Quagga OSPF bug: no redistribution networks are written in wrong order



  • Hi,

    here the patch to fix it ;)

    (I must disallow distribution public routes which are in kernel routes … so my firewalls can't reach themselfes over the right interface)

    
    *** /usr/local/pkg/quagga_ospfd.inc.orig        Sun Feb 17 07:05:10 2013
    --- /usr/local/pkg/quagga_ospfd.inc     Sun Feb 17 07:06:11 2013
    *************** function quagga_ospfd_install_conf() {
    *** 215,225 ****
                            $conffile .= $redist;
    
                    if (!empty($noredist)) {
                            $conffile .= "  distribute-list dnr-list out connected\n";
                            $conffile .= "  distribute-list dnr-list out kernel\n";
                            $conffile .= "  distribute-list dnr-list out static\n";
                            //$conffile .= "  distribute-list dnr-list out ospf\n";
    -                       $conffile .= $noredist;
                            $conffile .= "  access-list dnr-list permit any\n";
                    }
    
    --- 215,225 ----
                            $conffile .= $redist;
    
                    if (!empty($noredist)) {
    +                       $conffile .= $noredist;
                            $conffile .= "  distribute-list dnr-list out connected\n";
                            $conffile .= "  distribute-list dnr-list out kernel\n";
                            $conffile .= "  distribute-list dnr-list out static\n";
                            //$conffile .= "  distribute-list dnr-list out ospf\n";
                            $conffile .= "  access-list dnr-list permit any\n";
                    }
    
    

    Bests

    Reiner


  • Rebel Alliance Developer Netgate

    Committed, thanks!



  • Hi,

    good info.. struggling with same thing.. Trying to disable redistribution of public ip's …

    2.0.2-RELEASE (amd64)
    built on Fri Dec 7 22:39:32 EST 2012
    FreeBSD 8.1-RELEASE-p13

    quagga:

    0.99.20.1 v0.5.1

    br.
    .k


  • Rebel Alliance Developer Netgate

    just click the 'pkg' button from the list and it will reinstall and pick up the change.



  • @jimp:

    just click the 'pkg' button from the list and it will reinstall and pick up the change.

    ok. thanks. its done now.. im still having difficulties with "disabling redistribution":

    im trying to disable wan network not to redistribute to another pfsense…

    • If select "disable redistribution" | 85.20.0.0/24 | 0.0.0.0 |

    • status page of ospfd says:

    "ospfd does not appear to be running"

    br.
    .k


  • Rebel Alliance Developer Netgate

    That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)



  • @jimp:

    That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)

    Hi,

    I have something equal problem… (howto create a new thread out of this additional question?^^)
    Since I updated last time my router IDs pfsense won't start again.

    => http://forum.pfsense.org/index.php/topic,59103.msg318308.html#msg318308

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(10): clog /var/log/system.log | grep -e ospf -e zebra
    Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
    Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
    Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:1]: Update
    Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Update
    Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Already ASBR

    Mmh, perhaps this is the problem? Before last update there where configs in this directory (ospfd.conf and zebra.conf)

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(11): ls -la /usr/local/etc/quagga/
    total 4
    drwxr-xr-x  2 quagga  quagga  512 Feb 24 20:35 .
    drwxr-xr-x  14 root    wheel  512 Feb 24 20:35 ..

    ah no… they stay still in

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(14): ls -la /var/etc/quagga/
    total 8
    drwxr-xr-x  2 quagga  quagga  512 Feb 20 22:47 .
    drwxr-xr-x  8 root    wheel  1024 Feb 25 20:05 ..
    -rw–-----  1 quagga  quagga  625 Feb 25 21:40 ospfd.conf
    -rw-------  1 quagga  quagga  100 Feb 25 21:40 zebra.conf

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(15): cat /var/etc/quagga/zebra.conf

    This file was created by the pfSense package manager.  Do not edit!

    password secret
    log syslog

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(16): cat /var/etc/quagga/ospfd.conf

    This file was created by the pfSense package manager.  Do not edit!

    password secret
    log syslog
    interface lagg1_vlan6
      ip ospf hello-interval 1
      ip ospf authentication-key net-secret
      ip ospf priority 255
      ip ospf retransmit-interval 3
      ip ospf dead-interval 5

    router ospf
      ospf router-id 192.168.6.2
      log-adjacency-changes detail
      redistribute connected
      redistribute static
      network 192.168.6.0/24 area 192.168.6.0
      access-list dnr-list deny xx.xx.176.0/24
      distribute-list dnr-list out connected
      distribute-list dnr-list out kernel
      distribute-list dnr-list out static
      access-list dnr-list permit any

    Only pass changed and IP xx-ed but they worked before update… changing back didn't helped.

