[quagga-dev 6451] Re: OSPF passive interface question.

Fritz Reichmann fritz at reichmann.nl
Wed Mar 4 10:54:11 GMT 2009


Hi Joakim,

I tried with c871---quagga, but could not reproduce with this simple
setup, with redistributing routes 6.6.6.6/32 from cisco to quagga, and
7.7.7.7/32 from quagga to cisco.

c871#sh run
Building configuration...

Current configuration : 4274 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c871
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default group radius local-case
aaa authorization exec default if-authenticated
!
!
aaa session-id common
!
dot11 syslog
no ip source-route
!
!
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip multicast-routing
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
 ip pim sparse-dense-mode
!
interface Loopback2
 ip address 2.2.2.2 255.255.255.255
 ip pim sparse-dense-mode
 ip igmp join-group 224.2.2.2
!
interface FastEthernet0
 description LAN
 switchport access vlan 3
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 shutdown
 no dot11 qos mode
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0 48.0 54.0
 station-role root
!
interface Vlan1
 no ip address
!
interface Vlan3
 ip address 192.168.1.2 255.255.255.0
 ip pim sparse-dense-mode
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets route-map ospf-map
 network 192.168.1.0 0.0.0.255 area 0
!
router bgp 65500
 bgp log-neighbor-changes
 neighbor 192.168.1.1 remote-as 65501
 !
 address-family ipv4
  neighbor 192.168.1.1 activate
  neighbor 192.168.1.1 soft-reconfiguration inbound
  no auto-summary
  no synchronization
 exit-address-family
 !
 address-family ipv4 multicast
  redistribute connected
  redistribute static
  neighbor 192.168.1.1 activate
  no auto-summary
  network 192.168.5.0
 exit-address-family
!
ip forward-protocol nd
ip route 6.6.6.6 255.255.255.255 Null0
ip route 11.0.0.0 255.0.0.0 Null0
no ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip mroute 10.0.0.0 255.0.0.0 Null0
!
ip access-list standard ospf-acl
 permit 6.6.6.6
!
access-list 1 permit any
no cdp run

!
!
!
!
route-map ospf-map permit 10
 match ip address ospf-acl
!
radius-server host 192.168.1.1 auth-port 1812 acct-port 1813
radius-server key radius
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
end
c871#sh ip route ospf
     7.0.0.0/32 is subnetted, 1 subnets
O E2    7.7.7.7 [110/20] via 192.168.1.1, 00:03:38, Vlan3

#################
Quagga:
mark-quagga# sh run

Current configuration:
!
hostname mark-quagga
password q
enable password q
!
interface eth0
 ip address 192.168.0.24/24
 ipv6 nd suppress-ra
!
interface eth1
 ip address 192.168.2.1/24
 ipv6 nd suppress-ra
!
interface lo
!
interface lo0
 ipv6 nd suppress-ra
!
interface wlan0
 ipv6 nd suppress-ra
!
interface wmaster0
 ipv6 nd suppress-ra
!
ip route 7.7.7.7/32 Null0
!
router-id 5.5.5.5
ip forwarding
!
!
line vty
!
end
mark-quagga# sh ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O>* 6.6.6.6/32 [110/20] via 192.168.1.2, eth1, 00:04:38
O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:04:40

##############
OSPFD:

mark-ospfd# sh run

Current configuration:
!
hostname mark-ospfd
password q
log stdout
!
!
!
interface eth0
!
interface eth1
!
interface lo
!
interface wlan0
!
interface wmaster0
!
router ospf
 redistribute static route-map ospf-map
 network 192.168.1.0/24 area 0.0.0.0
!
access-list ospf-acl permit 7.7.7.7/32
!
route-map ospf-map permit 10
 match ip address ospf-acl
!
line vty
!
end
mark-ospfd# sh ip ospf route
============ OSPF network routing table ============
N    192.168.1.0/24        [10] area: 0.0.0.0
                           directly attached to eth1

============ OSPF router routing table =============
R    2.2.2.2               [10] area: 0.0.0.0, ASBR
                           via 192.168.1.2, eth1

============ OSPF external routing table ===========
N E2 6.6.6.6/32            [10/20] tag: 0
                           via 192.168.1.2, eth1


