Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OSPFv3 cannot work when "block bogon networks" selected on interface

    Scheduled Pinned Locked Moved
    FRR
    2
    3
    257
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hpxca
      last edited by

      Hello,
      I've been working on getting OSPFv3 up between our Cisco 3750 and pfSense. I had no issues with the configuration and getting the two to start sending HELLO packets to each other. However OSPF would not come out of INIT. I after some debugging on the firewall it was clear the ospf6d process was not getting the HELLOs from the 3750. After messing with the firewall rules for a while with no success I disabled "block bogon networks" on the interface and OSPF came up immediately.

      I'm curious if this is intentional? I mean obviously OSPF is talking via the link-local addresses which one could consider to be bogons here, but on the other hand it seems that the use of OSPFv3 on the WAN side interfaces plus blocking IPv4 bogons might be a pretty common use case as well?

      Thanks!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You would not normally use OSPF on a WAN which could be exposed to bogon networks. It's normally used internally, or between internally connected interfaces at least. Bogons would be blocked at the edge of your network, not inside.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • H
          hpxca
          last edited by

          Hi Jim,
          Thanks for your advice. I checked and our upstream gateway routers are indeed configured to block bogons at that point, so there is no issue with leaving this removed from the WAN interface.

          Regards,
          Erik

          1 Reply Last reply Reply Quote 0
          • First post
            Last post