    Bests

    Reiner



  • @jimp:

    That may be a completely separate error from this.

    I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.
    Here is pfSense console after reboot:

    The service starts smoothly when "Disable Redistribution" is blank.
    Regards


  • Rebel Alliance Developer Netgate

    I moved the syntax back the other way since it does not seem to be valid in the other order. I'm not sure how the patch in the first post solved the OP's problem, if quagga won't even run with the commands ordered that way.



  • @rubic:

    @jimp:

    That may be a completely separate error from this.

    I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.

    Ah this way I can try it, too:

    [2.1-BETA1][root@fw1.zws8.local]/root(134): /usr/local/bin/quaggactl start
    There is no such command.
    Error occured during reading below line.
      distribute-list dnr-list out connected

    mmmh… I've tested my patch and it worked with several config modifications/reboots in my test setup... so a little surprising that it's now damaging OSPF package... sorry.

    Without my above fix it works again.

    router ospf
      ospf router-id 192.168.6.3
      log-adjacency-changes detail
      redistribute connected
      redistribute static
      network 192.168.6.0/24 area 192.168.6.0
      distribute-list dnr-list out connected
      distribute-list dnr-list out kernel
      distribute-list dnr-list out static
      access-list dnr-list deny xx.xx.176.0/24
      access-list dnr-list permit any
    

    One problem / unknown difference:
    I have one stable/old pfSense 2.0.1 pair and actual pfSense 2.1-BETA1 pair on other side…
    The stable version didn't redistribute the network:

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(133): vtysh

    Hello, this is Quagga (version 0.99.20.1).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.

    fw1.jws1.local# sh ip route
    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
          I - ISIS, B - BGP, > - selected route, * - FIB route

    K>* 0.0.0.0/0 via 91.102.12.193, lagg0_vlan2
    O  xx.xx.176.0/24 [110/20] via 192.168.6.12, lagg1_vlan6, 00:31:09
                                via 192.168.6.13, lagg1_vlan6, 00:31:09
    C * xx.xx.176.0/24 is directly connected, vip47
    C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7
    C>* xx.xx.176.4/32 is directly connected, vip40
    C>* xx.xx.176.7/32 is directly connected, vip49

    but BETA does?

    [2.1-BETA1][root@fw1.zws8.local]/root(139): vtysh

    Hello, this is Quagga (version 0.99.21).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.

    fw1.zws8.local# show ip route
    Codes: K - kernel route, C - connected, S - static, R - RIP,
          O - OSPF, I - IS-IS, B - BGP, A - Babel,
          > - selected route, * - FIB route

    K>* 0.0.0.0/0 via xx.xx.176.254, lagg0_vlan7
    O  xx.xx.176.0/24 [110/20] via 192.168.6.13, lagg0_vlan6, 00:24:14
    C * xx.xx.176.0/24 is directly connected, opt14_vip120
    C * xx.xx.176.0/24 is directly connected, opt14_vip117
    C * xx.xx.176.0/24 is directly connected, opt14_vip103
    C * xx.xx.176.0/24 is directly connected, opt14_vip119
    C * xx.xx.176.0/24 is directly connected, opt14_vip118
    C * xx.xx.176.0/24 is directly connected, opt14_vip116
    C * xx.xx.176.0/24 is directly connected, opt14_vip115
    C * xx.xx.176.0/24 is directly connected, opt14_vip114
    C * xx.xx.176.0/24 is directly connected, opt14_vip109
    C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7

    I tested before only with BETA versions… and got problems with public routing.
    (1st firewall pair got .1/.2/.3, 2nd fw pair .254/.253/.252)
    Because without this "Disable Redistribution" of this public network the firewalls didn't saw itselfes and therefore shutting down their gateways.

    ah... different BSD package versions which causes the problem:
    2.0.1        => Hello, this is Quagga (version 0.99.20.1).
    2.1-BETA1 => Hello, this is Quagga (version 0.99.21).

    so please remove my patch… and we must search for other places to patch the behavior in package for 2.1...
    Thanks.

    Bests

    Reiner


Log in to reply