On Thu, May 30, 2013 at 11:51:24PM +0200, Stijn wrote:
> Hi misc,
>
> I've been playing with OSPF on OpenBSD and Cisco and there's
> something I can't get my head around. I hope someone is able to
> point my in the right direction.
>
> Let me first explain the setup; output of the devices follows at the end.
>
> I have a setup of two Cisco routers (IOS 12.4.25g) and one OpenBSD
> router (5.3 i386). All routers have an interface connected to area
> 0. The interfaces are defined as follows:
> router1: fa0/0, 10.0.0.1/24
> router2: fa0/0, 10.0.0.2/24
> soekris: sis1, 10.0.0.3/24
>
> Each router also have a loopback interface:
> router1: lo1, 1.1.1.1
> router2: lo1, 2.2.2.2
> soekris: lo1, 3.3.3.3
>
> On the "other" side of the routers I have defined a dedicated
> areafor each router:
> router1: area 0.0.0.1
> router2: area 0.0.0.2
> soekris: area 0.0.0.3
>
> In the dedicated area I've added the following interface:
> router1: vlan101, 10.101.0.1/24
> router2: vlan102, 10.102.0.1/24
> soekris: sis2, 10.103.0.1/24
>
> When I start ospfd, all routers are able to see each other. On
> soekris I'm also able to see the networks from the areas behind
> router1 and router2:
> ----
> soekris:~# ospfctl sh nei
> ID Pri State DeadTime Address Iface Uptime
> 1.1.1.1 1 FULL/BCKUP 00:00:00 10.0.0.1 sis0 00:21:48
> 2.2.2.2 1 FULL/DR 00:00:00 10.0.0.2 sis0 00:21:43
> ----
> soekris:~# ospfctl sh fib ospf
> flags: * = valid, O = OSPF, C = Connected, S = Static
> Flags Prio Destination Nexthop
> *O 32 1.1.1.1/32 10.0.0.1
> *O 32 2.2.2.2/32 10.0.0.2
> *O 32 10.0.0.0/24 10.0.0.3
> *O 32 10.101.0.0/24 10.0.0.1
> *O 32 10.102.0.0/24 10.0.0.2
> ----
>
> However on the Cisco routers I'm not able to see the dedicated
> network behind soekris:
> ----
> router1#sh ip route ospf
> 2.0.0.0/32 is subnetted, 1 subnets
> O 2.2.2.2 [110/2] via 10.0.0.2, 00:21:48, FastEthernet0/0
> 3.0.0.0/32 is subnetted, 1 subnets
> O 3.3.3.3 [110/11] via 10.0.0.3, 00:21:48, FastEthernet0/0
> 10.0.0.0/24 is subnetted, 3 subnets
> O IA 10.102.0.0 [110/2] via 10.0.0.2, 00:21:48, FastEthernet0/0
> ----
>
> When I add a secondary OpenBSD router (eeepc) behind soekris in area
> 0.0.0.3 (as a stub router) the networks in area 0.0.0.3 are shown on
> the Cisco routers (eeepc has 4.4.4.4 as loopback interface):
> ----
> router1#sh ip route ospf
> 2.0.0.0/32 is subnetted, 1 subnets
> O 2.2.2.2 [110/2] via 10.0.0.2, 00:00:16, FastEthernet0/0
> 3.0.0.0/32 is subnetted, 1 subnets
> O 3.3.3.3 [110/11] via 10.0.0.3, 00:00:16, FastEthernet0/0
> 4.0.0.0/32 is subnetted, 1 subnets
> O IA 4.4.4.4 [110/21] via 10.0.0.3, 00:00:06, FastEthernet0/0
> 10.0.0.0/24 is subnetted, 4 subnets
> O IA 10.102.0.0 [110/2] via 10.0.0.2, 00:00:16, FastEthernet0/0
> O IA 10.103.0.0 [110/11] via 10.0.0.3, 00:00:16, FastEthernet0/0
> ----
>
> I've seen on the Cisco routers the following that might point to the
> cause of the issue(?) When eeepc is not active the Cisco router
> shows soekris as "ASBR":
> ----
> router1#sh ip ospf border-routers
>
> OSPF Process 1 internal Routing Table
>
> Codes: i - Intra-area route, I - Inter-area route
>
> i 2.2.2.2 [1] via 10.0.0.2, FastEthernet0/0, ABR, Area 0, SPF 37
> i 3.3.3.3 [1] via 10.0.0.3, FastEthernet0/0, ASBR, Area 0, SPF 37
> ----
>
> When eeepc is active the Cisco shows soekris as "ASR/ASBR" and
> routes from area 0.0.0.3 are available on the Cisco routers:
> ----
> router1#sh ip ospf border-routers
>
> OSPF Process 1 internal Routing Table
>
> Codes: i - Intra-area route, I - Inter-area route
>
> i 2.2.2.2 [1] via 10.0.0.2, FastEthernet0/0, ABR, Area 0, SPF 36
> i 3.3.3.3 [1] via 10.0.0.3, FastEthernet0/0, ABR/ASBR, Area 0, SPF 36
> ----
>
> So, now my question is: how can I get soekris to be seen as an ABR
> without using eeepc? Is it because the Cisco routers see soekris as
> an ASBR that they don't add 10.103.0.0/24 and 4.4.4.4/32 to their
> routing table? I also played with the rfc1583 compatibility mode but
> without luck.
