OSPF: Route attribute "ospf_tag" lost between different OSPF instances

markus/grundmann markus at grundmann.email
Wed Dec 28 01:51:46 CET 2016


It seems very dirty or a failure on my site was done. Currently I'm
behind of two OpenVPN-based connections that speaking OSPF.

Both links using the ospf_metric1 and ospf_metric2 variables to control
the traffic flow. Now I have used additional "bgp_med" on the second
OSPF instances and the former routes of the first link was also injected
into the FIB of FreeBSD but some seconds later I'm offline *grr*. The
default route was delete by bird from the FIB. After I have disabled the
second link and set a static route to the VPN gateway I was able to fix
the issue on the central VPN *puuuhhh* *its*warm*

Here now my feature request *g*...

filter foo1_import {
      if ospf_tag[<label_of_ospf_instace>|<instance_id>] = 123 then accept;
      if net ~ 10.0.0.0/8 then accept;
      else reject;
}

protocol ospf foo2 {
       label foo2;
}

Regards,
Markus

On 28.12.2016 01:33, markus/grundmann wrote:
> It works!!! I have tried only from one import-filter to one
> export-filter and now I see the routes I want.
>
> On 28.12.2016 01:28, markus/grundmann wrote:
>> Ondrej that's sounds good but it will only available for two OSPF
>> instances  right?
>> When I use this variable to store the current tag it will override by
>> all other filters.
>>
>> On 28.12.2016 01:25, Ondrej Zajicek wrote:
>>> On Wed, Dec 28, 2016 at 12:49:16AM +0100, markus/grundmann wrote:
>>>> I tried to use this "variable" ;-) *lol*
>>>>
>>>> [snip]
>>>>         if ospf_rcv_tag = 510 then {
>>>>            ospf_metric1 = SEC_M1_VPN;
>>>>            ospf_metric2 = SEC_M2_VPN;
>>>>            accept;
>>>>         }
>>>> [/snap]
>>> That was just a contemplation about possible design options.
>>>
>>> If you need current time workaround, the simplest way is to abuse some
>>> other integer attribute (e.g. bgp_med) to store the value [1] in the
>>> import filter of the first OSPF instance, then restore it [2] in the
>>> export filter of the second OSPF instance. It is a dirty untested
>>> trick, but it should work.
>>>
>>> [1] bgp_med = ospf_tag;
>>>
>>> [2] ospf_tag = bgp_med;
>>>
>


-- 

Best regards,
Markus

Better Privacy with PGP encrypted Mail: http://markusgrundmann.com/pgp/
Fingerprint: 15DE 06CA 3683 C004 0A26 7086 CD81 E5D6 7D2D 4E31
Threema ID: 7ZRET2JY

„Wer die Freiheit aufgibt um Sicherheit zu gewinnen, 
 der wird am Ende beides verlieren.“ -- Benjamin Franklin

loc: 40.43153,-111.933092


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20161228/ee101381/attachment.asc>


More information about the Bird-users mailing list