bsd/ospf | bsd/ospf-n-bgp | bsd/bgp | cisco/ospf | cisco/ospf-n-bgp | cisco/bgp
Here we have three OSPF routers sharing a single area, and with a global default route.
Router IDs (type Router) do not need to have a true IP on the wire. Those do not conflict with routed IPs (type Network).
There’s no default route defined on any router here but on router2.
Enable forwarding
sysctl net.inet.ip.forwarding=1 echo net.inet.ip.forwarding=1 >> /etc/sysctl.conf
vpcs*
ip 10.0.0.1/24 10.0.0.254 ip 10.3.3.1/24 10.3.3.254 save
workstation (libvirt)
no need for static routes because we’re doing NAT within the PoC (on router2)
router*
hostname router1
hostname router2
hostname router3
vi /etc/myname
router1
router2
router3
vi /etc/hostname.vio0
inet 10.1.1.1/24
inet 10.1.1.254/24
inet 10.2.2.1/24
vi /etc/hostname.vio1
inet 10.0.0.254/24
inet 10.2.2.254/24
inet 10.3.3.254/24
# router2 only --- gateway gets defined there
vi /etc/hostname.vio2
dhcp
ls -lF /etc/mygate # no exist
apply network setup
sh /etc/netstart
router*
vi /etc/ospfd.conf
# router1
router-id 1.1.1.1
redistribute connected
area 0.0.0.0 {
interface vio0
}
# router2 has a default route
router-id 2.2.2.2
redistribute connected
redistribute default
area 0.0.0.0 {
interface vio0
interface vio1
}
# router3
router-id 3.3.3.3
redistribute connected
area 0.0.0.0 {
interface vio0
}
chmod 600 /etc/ospfd.conf
make sure there’s NO DEFAULT GATEWAY defined but on router2
netstat -rn -f inet
you will need your own nat for all your networks to reach virbr0 (192.168.122.0/24)
router2 only
mv /etc/pf.conf /etc/pf.conf.dist
vi /etc/pf.conf
pass out on vio2 from 10.0.0.0/24 to any nat-to (vio2)
pass out on vio2 from 10.1.1.0/24 to any nat-to (vio2)
pass out on vio2 from 10.2.2.0/24 to any nat-to (vio2)
pass out on vio2 from 10.3.3.0/24 to any nat-to (vio2)
pfctl -nf /etc/pf.conf
pfctl -f /etc/pf.conf
try it once in debug mode
ospfd -d ^C
enable at boot-time and start
tail -f /var/log/daemon rcctl enable ospfd rcctl start ospfd
check status and terminate
rcctl check ospfd rcctl stop ospfd
show your neighbors, shared and aquired routes
ospfctl show neighbor ospfctl show rib ospfctl show fib ospf
then ping a leaf node from one side of the network to another, and also try to reach the public network to some DNS open relay that actually conflicts with some of our router IDs (does NOT conflict)
vpcs1
ping 10.4.4.1 trace 10.4.4.1 ping 1.1.1.1 trace 1.1.1.1
in case you’re having your own workstation instead e.g. the left-hand leaf node, you need to tune the routes as it has a better default route already.
(linux)
ip route add 10.0.0.0/24 via 192.168.122.X ip route add 10.1.1.0/24 via 192.168.122.X ip route add 10.2.2.0/24 via 192.168.122.X ip route add 10.3.3.0/24 via 192.168.122.X
enabling auth between routers
interface xnf0 {
auth-type simple
auth-key PASSWORD-HERE
}
ospfd.conf — Open Shortest Path First daemon configuration file https://man.openbsd.org/ospfd.conf.5
OpenBGPD Presentations and Papers http://www.openbgpd.org/papers.html
Routing with OpenBSD https://www.openbsd.org/papers/linuxtag06-network/index.html
OpenBSD FAQ - Networking https://www.openbsd.org/faq/faq6.html
OpenBSD FAQ - System Management https://www.openbsd.org/faq/faq10.html
Howto OSPF sous OpenBSD https://wiki.evolix.org/HowtoOpenBSD/OSPF
VPLS basic test setup https://github.com/rwestphal/openbsd-ldpd/wiki/VPLS-basic-test-setup
Configure Some Basic OSPF Routing Scenarios https://www.alliedtelesis.com/sites/default/files/documents/configuration-guides/howto_aw-_config_basic_ospf_routing_revd.pdf
How to configure OSPF Default Route https://networklessons.com/ospf/how-to-configure-ospf-default-route