Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OSPF Database routes Redistributed into BGP

    Routing and Multi WAN
    2
    3
    230
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      shon last edited by

      Hello all,

      I'm running pfsense 2.6.0 CE edition, with the FFR package installed.

      Each firewall has the following specs:

      Firewall A:
      WAN/em0: 192.168.1.22/24
      LAN/em1: 172.16.1.1/24
      OPT1/em2: 172.17.1.1/24
      OPT2/em3: 172.18.1.1/24

      BGP: AS 9990
      BGP: OSPF Redistribution: IPv4
      BGP: Networks to Distribute NONE
      BGP: Route MAP NONE

      OSPF AREA 0 => OPT2: 172.18.1.0/24
      OSPF Database:

      ============ OSPF network routing table ============
      N 172.18.1.0/24 [100] area: 0.0.0.0
      directly attached to em3

      ============ OSPF router routing table =============

      ============ OSPF external routing table ===========

      Firewall B:
      WAN/em0: 192.168.1.23/24
      LAN/em1: 10.10.10.1/24
      OPT1/em2: 10.10.11.1/24
      OPT2/em3: 10.10.12.1/24

      BGP: AS 9991
      BGP OSPF Redistribution: IPv4
      BGP: Networks to Distribute NONE
      BGP: Route MAP NONE

      OSPF AREA 0 => OPT2: 10.10.12.0/24
      OSPF Database:

      ============ OSPF network routing table ============
      N 10.10.12.0/24 [100] area: 0.0.0.0
      directly attached to em3

      ============ OSPF router routing table =============

      ============ OSPF external routing table ===========

      I'm under the impression that the routes listed in the OSPF database should inject inself into the BGP RIB and advertise 172.18.1.0/24 to firewall B from firewall A via BGP, and advertise 10.10.12.0/24 to firewall A from firewall B via BGP.

      If I add any subnet to 'Networks to Distribute' under BGP, it will advertise the subnet without a problem. I've also tried Redistribute Local connected networks, and redistribute FRR static routes, and redistribute Kernel routing table/pfsense Static routes without any luck to advertise 172.18.1.0/24(firewall A) , and 10.10.12.0/24 (firewall B)

      I'm thinking the OSPF Routes => Injected into BGP database RIB => Advertise

      Thanks!

      1 Reply Last reply Reply Quote 0
      • M
        michmoor last edited by

        @shon can you provide better output of your configs?
        Log into pfsense via ssh
        at the command prompt type in

        vtysh

        From there type in

         sh running-config

        Paste that here.

        Firewall: NetGate 6100/7100U, Palo Alto
        Routing: Juniper MX204 , Arista 7050X3
        Switching: Juniper EX/QFX. Arista 7050SX
        Wireless: Unifi, Aruba IAP

        S 1 Reply Last reply Reply Quote 0
        • S
          shon @michmoor last edited by

          @michmoor

          Firewall A:

          2.6.0-RELEASE][admin@pfSense0.lab.lan]/root: vtysh

Hello, this is FRRouting (version 7.5.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

pfSense0.lab.lan# sh running-config
Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname pfSense0.lab.lan
log syslog
service integrated-vtysh-config
!
password 123
!
ip router-id 10.10.10.1
!
interface em3
 ip ospf area 0
!
router bgp 9990
 bgp router-id 172.16.1.1
 bgp log-neighbor-changes
 no bgp network import-check
 neighbor 192.168.1.23 remote-as 9991
 neighbor 192.168.1.23 description pfsense1
 neighbor 192.168.1.23 update-source 192.168.1.22
 !
 address-family ipv4 unicast
  redistribute ospf route-map allow-all
  no neighbor 192.168.1.23 send-community
  neighbor 192.168.1.23 route-map allow-all in
  neighbor 192.168.1.23 route-map allow-all out
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute ospf6 route-map allow-all
  neighbor 192.168.1.23 activate
  no neighbor 192.168.1.23 send-community
  neighbor 192.168.1.23 route-map allow-all in
  neighbor 192.168.1.23 route-map allow-all out
 exit-address-family
!
router ospf
 ospf router-id 10.10.10.1
 log-adjacency-changes detail
 neighbor 10.10.12.1
!
route-map allow-all permit 100
!
line vty
!
end
pfSense0.lab.lan#

          Firewall B:

          [2.6.0-RELEASE][admin@pfSense1.lab.lan]/root: vtysh

Hello, this is FRRouting (version 7.5.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

pfSense1.lab.lan# sh running-config 
Building configuration...

Current configuration:
!
frr version 7.5.1
frr defaults traditional
hostname pfSense1.lab.lan
log syslog
service integrated-vtysh-config
!
password 123
!
ip router-id 10.10.10.1
!
interface em3
 ip ospf area 0
!
router bgp 9991
 bgp router-id 10.10.10.1
 bgp log-neighbor-changes
 no bgp network import-check
 neighbor 192.168.1.22 remote-as 9990
 neighbor 192.168.1.22 description pfsense0
 neighbor 192.168.1.22 update-source 192.168.1.23
 !
 address-family ipv4 unicast
  redistribute ospf route-map allow-all
  no neighbor 192.168.1.22 send-community
  neighbor 192.168.1.22 route-map allow-all in
  neighbor 192.168.1.22 route-map allow-all out
 exit-address-family
 !
 address-family ipv6 unicast
  redistribute ospf6 route-map allow-all
  neighbor 192.168.1.22 activate
  no neighbor 192.168.1.22 send-community
  neighbor 192.168.1.22 route-map allow-all in
  neighbor 192.168.1.22 route-map allow-all out
 exit-address-family
!
router ospf
 ospf router-id 172.16.1.1
 log-adjacency-changes detail
 neighbor 172.18.1.1
!
route-map allow-all permit 100
 set weight 1000
!
line vty
!
end
          1 Reply Last reply Reply Quote 0
          • First post
            Last post