Quagga OSPF bug: no redistribution networks are written in wrong order
-
Hi,
here the patch to fix it ;)
(I must disallow distribution public routes which are in kernel routes … so my firewalls can't reach themselfes over the right interface)
*** /usr/local/pkg/quagga_ospfd.inc.orig Sun Feb 17 07:05:10 2013 --- /usr/local/pkg/quagga_ospfd.inc Sun Feb 17 07:06:11 2013 *************** function quagga_ospfd_install_conf() { *** 215,225 **** $conffile .= $redist; if (!empty($noredist)) { $conffile .= " distribute-list dnr-list out connected\n"; $conffile .= " distribute-list dnr-list out kernel\n"; $conffile .= " distribute-list dnr-list out static\n"; //$conffile .= " distribute-list dnr-list out ospf\n"; - $conffile .= $noredist; $conffile .= " access-list dnr-list permit any\n"; } --- 215,225 ---- $conffile .= $redist; if (!empty($noredist)) { + $conffile .= $noredist; $conffile .= " distribute-list dnr-list out connected\n"; $conffile .= " distribute-list dnr-list out kernel\n"; $conffile .= " distribute-list dnr-list out static\n"; //$conffile .= " distribute-list dnr-list out ospf\n"; $conffile .= " access-list dnr-list permit any\n"; }
Bests
Reiner
-
Committed, thanks!
-
Hi,
good info.. struggling with same thing.. Trying to disable redistribution of public ip's …
-
How / what do i need to do to update quagga packages -> update files with scp -> reinstall package or ?
-
Where to get modified files -> https://github.com/pfsense/pfsense-packages/tree/master/config/quagga_ospfd ?
-
Im running fresh vm-install:
2.0.2-RELEASE (amd64)
built on Fri Dec 7 22:39:32 EST 2012
FreeBSD 8.1-RELEASE-p13quagga:
0.99.20.1 v0.5.1
br.
.k -
-
just click the 'pkg' button from the list and it will reinstall and pick up the change.
-
just click the 'pkg' button from the list and it will reinstall and pick up the change.
ok. thanks. its done now.. im still having difficulties with "disabling redistribution":
im trying to disable wan network not to redistribute to another pfsense…
-
If select "disable redistribution" | 85.20.0.0/24 | 0.0.0.0 |
-
status page of ospfd says:
"ospfd does not appear to be running"
br.
.k -
-
That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)
-
That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)
Hi,
I have something equal problem… (howto create a new thread out of this additional question?^^)
Since I updated last time my router IDs pfsense won't start again.=> http://forum.pfsense.org/index.php/topic,59103.msg318308.html#msg318308
[2.0.1-RELEASE][root@fw1.jws1.local]/root(10): clog /var/log/system.log | grep -e ospf -e zebra
Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:1]: Update
Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Update
Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Already ASBRMmh, perhaps this is the problem? Before last update there where configs in this directory (ospfd.conf and zebra.conf)
[2.0.1-RELEASE][root@fw1.jws1.local]/root(11): ls -la /usr/local/etc/quagga/
total 4
drwxr-xr-x 2 quagga quagga 512 Feb 24 20:35 .
drwxr-xr-x 14 root wheel 512 Feb 24 20:35 ..ah no… they stay still in
[2.0.1-RELEASE][root@fw1.jws1.local]/root(14): ls -la /var/etc/quagga/
total 8
drwxr-xr-x 2 quagga quagga 512 Feb 20 22:47 .
drwxr-xr-x 8 root wheel 1024 Feb 25 20:05 ..
-rw–----- 1 quagga quagga 625 Feb 25 21:40 ospfd.conf
-rw------- 1 quagga quagga 100 Feb 25 21:40 zebra.conf[2.0.1-RELEASE][root@fw1.jws1.local]/root(15): cat /var/etc/quagga/zebra.conf
This file was created by the pfSense package manager. Do not edit!
password secret
log syslog[2.0.1-RELEASE][root@fw1.jws1.local]/root(16): cat /var/etc/quagga/ospfd.conf
This file was created by the pfSense package manager. Do not edit!
password secret
log syslog
interface lagg1_vlan6
ip ospf hello-interval 1
ip ospf authentication-key net-secret
ip ospf priority 255
ip ospf retransmit-interval 3
ip ospf dead-interval 5router ospf
ospf router-id 192.168.6.2
log-adjacency-changes detail
redistribute connected
redistribute static
network 192.168.6.0/24 area 192.168.6.0
access-list dnr-list deny xx.xx.176.0/24
distribute-list dnr-list out connected
distribute-list dnr-list out kernel
distribute-list dnr-list out static
access-list dnr-list permit anyOnly pass changed and IP xx-ed but they worked before update… changing back didn't helped.
