[quagga-dev 16609] Re: Quagga NHRPD / Cisco IOS 15.5(2)T

Timo Teras timo.teras at iki.fi
Mon May 1 06:39:21 BST 2017


Hi,

On Mon, 1 May 2017 07:21:26 +0200
Patrick Oeschger <patrick.oeschger at bluewin.ch> wrote:

> Anybody with experience in connecting Cisco IOS to Quagga NHRPD?

I did extensive testing of opennhrp vs. Cisco, but quagga/nhrp is
mostly tested against itself and opennhrp only. I have not had
opportunity to do testing against Cisco, so this is good info.

> IOS config:
> 
> interface Tunnel10
>  ip address 10.0.0.3 255.255.255.255
>  no ip redirects
>  no ip unreachables
>  no ip proxy-arp
>  ip mtu 1400
>  ip nhrp network-id 1
>  ip nhrp nhs dynamic nbma 217.193.211.21
>  ip nhrp shortcut
>  ip route-cache same-interface
>  no ip split-horizon
>  ip tcp adjust-mss 1300
>  load-interval 30
>  tunnel source GigabitEthernet0/0
>  tunnel mode gre multipoint
>  tunnel protection ipsec profile GRE
> 
> *Apr 28 15:16:29.233: NHRP: Send Registration Request via Tunnel10 vrf
> 0, packet size: 92
> *Apr 28 15:16:29.233:  src: 10.0.0.3, dst: 10.0.0.1
> *Apr 28 15:16:29.233:  (F) afn: AF_IP(1), type: IP(800), hop: 255,
> ver: 1 *Apr 28 15:16:29.233:      shtl: 4(NSAP), sstl: 0(NSAP)
> *Apr 28 15:16:29.233:      pktsz: 92 extoff: 52
> *Apr 28 15:16:29.233:  (M) flags: "unique nat ", reqid: 23
> *Apr 28 15:16:29.233:      src NBMA: 194.209.75.37
> *Apr 28 15:16:29.233:      src protocol: 10.0.0.3, dst protocol:
> 10.0.0.1 *Apr 28 15:16:29.233:  (C-1) code: no error(0)
> *Apr 28 15:16:29.233:        prefix: 32, mtu: 17916, hd_time: 7200
> *Apr 28 15:16:29.233:        addr_len: 0(NSAP), subaddr_len: 0(NSAP),
> proto_len: 0, pref: 0
> *Apr 28 15:16:29.233: NHRP: Receive Registration Reply via Tunnel10
> vrf 0, packet size: 112
> *Apr 28 15:16:29.233:  (F) afn: AF_IP(1), type: IP(800), hop: 64,
> ver: 1 *Apr 28 15:16:29.233:      shtl: 4(NSAP), sstl: 0(NSAP)
> *Apr 28 15:16:29.233:      pktsz: 112 extoff: 52
> *Apr 28 15:16:29.233:  (M) flags: "unique nat ", reqid: 23
> *Apr 28 15:16:29.233:      src NBMA: 194.209.75.37
> *Apr 28 15:16:29.233:      src protocol: 10.0.0.3, dst protocol:
> 10.0.0.1 *Apr 28 15:16:29.233:  (C-1) code: administratively
> prohibited(4) *Apr 28 15:16:29.233:        prefix: 32, mtu: 17916,
> hd_time: 7200 *Apr 28 15:16:29.233:        addr_len: 0(NSAP),
> subaddr_len: 0(NSAP), proto_len: 0, pref: 0
> *Apr 28 15:16:29.233: %NHRP-3-PAKREPLY: Receive Registration Reply
> packet with error - administratively prohibited(4)
> 
> Another Linux box connects to DMVPN hub without any issues.
> Config should be fine but there seems to be an incompatibility between
> Quagga and IOS.
> Any inputs/experiences with this issue?
> Just saw one thing in source code ... quagga expects prefix 0xff and
> IOS seems to report prefix 0x20 (32)
> Happy to help dev and test patches if needed :)

Your observation is correct. This makes the difference. RFC2332 states
that if prefix length must be set to 0xff if unique bit is set - and
now reading the code I must've been writing only the unique mode
handling. Since that is usually the desired functionality.

Now looking at your Cisco config (there's no "ip nhrp registration
non-unique"), the unique bit should be set, and prefix length should be
0xff. So Cisco might be breaking RFC here. Perhaps you could get a
packet capture to display what's going on?

opennhrp did handle 0xff and a host sized prefix length equally. So
perhaps we should do same in quagga/nhrp.

Quagga/NHRP could also be improved to handle non-unique things. This
seems to be requirement since Cisco expects this mode if the spoke is
having a dynamic IP that may change often. Cisco treats non-unique
mode as "replace the previous IP".

Thanks,
Timo


More information about the Quagga-dev mailing list