Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides :: FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon)

!
interface gre0
ip ospf hello-interval 2
ip ospf dead-interval 6
!
router ospf
ospf router-id A2.A2.A2.A2
redistribute static
network A2.A2.A2.A2/30 area 0.0.0.0
!

FreeBSD-A# tcpdump -nnvi gre0
tcpdump: listening on gre3, link-type NULL (BSD loopback), capture size 96 bytes

13:23:15.745604 IP (tos 0xc0, ttl 1, id 42243, offset 0, flags [none], proto: OSPF (89), length: 68) A2.A2.A2.A2 > 224.0.0.5: OSPFv2, Hello, length: 48
Router-ID: A2.A2.A2.A2, Backbone Area, Authentication Type: none (0)
Options: [External]
   Hello Timer: 2s, Dead Timer 6s, Mask: 0.0.0.0, Priority: 1
   Neighbor List:
   B2.B2.B2.B2
13:23:16.002287 IP (tos 0xc0, ttl 1, id 35190, offset 0, flags [none], proto: OSPF (89), length: 68) B2.B2.B2.B2 > 224.0.0.5: OSPFv2, Hello, length: 48
Router-ID: B2.B2.B2.B2, Backbone Area, Authentication Type: none (0)
Options: [External]
   Hello Timer: 2s, Dead Timer 6s, Mask: 255.255.255.252, Priority: 128
   Neighbor List:
   A2.A2.A2.A2

Author:	admin [ Sun Oct 30, 2011 7:36 am ]
Post subject:	FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 2
After setting up the IPSec tunnel between the two FreeBSD hosts (FreeBSD-A and FreeBSD-B) in part 1 (http://forum.ivorde.ro/freebsd-to-freebsd-ospf-over-gre-over-ipsec-transport-mode-racoon-part-1-t860.html using gre0 interfaces on both nodes, in this part I set up OSPF. The relevant OSPFD configuration (quagga) on both nodes is simple. This is for FreeBSD-A node: Code: ! interface gre0 ip ospf hello-interval 2 ip ospf dead-interval 6 ! router ospf ospf router-id A2.A2.A2.A2 redistribute static network A2.A2.A2.A2/30 area 0.0.0.0 ! Ospf "hello" packets travel on the tunnel at 2 seconds intervals and ospf neighbour dead-interval is 6 seconds. These settings need to be identical on both nodes, otherwise ospf adjacency will not occur. In case it fails, a good way to debug ospf adjacency is using tcpdump and looking at the data advertised by both OSPF nodes (can't call them "neighbours" yet). Code: FreeBSD-A# tcpdump -nnvi gre0 tcpdump: listening on gre3, link-type NULL (BSD loopback), capture size 96 bytes 13:23:15.745604 IP (tos 0xc0, ttl 1, id 42243, offset 0, flags [none], proto: OSPF (89), length: 68) A2.A2.A2.A2 > 224.0.0.5: OSPFv2, Hello, length: 48 Router-ID: A2.A2.A2.A2, Backbone Area, Authentication Type: none (0) Options: [External] Hello Timer: 2s, Dead Timer 6s, Mask: 0.0.0.0, Priority: 1 Neighbor List: B2.B2.B2.B2 13:23:16.002287 IP (tos 0xc0, ttl 1, id 35190, offset 0, flags [none], proto: OSPF (89), length: 68) B2.B2.B2.B2 > 224.0.0.5: OSPFv2, Hello, length: 48 Router-ID: B2.B2.B2.B2, Backbone Area, Authentication Type: none (0) Options: [External] Hello Timer: 2s, Dead Timer 6s, Mask: 255.255.255.252, Priority: 128 Neighbor List: A2.A2.A2.A2 The above output shows that FreeBSD-A node receives OSPF "hello" multicasts from FreeBSD-B and that it also sends. Both nodes use same "hello timer" and "dead-interval" settings. Soon I will post more info on debugging quagga ospf peering.

Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides https://forum.ivorde.com/

FreeBSD to FreeBSD - OSPF over GRE over Ipsec transport mode (racoon) - Part 2 https://forum.ivorde.com/freebsd-to-freebsd-ospf-over-gre-over-ipsec-transport-mode-racoon-part-2-t877.html	Page 1 of 1

Page 1 of 1	All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group http://www.phpbb.com/