Ospfd /
Configuring OSPFd
In the guide below, we will demonstrate the use of ospfd(8) using virtual machines inside vmm. This guide presumes you have practiced static routing. The setup is very similar to configuring ripd.
In order to save on costs, we will be using the reserved IP address prefix 10/8 and then translate the range to a public IP address. Here is the topology:
R1 <-----> Internet
(10.1/16)
10.2.1.1
^
|
|
veb12
|
|
V
10.2.2.1
R2 10.3.2.1 <-veb23-> 10.3.2.2 R3 10.5.3.1 <--veb35--> 10.5.5.1 R5
(10.2/16) (10.3/16) (10.5/16)
10.4.2.1 10.3.4.2
^ ^
\ /
veb24 /
\ veb34
\ /
------> R4 <-----
10.4.4.1 (10.4/16) 10.3.4.1
Each R# in the above topology represents a router, which we simulate with a virtual machine with multiple interfaces. We will use veb(4) to link two routers together. Because there are multiple interfaces on each router, no three nodes will ever share the same broadcast domain. This ensures that routing will be required to traverse the network.
In the hypervisor, we configure the proper interfaces:
host# cat /etc/vm.conf
socket owner :vmdusers
switch "switch12" {
locked lladdr
interface veb12
}
switch "switch23" {
locked lladdr
interface veb23
}
switch "switch24" {
locked lladdr
interface veb24
}
switch "switch34" {
locked lladdr
interface veb34
}
switch "switch35" {
locked lladdr
interface veb35
}
bsdiso="/home/iso/install75.iso"
vm "r2" {
owner $USER
memory 1G
cdrom $bsdiso
disk /home/$USER/r2.qcow2 format qcow2
interface tap22 {
locked lladdr e8:8b:22:22:22:22
switch "switch12"
}
interface tap32 {
locked lladdr e8:8b:32:32:32:32
switch "switch23"
}
interface tap42 {
locked lladdr e8:8b:42:42:42:42
switch "switch24"
}
}
vm "r3" {
owner $USER
memory 1G
cdrom $bsdiso
disk /home/$USER/r3.qcow2 format qcow2
interface tap322 {
locked lladdr e8:8b:32:02:32:02
switch "switch23"
}
interface tap342 {
locked lladdr e8:8b:34:02:34:02
switch "switch34"
}
interface tap53 {
locked lladdr e8:8b:53:53:53:53
switch "switch35"
}
}
vm "r4" {
owner $USER
memory 1G
cdrom $bsdiso
disk /home/$USER/r4.qcow2 format qcow2
interface tap44 {
switch "switch24"
locked lladdr e8:8b:44:44:44:44
}
interface tap34 {
locked lladdr e8:8b:34:34:34:34
switch "switch34"
}
}
vm "r5" {
owner $USER
memory 1G
cdrom $bsdiso
disk /home/$USER/r5.qcow2 format qcow2
interface tap55 {
switch "switch35"
locked lladdr e8:8b:55:55:55:55
}
}
NOTE: You will need to create necessary tap devices:
# cd /dev
# sh MAKEDEV tap{22,32,42,322,342,53,44,34,55}
We also create the qcow2 images and install the system:
$ vmctl create -s 20G $HOME/r2.qcow2 $ vmctl create -s 20G $HOME/r3.qcow2 $ vmctl create -s 20G $HOME/r4.qcow2 $ vmctl create -s 20G $HOME/r5.qcow2
In /etc/pf.conf?, we add a rule similar to the following for performing NAT:
match out on egress from !(egress:network) to any nat-to (egress:0)
Now all IPs from 10/8 will be NAT'd to our host's public IP address.
Then reload the ruleset:
host# pfctl -f /etc/pf.conf
We configure the proper interfaces on the host, sysctl.conf(5), and ospfd.conf(5):
host# cat /etc/hostname.veb12
add vport21
up
host# cat /etc/hostname.veb23
up
host# cat /etc/hostname.veb24
up
host# cat /etc/hostname.veb34
up
host# cat /etc/hostname.veb35
up
host# cat /etc/hostname.vport11
inet 10.1.1.1 0xffff0000
up
host# cat /etc/hostname.vport21
inet 10.2.1.1 0xffff0000
up
host# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# global configuration
redistribute static
redistribute connected
redistribute default
KEY12="Ub4gwbQHmJfJwJdV"
KEY23="9QvfZWh3HIe0lEsS"
KEY24="aJIlRUBq9UVsnp9x"
KEY34="jwmmQOitXoKfVh8I"
KEY35="rG7DhWe35a7sLDMQ"
area 0.0.0.0 {
interface vport21 {
auth-type crypt
auth-md 1 $KEY12
auth-md-keyid 1
}
}
host# cat /etc/sysctl.conf
net.inet.ip.arpq.maxlen=1024
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
net.inet.ip.multipath=1
Replace if0 with your actual egress interface.
