400 > ip nhrp network-id 1 > ip nhrp nhs dynamic nbma 217.193.211.21 > ip nhrp shortcut > ip route-cache same-interface > no ip split-horizon > ip tcp adjust-mss 1300 > load-interval 30 > tunnel source GigabitEthernet0/0 > tunnel mode gre multipoint > tunnel protection ipsec profile GRE > > *Apr 28 15:16:29.233: NHRP: Send Registration Request via Tunnel10 vrf > 0, packet size: 92 > *Apr 28 15:16:29.233: src: 10.0.0.3, dst: 10.0.0.1 > *Apr 28 15:16:29.233: (F) afn: AF_IP(1), type: IP(800), hop: 255, > ver: 1 *Apr 28 15:16:29.233: shtl: 4(NSAP), sstl: 0(NSAP) > *Apr 28 15:16:29.233: pktsz: 92 extoff: 52 > *Apr 28 15:16:29.233: (M) flags: "unique nat ", reqid: 23 > *Apr 28 15:16:29.233: src NBMA: 194.209.75.37 > *Apr 28 15:16:29.233: src protocol: 10.0.0.3, dst protocol: > 10.0.0.1 *Apr 28 15:16:29.233: (C-1) code: no error(0) > *Apr 28 15:16:29.233: prefix: 32, mtu: 17916, hd_time: 7200 > *Apr 28 15:16:29.233: addr_len: 0(NSAP), subaddr_len: 0(NSAP), > proto_len: 0, pref: 0 > *Apr 28 15:16:29.233: NHRP: Receive Registration Reply via Tunnel10 > vrf 0, packet size: 112 > *Apr 28 15:16:29.233: (F) afn: AF_IP(1), type: IP(800), hop: 64, > ver: 1 *Apr 28 15:16:29.233: shtl: 4(NSAP), sstl: 0(NSAP) > *Apr 28 15:16:29.233: pktsz: 112 extoff: 52 > *Apr 28 15:16:29.233: (M) flags: "unique nat ", reqid: 23 > *Apr 28 15:16:29.233: src NBMA: 194.209.75.37 > *Apr 28 15:16:29.233: src protocol: 10.0.0.3, dst protocol: > 10.0.0.1 *Apr 28 15:16:29.233: (C-1) code: administratively > prohibited(4) *Apr 28 15:16:29.233: prefix: 32, mtu: 17916, > hd_time: 7200 *Apr 28 15:16:29.233: addr_len: 0(NSAP), > subaddr_len: 0(NSAP), proto_len: 0, pref: 0 > *Apr 28 15:16:29.233: %NHRP-3-PAKREPLY: Receive Registration Reply > packet with error - administratively prohibited(4) > > Another Linux box connects to DMVPN hub without any issues. > Config should be fine but there seems to be an incompatibility between > Quagga and IOS. > Any inputs/experiences with this issue? > Just saw one thing in source code ... quagga expects prefix 0xff and > IOS seems to report prefix 0x20 (32) > Happy to help dev and test patches if needed :) Your observation is correct. This makes the difference. RFC2332 states that if prefix length must be set to 0xff if unique bit is set - and now reading the code I must've been writing only the unique mode handling. Since that is usually the desired functionality. Now looking at your Cisco config (there's no "ip nhrp registration non-unique"), the unique bit should be set, and prefix length should be 0xff. So Cisco might be breaking RFC here. Perhaps you could get a packet capture to display what's going on? opennhrp did handle 0xff and a host sized prefix length equally. So perhaps we should do same in quagga/nhrp. Quagga/NHRP could also be improved to handle non-unique things. This seems to be requirement since Cisco expects this mode if the spoke is having a dynamic IP that may change often. Cisco treats non-unique mode as "replace the previous IP". Thanks, Timo _______________________________________________ Quagga-dev mailing list Quagga-dev@lists.quagga.net https://lists.quagga.net/mailman/listinfo/quagga-dev