##################

Then setting interface vlan3 passive on cisco:
c871#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
c871(config)#router ospf 1
c871(config-router)#passive-interface vlan3
c871(config-router)#^Z
c871#
*Mar  1 03:02:01.167: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on Vlan3 from
FULL to DOWN, Neighbor Down: Interface down or detached
*Mar  1 03:02:02.015: %SYS-5-CONFIG_I: Configured from console by fritz on
vty0 (192.168.1.1)
c871#sh ip route ospf

c871#

And the route 6.6.6.6/32 is gone in zebra:

mark-quagga# sh ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O>* 6.6.6.6/32 [110/20] via 192.168.1.2, eth1, 00:04:38
O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:04:40
mark-quagga# sh ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:06:27
mark-quagga# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth0
S>* 7.7.7.7/32 [1/0] is directly connected, Null0, bh
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
C>* 192.168.0.0/24 is directly connected, eth0
O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:08:18
C>* 192.168.1.0/24 is directly connected, eth1

And back again:
c871#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
c871(config)#router ospf 1
c871(config-router)#no passi vlan 3
c871(config-router)#^Z
c871#
*Mar  1 03:06:18.263: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on Vlan3 from
LOADING to FULL, Loading Done
*Mar  1 03:06:19.175: %SYS-5-CONFIG_I: Configured from console by fritz on
vty0 (192.168.1.1)
c871#

Route 6.6.6.6/32 is back:

mark-quagga# sh ip route ospf
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O>* 6.6.6.6/32 [110/20] via 192.168.1.2, eth1, 00:00:22
O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:10:24
mark-quagga# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth0
O>* 6.6.6.6/32 [110/20] via 192.168.1.2, eth1, 00:00:23
S>* 7.7.7.7/32 [1/0] is directly connected, Null0, bh
K * 127.0.0.0/8 is directly connected, lo
C>* 127.0.0.0/8 is directly connected, lo
K>* 169.254.0.0/16 is directly connected, eth0
C>* 192.168.0.0/24 is directly connected, eth0
O   192.168.1.0/24 [110/10] is directly connected, eth1, 00:10:25
C>* 192.168.1.0/24 is directly connected, eth1


So this either means it cannot be reproduces with redistributes, or with
only 2 routes back to back, or the bug is in the way quagga takes the
interface to passive.
In the latter case one needs to try quagga-quagga, which I can not test
today.

However, I tried to set the interface eth1 passive on quagga as well:
mark-ospfd# conf t
mark-ospfd(config)# router ospf
mark-ospfd(config-router)# pass eth1
mark-ospfd(config-router)#

Leads to cisco timing out neighbor after dead time is reached:

c871#sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
5.5.5.5           1   FULL/DR         00:00:24    192.168.1.1     Vlan3
c871#sh ip ospf neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
5.5.5.5           1   FULL/DR         00:00:19    192.168.1.1     Vlan3
c871#
*Mar  1 03:13:08.183: %OSPF-5-ADJCHG: Process 1, Nbr 5.5.5.5 on Vlan3 from
FULL to DOWN, Neighbor Down: Dead timer expired

And adjacency and route 7.7.7.7/32 are gone:

c871#sh ip route ospf

c871#

Fritz


>>
>> "Andrew J. Schorr" <aschorr at telemetry-investments.com> wrote on
> 02/03/2009
>> 19:35:31:
>>
>> > On Mon, Mar 02, 2009 at 05:23:17PM +0100, Joakim Tjernlund wrote:
>> > > Just to confirm the passive interface function in OSPF. If an
>> interface is
>> > > set to passive there should be no OSPF traffic sent or received over
>
>> that
>> > > interface, correct?
>> > >
>> > > I see a problem in current Quagga:
>> > >  R1 --- R2 --- R3---R4,
>> > >  R2 has its interface to R1 set to passive.
>> > >  All other interfaces in R1, R2, R3 and R4 has OSPF fully enabled.
>> > >
>> > > R1 still have routes learned from R2 that points to R3 and R4
>> > > This seems wrong to me, R1 should not know anything about R3 and R4.
>> >
>> > Yes, that seems wrong.  Is an adjacency being formed between
>> > R1 and R2?  What do 'show ip ospf neigh' and 'show ip ospf interface'
>> > say on R1 and R2?
>>
>> No adjacency, need to get access to the router tomorrow to see what
>> is going on. Perhaps it is something that happens when you flip
>> an existing connection between R1 and R2 into passive? Will
>> check what happens if I start the router in passive mode directly.
>>
>>  Jocke
>
> Got a bit busy but now I have managed to check a litte.
> Turns out that the routes are deleted from OSPF,
> "show ip ospf route" does not contain routes to R3 and R4.
> Howver "show ip route" does, so it seem like
> OSPF isn't deleting the routes from zebra.
>
> I havn't managed to see why and would very much like if someone else
> can test too as I don't know if this problem is due to something in my
> system or if it is a general Quagga problem.
>
>  Jocke
>
> _______________________________________________
> Quagga-dev mailing list
> Quagga-dev at lists.quagga.net
> http://lists.quagga.net/mailman/listinfo/quagga-dev
>





More information about the Quagga-dev mailing list