Bests
Reiner
-
That may be a completely separate error from this.
I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.
Here is pfSense console after reboot:The service starts smoothly when "Disable Redistribution" is blank.
Regards -
I moved the syntax back the other way since it does not seem to be valid in the other order. I'm not sure how the patch in the first post solved the OP's problem, if quagga won't even run with the commands ordered that way.
-
That may be a completely separate error from this.
I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.
Ah this way I can try it, too:
[2.1-BETA1][root@fw1.zws8.local]/root(134): /usr/local/bin/quaggactl start
There is no such command.
Error occured during reading below line.
distribute-list dnr-list out connectedmmmh… I've tested my patch and it worked with several config modifications/reboots in my test setup... so a little surprising that it's now damaging OSPF package... sorry.
Without my above fix it works again.
router ospf ospf router-id 192.168.6.3 log-adjacency-changes detail redistribute connected redistribute static network 192.168.6.0/24 area 192.168.6.0 distribute-list dnr-list out connected distribute-list dnr-list out kernel distribute-list dnr-list out static access-list dnr-list deny xx.xx.176.0/24 access-list dnr-list permit any
One problem / unknown difference:
I have one stable/old pfSense 2.0.1 pair and actual pfSense 2.1-BETA1 pair on other side…
The stable version didn't redistribute the network:[2.0.1-RELEASE][root@fw1.jws1.local]/root(133): vtysh
Hello, this is Quagga (version 0.99.20.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.fw1.jws1.local# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB routeK>* 0.0.0.0/0 via 91.102.12.193, lagg0_vlan2
O xx.xx.176.0/24 [110/20] via 192.168.6.12, lagg1_vlan6, 00:31:09
via 192.168.6.13, lagg1_vlan6, 00:31:09
C * xx.xx.176.0/24 is directly connected, vip47
C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7
C>* xx.xx.176.4/32 is directly connected, vip40
C>* xx.xx.176.7/32 is directly connected, vip49
…but BETA does?
[2.1-BETA1][root@fw1.zws8.local]/root(139): vtysh
Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.fw1.zws8.local# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, A - Babel,
> - selected route, * - FIB routeK>* 0.0.0.0/0 via xx.xx.176.254, lagg0_vlan7
O xx.xx.176.0/24 [110/20] via 192.168.6.13, lagg0_vlan6, 00:24:14
C * xx.xx.176.0/24 is directly connected, opt14_vip120
C * xx.xx.176.0/24 is directly connected, opt14_vip117
C * xx.xx.176.0/24 is directly connected, opt14_vip103
C * xx.xx.176.0/24 is directly connected, opt14_vip119
C * xx.xx.176.0/24 is directly connected, opt14_vip118
C * xx.xx.176.0/24 is directly connected, opt14_vip116
C * xx.xx.176.0/24 is directly connected, opt14_vip115
C * xx.xx.176.0/24 is directly connected, opt14_vip114
C * xx.xx.176.0/24 is directly connected, opt14_vip109
C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7
…I tested before only with BETA versions… and got problems with public routing.
(1st firewall pair got .1/.2/.3, 2nd fw pair .254/.253/.252)
Because without this "Disable Redistribution" of this public network the firewalls didn't saw itselfes and therefore shutting down their gateways.ah... different BSD package versions which causes the problem:
2.0.1 => Hello, this is Quagga (version 0.99.20.1).
2.1-BETA1 => Hello, this is Quagga (version 0.99.21).so please remove my patch… and we must search for other places to patch the behavior in package for 2.1...
Thanks.Bests
Reiner