OSPF Database routes Redistributed into BGP
-
Hello all,
I'm running pfsense 2.6.0 CE edition, with the FFR package installed.
Each firewall has the following specs:
Firewall A:
WAN/em0: 192.168.1.22/24
LAN/em1: 172.16.1.1/24
OPT1/em2: 172.17.1.1/24
OPT2/em3: 172.18.1.1/24BGP: AS 9990
BGP: OSPF Redistribution: IPv4
BGP: Networks to Distribute NONE
BGP: Route MAP NONEOSPF AREA 0 => OPT2: 172.18.1.0/24
OSPF Database:============ OSPF network routing table ============
N 172.18.1.0/24 [100] area: 0.0.0.0
directly attached to em3============ OSPF router routing table =============
============ OSPF external routing table ===========
Firewall B:
WAN/em0: 192.168.1.23/24
LAN/em1: 10.10.10.1/24
OPT1/em2: 10.10.11.1/24
OPT2/em3: 10.10.12.1/24BGP: AS 9991
BGP OSPF Redistribution: IPv4
BGP: Networks to Distribute NONE
BGP: Route MAP NONEOSPF AREA 0 => OPT2: 10.10.12.0/24
OSPF Database:============ OSPF network routing table ============
N 10.10.12.0/24 [100] area: 0.0.0.0
directly attached to em3============ OSPF router routing table =============
============ OSPF external routing table ===========
I'm under the impression that the routes listed in the OSPF database should inject inself into the BGP RIB and advertise 172.18.1.0/24 to firewall B from firewall A via BGP, and advertise 10.10.12.0/24 to firewall A from firewall B via BGP.
If I add any subnet to 'Networks to Distribute' under BGP, it will advertise the subnet without a problem. I've also tried Redistribute Local connected networks, and redistribute FRR static routes, and redistribute Kernel routing table/pfsense Static routes without any luck to advertise 172.18.1.0/24(firewall A) , and 10.10.12.0/24 (firewall B)
I'm thinking the OSPF Routes => Injected into BGP database RIB => Advertise
Thanks!
-
@shon can you provide better output of your configs?
Log into pfsense via ssh
at the command prompt type invtysh
From there type in
sh running-config
Paste that here.
-
Firewall A:
2.6.0-RELEASE][admin@pfSense0.lab.lan]/root: vtysh Hello, this is FRRouting (version 7.5.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. pfSense0.lab.lan# sh running-config Building configuration... Current configuration: ! frr version 7.5.1 frr defaults traditional hostname pfSense0.lab.lan log syslog service integrated-vtysh-config ! password 123 ! ip router-id 10.10.10.1 ! interface em3 ip ospf area 0 ! router bgp 9990 bgp router-id 172.16.1.1 bgp log-neighbor-changes no bgp network import-check neighbor 192.168.1.23 remote-as 9991 neighbor 192.168.1.23 description pfsense1 neighbor 192.168.1.23 update-source 192.168.1.22 ! address-family ipv4 unicast redistribute ospf route-map allow-all no neighbor 192.168.1.23 send-community neighbor 192.168.1.23 route-map allow-all in neighbor 192.168.1.23 route-map allow-all out exit-address-family ! address-family ipv6 unicast redistribute ospf6 route-map allow-all neighbor 192.168.1.23 activate no neighbor 192.168.1.23 send-community neighbor 192.168.1.23 route-map allow-all in neighbor 192.168.1.23 route-map allow-all out exit-address-family ! router ospf ospf router-id 10.10.10.1 log-adjacency-changes detail neighbor 10.10.12.1 ! route-map allow-all permit 100 ! line vty ! end pfSense0.lab.lan#
Firewall B:
[2.6.0-RELEASE][admin@pfSense1.lab.lan]/root: vtysh Hello, this is FRRouting (version 7.5.1). Copyright 1996-2005 Kunihiro Ishiguro, et al. pfSense1.lab.lan# sh running-config Building configuration... Current configuration: ! frr version 7.5.1 frr defaults traditional hostname pfSense1.lab.lan log syslog service integrated-vtysh-config ! password 123 ! ip router-id 10.10.10.1 ! interface em3 ip ospf area 0 ! router bgp 9991 bgp router-id 10.10.10.1 bgp log-neighbor-changes no bgp network import-check neighbor 192.168.1.22 remote-as 9990 neighbor 192.168.1.22 description pfsense0 neighbor 192.168.1.22 update-source 192.168.1.23 ! address-family ipv4 unicast redistribute ospf route-map allow-all no neighbor 192.168.1.22 send-community neighbor 192.168.1.22 route-map allow-all in neighbor 192.168.1.22 route-map allow-all out exit-address-family ! address-family ipv6 unicast redistribute ospf6 route-map allow-all neighbor 192.168.1.22 activate no neighbor 192.168.1.22 send-community neighbor 192.168.1.22 route-map allow-all in neighbor 192.168.1.22 route-map allow-all out exit-address-family ! router ospf ospf router-id 172.16.1.1 log-adjacency-changes detail neighbor 172.18.1.1 ! route-map allow-all permit 100 set weight 1000 ! line vty ! end