Re: alien OSPF route
On Fri, Sep 14, 2018 at 03:48:36PM +0200, Marko Cupać wrote: > On Fri, 14 Sep 2018 15:27:30 +0200 > Remi Locherer wrote: > > > Did you save the console output and daemon log from the restart? > > Can you share it? > > I restarted ospfd again with rcctl, console output gives just usual: > > ospfd(ok) > ospfd(ok) > > The second one waiting a bit more than I remember it used to. > > Here's ospfd-related stuff from daemon log: > > Sep 14 15:40:58 nat1 ospfd[34802]: route decision engine exiting > Sep 14 15:40:58 nat1 ospfd[73845]: ospf engine exiting > Sep 14 15:40:58 nat1 ospfd[2242]: kernel routing table decoupled > Sep 14 15:40:58 nat1 ospfd[2242]: terminating At this point no IPv4 routes with priority 32 should exists on host nat1. You can check this with "route -n show -priority 32". But according to the following log entries there still where some. How many OSPF routes do you have on host nat1? Which OpenBSD version? If I find the time I'll try to reproduce this. > Sep 14 15:40:58 nat1 ospfd[55815]: startup > Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.45/32 > Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.56/32 > Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.6.81/32 > Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.19.42/32 > > First three alien routes are on openbsd router two hops away, the last > one is my laptop which is one hop away. > > Could it be these are routes installed when someone connects through > ssh? I am connected through ssh, and it is possible that my colleague > also connected through ssh from 10.30.1.X and 10.30.6.X addresses. > > > Would I be in charge of running this network I would want to know > > where these alien routes come from. But I think it did not affect > > your network badly since you did not mention an outage. ;-) > > My point exactly :) If you have any idea where to start looking I'd be > grateful for any tips. > > Thank you for helping me with this. > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/
Re: alien OSPF route
On Fri, 14 Sep 2018 15:27:30 +0200 Remi Locherer wrote: > Did you save the console output and daemon log from the restart? > Can you share it? I restarted ospfd again with rcctl, console output gives just usual: ospfd(ok) ospfd(ok) The second one waiting a bit more than I remember it used to. Here's ospfd-related stuff from daemon log: Sep 14 15:40:58 nat1 ospfd[34802]: route decision engine exiting Sep 14 15:40:58 nat1 ospfd[73845]: ospf engine exiting Sep 14 15:40:58 nat1 ospfd[2242]: kernel routing table decoupled Sep 14 15:40:58 nat1 ospfd[2242]: terminating Sep 14 15:40:58 nat1 ospfd[55815]: startup Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.45/32 Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.56/32 Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.6.81/32 Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.19.42/32 First three alien routes are on openbsd router two hops away, the last one is my laptop which is one hop away. Could it be these are routes installed when someone connects through ssh? I am connected through ssh, and it is possible that my colleague also connected through ssh from 10.30.1.X and 10.30.6.X addresses. > Would I be in charge of running this network I would want to know > where these alien routes come from. But I think it did not affect > your network badly since you did not mention an outage. ;-) My point exactly :) If you have any idea where to start looking I'd be grateful for any tips. Thank you for helping me with this. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: alien OSPF route
On Fri, Sep 14, 2018 at 10:07:35AM +0200, Marko Cupać wrote: > On Thu, 13 Sep 2018 21:13:11 +0200 > Remi Locherer wrote: > > > On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote: > > > Hi, > > > > > > I saw this in my log for the first time, after adding 'no > > > redistribute default': > > > > > > ospfd[10921]: alien OSPF route 10.30.1.47/32 > > > > > > ospfd logs this message when it sees a routing entry with priority 32 > > which it did not originate. > > Thank you for clarification, Remi. Indeed, this firewall gets > default route with priority of 32 from downstream cisco router, which > is visible in routing table: This is a different thing! ospfd learns the default route from another router and installs it into the routing table with prio 32. Prio 32 is the prio of OSPF in OpenBSD. > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 193.53.106.254 UGS 1187 10456064776 - 8 bnx1 > default 192.168.225.6UG 00 -32 carp1 The route learned via ospf is not used in this case since you have a static default route. > > When you see this during the start of ospfd it could be from another > > ospfd running in the same rdomain. I had this when I wanted to do a > > config check but missed to option "-n" and started a second instance. > > There is now a check for this in the startup of ospfd in -current. > > Those addresses reported as alien routes are on subnet which is > connected to another openbsd box, something like this: > > openbsd---cisco---openbsd > > All those three boxes talk OSPF. But on remote openbsd box