Next, we configure the virtual machines:
r2# cat /etc/hostname.vio0
inet 10.2.2.1 0xffff0000
up
r2# cat /etc/hostname.vio1
inet 10.3.2.1 0xffffff00
up
r2# cat /etc/hostname.vio2
inet 10.4.2.1 0xffff0000
up
r2# cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.multipath=1
r2# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# global configuration
redistribute static
redistribute connected
redistribute default
KEY12="Ub4gwbQHmJfJwJdV"
KEY23="9QvfZWh3HIe0lEsS"
KEY24="aJIlRUBq9UVsnp9x"
KEY34="jwmmQOitXoKfVh8I"
KEY35="rG7DhWe35a7sLDMQ"
area 0.0.0.0 {
interface vio0 {
auth-type crypt
auth-md 1 $KEY12
auth-md-keyid 1
}
interface vio1 {
auth-type crypt
auth-md 1 $KEY23
auth-md-keyid 1
}
interface vio2 {
auth-type crypt
auth-md 1 $KEY24
auth-md-keyid 1
}
}
r3# cat /etc/hostname.vio0
inet 10.3.2.2 0xffffff00
up
r3# cat /etc/hostname.vio1
inet 10.3.4.2 0xffffff00
up
r3# cat /etc/hostname.vio2
inet 10.5.3.1 0xffff0000
up
r3# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# global configuration
redistribute static
redistribute connected
redistribute default
KEY12="Ub4gwbQHmJfJwJdV"
KEY23="9QvfZWh3HIe0lEsS"
KEY24="aJIlRUBq9UVsnp9x"
KEY34="jwmmQOitXoKfVh8I"
KEY35="rG7DhWe35a7sLDMQ"
area 0.0.0.0 {
interface vio0 {
auth-type crypt
auth-md 1 $KEY23
auth-md-keyid 1
}
interface vio1 {
auth-type crypt
auth-md 1 $KEY34
auth-md-keyid 1
}
interface vio2 {
auth-type crypt
auth-md 1 $KEY35
auth-md-keyid 1
}
}
r3# cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.multipath=1
r4# cat /etc/hostname.vio0
inet 10.4.4.1 0xffff0000
up
r4# cat /etc/hostname.vio1
inet 10.3.4.1 0xffffff00
up
r4# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# global configuration
redistribute static
redistribute connected
redistribute default
KEY12="Ub4gwbQHmJfJwJdV"
KEY23="9QvfZWh3HIe0lEsS"
KEY24="aJIlRUBq9UVsnp9x"
KEY34="jwmmQOitXoKfVh8I"
KEY35="rG7DhWe35a7sLDMQ"
area 0.0.0.0 {
interface vio0 {
auth-type crypt
auth-md 1 $KEY24
auth-md-keyid 1
}
interface vio1 {
auth-type crypt
auth-md 1 $KEY34
auth-md-keyid 1
}
}
r4# cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.multipath=1
r5# cat /etc/hostname.vio0
inet 10.5.5.1 0xffff0000
up
r5# cat /etc/ospfd.conf
# $OpenBSD: ospfd.conf,v 1.2 2018/08/07 07:06:20 claudio Exp $
# global configuration
redistribute static
redistribute connected
redistribute default
KEY12="Ub4gwbQHmJfJwJdV"
KEY23="9QvfZWh3HIe0lEsS"
KEY24="aJIlRUBq9UVsnp9x"
KEY34="jwmmQOitXoKfVh8I"
KEY35="rG7DhWe35a7sLDMQ"
area 0.0.0.0 {
interface vio0 {
auth-type crypt
auth-md 1 $KEY35
auth-md-keyid 1
}
}
r5# cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ip.multipath=1
Note: Be careful to input the correct subnet masks. Interfaces connecting to 10.3/16 have a longer mask.
When set up correctly, r5 will now be able to reach the Internet:
r5# ping 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes 64 bytes from 1.1.1.1: icmp_seq=0 ttl=53 time=4.181 ms 64 bytes from 1.1.1.1: icmp_seq=1 ttl=53 time=4.353 ms
Note: It may take around one minute for routes to propagate. Be patient.
