[quagga-users 14760] ospfd annonces removed routes

Tue, 22 Aug 2017 02:45:22 -0700 

Hello
I have two VPN routers (Linux+Quagga+OpenVPN+IPsec) in my LAN hosting a number of VPN connections to customers servers. All the routers connected to inter-router VLAN 172.16.83.64/26 and uses one OSPF area. One VPN router (hostname vpn1, ip 172.16.83.68) is old, another is new (vpn3, 172.16.83.70). I move customers from vpn1 to vpn3 one-by-one. After reconfiguration a VPN client disconnects from vpn1 and few seconds later connects to vpn3. OpenVPN up/down scripts removes host route at vpn1 and add it at vpn3. I expect that OSPF reflects the route change in some seconds, but I see that an old route is still annonced by vpn1. So the central router (Cisco L3 switch, ip 172.16.83.65) shows two routes to the same remote host - one new via vpn3 and one old via vpn1. But the old route is not valid on vpn1, so packets travels switch-> vpn1->vpn3. 

It seems that OSPF tables got stuck at vpn1.

l3_switch#sh ip ospf database

            OSPF Router with ID (172.16.83.65) (Process ID 1)

                Router Link States (Area 172.16.80.0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
172.16.80.4     ns.solvo.ru     1271        0x80006570 0x006DCC 1
172.16.80.5     ns2.solvo.ru    1064        0x8001270F 0x008D3D 1
172.16.83.65    cat3560-vlan3.s 809         0x80010890 0x00F727 2
172.16.83.67    gw2-vlan3.solvo 1344        0x80004FEC 0x00E0E4 1
172.16.83.68    vpn1-vlan3.solv 1385        0x80012C4B 0x0078D3 3
172.16.83.70    vpn3-vlan3.solv 1264        0x80000BF9 0x008D66 1
172.16.89.9     ns3.solvo.ru    551         0x80000F6B 0x00DD65 2

                Net Link States (Area 172.16.80.0)

Link ID         ADV Router      Age         Seq#       Checksum
172.16.80.4     ns.solvo.ru     1071        0x80000022 0x00445A
172.16.83.70    vpn3-vlan3.solv 1704        0x80000BF2 0x00E7B0

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         gw2-vlan3.solvo 954         0x8000500F 0x0072AD 0
[...]
172.16.88.0     vpn3-vlan3.solv 1196        0x80000030 0x007CA7 0
172.16.88.4     vpn3-vlan3.solv 1166        0x80000005 0x00AAA0 0
172.16.88.6     vpn1-vlan3.solv 1328        0x8000002C 0x0054CF 0
172.16.88.6     vpn3-vlan3.solv 1136        0x80000020 0x0060CD 0
172.16.88.7     vpn1-vlan3.solv 1208        0x8000002C 0x004AD8 0
172.16.88.7     vpn3-vlan3.solv 1237        0x80000020 0x0056D6 0
172.16.88.8     vpn1-vlan3.solv 1168        0x8000002B 0x0042E0 0
172.16.88.8     vpn3-vlan3.solv 1217        0x80000020 0x004CDF 0
172.16.88.9     vpn1-vlan3.solv 1358        0x8000002C 0x0036EA 0
172.16.88.9     vpn3-vlan3.solv 1137        0x80000020 0x0042E8 0
172.16.88.10    vpn1-vlan3.solv 1028        0x8000002D 0x002AF4 0
172.16.88.10    vpn3-vlan3.solv 1137        0x80000028 0x0028F9 0
172.16.88.11    vpn3-vlan3.solv 1207        0x80000002 0x006ADC 0
172.16.88.13    vpn1-vlan3.solv 938         0x8000002D 0x000C10 0
172.16.88.13    vpn3-vlan3.solv 1497        0x80000027 0x000C14 0
172.16.88.14    vpn1-vlan3.solv 1088        0x8000002D 0x000219 0
172.16.88.14    vpn3-vlan3.solv 1197        0x80000029 0x00FD1F 0

[root@vpn1 ~]# ip route show | grep 172.16.88
172.16.88.7 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.6 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.4 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.11 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.10 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.9 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.8 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.14 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.13 via 172.16.83.70 dev eth0.3  proto zebra  metric 20
172.16.88.0/24 via 172.16.83.70 dev eth0.3  proto zebra  metric 20

[root@vpn1 ~]# vtysh

Hello, this is Quagga (version 1.2.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

vpn1.solvo.ru# sh ru
Building configuration...

