Quagga OSPF in a full mesh WAN

  • I've been running pfSense with OpenVPN in a 5 site full mesh for quite a while now and for numerous reasons, I started to implement quagga and ospf about a year ago.
    Basically, it works just fine but there's one thing that bothers me.

    The main reason for implementing ospf was to be able to seamlessly insert Citrix SD-WAN (WAN optimization and link aggregation) in the path and in an event of any of the SD-WAN appliances failing, the firewalls would fall back to the OpenVPN connections.

    Since running a full mesh, all sites belongs to area 0. This means that I can insert routing information as I whish anywhere and it will be distributed using ospf.
    But, this is also my issue. As soon as there is an update to routing information anywhere in the network, it seems to me like pfSense rips out all dynamic routes and the inserts the new routing table. This makes the whole network stalls for a few seconds as the new routes are being inserted.

    As an example, Site1, Site2 and Site3 are all interconnected. If the connection between Site2 and Site3 drops, nothing happens. But when it comes back up again, connections between Site1 and Site2 as well as between Site1 and Site3 get disconnected.
    That the route between Site2 and Site3 has to be updated I understand but not that it has to delete and reinsert the same routes at Site1.

    I've been trying out a lot of ideas (splitting into areas, using PBR, etc.) but it seem like I always end up with the fact I might need to setup and maintain a series of complex accept/redistribution filters which would limit my idea of a dynamic network.

    Any Ideas would be appreciated.

  • All right,
    After posting this, I spend some time not focusing on my doubts on how I set up quagga and found some information about pfSense specific "issues" and found some posts about rc.newwanip.
    Tried commenting out "send_event("service reload packages");" and all my troubled was gone..
    This is of corse no long time solution but quagga/ospf now seems to behave the way I pictured it.

    Anyone that knows if there is a possibility so disable the reload of a single package (quagga) when issuing the service reload packages?

Log in to reply