>
> Anybody have a clue how to solve this? Please let me know if you
> need any other output.
>
> Thanks in advance,
> Stijn
>
> Here's the output of the ospf config and interfaces.
>
> router1:
> ----
> router ospf 1
> router-id 1.1.1.1
> no compatible rfc1583
> log-adjacency-changes
> passive-interface Vlan101
> network 1.1.1.1 0.0.0.0 area 0
> network 10.0.0.0 0.0.0.255 area 0
> network 10.101.0.0 0.0.0.255 area 1
>
> interface FastEthernet0/0
> ip address 10.0.0.1 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 7 130A04020D5C
> ip ospf dead-interval minimal hello-multiplier 5
> duplex auto
> speed auto
> end
> ----
>
> router2:
> ----
> router ospf 1
> router-id 2.2.2.2
> no compatible rfc1583
> log-adjacency-changes
> passive-interface Vlan102
> network 2.2.2.2 0.0.0.0 area 0
> network 10.0.0.0 0.0.0.255 area 0
> network 10.1.0.0 0.0.0.255 area 0
> network 10.102.0.0 0.0.0.255 area 2
>
> interface FastEthernet0/0
> ip address 10.0.0.2 255.255.255.0
> ip ospf authentication message-digest
> ip ospf message-digest-key 1 md5 7 0504151F271C
> ip ospf dead-interval minimal hello-multiplier 5
> duplex auto
> speed auto
> end
> ----
>
> soekris:
> ----
> soekris:~# ifconfig sis0
> sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> lladdr 00:00:24:c5:ef:9c
> priority: 0
> media: Ethernet autoselect (100baseTX full-duplex)
> status: active
> inet 10.0.0.3 netmask 0xffffff00 broadcast 10.0.0.255
> inet6 fe80::200:24ff:fec5:ef9c%sis0 prefixlen 64 scopeid 0x1
> ----
> soekris:~# cat /etc/ospfd.conf
> # $OpenBSD: ospfd.conf,v 1.4 2007/06/19 16:49:56 reyk Exp $
>
> # macros
>
> # global configuration
> router-id 3.3.3.3
> redistribute connected
> fast-hello-interval msec 200
> router-dead-time minimal
> router-priority 3
> rfc1583compat no
>
> # areas
> area 0.0.0.0 {
> interface sis0 {
> auth-type crypt
> auth-md 1 "ospf0"
> auth-md-keyid 1
> }
> interface sis1 {
> auth-type crypt
> auth-md 1 "ospf1"
> auth-md-keyid 1
> }
> interface lo1 {
> passive
> }
> }
> area 0.0.0.3 {
> # stub redistribute default
> interface sis2 {
> auth-type crypt
> auth-md 1 "ospf2"
> auth-md-keyid 1
> }
> }
> ----
> eeepc:
> ----
> eeepc:~# cat /etc/ospfd.conf
> # global configuration
> router-id 4.4.4.4
> fast-hello-interval msec 200
> router-dead-time minimal
> router-priority 0
> rfc1583compat no
>
> # areas
> area 0.0.0.3 {
> # stub
> interface lii0 {
> auth-type crypt
> auth-md 1 "ospf2"
> auth-md-keyid 1
> }
> interface lo1 {
> passive
> }
> }
>
> FYI, eeepc is started as a stub router automatically because IP
> forwarding is not enabled.
Thanks for the detailed report. I remember something about the ABR flag
being only set if there is another router active in the area. There was
something about that in the RFC but maybe my memory is wrong.
I add it to my list of things to looks at during the hackathon.
--
:wq Claudio
