OSPF anycast prefix being filtered

Ondrej Zajicek santiago at crfreenet.org
Fri Apr 10 11:29:24 CEST 2015 

On Fri, Apr 10, 2015 at 10:23:23AM +0200, Patrik Lundin wrote:
> On Wed, Apr 1, 2015 at 5:12 PM, Ondrej Zajicek <santiago at crfreenet.org> wrote:
> > On Wed, Apr 01, 2015 at 05:01:01PM +0200, Patrik Lundin wrote:
> >>
> >> I specifically noticed that OSPF is supposed to create routes for its
> >> own interfaces.
> >
> > Yes it is supposed to do that. Although handling of 'lo' is kind of
> > special case and in some circumstances does not work as expected. In that
> > case it is often useful to try dummy interface instead of lo interface.
> >
> 
> I thought I should report back on my continued adventures. Like you said using
> the lo interface seemed to work for IPv4, but I noticed bird6 would
> not pick up a
> /128 prefix assigned to lo in the same way.
> 
> I found this had been discussed earlier:
> http://marc.info/?l=bird-users&m=130087394302820&w=2
> 
> Because of this I decided to abandon the use of lo altogether, and
> just use dummy
> interfaces which worked fine for both protocols.
> 
...
> Some things to note:
> 
> * I have not decided on the best way to create the dummy interfaces,
> the solution above
> was just a quick hack but it seems to work well.

Just add 'dummy' to /etc/modules, it will be loaded and dummy0 will be
created by default.

> * While bird defaults to a "ptp" link type for eth0, bird6 defaults to
> "broadcast".
> 
> * The dummy0 interface defaults to being a stub interface in bird,
> while it requires
> configuration in bird6.

That is because OSPFv2 uses IPv4 addresses where /31 signalize ptp link
and /32 stub link, OSPFv3 uses IPv6 link-local addresses and there is
/64 everywhere.

> The above configuration works well, the main thing I am still not sure
> about if is there is
> a "best" way to take a specific anycast node out of rotation if it
> needs maintenance. Anyone
> have any experience with this? General ideas are appreciated as well!

There are two possibilities:

1) Shut down dummy interface (ip link set dummy0 down), OSPF should
immediately stop propagating attached addresses. This is probably the
cleanest solution. You could even have multiple dummy interfaces with
different addresses for different services and disable them
independently.

2) Shut down OSPF protocol (birdc disable ospf1), OSPF would immediately
de-peer. It should be also immediate, although in unusual cases you have
to wait for timeout.

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20150410/d4023071/attachment.asc>

More information about the Bird-users mailing list