which > probably reports those routes, vlan interfaces for these subnets are > set as passive, so they shouldn't get any updates even if someone ran > OSPF on their phone. > > > You will also see this message when you add a static route with the > > "-priority 32". ospfd removes such routes after logging it. > > > > What did you do after adding "no redistribute default" to the config > > file? Restart with rcctl, reload with ospfctl? > > Restart with rcctl. Did you save the console output and daemon log from the restart? Can you share it? It could mean that the "old" ospfd did not properly clean up it's routes and the "new" ospfd removed the routes from the "old" one. > > > And why did you add "no redistribute default"? By default your default > > route is not redistributed. > > I thought this firewall's carp partner to-be was getting default route > from it, but it doesn't - it gets it from downstream cisco router. > > I don't see any negative effects on my network, just curious if I > should be worried :) Would I be in charge of running this network I would want to know where these alien routes come from. But I think it did not affect your network badly since you did not mention an outage. ;-) > > Regards, > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/
Re: alien OSPF route
On Thu, 13 Sep 2018 21:13:11 +0200 Remi Locherer wrote: > On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote: > > Hi, > > > > I saw this in my log for the first time, after adding 'no > > redistribute default': > > > > ospfd[10921]: alien OSPF route 10.30.1.47/32 > > > ospfd logs this message when it sees a routing entry with priority 32 > which it did not originate. Thank you for clarification, Remi. Indeed, this firewall gets default route with priority of 32 from downstream cisco router, which is visible in routing table: Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 193.53.106.254 UGS 1187 10456064776 - 8 bnx1 default 192.168.225.6UG 00 -32 carp1 > When you see this during the start of ospfd it could be from another > ospfd running in the same rdomain. I had this when I wanted to do a > config check but missed to option "-n" and started a second instance. > There is now a check for this in the startup of ospfd in -current. Those addresses reported as alien routes are on subnet which is connected to another openbsd box, something like this: openbsd---cisco---openbsd All those three boxes talk OSPF. But on remote openbsd box which probably reports those routes, vlan interfaces for these subnets are set as passive, so they shouldn't get any updates even if someone ran OSPF on their phone. > You will also see this message when you add a static route with the > "-priority 32". ospfd removes such routes after logging it. > > What did you do after adding "no redistribute default" to the config > file? Restart with rcctl, reload with ospfctl? Restart with rcctl. > And why did you add "no redistribute default"? By default your default > route is not redistributed. I thought this firewall's carp partner to-be was getting default route from it, but it doesn't - it gets it from downstream cisco router. I don't see any negative effects on my network, just curious if I should be worried :) Regards, -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: alien OSPF route
On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote:
> Hi,
>
> I saw this in my log for the first time, after adding 'no redistribute
> default':
>
> ospfd[10921]: alien OSPF route 10.30.1.47/32
>
> My ospfd.conf is quite minimal:
>
> router-priority 0
> router-id IP.ADD.RE.SS
> no redistribute default
> area 0.0.0.0 {
> interface bnx0 { metric 100 }
> }
>
> How to further investigate this? I see this on OpenBSD firewall which
> connects to Cisco router. The address appears to be smartphone on one
> of remote networks.
ospfd logs this message when it sees a routing entry with priority 32
which it did not originate.
When you see this during the start of ospfd it could be from another ospfd
running in the same rdomain. I had this when I wanted to do a config check
but missed to option "-n" and started a second instance. There is now
a check for this in the startup of ospfd in -current.
You will also see this message when you add a static route with the
"-priority 32". ospfd removes such routes after logging it.
What did you do after adding "no redistribute default" to the config file?
Restart with rcctl, reload with ospfctl?
And why did you add "no redistribute default"? By default your default
route is not redistributed.
Remi
alien OSPF route
Hi,
I saw this in my log for the first time, after adding 'no redistribute
default':
ospfd[10921]: alien OSPF route 10.30.1.47/32
My ospfd.conf is quite minimal:
router-priority 0
router-id IP.ADD.RE.SS
no redistribute default
area 0.0.0.0 {
interface bnx0 { metric 100 }
}
How to further investigate this? I see this on OpenBSD firewall which
connects to Cisco router. The address appears to be smartphone on one
of remote networks.
Thank you in advance,
--
Before enlightenment - chop wood, draw water.
After enlightenment - chop wood, draw water.
Marko Cupać
https://www.mimar.rs/
