Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OSPF Database routes Redistributed into BGP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 935 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      shon
      last edited by

      Hello all,

      I'm running pfsense 2.6.0 CE edition, with the FFR package installed.

      Each firewall has the following specs:

      Firewall A:
      WAN/em0: 192.168.1.22/24
      LAN/em1: 172.16.1.1/24
      OPT1/em2: 172.17.1.1/24
      OPT2/em3: 172.18.1.1/24

      BGP: AS 9990
      BGP: OSPF Redistribution: IPv4
      BGP: Networks to Distribute NONE
      BGP: Route MAP NONE

      OSPF AREA 0 => OPT2: 172.18.1.0/24
      OSPF Database:

      ============ OSPF network routing table ============
      N 172.18.1.0/24 [100] area: 0.0.0.0
      directly attached to em3

      ============ OSPF router routing table =============

      ============ OSPF external routing table ===========

      Firewall B:
      WAN/em0: 192.168.1.23/24
      LAN/em1: 10.10.10.1/24
      OPT1/em2: 10.10.11.1/24
      OPT2/em3: 10.10.12.1/24

      BGP: AS 9991
      BGP OSPF Redistribution: IPv4
      BGP: Networks to Distribute NONE
      BGP: Route MAP NONE

      OSPF AREA 0 => OPT2: 10.10.12.0/24
      OSPF Database:

      ============ OSPF network routing table ============
      N 10.10.12.0/24 [100] area: 0.0.0.0
      directly attached to em3

      ============ OSPF router routing table =============

      ============ OSPF external routing table ===========

      I'm under the impression that the routes listed in the OSPF database should inject inself into the BGP RIB and advertise 172.18.1.0/24 to firewall B from firewall A via BGP, and advertise 10.10.12.0/24 to firewall A from firewall B via BGP.

      If I add any subnet to 'Networks to Distribute' under BGP, it will advertise the subnet without a problem. I've also tried Redistribute Local connected networks, and redistribute FRR static routes, and redistribute Kernel routing table/pfsense Static routes without any luck to advertise 172.18.1.0/24(firewall A) , and 10.10.12.0/24 (firewall B)

      I'm thinking the OSPF Routes => Injected into BGP database RIB => Advertise

      Thanks!

      1 Reply Last reply Reply Quote 0
      • M Offline
        michmoor LAYER 8 Rebel Alliance
        last edited by

        @shon can you provide better output of your configs?
        Log into pfsense via ssh
        at the command prompt type in

        vtysh
        

        From there type in

         sh running-config 
        

        Paste that here.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          shon @michmoor
          last edited by

          @michmoor

          Firewall A:

          2.6.0-RELEASE][admin@pfSense0.lab.lan]/root: vtysh
          
          Hello, this is FRRouting (version 7.5.1).
          Copyright 1996-2005 Kunihiro Ishiguro, et al.
          
          pfSense0.lab.lan# sh running-config
          Building configuration...
          
          Current configuration:
          !
          frr version 7.5.1
          frr defaults traditional
          hostname pfSense0.lab.lan
          log syslog
          service integrated-vtysh-config
          !
          password 123
          !
          ip router-id 10.10.10.1
          !
          interface em3
           ip ospf area 0
          !
          router bgp 9990
           bgp router-id 172.16.1.1
           bgp log-neighbor-changes
           no bgp network import-check
           neighbor 192.168.1.23 remote-as 9991
           neighbor 192.168.1.23 description pfsense1
           neighbor 192.168.1.23 update-source 192.168.1.22
           !
           address-family ipv4 unicast
            redistribute ospf route-map allow-all
            no neighbor 192.168.1.23 send-community
            neighbor 192.168.1.23 route-map allow-all in
            neighbor 192.168.1.23 route-map allow-all out
           exit-address-family
           !
           address-family ipv6 unicast
            redistribute ospf6 route-map allow-all
            neighbor 192.168.1.23 activate
            no neighbor 192.168.1.23 send-community
            neighbor 192.168.1.23 route-map allow-all in
            neighbor 192.168.1.23 route-map allow-all out
           exit-address-family
          !
          router ospf
           ospf router-id 10.10.10.1
           log-adjacency-changes detail
           neighbor 10.10.12.1
          !
          route-map allow-all permit 100
          !
          line vty
          !
          end
          pfSense0.lab.lan# 
          
          
          

          Firewall B:

          [2.6.0-RELEASE][admin@pfSense1.lab.lan]/root: vtysh
          
          Hello, this is FRRouting (version 7.5.1).
          Copyright 1996-2005 Kunihiro Ishiguro, et al.
          
          pfSense1.lab.lan# sh running-config 
          Building configuration...
          
          Current configuration:
          !
          frr version 7.5.1
          frr defaults traditional
          hostname pfSense1.lab.lan
          log syslog
          service integrated-vtysh-config
          !
          password 123
          !
          ip router-id 10.10.10.1
          !
          interface em3
           ip ospf area 0
          !
          router bgp 9991
           bgp router-id 10.10.10.1
           bgp log-neighbor-changes
           no bgp network import-check
           neighbor 192.168.1.22 remote-as 9990
           neighbor 192.168.1.22 description pfsense0
           neighbor 192.168.1.22 update-source 192.168.1.23
           !
           address-family ipv4 unicast
            redistribute ospf route-map allow-all
            no neighbor 192.168.1.22 send-community
            neighbor 192.168.1.22 route-map allow-all in
            neighbor 192.168.1.22 route-map allow-all out
           exit-address-family
           !
           address-family ipv6 unicast
            redistribute ospf6 route-map allow-all
            neighbor 192.168.1.22 activate
            no neighbor 192.168.1.22 send-community
            neighbor 192.168.1.22 route-map allow-all in
            neighbor 192.168.1.22 route-map allow-all out
           exit-address-family
          !
          router ospf
           ospf router-id 172.16.1.1
           log-adjacency-changes detail
           neighbor 172.18.1.1
          !
          route-map allow-all permit 100
           set weight 1000
          !
          line vty
          !
          end
          
          
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.