OSPF wireguard fallback

chrono chrono at open-resource.org
Thu May 3 10:47:31 CEST 2018 

Ahoy all,

I'm struggling a little to set wireguard as a fallback link
in conjunction with two MPLS links. In my tests BIRD would
not route traffic through wg0 when I took the other two
interfaces down. The setup is rather simple, two DCs, each
side has a gw running BIRD.

---- Config DC1 ----

router id 192.168.184.1;

### Kernel 
#####################################################################

protocol kernel {
   scan time 15;       # Scan kernel routing table every 15 seconds
   export all;         # Default is export none
}

### Device Monitor 
#############################################################

protocol device {
   scan time 10;       # Scan interfaces every 10 seconds
}

### OSPF 
#######################################################################

protocol ospf MyOSPF {
   tick 2;
   ecmp yes;
   rfc1583compat yes;

   area 0.0.0.0 {

     # Advertise DC1 prod net
     stubnet 192.168.184.0/24;

     # MPLS1 interface
     interface "macsec.2335" {
       cost 5;
       ecmp weight 1;
       bfd yes;
       authentication cryptographic;
       password "testtesttest" {
         id 1;
         algorithm hmac sha256;
       };
     };

     # MPLS2 interface
     interface "macsec.2334" {
       cost 5;
       ecmp weight 1;
       bfd yes;
       authentication cryptographic;
       password "testtesttest" {
         id 2;
         algorithm hmac sha256;
       };
     };

     # WireGuard Fallback
     interface "wg0" {
       cost 10;
       bfd yes;
       type pointopoint;
       authentication cryptographic;
       password "testtesttest" {
         id 3;
         algorithm hmac sha256;
       };
     };

   };
};

### BFD 
########################################################################

protocol bfd PCrewBFD {

   # BFD on DTAG interface
   interface "macsec.2335" {
     min rx interval 20 ms;
     min tx interval 50 ms;
     idle tx interval 300 ms;
   };

   # BFD on Console-Networks interface
   interface "macsec.2334" {
     min rx interval 20 ms;
     min tx interval 50 ms;
     idle tx interval 300 ms;
   };

   # BFD on WireGuard interface
   interface "wg0" {
     min rx interval 200 ms;
     min tx interval 500 ms;
     idle tx interval 3000 ms;
   };


   # WTF is multihop??
   multihop {
     interval 200 ms;
     multiplier 10;
   };

};


---- Config DC2 ----


router id 192.168.148.1;

### Kernel 
#####################################################################

protocol kernel {
   scan time 15;       # Scan kernel routing table every 20 seconds
   export all;         # Default is export none
}

### Device Monitor 
#############################################################

protocol device {
   scan time 10;       # Scan interfaces every 10 seconds
}

### OSPF 
#######################################################################

protocol ospf MyOSPF {
   tick 2;
   ecmp yes;
   rfc1583compat yes;

   area 0.0.0.0 {

     # Advertise MUC prod net
     stubnet 192.168.148.0/24;

     # MPLS1 interface
     interface "macsec.2335" {
       cost 5;
       ecmp weight 1;
       bfd yes;
       authentication cryptographic;
       password "testtesttest" {
         id 1;
         algorithm hmac sha256;
       };
     };

     # MPLS2 interface
     interface "macsec.2334" {
       cost 5;
       ecmp weight 1;
       bfd yes;
       authentication cryptographic;
       password "testtesttest" {
         id 2;
         algorithm hmac sha256;
       };
     };

     # WireGuard Fallback
     interface "wg0" {
       cost 10;
       bfd yes;
       type pointopoint;
       authentication cryptographic;
       password "testtesttest" {
         id 3;
         algorithm hmac sha256;
       };
     };

   };
};


---- BIRD states ----

bird> show route

172.23.1.0/29      dev macsec.2335 [MyOSPF 09:26:22] * I (150/5) 
[192.168.184.1]
172.23.2.0/29      dev macsec.2334 [MyOSPF 09:26:22] * I (150/5) 
[192.168.184.1]
192.168.148.0/24   multipath [MyOSPF 09:27:26] * I (150/15) 
[192.168.148.1]
         via 172.23.1.2 on macsec.2335 weight 1
         via 172.23.2.2 on macsec.2334 weight 1
172.23.3.0/29      dev wg0 [MyOSPF 09:26:22] * I (150/10) 
[192.168.184.1]

bird> show ospf state all

area 0.0.0.0

         router 192.168.148.1
                 distance 5
                 network 172.23.2.0/29 metric 5
                 network 172.23.1.0/29 metric 5
                 stubnet 172.23.3.0/29 metric 10
                 stubnet 192.168.148.0/24 metric 10

         router 192.168.164.1
                 distance 0
                 network 172.23.2.0/29 metric 5
                 network 172.23.1.0/29 metric 5
                 stubnet 172.23.3.0/29 metric 10
                 stubnet 192.168.184.0/24 metric 10

         network 172.23.1.0/29
                 dr 192.168.164.1
                 distance 5
                 router 192.168.184.1
                 router 192.168.148.1

         network 172.23.2.0/29
                 dr 192.168.164.1
                 distance 5
                 router 192.168.184.1
                 router 192.168.148.1


What makes me wonder is why wg0 is coming up as stubnet here,
while the MPLS links come up as network (stubnet 172.23.3.0/29 metric 
10)
and 172.23.3.0/29 (wg0 net) not being listed.

Any hints or corrections of my config to get this to work
with wireguard would be very much appreciated.

More information about the Bird-users mailing list