Saturday, January 02, 2021

ospf question

Hello list,

I have a question regarding the use of ospf with OpenBSD 6.8.

I have a network that consists of 23 OpenBSD 6.8 based routers (created, within a virtualbox environment on a GNU/Linux server, to match the physical network I manage - the only different being that the physical network consists of FreeBSD based routers rather than OpenBSD ones). I set this up after have replaced a FreeBSD based router with an OpenBSD based one in the real network and immediately experiencing an issue accessing parts of the network.

Within my setup there is one router (router22) that is six hops away from the designated default gateway (which I'll call the firewall) and there are two paths (going different ways around the network) to get to it. I am able to run a traceroute to router22, but am not able to ping it or ssh onto it. If I ssh to the router connected to the firewall then I can ping and ssh to router22 (at that point it's only 5 hops away). If I reboot any router that lies within the path to router22 then I am subsequently able to ping and ssh router22 from the firewall.

I have also subsequently duplicated the entire network again using FreeBSD 12.2 and the problem does not occur, so as far as I can see it's just an OpenBSD ospf issue.

I first set this up after replacing a FreeBSD based router with an OpenBSD based one and experiencing another strange issue. In this instance the shortest path from my server network (accessible from router01) to router08, router11 and router12 was router01 <-> router13 <-> router21 <-> router08 <-> router11 <-> router12, when I put the OpenBSD router in as router13 I could no longer ping router08, router11 or router12 (though I could still ping router21). If I connected to a router in a different part of the network I was able to ping each of the inaccessible ones, so it was only when the OpenBSD based router was along the shortest path the issue manifested itself.

Is anyone aware of incompatibilities between the OSPF implementation within OpenBSD and that provided by quagga on FreeBSD? Or of any limitations of OSPF on OpenBSD?

In each setup I have the same hello and dead interval and have md5 crypt authentication in place on each link between routers. Each router is in area 0.0.0.0.

regards,
Mark

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)