OSPF not announcing to gre tunnel peers
-
I'm a long time Cisco user, new to frr/pfsense. Be gentle with me, please.
I've been running OSPF for about 25 years on my network, no issues. I'm now bringing up a new pfsense box at home, with the intent to replace my aging gear.
At home, I have commercial internet providers, along with a dedicated T1 to my colocation space. I use both IPv6 and IPv4 OSPF, and my intent was to add a GRE tunnel (later IPSEC tunnel) to the PFsense box to relegate the T1 to backup service. This is how I had it set up on the Cisco box previously, and it had been working fine.
The pfsense box dropped in, and I was able to get everything set up. IPv6 works perfectly, and the OSPF integrated fine, exactly as expected. IPv4 OSPF, on the other hand, does not work as expected.
Colo <- T1 -> Cisco box <- pfsense box -> GRE tunnel to colo
Again, IPv6 OSPF is perfect.
The IPv4 OSPF is ... unusual. The pfsense box is not announcing any routes
over the GRE tunnel (point-to-point). The pfsense box is announcing its routes to the Cisco box at home, over ethernet.On pfsense:
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
172.17.1.252 10 Full/DR 33.963s 172.17.7.2 igb2.7:172.17.7.1 0 0 0
172.18.0.4 1 Full/DROther 23.968s 172.17.1.225 gre0:172.17.1.226 0 0 0So, it is seeing both neighbors (172.18.0.4 is the colo router, over the GRE tunnel). 172.17.7.0/24 is the local ethernet, to which both routers are connected. If I look at the local Cisco router:
gw1# sh ip route 172.18.0.6
Routing entry for 172.18.0.6/32
Known via "ospf 10", distance 110, metric 100, type intra area
Last update from 172.17.7.1 on FastEthernet0/1.7, 00:11:58 ago
Routing Descriptor Blocks:- 172.17.7.1, from 172.18.0.6, 00:11:58 ago, via FastEthernet0/1.7
Route metric is 100, traffic share count is 1
I see the loopback interface of the pfsense box correctly announced.
If I look at the router in colo:
edge3#sh ip route 172.18.0.6
Routing entry for 172.18.0.6/32
Known via "ospf 10", distance 110, metric 5100, type intra area
Last update from 172.18.2.2 on Serial1/0:0, 00:13:21 ago
Routing Descriptor Blocks:- 172.18.2.2, from 172.18.0.6, 00:13:21 ago, via Serial1/0:0
Route metric is 5100, traffic share count is 1
I see the route to the pfsense box through the T1, not through the GRE tunnel.
edge3#sh ip ospf n
Neighbor ID Pri State Dead Time Address Interface
172.17.1.252 0 FULL/ - 00:00:37 172.18.2.2 Serial1/0:0
172.18.0.1 1 2WAY/DROTHER 00:00:35 172.18.1.1 FastEthernet0/0
172.18.0.5 1 FULL/BDR 00:00:36 172.18.1.15 FastEthernet0/0
172.18.0.8 1 FULL/DR 00:00:34 172.18.1.8 FastEthernet0/0
172.18.0.6 0 FULL/ - 00:00:29 172.17.1.226 Tunnel10I've confirmed, by looking at tcpdumps of the GRE link, that the pfsense box really isn't announcing any routes via this link.
Now, looking at vtysh, I do see that - even though the gre interface has an assigned IP address (172.17.1.226/30), this doesn't appear correctly, and shows as unnumbered:
pfsense# sh ip ospf int
gre0 is up
ifindex 10, MTU 1460 bytes, BW 0 Mbit <UP,POINTOPOINT,RUNNING,MULTICAST>
This interface is UNNUMBERED, Area 0.0.0.0
MTU mismatch detection: enabled
Router ID 172.18.0.6, Network Type POINTOPOINT, Cost: 1000
Transmit Delay is 1 sec, State Point-To-Point, Priority 1
No backup designated router on this network
Multicast group memberships: OSPFAllRouters
Timer intervals configured, Hello 10s, Dead 30s, Wait 30s, Retransmit 10
Hello due in 5.024s
Neighbor Count is 1, Adjacent neighbor count is 1I suspect that the FRR OSPF isn't seeing the IP address of the interface, thus doesn't know it's in area 0.
What am I missing?
- 172.17.7.1, from 172.18.0.6, 00:11:58 ago, via FastEthernet0/1.7
-
-
Agreed. I recompiled frr, and replaced zebra and ospfd, and it now correctly advertises routes over the gre tunnels. Thank you very much for the pointer!