Querying ospfd
You can show the link state database:
r3# ospfctl show database
Router Link States (Area 0.0.0.0)
Link ID Adv Router Age Seq# Checksum
10.1.1.1 10.1.1.1 316 0x80000016 0x44b8
10.2.2.1 10.2.2.1 273 0x80000022 0x89ea
10.3.2.2 10.3.2.2 1224 0x8000001c 0x97d3
10.3.4.1 10.3.4.1 272 0x8000001b 0xf2b3
10.5.5.1 10.5.5.1 1215 0x80000017 0x2cb3
Net Link States (Area 0.0.0.0)
Link ID Adv Router Age Seq# Checksum
10.2.1.1 10.1.1.1 1657 0x80000009 0x5ac0
10.3.2.2 10.3.2.2 275 0x8000000b 0x4bc2
10.5.3.1 10.3.2.2 1224 0x80000003 0x7598
10.3.4.1 10.3.4.1 279 0x80000004 0x63ac
10.4.4.1 10.3.4.1 277 0x80000002 0x49c9
Type-5 AS External Link States
Link ID Adv Router Age Seq# Checksum
0.0.0.0 10.1.1.1 730 0x8000000a 0xe7f2
10.1.0.0 10.1.1.1 730 0x8000000a 0x5976
192.168.5.1 10.1.1.1 730 0x8000000a 0x5601
You can also show the forwarding information base:
r3# ospfctl show fib flags: * = valid, O = OSPF, C = Connected, S = Static Flags Prio Destination Nexthop *O 32 0.0.0.0/0 10.3.2.1 *O 32 10.1.0.0/16 10.3.2.1 *O 32 10.2.0.0/16 10.3.2.1 *C 4 10.3.2.0/24 10.3.2.2 *C 4 10.3.4.0/24 10.3.4.2 *O 32 10.4.0.0/16 10.3.2.1 *O 32 10.4.0.0/16 10.3.4.1 *C 4 10.5.0.0/16 10.5.3.1 *O 32 192.168.5.1/24 10.3.2.1 *C 0 127.0.0.0/8 link#0 *S 8 127.0.0.0/8 127.0.0.1 * 1 127.0.0.1/32 127.0.0.1 *S 8 224.0.0.0/4 127.0.0.1
And the Routing Information Base:
r3# ospfctl show rib Destination Nexthop Path Type Type Cost Uptime 10.1.1.1 10.3.2.1 Intra-Area Router 20 00:36:48 10.2.2.1 10.3.2.1 Intra-Area Router 10 00:36:48 10.3.2.2 0.0.0.0 C Intra-Area Router 0 00:37:33 10.3.4.1 10.3.4.1 Intra-Area Router 10 00:36:48 10.5.5.1 10.5.5.1 Intra-Area Router 10 00:22:22 10.2.0.0/16 10.3.2.1 Intra-Area Network 20 00:36:48 10.3.2.0/24 10.3.2.2 C Intra-Area Network 10 00:36:48 10.3.4.0/24 10.3.4.2 C Intra-Area Network 10 00:36:48 10.4.0.0/16 10.3.2.1 Intra-Area Network 20 00:36:48 10.4.0.0/16 10.3.4.1 Intra-Area Network 20 00:36:43 10.5.0.0/16 10.5.3.1 C Intra-Area Network 10 00:22:32 0.0.0.0/0 10.3.2.1 Type 1 ext Network 120 00:36:48 10.1.0.0/16 10.3.2.1 Type 1 ext Network 120 00:36:48 104.167.241.48/29 10.3.2.1 Type 1 ext Network 120 00:36:48 104.167.241.192/26 10.3.2.1 Type 1 ext Network 120 00:36:48
Troubleshooting
Run ospfctl to check if it shows neighbors:
# ospfctl show neighbor r3# ospfctl show neighbor ID Pri State DeadTime Address Iface Uptime 10.5.5.1 1 FULL/BCKUP 00:00:37 10.5.5.1 vio2 00:24:35 10.3.4.1 1 FULL/DR 00:00:39 10.3.4.1 vio1 00:38:53 10.2.2.1 1 FULL/BCKUP 00:00:37 10.3.2.1 vio0 00:38:51
If it does not show any neighbors, run it in debug mode with the verbose flag:
# ospfd -dv
Wait 60 seconds. If you see the error message below:
recv_packet: cannot find a matching interface
It may indicate that the IP addresses / subnet masks on the interfaces do not match up correctly.