ospfd/ospf6d causing denial of service(?)

Mon, 23 May 2011 08:05:24 -0700 

Had a strange issue overnight. In short I had two OpenBSD boxes acting
as routers denial of service my network with OSPFv3 multicast packets.

The setup is as follows:

Two OpenBSD 4.9 amd64 boxes running ospfd and ospf6d. Each box has two
NICs, each of which is on a separate subnet. Both of these subnets are
used for redundant connections for routers through separate switches
(C 6500). There's about 10 OSPF neighbors on both subnets, each of
those are generally Cisco devices that are dual homed the same way.

The issue was discovered with tcpdump on a 3rd OpenBSD box that's
setup with the same config as above. It showed multicast OSPFv3
packets with the above two routers source IP with their router ID's.
The rate was extremely high, something like 500k such packets in 10
seconds. Unplugging these two boxes immediately restored connectivity.

I'm not understanding why an OSPFv3 packet would have IPv4 source /
destination addresses but myself and three others concur that that was
what was going on OR something about ipv6 was mentioned in the dump
but with v4 addresses.

Unfortunately I didn't have the foresight to do a binary tcpdump. The
tcpdump data that was on the local console also scrolled back too far
for us to get back to to with scroll lock/page up.

We're also exploring the possibility of these multicast packets
somehow being forwarded or looped through and causing a denial of
service. These OpenBSD boxes do have `net.inet.ip.mforwarding=1` but
I'm leaning more towards some ospf6d/ospfd bug or issue since OSPF's
TTL is 1.


## ospfd.conf:
###########################
router-id 10.171.0.14
redistribute 10.171.0.139/25
redistribute 10.171.7.139/25
redistribute 10.171.0.14/32
area 0.0.0.0 {
        interface lo1 {
                passive
        }
        interface em0 {
                metric 10
                auth-type crypt
                auth-md 1 "SOMETHING"
                auth-md-keyid 1
        }
        interface em1 {
                metric 10
                auth-type crypt
                auth-md 1 "SOMETHING"
                auth-md-keyid 1
        }
}


## ospf6d.conf:
###########################
router-id 10.171.0.14
redistribute 2608:f4e0:100:101::139/64
redistribute 2608:f4e0:100:102::139/64
redistribute 2608:f4e0::14/128
area 0.0.0.0 {
        interface lo1 {
                passive
        }
        interface em0 {
                metric 10
        }
        interface em1 {
                metric 10
        }
}

Reply via email to