On Fri, Sep 14, 2018 at 10:07:35AM +0200, Marko Cupać wrote: > On Thu, 13 Sep 2018 21:13:11 +0200 > Remi Locherer <remi.loche...@relo.ch> wrote: > > > On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote: > > > Hi, > > > > > > I saw this in my log for the first time, after adding 'no > > > redistribute default': > > > > > > ospfd[10921]: alien OSPF route 10.30.1.47/32 > > > > > > ospfd logs this message when it sees a routing entry with priority 32 > > which it did not originate. > > Thank you for clarification, Remi. Indeed, this firewall gets > default route with priority of 32 from downstream cisco router, which > is visible in routing table:
This is a different thing! ospfd learns the default route from another router and installs it into the routing table with prio 32. Prio 32 is the prio of OSPF in OpenBSD. > Internet: > Destination Gateway Flags Refs Use Mtu Prio Iface > default 193.53.106.254 UGS 1187 10456064776 - 8 bnx1 > default 192.168.225.6 UG 0 0 - 32 carp1 The route learned via ospf is not used in this case since you have a static default route. > > When you see this during the start of ospfd it could be from another > > ospfd running in the same rdomain. I had this when I wanted to do a > > config check but missed to option "-n" and started a second instance. > > There is now a check for this in the startup of ospfd in -current. > > Those addresses reported as alien routes are on subnet which is > connected to another openbsd box, something like this: > > openbsd---cisco---openbsd > > All those three boxes talk OSPF. But on remote openbsd box which > probably reports those routes, vlan interfaces for these subnets are > set as passive, so they shouldn't get any updates even if someone ran > OSPF on their phone. > > > You will also see this message when you add a static route with the > > "-priority 32". ospfd removes such routes after logging it. > > > > What did you do after adding "no redistribute default" to the config > > file? Restart with rcctl, reload with ospfctl? > > Restart with rcctl. Did you save the console output and daemon log from the restart? Can you share it? It could mean that the "old" ospfd did not properly clean up it's routes and the "new" ospfd removed the routes from the "old" one. > > > And why did you add "no redistribute default"? By default your default > > route is not redistributed. > > I thought this firewall's carp partner to-be was getting default route > from it, but it doesn't - it gets it from downstream cisco router. > > I don't see any negative effects on my network, just curious if I > should be worried :) Would I be in charge of running this network I would want to know where these alien routes come from. But I think it did not affect your network badly since you did not mention an outage. ;-) > > Regards, > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/
