Hello Bradley, if I add that route to /etc/hostname.vr3 I have no access to 10.1.111.11, even from the local router. After reboot I have to delete and add that route again by hand to make everything work (sometimes I have to repeat delete/add few times to make it work). It's 7.2/i386. Any idea?
[10.109.3.15] $ cat /etc/hostname.vr3 inet 10.1.111.1 255.255.255.0 !sleep 60 !route add 10.1.111.11 10.1.111.1 [10.109.3.15] $ route -n show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 10.109.3.254 UGS 5 10 - 8 vr0 224/4 127.0.0.1 URS 0 56 32768 8 lo0 10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1 10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1 10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1 10.1.111/24 10.1.111.1 UCn 0 0 - 4 vr3 10.1.111.1 00:00:24:cb:4f:cf UHLhl 1 2 - 1 vr3 10.1.111.11 10.1.111.1 UGHS 0 104 - 8 vr3 10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3 10.1.222/24 10.109.3.16 UG 0 0 - 32 vr0 10.109.3/24 10.109.3.15 UCn 3 18 - 4 vr0 10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 11 - 3 vr0 10.109.3.15 00:00:24:cb:4f:cc UHLl 0 13 - 1 vr0 10.109.3.16 00:00:24:cd:90:10 UHLch 1 11 - 3 vr0 10.109.3.254 00:0d:b9:35:39:29 UHLch 1 16 - 3 vr0 10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0 then... [10.109.3.15] $ route delete 10.1.111.11 10.1.111.1 delete host 10.1.111.11: gateway 10.1.111.1 [10.109.3.15] $ route add 10.1.111.11 10.1.111.1 add host 10.1.111.11: gateway 10.1.111.1 [10.109.3.15] $ route -n show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 10.109.3.254 UGS 5 11 - 8 vr0 224/4 127.0.0.1 URS 0 137 32768 8 lo0 10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1 10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1 10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1 10.1.111/24 10.1.111.1 UCn 1 0 - 4 vr3 10.1.111.1 00:00:24:cb:4f:cf UHLhl 1 15 - 1 vr3 10.1.111.11 00:00:24:cb:4f:d0 UHLc 0 172 - 3 vr3 10.1.111.11 10.1.111.1 UGHS 0 0 - 8 vr3 10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3 10.1.222/24 10.109.3.16 UG 0 170 - 32 vr0 10.109.3/24 10.109.3.15 UCn 3 28 - 4 vr0 10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 22 - 3 vr0 10.109.3.15 00:00:24:cb:4f:cc UHLl 0 24 - 1 vr0 10.109.3.16 00:00:24:cd:90:10 UHLch 1 33 - 3 vr0 10.109.3.254 00:0d:b9:35:39:29 UHLch 1 24 - 3 vr0 10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0 On Thu, 9 Feb 2023 07:47:33 +1100 Bradley Latus <brad.la...@gmail.com> wrote: > Hi, > I see a small mistake > > You need to add that route to vr3 interface when you bring it up, vr0 will > most likely be up before vr3 so that is why your route adding in the > hostname.vr0 is wrong. > > Cheers > > On Thu, 9 Feb 2023, 01:36 Radek, <r...@int.pl> wrote: > > > Hello Bradley, > > thank you, your setup works the way I need. > > > > I can't deal with adding the static route permanently. I have to add the > > static route by hand (route add 10.1.111.11/32 10.1.111.1) after reboot. > > Did I missed something? > > > > [10.109.3.15] $ cat /etc/hostname.vr0 > > -inet > > dhcp > > #inet 10.109.3.15 255.255.255.0 > > !sleep 60 > > !route add 10.1.111.11/32 10.1.111.1 > > > > After reboot it looks like this: > > > > [10.109.3.15] $ route -n show > > Routing tables > > > > Internet: > > Destination Gateway Flags Refs Use Mtu Prio > > Iface > > default 10.109.3.254 UGS 5 15 - 8 vr0 > > 224/4 127.0.0.1 URS 0 59 32768 8 lo0 > > 10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1 > > 