Current configuration:
!
hostname vpn1.solvo.ru
log file /var/log/quagga/zebra.log
log syslog informational
log facility local4
log record-priority
log timestamp precision 1
!
service advanced-vty
service password-encryption
!
password 8 ************
!
interface eth0
 bandwidth 100000
 description "DMZ PI network (VLAN 5)"
 ip address <hide public ip>
 ip ospf authentication-key daCzCt
!
interface eth0.3
 bandwidth 100000
 description "LAN routing network (VLAN 3)"
 ip address 172.16.83.68/26
 ip ospf authentication-key *******
!
interface lo
 bandwidth 1000000
 description "Loopback"
!
interface sit0
!
interface tun0
!
interface tun1
!
interface tun2
!
interface tun3
!
interface tun4
!
interface tun5
!
router ospf
 ospf router-id 172.16.83.68
 log-adjacency-changes detail
 auto-cost reference-bandwidth 1000
 redistribute kernel route-map LAN
 redistribute connected route-map LAN
 redistribute static route-map LAN
 passive-interface tun1
 passive-interface tun2
 passive-interface tun3
 passive-interface tun4
 passive-interface tun5
 network 172.16.83.68/26 area 172.16.80.0
 network 172.16.87.0/24 area 172.16.80.0
 area 172.16.80.0 authentication
!
ip route 0.0.0.0/0 <hide public ip>
[...]
!
access-list rfc1918 remark Local (RFC1918) networks
access-list rfc1918 permit 10.0.0.0/8
access-list rfc1918 permit 192.168.0.0/16
access-list rfc1918 permit 172.16.0.0/12
access-list rfc1918 deny any
!
route-map LAN permit 10
 match ip address rfc1918
!
ip forwarding
!
line vty
!
end

[root@vpn3 ~]# ip route show | grep 172.16.88
172.16.88.0/24 dev tun3  proto kernel  scope link  src 172.16.88.1
172.16.88.4 dev tun3  scope link
172.16.88.6 dev tun3  scope link
172.16.88.7 dev tun3  scope link
172.16.88.8 dev tun3  scope link
172.16.88.9 dev tun3  scope link
172.16.88.10 dev tun3  scope link
172.16.88.11 dev tun3  scope link
172.16.88.13 dev tun3  scope link
172.16.88.14 dev tun3  scope link

[root@vpn3 ~]# vtysh

Hello, this is Quagga (version 1.2.1).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

vpn3.solvo.ru# sh ru
Building configuration...

Current configuration:
!
hostname vpn3.solvo.ru
log file /var/log/quagga/zebra.log
log syslog informational
log facility local4
log record-priority
log timestamp precision 1
!
service advanced-vty
service password-encryption
!
password 8 ***********
!
interface eth0
 bandwidth 1000000
 description "LAN routing network (VLAN3)"
 ip address 172.16.83.70/26
 ip ospf authentication-key daCzCt
!
interface eth1
 bandwidth 100000
 description "Public network (VLAN5)"
 ip address <hide public ip>
 ip ospf authentication-key ******
!
interface lo
 bandwidth 1000000
 description "Loopback"
!
interface tun3
!
router ospf
 ospf router-id 172.16.83.70
 log-adjacency-changes detail
 auto-cost reference-bandwidth 1000
 redistribute kernel route-map LAN
 redistribute connected route-map LAN
 redistribute static route-map LAN
 network 172.16.83.70/26 area 172.16.80.0
 area 172.16.80.0 authentication
!
ip route 0.0.0.0/0 <hide public ip>
[...]
!
access-list rfc1918 remark Local (RFC1918) networks
access-list rfc1918 permit 10.0.0.0/8
access-list rfc1918 permit 192.168.0.0/16
access-list rfc1918 permit 172.16.0.0/12
access-list rfc1918 deny any
!
route-map LAN permit 10
 match ip address rfc1918
!
ip forwarding
!
line vty
!
end

--
Ivan Kuznetsov
SOLVO ltd
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users














    











					Reply via email to