Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Quagga OSPF bug: no redistribution networks are written in wrong order

    pfSense Packages
    4
    10
    6418
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Reiner030 last edited by

      Hi,

      here the patch to fix it ;)

      (I must disallow distribution public routes which are in kernel routes … so my firewalls can't reach themselfes over the right interface)

      
      *** /usr/local/pkg/quagga_ospfd.inc.orig        Sun Feb 17 07:05:10 2013
      --- /usr/local/pkg/quagga_ospfd.inc     Sun Feb 17 07:06:11 2013
      *************** function quagga_ospfd_install_conf() {
      *** 215,225 ****
                              $conffile .= $redist;
      
                      if (!empty($noredist)) {
                              $conffile .= "  distribute-list dnr-list out connected\n";
                              $conffile .= "  distribute-list dnr-list out kernel\n";
                              $conffile .= "  distribute-list dnr-list out static\n";
                              //$conffile .= "  distribute-list dnr-list out ospf\n";
      -                       $conffile .= $noredist;
                              $conffile .= "  access-list dnr-list permit any\n";
                      }
      
      --- 215,225 ----
                              $conffile .= $redist;
      
                      if (!empty($noredist)) {
      +                       $conffile .= $noredist;
                              $conffile .= "  distribute-list dnr-list out connected\n";
                              $conffile .= "  distribute-list dnr-list out kernel\n";
                              $conffile .= "  distribute-list dnr-list out static\n";
                              //$conffile .= "  distribute-list dnr-list out ospf\n";
                              $conffile .= "  access-list dnr-list permit any\n";
                      }
      
      

      Bests

      Reiner

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        Committed, thanks!

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • K
          keysers0ze last edited by

          Hi,

          good info.. struggling with same thing.. Trying to disable redistribution of public ip's …

          • How / what do i need to do to update quagga packages -> update files with scp -> reinstall package or ?

          • Where to get modified files -> https://github.com/pfsense/pfsense-packages/tree/master/config/quagga_ospfd ?

          • Im running fresh vm-install:

          2.0.2-RELEASE (amd64)
          built on Fri Dec 7 22:39:32 EST 2012
          FreeBSD 8.1-RELEASE-p13

          quagga:

          0.99.20.1 v0.5.1

          br.
          .k

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            just click the 'pkg' button from the list and it will reinstall and pick up the change.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • K
              keysers0ze last edited by

              @jimp:

              just click the 'pkg' button from the list and it will reinstall and pick up the change.

              ok. thanks. its done now.. im still having difficulties with "disabling redistribution":

              im trying to disable wan network not to redistribute to another pfsense…

              • If select "disable redistribution" | 85.20.0.0/24 | 0.0.0.0 |

              • status page of ospfd says:

              "ospfd does not appear to be running"

              br.
              .k

              1 Reply Last reply Reply Quote 0
              • jimp
                jimp Rebel Alliance Developer Netgate last edited by

                That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • R
                  Reiner030 last edited by

                  @jimp:

                  That may be a completely separate error from this. It may be best to start a fresh thread and include copies of your quagga configs from /usr/local/etc/ and any logs from quagga/zebra in /var/log/system.log (2.0.x) or /var/log/routing.log (2.1)

                  Hi,

                  I have something equal problem… (howto create a new thread out of this additional question?^^)
                  Since I updated last time my router IDs pfsense won't start again.

                  => http://forum.pfsense.org/index.php/topic,59103.msg318308.html#msg318308

                  [2.0.1-RELEASE][root@fw1.jws1.local]/root(10): clog /var/log/system.log | grep -e ospf -e zebra
                  Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
                  Feb 25 21:40:01 fw1 zebra[57194]: Zebra 0.99.20.1 starting: vty@2601
                  Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:1]: Update
                  Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Update
                  Feb 25 21:40:01 fw1 ospfd[57429]: ASBR[Status:2]: Already ASBR

                  Mmh, perhaps this is the problem? Before last update there where configs in this directory (ospfd.conf and zebra.conf)

                  [2.0.1-RELEASE][root@fw1.jws1.local]/root(11): ls -la /usr/local/etc/quagga/
                  total 4
                  drwxr-xr-x  2 quagga  quagga  512 Feb 24 20:35 .
                  drwxr-xr-x  14 root    wheel  512 Feb 24 20:35 ..

                  ah no… they stay still in

                  [2.0.1-RELEASE][root@fw1.jws1.local]/root(14): ls -la /var/etc/quagga/
                  total 8
                  drwxr-xr-x  2 quagga  quagga  512 Feb 20 22:47 .
                  drwxr-xr-x  8 root    wheel  1024 Feb 25 20:05 ..
                  -rw–-----  1 quagga  quagga  625 Feb 25 21:40 ospfd.conf
                  -rw-------  1 quagga  quagga  100 Feb 25 21:40 zebra.conf

                  [2.0.1-RELEASE][root@fw1.jws1.local]/root(15): cat /var/etc/quagga/zebra.conf

                  This file was created by the pfSense package manager.  Do not edit!

                  password secret
                  log syslog

                  [2.0.1-RELEASE][root@fw1.jws1.local]/root(16): cat /var/etc/quagga/ospfd.conf

                  This file was created by the pfSense package manager.  Do not edit!

                  password secret
                  log syslog
                  interface lagg1_vlan6
                    ip ospf hello-interval 1
                    ip ospf authentication-key net-secret
                    ip ospf priority 255
                    ip ospf retransmit-interval 3
                    ip ospf dead-interval 5

                  router ospf
                    ospf router-id 192.168.6.2
                    log-adjacency-changes detail
                    redistribute connected
                    redistribute static
                    network 192.168.6.0/24 area 192.168.6.0
                    access-list dnr-list deny xx.xx.176.0/24
                    distribute-list dnr-list out connected
                    distribute-list dnr-list out kernel
                    distribute-list dnr-list out static
                    access-list dnr-list permit any

                  Only pass changed and IP xx-ed but they worked before update… changing back didn't helped.