10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1 > > 10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1 > > 10.1.111/24 10.1.111.1 UCn 1 0 - 4 vr3 > > 10.1.111.1 00:00:24:cb:4f:cf UHLl 0 3 - 1 vr3 > > 10.1.111.11 00:00:24:cb:4f:d0 UHLc 0 2 - 3 vr3 > > 10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3 > > 10.1.222/24 10.109.3.16 UG 0 0 - 32 vr0 > > 10.109.3/24 10.109.3.15 UCn 3 40 - 4 vr0 > > 10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 29 - 3 vr0 > > 10.109.3.15 00:00:24:cb:4f:cc UHLl 0 13 - 1 vr0 > > 10.109.3.16 00:00:24:cd:90:10 UHLch 1 26 - 3 vr0 > > 10.109.3.254 00:0d:b9:35:39:29 UHLch 1 31 - 3 vr0 > > 10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0 > > 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0 > > 127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0 > > > > > > On Tue, 7 Feb 2023 17:54:27 +1100 > > Bradley Latus <brad.la...@gmail.com> wrote: > > > > > Hi all, > > > > > > I have done an experiment. > > > > > > If your interface is part of an area, it will be advertised always. > > > > > > If you wanted to advertise only /32 this is how I got mine to work. > > > Ensure your interface vr3 is not in your ospf area > > > > > > Add a static route to the one you wish to advertise, it appears that > > unless > > > a route exists on the machine you cannot redistribute a random ip. > > > > > > So route add 10.1.111.11/32 10.1.111.1 > > > > > > Then you can redistribute your /32 > > > > > > > > > > > > router-id 10.109.3.15 > > > redistribute 10.1.111.11/32 > > > > > > area 0.0.0.0 { > > > interface vr0 > > > } > > > > > > > > > > > > On Tue, 7 Feb 2023, 02:46 Radek, <r...@int.pl> wrote: > > > > > > > Hello, > > > > > I’d check the databases on both sides. > > > > > And flush/reload the config and fibs. > > > > I reloaded and restarted OSPFd on both sides - nothing changes. Then, I > > > > rebooted routers on both sides - nothing changes. > > > > I still can see/ping the whole 10.1.111.0/24 subnet from the far end. > > > > > > > > [10.109.3.15]$ ospfctl show database router > > > > > > > > Router Link States (Area 0.0.0.0) > > > > > > > > LS age: 238 > > > > Options: -|-|-|-|-|-|E|- > > > > LS Type: Router > > > > Link State ID: 10.109.3.15 > > > > Advertising Router: 10.109.3.15 > > > > LS Seq Number: 0x80000016 > > > > Checksum: 0x6d0a > > > > Length: 48 > > > > Flags: *|*|*|*|*|-|E|- > > > > Number of Links: 2 > > > > > > > > Link connected to: Stub Network > > > > Link ID (Network ID): 10.1.111.0 > > > > Link Data (Network Mask): 255.255.255.0 > > > > Metric: 10 > > > > > > > > Link connected to: Transit Network > > > > Link ID (Designated Router address): 10.109.3.16 > > > > Link Data (Router Interface address): 10.109.3.15 > > > > Metric: 10 > > > > > > > > LS age: 239 > > > > Options: -|-|-|-|-|-|E|- > > > > LS Type: Router > > > > Link State ID: 10.109.3.16 > > > > Advertising Router: 10.109.3.16 > > > > LS Seq Number: 0x80000016 > > > > Checksum: 0xb058 > > > > Length: 36 > > > > Flags: *|*|*|*|*|-|E|- > > > > Number of Links: 1 > > > > > > > > Link connected to: Transit Network > > > > Link ID (Designated Router address): 10.109.3.16 > > > > Link Data (Router Interface address): 10.109.3.16 > > > > Metric: 10 > > > > > > > > > > > > [10.109.3.16]$ ospfctl show fib > > > > flags: * = valid, O = OSPF, C = Connected, S = Static > > > > Flags Prio Destination Nexthop > > > > *S 8 0.0.0.0/0 10.109.3.254 > > > > *O 32 10.1.111.0/24 10.109.3.15 > > > > > > > > > > > > On Sun, 5 Feb 2023 22:20:07 +0100 > > > > Diederik Schouten <dsch...