Injecting OSPF learned routes (only)

Tue Feb 27 08:29:27 CET 2024

G'Morning Nico,

On 27.02.24 04:30, Nico Schottelius via Bird-users wrote:
> 
> Good morning bird users,
> 
> I am a bit puzzled about properly adding OSPF learned routes into the
> kernel and let me show you why:
> 
> If I use a filter such as:
> 
> filter static_and_bgp_and_ospf {
>   if(source = RTS_STATIC || source = RTS_BGP || source = RTS_OSPF) then accept;
>   reject;
> }
> 
> And configure the kernel to use it like this:
> 
> protocol kernel kernel_v4 {
>         ipv4 { export filter static_and_bgp_and_ospf; };
> }
> 
> protocol kernel kernel_v6 {
>         ipv6 { export filter static_and_bgp_and_ospf; };
> }
> 
> 
> Then I get route duplications in the kernel:
> 
> [04:29] server123.place10:~# ip r | grep 147.78.195.224/27
> 147.78.195.224/27 dev eth1 proto kernel scope link src 147.78.195.254
> 147.78.195.224/27 dev eth1 proto bird scope link metric 32
> 
> The reason for that semes:
> 
> - server123 has the route because of an interface address
> - other hosts in the network also have an interface in that network
> 
> While this is not necessarily a big problem, it seems wrong to inject
> the route, because we learned it from OSPF, even though we already had
> it in the first place.
> 

My takeaway was always: Even it looks odd at first, it should be
correct, because: If for some reason system-A looses its address on that
interface, the network/route available on this interface still stands
true. In addition, these routes are not the "same". The destination
maybe is, but `proto` and `metric` and other attributes are different.
But given that I'm also no expert on the field and just added enough
glue that it holds together...
But I've never encountered any issues with these kind of routes.

In addition: if you use i.e. `keepalived` then you get also routes with
`proto vrrp` into the kernel.

> How do you usually handle inserting OSPF learned routes? Do you just
> have them duplicate or do you have some logic that resembles..
> 
>      "If I already have that route and I receive it again from outside
>       (such as OSPF), do not inject it again"
> 
> ?
> 
> Looking forward to read how you handle this logic!
> 
I would be interested in this answer, too. Am I'm using it "wrong" for
years, or is it just the way it is, and this is actually the correct
behavior of the system and the user.

Best,
Bernd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20240227/cf4cebd7/attachment.sig>