In my previous post, I walked through how to install FRRouting. Now that FRR is installed we can get down to the fun stuff. In this post, I will walk through how to configure a simple network running OSPF. Open Shortest Path First (OSPF) is a Link State protocol. A Link State routing protocol builds a comprehensive view of the network. This view contains all possible routes along with link cost. Each device that participates in OSPF uses the Shortest Path First (Dijkstra algorithm) to determine the best path to all the other routers in the network.
In this example, I will be using OSPF to setup a small anycast network. The network consists of two servers running Centos and a CSR1000v. Both servers have a loopback interface with the IP address 172.31.254.10. OSPF will use equal-cost load balancing to forward packets to the loopback IP address. The diagram below shows a layout of the network.
[root@ServerA ~]# ip addr 1: lo: inet 172.31.254.10/32 brd 172.31.254.10 scope host lo 2: eno16780032: inet 10.10.10.206/24 brd 10.10.10.255 scope global noprefixroute eno16780032 3: ens224: inet 10.160.1.10/24 brd 10.160.1.255 scope global noprefixroute ens224
[root@server_b ~]# ip addr 1: lo: inet 172.31.254.10/32 brd 255.255.255.255 scope host lo valid_lft forever preferred_lft forever 2: eno16780032: inet 10.10.10.110/24 brd 10.10.10.255 scope global dynamic eno16780032 3: ens224: inet 10.160.1.11/24 scope global ens224
CSR1#show ip int brief Interface IP-Address OK? Method Status Protocol GigabitEthernet1 10.160.1.1 YES NVRAM up up GigabitEthernet2 unassigned YES NVRAM administratively down down GigabitEthernet3 unassigned YES NVRAM administratively down down GigabitEthernet4 10.10.10.11 YES NVRAM up up
Now that we have a view of the overall design, it is time to start the configuration. First, let's start with the CSR100v.
interface GigabitEthernet1 ip ospf priority 100 router ospf 1 router-id 10.160.1.1 network 10.160.1.0 0.0.0.255 area 0
Now that we have our router configured, let's move on the Server A and B.
interface ens224 ip ospf priority 0 router ospf ospf router-id 10.160.1.11 passive-interface lo network 10.160.1.0/24 area 0 network 172.31.254.10/32 area 0
The configuration above will send out OSPF hello messages on interface ens224. The 10.160.1.x network will be used to form adjacencies between the two servers and the CSR. Since this is a broadcast network OSPF will attempt to elect a DR and BDR. In the real world you would want to make sure that your DR/BDR devices are stable. In this example, I chose to have server A and B not participate in the DR election process. I accomplished this by setting the priority on the server's shared interface to 0. Once the OSPF adjacencies have been formed Server A and B will advertise 172.31.254.10/32.
server_b# wr Note: this version of vtysh never writes vtysh.conf Building Configuration... Configuration saved to /etc/frr/zebra.conf Configuration saved to /etc/frr/ospfd.conf
In order for the two Linux hosts to participate in OPSF, I had to add a rule to the firewall. Below is an example of what it looked like before I added the rule. The CSR was able to receive hello messages from Server B. Server B was not able to receive hello messages from the CSR. The CSR kept Server B in the INIT state because the hello messages it received never listed the CSR's router ID.
Neighbor ID Pri State Dead Time Address Interface 10.160.1.11 1 INIT/DROTHER 00:00:37 10.160.1.11 GigabitEthernet1
vi /etc/firewalld/services/ospf.xml <?xml version="1.0" encoding="utf-8"?> <service> <short>OSPF<short> <description>Allow OSPF adjacency to form</description> <port protocol="ospf" port=""/> <destination ipv4="184.108.40.206"/> <destination ipv4="220.127.116.11"/> </service>
sudo firewall-cmd --permanent --add-service ospf sudo firewall-cmd --reload
sudo firewall-cmd --list-services
After the firewall rule is added, OSPF neighbor adjacencies will begin to form.
server_a# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.160.1.1 100 Full/DR 39.249s 10.160.1.1 ens224:10.160.1.10 0 0 0 10.160.1.11 0 2-Way/DROther 31.423s 10.160.1.11 ens224:10.160.1.10 0 0 0
server_b# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.160.1.1 100 Full/DR 30.383s 10.160.1.1 ens224:10.160.1.11 0 0 0 10.160.1.10 0 2-Way/DROther 32.159s 10.160.1.10 ens224:10.160.1.11 0 0 0
CSR1#show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.160.1.10 0 FULL/DROTHER 00:00:33 10.160.1.10 GigabitEthernet1 10.160.1.11 0 FULL/DROTHER 00:00:31 10.160.1.11 GigabitEthernet1
Now that everything is up and running, it's time to take a look at the routing table on the CSR.
CSR1#show ip route 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.160.1.0/24 is directly connected, GigabitEthernet1 L 10.160.1.1/32 is directly connected, GigabitEthernet1 172.31.0.0/32 is subnetted, 1 subnets O 172.31.254.10 [110/1] via 10.160.1.11, 00:06:56, GigabitEthernet1 [110/1] via 10.160.1.10, 00:07:06, GigabitEthernet1
Two routes are now listed for 172.31.254.10. Let's try to ping the loopback address and see if we have connectivity.
CSR1#ping 172.31.254.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 172.31.254.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Success! Looks like everything is up and running. Imagine you have a DNS server bound to 172.31.254.10 on these two hosts. If you wanted to take one of them out of service for a while, you could stop advertising the loopback IP in OSPF without impacting service.