Project

General

Profile

Actions
Copy link

Bug #2920

closed

OSPF on interfaces with IP Alias and carp unpredictable

Added by Peter O about 11 years ago. Updated almost 8 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
Quagga OSPF
Target version:
-
Start date:
04/02/2013
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

I have an interface with IP 172.20.20.2 and CARP address 172.20.20.1. Due to legacy, this interface also has IP Alias 172.22.6.2 and CARP 172.22.6.1. As you can guess, there is also a carp mirror on router the same network with 172.20.20.3 as IP and 172.22.6.3 as IP Alias.

This behaves unpredictable as Quagga can only be enabled on an interface and not on VIP's. The primary firewall now shows the following on the Quagga status page:
[code]opt3_vip2 is up
ifindex 22, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING> (Is IP 172.20.20.1)
OSPF not enabled on this interface
opt3_vip19 is up
ifindex 38, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
Internet Address 172.22.6.1/24, Broadcast 172.22.6.1, Area 0.0.0.0
MTU mismatch detection:enabled
Router ID .**..**, Network Type LOOPBACK, Cost: 10
Transmit Delay is 1 sec, State Loopback, Priority 1
No designated router on this network
No backup designated router on this network
Multicast group memberships: <None>
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in inactive
Neighbor Count is 0, Adjacent neighbor count is 0[/code]
And the secondary firewall shows:
[code]opt3_vip2 is up
ifindex 23, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING>
Internet Address 172.20.20.1/24, Broadcast 172.20.20.1, Area 0.0.0.0
MTU mismatch detection:enabled
Router ID .**..**, Network Type LOOPBACK, Cost: 10
Transmit Delay is 1 sec, State Loopback, Priority 1
No designated router on this network
No backup designated router on this network
Multicast group memberships: <None>
Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
Hello due in inactive
Neighbor Count is 0, Adjacent neighbor count is 0
opt3_vip19 is up
ifindex 39, MTU 1500 bytes, BW 0 Kbit <UP,LOOPBACK,RUNNING> (Is IP 172.22.6.1)
OSPF not enabled on this interface[/code]

This results in a routing table on fw1 with:
[code]O 172.20.20.0/24 [110/10] is directly connected, em0_vlan2020, 00:23:08
C>* 172.20.20.0/24 is directly connected, em0_vlan2020
O>* 172.20.20.1/32 [110/25] via 172.20.1.2 (fw2, should list directly connected or just not be listed), em0_vlan2001, 00:22:58
O 172.22.6.0/24 [110/10] is directly connected (Like it should be), em0_vlan2020, 00:23:08
C * 172.22.6.0/24 is directly connected, opt3_vip19
C>* 172.22.6.0/24 is directly connected, em0_vlan2020[/code]
And on fw2:
[code]O 172.20.20.0/24 [110/10] is directly connected, em0_vlan2020, 2d11h41m
C * 172.20.20.0/24 is directly connected, opt3_vip2
C>* 172.20.20.0/24 is directly connected, em0_vlan2020
C * 172.22.6.0/24 is directly connected, em0_vlan2020
C>* 172.22.6.0/24 is directly connected, opt3_vip19
O>* 172.22.6.1/32 [110/20] via 172.20.1.1 (Like it should be), em0_vlan2001, 00:09:43[/code]

Also, I had to list the 172.22.6.0 manually in the tables, it's not picked up automatically. Would it be a solution to list IP Alias virtual interfaces in the Quagga dropdown list?

Actions
Copy link
 #1

Updated by Chris Buechler about 11 years ago

  • Project changed from pfSense to pfSense Packages

probably more of a feature request, will leave as is for future examination in this context

Actions
Copy link
 #2

Updated by Peter O about 11 years ago

I just found out that the interface on fw1 had an ip of 172.20.20.0/24. Don't know how that managed to get through the input validation...

Changed it to 172.20.20.2/24 but can't apply just yet because it will drop all current tcp connections for a few seconds. I'll try whether this solves it asap and report back.

Actions
Copy link
 #3

Updated by Peter O about 11 years ago

When applying settings, I get the folowing error:

Apr 2 12:38:49     kernel: opt3_vip19: BACKUP -> MASTER (preempting a slower master)
Apr 2 12:38:49     kernel: opt3_vip2: link state changed to UP
Apr 2 12:38:49     kernel: opt3_vip2: BACKUP -> MASTER (preempting a slower master)
Apr 2 12:38:49     php: /interfaces.php: Configuring CARP settings finalize...
Apr 2 12:38:49     php: /interfaces.php: pfsync done in 0 seconds.
Apr 2 12:38:49     php: /interfaces.php: waiting for pfsync...
Apr 2 12:38:48     kernel: opt3_vip19: link state changed to DOWN
Apr 2 12:38:48     kernel: opt3_vip19: INIT -> BACKUP
Apr 2 12:38:48     kernel: opt3_vip19: link state changed to DOWN
Apr 2 12:38:48     kernel: opt3_vip2: link state changed to DOWN
Apr 2 12:38:48     kernel: opt3_vip2: INIT -> BACKUP
Apr 2 12:38:48     kernel: opt3_vip2: link state changed to DOWN
Apr 2 12:38:48     php: /interfaces.php: The command '/sbin/ifconfig 'em0_vlan2020' inet '172.22.6.2'/'24' alias' returned exit code '1', the output was 'ifconfig: ioctl (SIOCAIFADDR): File exists'

(Read from bottom to top) The servers in the 172.22.6.0/24 range were unreachable after that so I changed the IP back to 172.20.20.0/24. Weird enough, now the servers on 172.22.6.0/24 are reachable again... Should I remove the VIP's, change the interface IP and add the VIP's again?

Actions
Copy link
 #4

Updated by Chris Buechler over 9 years ago

  • Category set to Quagga OSPF
Actions
Copy link
 #5

Updated by Chris Buechler almost 8 years ago

  • Status changed from New to Not a Bug
Actions
Copy link

Also available in: Atom PDF