OSPFv3 cannot work when "block bogon networks" selected on interface



  • Hello,
    I've been working on getting OSPFv3 up between our Cisco 3750 and pfSense. I had no issues with the configuration and getting the two to start sending HELLO packets to each other. However OSPF would not come out of INIT. I after some debugging on the firewall it was clear the ospf6d process was not getting the HELLOs from the 3750. After messing with the firewall rules for a while with no success I disabled "block bogon networks" on the interface and OSPF came up immediately.

    I'm curious if this is intentional? I mean obviously OSPF is talking via the link-local addresses which one could consider to be bogons here, but on the other hand it seems that the use of OSPFv3 on the WAN side interfaces plus blocking IPv4 bogons might be a pretty common use case as well?

    Thanks!


  • Rebel Alliance Developer Netgate

    You would not normally use OSPF on a WAN which could be exposed to bogon networks. It's normally used internally, or between internally connected interfaces at least. Bogons would be blocked at the edge of your network, not inside.



  • Hi Jim,
    Thanks for your advice. I checked and our upstream gateway routers are indeed configured to block bogons at that point, so there is no issue with leaving this removed from the WAN interface.

    Regards,
    Erik


Log in to reply