                  Bests

                  Reiner

                  1 Reply Last reply Reply Quote 0
                  • R
                    rubic last edited by

                    @jimp:

                    That may be a completely separate error from this.

                    I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.
                    Here is pfSense console after reboot:

                    The service starts smoothly when "Disable Redistribution" is blank.
                    Regards

                    1 Reply Last reply Reply Quote 0
                    • jimp
                      jimp Rebel Alliance Developer Netgate last edited by

                      I moved the syntax back the other way since it does not seem to be valid in the other order. I'm not sure how the patch in the first post solved the OP's problem, if quagga won't even run with the commands ordered that way.

                      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                      Need help fast? Netgate Global Support!

                      Do not Chat/PM for help!

                      1 Reply Last reply Reply Quote 0
                      • R
                        Reiner030 last edited by

                        @rubic:

                        @jimp:

                        That may be a completely separate error from this.

                        I think the error is this commit related. While Quagga OSPF 0.99.20.1 v0.5.0 works fine in my production environment, in my fresh test setup with Quagga OSPF 0.99.20.1 v0.5.1 any value in the "Disable Redistribution" field prevents the service to start.

                        Ah this way I can try it, too:

                        [2.1-BETA1][root@fw1.zws8.local]/root(134): /usr/local/bin/quaggactl start
                        There is no such command.
                        Error occured during reading below line.
                          distribute-list dnr-list out connected

                        mmmh… I've tested my patch and it worked with several config modifications/reboots in my test setup... so a little surprising that it's now damaging OSPF package... sorry.

                        Without my above fix it works again.

                        router ospf
                          ospf router-id 192.168.6.3
                          log-adjacency-changes detail
                          redistribute connected
                          redistribute static
                          network 192.168.6.0/24 area 192.168.6.0
                          distribute-list dnr-list out connected
                          distribute-list dnr-list out kernel
                          distribute-list dnr-list out static
                          access-list dnr-list deny xx.xx.176.0/24
                          access-list dnr-list permit any
                        

                        One problem / unknown difference:
                        I have one stable/old pfSense 2.0.1 pair and actual pfSense 2.1-BETA1 pair on other side…
                        The stable version didn't redistribute the network:

                        [2.0.1-RELEASE][root@fw1.jws1.local]/root(133): vtysh

                        Hello, this is Quagga (version 0.99.20.1).
                        Copyright 1996-2005 Kunihiro Ishiguro, et al.

                        fw1.jws1.local# sh ip route
                        Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
                              I - ISIS, B - BGP, > - selected route, * - FIB route

                        K>* 0.0.0.0/0 via 91.102.12.193, lagg0_vlan2
                        O  xx.xx.176.0/24 [110/20] via 192.168.6.12, lagg1_vlan6, 00:31:09
                                                    via 192.168.6.13, lagg1_vlan6, 00:31:09
                        C * xx.xx.176.0/24 is directly connected, vip47
                        C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7
                        C>* xx.xx.176.4/32 is directly connected, vip40
                        C>* xx.xx.176.7/32 is directly connected, vip49
                        …

                        but BETA does?

                        [2.1-BETA1][root@fw1.zws8.local]/root(139): vtysh

                        Hello, this is Quagga (version 0.99.21).
                        Copyright 1996-2005 Kunihiro Ishiguro, et al.

                        fw1.zws8.local# show ip route
                        Codes: K - kernel route, C - connected, S - static, R - RIP,
                              O - OSPF, I - IS-IS, B - BGP, A - Babel,
                              > - selected route, * - FIB route

                        K>* 0.0.0.0/0 via xx.xx.176.254, lagg0_vlan7
                        O  xx.xx.176.0/24 [110/20] via 192.168.6.13, lagg0_vlan6, 00:24:14
                        C * xx.xx.176.0/24 is directly connected, opt14_vip120
                        C * xx.xx.176.0/24 is directly connected, opt14_vip117
                        C * xx.xx.176.0/24 is directly connected, opt14_vip103
                        C * xx.xx.176.0/24 is directly connected, opt14_vip119
                        C * xx.xx.176.0/24 is directly connected, opt14_vip118
                        C * xx.xx.176.0/24 is directly connected, opt14_vip116
                        C * xx.xx.176.0/24 is directly connected, opt14_vip115
                        C * xx.xx.176.0/24 is directly connected, opt14_vip114
                        C * xx.xx.176.0/24 is directly connected, opt14_vip109
                        C>* xx.xx.176.0/24 is directly connected, lagg0_vlan7
                        …

                        I tested before only with BETA versions… and got problems with public routing.
                        (1st firewall pair got .1/.2/.3, 2nd fw pair .254/.253/.252)
                        Because without this "Disable Redistribution" of this public network the firewalls didn't saw itselfes and therefore shutting down their gateways.

                        ah... different BSD package versions which causes the problem:
                        2.0.1        => Hello, this is Quagga (version 0.99.20.1).
                        2.1-BETA1 => Hello, this is Quagga (version 0.99.21).

                        so please remove my patch… and we must search for other places to patch the behavior in package for 2.1...
                        Thanks.

                        Bests

                        Reiner

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post