Limit on how many neighbors

Magnus Löfqvist ml at vmi.se
Sun Oct 15 10:32:08 CEST 2017


Hi,

We using PTMP and it is not using multicast, so I guess realbroadcast switch is not applicatible.

We are having multipelt openvpn servers (both in same server and in multiply servers) for failover etc.

As we also pay per MB (as standard on mobile connections) we are intressed to keep the payload as small as possible.

As we have control over the hole chain, perhaps OSPF are not the way go then?

If I drop the requirment to keep the config in the main servers static, perhaps iBGP with RR (Route Reflector) would work?

Any through?

/ Magnus



Sent from Nine<http://www.9folders.com/>
________________________________
Från: Tapio Haapala <tapio.haapala at f-solutions.fi>
Sänt: 15 okt. 2017 02:55
Till: bird-users at network.cz
Ämne: Re: Limit on how many neighbors

Have you tested use realbroadcast flag at bird? It is not compatible with other softwares but usually it helps when you have wierd problems at unstable mobile vpn connections to get all clients initialized. By default ospf use multicast. As sad it is multicast implementations in kernels, switches etc more or less always broken. So I suggest to test that.

Another thing is also that I am not sure how good idea it is run over 100 client ospf farm at one "L2". I suggest that you run multiple openvpn servers instances and split connections between them. That way you can get also reduntancy. If you limit max clients at server side and add multiple remote addresses to client side your client will choose next server if first is full. Also if you have multiple physic servers then it allow helps you when you want update one of them.

Naturally that splitting is just workaround for original problem and then we will not never know what that problem was in first place :) That why for curiosity I suggest first to test with that "real bloardact yes" flag at all routers and we will see that is that problem in bird it self or on openvpn bridge/kernel side.

Magnus Löfqvist kirjoitti 14.10.2017 klo 20.27:
Hi again,

Just a throught, we dont need our endpoints to know about each other, in fact, we do firewalling not to allow traffic between them.

Are there any better solutions, instead of ospf, where we can have more than 100 endpoints getting there routes from a central server, and where we dont need to specify evry neigboor at the system?

/ Magnus

________________________________
Från: Magnus Löfqvist
Sänt: 13 okt. 2017 23:31
Till: Ondrej Zajicek
Kopia: bird-users at network.cz<mailto:bird-users at network.cz>
Ämne: Re: Limit on how many neighbors

Hi,

I agree with you, it should not be the case here.
But,  we are running over mobile networks, and the openvpn adds some overhead.

Running some tcpdump shows that the packet lenght of the hello packet is just about 480, and that should be ok.

If we change to another openvpn instance/interface and change over to that it works directly.

I have also updated bird on our mainrouter to 1.6.3 (latest), but the issue still exist.

I have attached our config files (bird.conf (mainrouter), bird_client.conf (from one of the end router)).
My OSPF knowlege are limited, so I guess that I have made some errors :)

The main feature we need is to distribute some external routes (10.3.50.0/24, 10.3.60.0/24), and distribute back the endpoints IP networks (10.98.x.x/30)

/ Magnus

________________________________
Från: Ondrej Zajicek <santiago at crfreenet.org><mailto:santiago at crfreenet.org>
Sänt: 13 okt. 2017 13:13
Till: Magnus Löfqvist
Kopia: bird-users at network.cz<mailto:bird-users at network.cz>
Ämne: Re: Limit on how many neighbors

On Thu, Oct 12, 2017 at 11:43:03AM +0000, Magnus Löfqvist wrote:
> Hi,
>
> We are running Bird with OSPF between embedded routers (openwrt) (mobile routers).
> The routers are connected to our main server with openvpn, and we are using bird ontop on openvpn to deliver routes to the end routers.
>
> This have worked quite well, but today we notice some glitches.
> We had some routers that did not finish election (ie, stand in init instead of being full).
> When we count, there are exactly 100 devices that are in "full", and 3 in init.
>
> Are there any limit on how many neighbors/routers?

Hi

There is AFAIK no hard limit, but there is an issue that if you have too
many neighbors, you end with Router-LSA that does not fit into MTU and
will be sent using fragmented IP packets. Which usually works, but may be
problematic. But that is probably not relevant, as if there were such
problem, they would stuck in later stage of exchange and not in 'init'.

So i have no idea why they stuck in 'init'. Isn't there any
misconfiguration? Is there anything in logs? Did they corrected after
restart?

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org<mailto:santiago at crfreenet.org>)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20171015/8a3835c5/attachment.html>


More information about the Bird-users mailing list