FRRouting and OSPF

Posted September 14, 2018 by Matthew McGeehan

In my previous post, I walked through how to install FRRouting. Now that FRR is installed we can get down to the fun stuff. In this post, I will walk through how to configure a simple network running OSPF. Open Shortest Path First (OSPF) is a Link State protocol. A Link State routing protocol builds a comprehensive view of the network. This view contains all possible routes along with link cost. Each device that participates in OSPF uses the Shortest Path First (Dijkstra algorithm) to determine the best path to all the other routers in the network.

Topology:

In this example, I will be using OSPF to setup a small anycast network. The network consists of two servers running Centos and a CSR1000v. Both servers have a loopback interface with the IP address 172.31.254.10. OSPF will use equal-cost load balancing to forward packets to the loopback IP address. The diagram below shows a layout of the network.

Interfaces on Server A:

[root@ServerA ~]# ip addr
1: lo:
    inet 172.31.254.10/32 brd 172.31.254.10 scope host lo
2: eno16780032:
    inet 10.10.10.206/24 brd 10.10.10.255 scope global noprefixroute eno16780032
3: ens224:
    inet 10.160.1.10/24 brd 10.160.1.255 scope global noprefixroute ens224
	

Interfaces on Server B:

[root@server_b ~]# ip addr
1: lo:
    inet 172.31.254.10/32 brd 255.255.255.255 scope host lo
       valid_lft forever preferred_lft forever
2: eno16780032:
    inet 10.10.10.110/24 brd 10.10.10.255 scope global dynamic eno16780032
3: ens224:
    inet 10.160.1.11/24 scope global ens224
	

Interfaces on CSR:

CSR1#show ip int brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet1       10.160.1.1      YES NVRAM  up                    up
GigabitEthernet2       unassigned      YES NVRAM  administratively down down
GigabitEthernet3       unassigned      YES NVRAM  administratively down down
GigabitEthernet4       10.10.10.11     YES NVRAM  up                    up

Configuring OSPF:

Now that we have a view of the overall design, it is time to start the configuration. First, let's start with the CSR100v.

1. Login to the cisco device.
2. Type configure terminal.
3. Next, enter the following commands to configure OSPF.

   interface GigabitEthernet1
    ip ospf priority 100
   
   router ospf 1
    router-id 10.160.1.1
    network 10.160.1.0 0.0.0.255 area 0

4. Typewrto save the configuration.

Now that we have our router configured, let's move on the Server A and B.

1. From the Linux shell, typevtyshto enter the FRR CLI.
2. Type configure terminal to enter the global config.
3. Next, enter the following commands to tell start the OSPF process. Make sure that the router ID is unqiue on each device.

   interface ens224
    ip ospf priority 0
   
   router ospf
    ospf router-id 10.160.1.11
    passive-interface lo
    network 10.160.1.0/24 area 0
    network 172.31.254.10/32 area 0

   The configuration above will send out OSPF hello messages on interface ens224. The 10.160.1.x network will be used to form adjacencies between the two servers and the CSR. Since this is a broadcast network OSPF will attempt to elect a DR and BDR. In the real world you would want to make sure that your DR/BDR devices are stable. In this example, I chose to have server A and B not participate in the DR election process. I accomplished this by setting the priority on the server's shared interface to 0. Once the OSPF adjacencies have been formed Server A and B will advertise 172.31.254.10/32.

4. Typewrto save the configuration.

   server_b# wr
   Note: this version of vtysh never writes vtysh.conf
   Building Configuration...
   Configuration saved to /etc/frr/zebra.conf
   Configuration saved to /etc/frr/ospfd.conf

Linux Firewall:

In order for the two Linux hosts to participate in OPSF, I had to add a rule to the firewall. Below is an example of what it looked like before I added the rule. The CSR was able to receive hello messages from Server B. Server B was not able to receive hello messages from the CSR. The CSR kept Server B in the INIT state because the hello messages it received never listed the CSR's router ID.

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.160.1.11     1   INIT/DROTHER    00:00:37    10.160.1.11     GigabitEthernet1  

Configure Firewall Rules:

1. Create a new firewall service called ospf.xml.

   vi /etc/firewalld/services/ospf.xml
   
   <?xml version="1.0" encoding="utf-8"?>
   <service>
   <short>OSPF<short>
   <description>Allow OSPF adjacency to form</description>
   <port protocol="ospf" port=""/>
   <destination ipv4="224.0.0.5"/>
   <destination ipv4="224.0.0.6"/>
   </service>
                       

2. Add the newly created service to the firewall and then reload the firewall configuration.

   sudo firewall-cmd  --permanent --add-service ospf
   sudo firewall-cmd --reload
                   

3. To verify that the rule has been added type the following command.

   sudo firewall-cmd --list-services

After the firewall rule is added, OSPF neighbor adjacencies will begin to form.

OSPF Adjacencies on Server A:

server_a# show ip ospf neighbor

Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.160.1.1      100 Full/DR           39.249s 10.160.1.1      ens224:10.160.1.10       0     0     0
10.160.1.11       0 2-Way/DROther     31.423s 10.160.1.11     ens224:10.160.1.10       0     0     0

OSPF Adjacencies on Server B:

server_b# show ip ospf neighbor

Neighbor ID     Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.160.1.1      100 Full/DR           30.383s 10.160.1.1      ens224:10.160.1.11       0     0     0
10.160.1.10       0 2-Way/DROther     32.159s 10.160.1.10     ens224:10.160.1.11       0     0     0

OSPF Adjacencies on CSR:

CSR1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.160.1.10       0   FULL/DROTHER    00:00:33    10.160.1.10     GigabitEthernet1
10.160.1.11       0   FULL/DROTHER    00:00:31    10.160.1.11     GigabitEthernet1
            

Verification:

Now that everything is up and running, it's time to take a look at the routing table on the CSR.

CSR1#show ip route

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.160.1.0/24 is directly connected, GigabitEthernet1
L        10.160.1.1/32 is directly connected, GigabitEthernet1
      172.31.0.0/32 is subnetted, 1 subnets
O        172.31.254.10 [110/1] via 10.160.1.11, 00:06:56, GigabitEthernet1
                       [110/1] via 10.160.1.10, 00:07:06, GigabitEthernet1

Two routes are now listed for 172.31.254.10. Let's try to ping the loopback address and see if we have connectivity.

CSR1#ping 172.31.254.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.31.254.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
            

Success! Looks like everything is up and running. Imagine you have a DNS server bound to 172.31.254.10 on these two hosts. If you wanted to take one of them out of service for a while, you could stop advertising the loopback IP in OSPF without impacting service.