• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OSPF Database routes Redistributed into BGP

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 837 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    shon
    last edited by Mar 11, 2023, 5:49 PM

    Hello all,

    I'm running pfsense 2.6.0 CE edition, with the FFR package installed.

    Each firewall has the following specs:

    Firewall A:
    WAN/em0: 192.168.1.22/24
    LAN/em1: 172.16.1.1/24
    OPT1/em2: 172.17.1.1/24
    OPT2/em3: 172.18.1.1/24

    BGP: AS 9990
    BGP: OSPF Redistribution: IPv4
    BGP: Networks to Distribute NONE
    BGP: Route MAP NONE

    OSPF AREA 0 => OPT2: 172.18.1.0/24
    OSPF Database:

    ============ OSPF network routing table ============
    N 172.18.1.0/24 [100] area: 0.0.0.0
    directly attached to em3

    ============ OSPF router routing table =============

    ============ OSPF external routing table ===========

    Firewall B:
    WAN/em0: 192.168.1.23/24
    LAN/em1: 10.10.10.1/24
    OPT1/em2: 10.10.11.1/24
    OPT2/em3: 10.10.12.1/24

    BGP: AS 9991
    BGP OSPF Redistribution: IPv4
    BGP: Networks to Distribute NONE
    BGP: Route MAP NONE

    OSPF AREA 0 => OPT2: 10.10.12.0/24
    OSPF Database:

    ============ OSPF network routing table ============
    N 10.10.12.0/24 [100] area: 0.0.0.0
    directly attached to em3

    ============ OSPF router routing table =============

    ============ OSPF external routing table ===========

    I'm under the impression that the routes listed in the OSPF database should inject inself into the BGP RIB and advertise 172.18.1.0/24 to firewall B from firewall A via BGP, and advertise 10.10.12.0/24 to firewall A from firewall B via BGP.

    If I add any subnet to 'Networks to Distribute' under BGP, it will advertise the subnet without a problem. I've also tried Redistribute Local connected networks, and redistribute FRR static routes, and redistribute Kernel routing table/pfsense Static routes without any luck to advertise 172.18.1.0/24(firewall A) , and 10.10.12.0/24 (firewall B)

    I'm thinking the OSPF Routes => Injected into BGP database RIB => Advertise

    Thanks!

    1 Reply Last reply Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance
      last edited by Mar 11, 2023, 6:21 PM

      @shon can you provide better output of your configs?
      Log into pfsense via ssh
      at the command prompt type in

      vtysh
      

      From there type in

       sh running-config 
      

      Paste that here.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      S 1 Reply Last reply Mar 11, 2023, 6:27 PM Reply Quote 0
      • S
        shon @michmoor
        last edited by Mar 11, 2023, 6:27 PM

        @michmoor

        Firewall A:

        2.6.0-RELEASE][admin@pfSense0.lab.lan]/root: vtysh
        
        Hello, this is FRRouting (version 7.5.1).
        Copyright 1996-2005 Kunihiro Ishiguro, et al.
        
        pfSense0.lab.lan# sh running-config
        Building configuration...
        
        Current configuration:
        !
        frr version 7.5.1
        frr defaults traditional
        hostname pfSense0.lab.lan
        log syslog
        service integrated-vtysh-config
        !
        password 123
        !
        ip router-id 10.10.10.1
        !
        interface em3
         ip ospf area 0
        !
        router bgp 9990
         bgp router-id 172.16.1.1
         bgp log-neighbor-changes
         no bgp network import-check
         neighbor 192.168.1.23 remote-as 9991
         neighbor 192.168.1.23 description pfsense1
         neighbor 192.168.1.23 update-source 192.168.1.22
         !
         address-family ipv4 unicast
          redistribute ospf route-map allow-all
          no neighbor 192.168.1.23 send-community
          neighbor 192.168.1.23 route-map allow-all in
          neighbor 192.168.1.23 route-map allow-all out
         exit-address-family
         !
         address-family ipv6 unicast
          redistribute ospf6 route-map allow-all
          neighbor 192.168.1.23 activate
          no neighbor 192.168.1.23 send-community
          neighbor 192.168.1.23 route-map allow-all in
          neighbor 192.168.1.23 route-map allow-all out
         exit-address-family
        !
        router ospf
         ospf router-id 10.10.10.1
         log-adjacency-changes detail
         neighbor 10.10.12.1
        !
        route-map allow-all permit 100
        !
        line vty
        !
        end
        pfSense0.lab.lan# 
        
        
        

        Firewall B:

        [2.6.0-RELEASE][admin@pfSense1.lab.lan]/root: vtysh
        
        Hello, this is FRRouting (version 7.5.1).
        Copyright 1996-2005 Kunihiro Ishiguro, et al.
        
        pfSense1.lab.lan# sh running-config 
        Building configuration...
        
        Current configuration:
        !
        frr version 7.5.1
        frr defaults traditional
        hostname pfSense1.lab.lan
        log syslog
        service integrated-vtysh-config
        !
        password 123
        !
        ip router-id 10.10.10.1
        !
        interface em3
         ip ospf area 0
        !
        router bgp 9991
         bgp router-id 10.10.10.1
         bgp log-neighbor-changes
         no bgp network import-check
         neighbor 192.168.1.22 remote-as 9990
         neighbor 192.168.1.22 description pfsense0
         neighbor 192.168.1.22 update-source 192.168.1.23
         !
         address-family ipv4 unicast
          redistribute ospf route-map allow-all
          no neighbor 192.168.1.22 send-community
          neighbor 192.168.1.22 route-map allow-all in
          neighbor 192.168.1.22 route-map allow-all out
         exit-address-family
         !
         address-family ipv6 unicast
          redistribute ospf6 route-map allow-all
          neighbor 192.168.1.22 activate
          no neighbor 192.168.1.22 send-community
          neighbor 192.168.1.22 route-map allow-all in
          neighbor 192.168.1.22 route-map allow-all out
         exit-address-family
        !
        router ospf
         ospf router-id 172.16.1.1
         log-adjacency-changes detail
         neighbor 172.18.1.1
        !
        route-map allow-all permit 100
         set weight 1000
        !
        line vty
        !
        end
        
        
        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received