FRR, OSPF, and Loopbacks
-
I have some /32s that I need to terminate and announce from pfSense using OSPF. It seems that the only way to do this via the GUI is to create a random VLAN interface tied to a physical interface and then assign this interface as a passive interface in FRR/OSPF.
Can we get proper loopback creation support and the ability to assign these in various GUIs
-
There are several feature requests open that probably fit what you're asking for. This one if probably best to add comments to:
https://redmine.pfsense.org/issues/6651Steve
-
@stephenw10 Thank you, I have commented on that one. hopefully something like this doesn't require an astronomical amount of refactoring underneath.
-
Unfortunately I suspect it might be more complex than it appears initially.
Just to clarify the issue, you need to actually assign those additional subnets as a local interface so that FRR sees it as something locally attached and advertises it?
A VIP on localhost, which cannot be assigned, doesn't do that?Steve
-
@stephenw10 Correct. What I have is /32 public addresses that I need to bind to a local interface so that FRR 1) announces the route via OSPF and 2) knows that this route is "local" and in the "connected" state. I have tried creating a IP Alias VIP on localhost, which FRR will gladly pick up as being local/connected. However, I am unable to set /32 Zebra static routes and then redistribute these into OSPF...larger subnets redistribute fine, but /32s do not (at least when they correspond to a localhost VIP.
When create a dummy VLAN bound to a physical NIC, this allows assigning the Interface to an OSPF area, which is marked as a passive area. This satisfies the announcement and the local/connected requirement and I can terminate these /32 addresses and do whatever I want to with them...I use a few for 1:1 NAT with local servers, a few with outbound NAT, etc.
-
@stephenw10 One solution that I've found that seems to work editing the FRR config manually is to assign lo0 to the OSPF area and then create IP Aliases on the Loopback interface via Firewall > Virtual IPs.
Poking around in the code, I found the frr_get_interfaces function, which does include a switch to include the loopback. I adjusted the code in the GUI (frr_ospf_interfaces.xml) to include the loopback as an option)
<field> <fielddescr>Interface</fielddescr> <fieldname>interface</fieldname> <description>Enter the desired participating interface here.</description> <type>select_source</type> <source><![CDATA[frr_get_interfaces(false, false, true)]]></source> <source_name>name</source_name> <source_value>value</source_value> <required/> </field>What else is necessary to get the plugin to generate the necessary FRR configuration using lo0 as an interface?
-
The gui changes you made were insufficient?
That's not code I'm at all familiar with unfortunately.
Steve
-
@stephenw10 Oh wait lol, yeah actually that totally worked! I had something bunk with my saved config overriding the GUI (from my testing).
Seems that this patch works. I created a pull request on github, seems to be a pretty benign modification.
-
@vbman213
https://github.com/pfsense/FreeBSD-ports/pull/1011