@high5.net> wrote: > > > > > > > > > Hello, > > > > > > > > > > I’d check the databases on both sides. > > > > > And flush/reload the config and fibs. > > > > > Then check again which link state advertisements are in the database. > > > > > To make sure you now get the /32 advertised. > > > > > > > > > > Sent from my iPhone > > > > > > > > > > > On 5 Feb 2023, at 21:15, Radek <r...@int.pl> wrote: > > > > > > > > > > > > Hello Diederik, hello Tom, > > > > > > this is a simple lab/testing configuration, that's why there is no > > > > "passive" and other... > > > > > > The purpose of this configuration is to allow access to certain IP > > > > address and restrict access to the rest of the subnet. > > > > > > I can use PF to block/pass what I need... but I'm trying make sure > > if > > > > I can do it by announcing "not more than needed" over OSPF. > > > > > > > > > > > > "redistribute 10.1.111.11/32" seems to be what I need, but > > probally I > > > > missed something, because this option doesn't work for me as expected. > > > > > > > > > > > > $ cat /etc/ospfd.conf > > > > > > router-id 10.109.3.15 > > > > > > redistribute 10.1.111.11/32 > > > > > > > > > > > > area 0.0.0.0 { > > > > > > interface vr0 > > > > > > interface vr3 > > > > > > } > > > > > > > > > > > > Then, I can still see/ping other IPs in 10.1.111.0/24 from the far > > > > end network. > > > > > > > > > > > > On the far router I can see the whole subnet instead of somthing > > like > > > > " *O 32 10.1.111.11/24 10.109.3.15". > > > > > > > > > > > > $ ospfctl show fib > > > > > > flags: * = valid, O = OSPF, C = Connected, S = Static > > > > > > Flags Prio Destination Nexthop > > > > > > *S 8 0.0.0.0/0 10.109.3.254 > > > > > > *O 32 10.1.111.0/24 10.109.3.15 > > > > > > > > > > > > Any clues? > > > > > > > > > > > >> On Sat, 4 Feb 2023 23:16:57 +0000 > > > > > >> Tom Smyth <tom.sm...@wirelessconnect.eu> wrote: > > > > > >> > > > > > >> Hi Radek, > > > > > >> > > > > > >> it is better practice to add ospf network statements to > > ospfd.conf > > > > > >> (if you dont want to send / recieve ospf messages on an interface > > set > > > > the > > > > > >> interface to passive in ospfd.conf > > > > > >> avoid redistribute connected > > > > > >> (add the network you want to be added to your ospf network) and > > leave > > > > the > > > > > >> other network ommitted from your ospfd.conf > > > > > >> > > > > > >> > > > > > >> I hope this helps, > > > > > >> > > > > > >> > > > > > >>> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote: > > > > > >>> > > > > > >>> Hello, > > > > > >>> is it possible to announce over OSPF only one (or a few > > specific) IP > > > > > >>> address instead of the whole subnet? > > > > > >>> If yes.. an ospfd.conf example would be appreciated. > > > > > >>> > > > > > >>> $ cat /etc/hostname.vr3 > > > > > >>> inet 10.1.111.1 255.255.255.0 > > > > > >>> > > > > > >>> $ cat /etc/ospfd.conf > > > > > >>> router-id 10.109.3.15 > > > > > >>> redistribute connected > > > > > >>> > > > > > >>> area 0.0.0.0 { > > > > > >>> interface vr0 > > > > > >>> interface vr3 > > > > > >>> } > > > > > >>> > > > > > >>> Thanks, > > > > > >>> Radek > > > > > >>> > > > > > >>> > > > > > >> > > > > > >> -- > > > > > >> Kindest regards, > > > > > >> Tom Smyth. > > > > > > > > > > > > > > > > > > Radek > > > > > > > > > > > > > > > > > > > > > > > Radek > > > > > > > > > > > > > > Radek > > > > Radek