OpenOSPFD overwriting connected route
-
I just started playing with OpenOSPFD, and immediately ran into a problem when a route received via OSPF overwrote a route to a directly connected interface. Am I doing something wrong? It seems like that's something that should work (not fail) by default.
Ie. my setup was effectively:
Cisco x.x.x.x pfSense y.y.y.y
I had a static route in the cisco to y.y.y.y subnet. I then enabled OSPF between the Cisco and pfSense, with the Cisco redistributing static routes (including y.y.y.y), and my directly attached y.y.y.y host could no longer talk to the pfSense box - it overwrote the directly connected route. (arping did reply, but no IP) One I removed the static route on the Cisco, it worked again.
This is on recent pfSense 2.0 BETA5 (Jan 11) and the current OpenOSPFD package (installed yesterday, it's not printing the package version at the moment, as www.pfsense.com is currently unreachable for me).
-
Surely I'm doing something wrong here, any ideas? I keep running into this problem in various places/forms, where an OSPF route takes precedence over a directly connected route, and I effectively loose all connectivity on that interface. I'll start looking for ways to force metrics/precedence but it seems anyone using OpenOSPF in any scenario with redundant links would have run into this.
I've updated several times, I'm currently on Jan 24 builds, with OpenOSPFD 0.5.1 package.
-
I've actually stopped using OSPF entirely and/or disabling FIB updates due to this. However the problem seems to be more general, and I'm hitting it with OpenBGPD now, too.
Eg. I have 2 pfsense boxes as a CARP pair, and both are BGP peered to each other and a couple other routers on their WAN. I have a near identical config on both the carp master and backup, with both advertising the LAN subnet in BGP. However right now a host on the LAN cannot talk to the carp backup box because it (the carp backup) has a route to the directly connected LAN subnet via the carp master's WAN address - ie. the bgp route has superseded the directly connected route to the LAN. (If I add a firewall rule to allow src of the LAN subnet in the master's WAN interface, I can then talk to the carp backup.)
I'm not very knowledgable in FreeBSD, but is there any way to I guess make it act more like a cisco, and use a route to a directly connected interface to talk to the directly connected hosts? (And shouldn't that be the default behavior?)
-
Why do you have the static route in the Cisco at all? It should get that route from your over OSPF. The pfSense router should be distributing a route for that subnet to the Cisco, not the other way around.
-
The cisco advertising that was during the transition from static routes to ospf .. once I took it out of the cisco, the pfsense box would again talk to the directly connected network.
But that's just one scenario, I keep hitting this underlying problem over and over in different forms. It seems freebsd is either a very unfriendly platform for routing, or something's not setup/configured right.
-
I've been trying to dig into this a little, and workarounds to make OpenBGPD and OpenOSPFD usable. It looks like the core issues is FreeBSD only allows a single entry in the routing table to any given destination; when the interface is brought up you have a route to that network out that interface, but when a routing daemon learns that same prefix and updates the routing table, it overwrites the first entry. FreeBSD supports multiple FIBs now, but it looks like pfsense is built with only one, so I'm trying to find solutions within that constraint.
It turns out fixing OpenBGPD is easy - you simply add a "Metrix X" parameter to each of your defined neighbors with a value greater than 1.
I'm still working on OpenOSPFD (and ospf/bgp together). There's a "Metric" under the interface settings tab, but that's something different (it's the ospf interface cost). I'll keep this updated with what I figure out.
