Alt0S04
commented
6 months ago Hello, has anyone found something to help me unlock or identified a potential error in my configuration? I've been searching for a while now and haven't found anything.
Open Alt0S04 opened 7 months ago
Alt0S04
commented
6 months ago Hello, has anyone found something to help me unlock or identified a potential error in my configuration? I've been searching for a while now and haven't found anything.
masonreimert17
commented
5 months ago I do not believe this would work because of the limitations around /32 masks on Linux GRE tunnel interfaces that use NHRP. In the OSPF hello the FRR boxes will send /32 masks for the link and the Cisco will send /24. They will drop the hellos because of this. You cannot modify the tunnel interface on the FRR boxes because it will cause NHRP not to trigger, similarly you cannot make the IOS tunnel interface a /32 because it requires resolvable destinations to be within the mask of the tunnel interface. You would need to use FRR as the hub as well if you wanted this to work I believe. I looked into the FRR code and it ignores the mask on P2P and P2MP interfaces when it deserializes the OSPF packet, but I am assuming IOS does not do this and that is causing this issue. Could be wrong.
I also want to stress how bad of an idea it is to run OSPF over DMVPN. The sane answer to this is to use BGP, or if you require a more dynamic nature, EIGRP.
Alt0S04
commented
5 months ago I continued testing on my end, and I finally managed to get OSPF working in the DMVPN with a Cisco HUB and an FRR Spoke. My problem was resolved when adjusting the OSPF hello generation interval on the Cisco side (set to 10 seconds, default is 40 seconds). I set it to 10 seconds to match the default interval of FRR, which is also 10 seconds. I also specify that I advertised my OSPF networks using the "network" command so that I wouldn't need to specify a static neighbor and could instead utilize dynamic network discovery. Additionally, don't forget the command "nhrp multicast-nflog-group 2" in vtysh with the following iptables rules:
iptables -A OUTPUT -d 224.0.0.0/24 -o "Interface_Tunnel" -j NFLOG --nflog-group 2
iptables -A OUTPUT -d 224.0.0.0/24 -o "Interface_Tunnel" -j DROPI'll provide you with the configuration of my FRR Spoke, which can of course be duplicated on other Spokes if you need more. You'll also find the configuration of the HUB and glimpses of the OSPF tables.
FRR Spoke Configuration :
frr version 8.4.4
frr defaults traditional
hostname Debian12
log syslog informational
no ipv6 forwarding
nhrp multicast-nflog-group 2
service integrated-vtysh-config
!
interface enp0s3
ip address 192.168.0.2/24
exit
!
interface enp0s8
ip address 172.16.2.254/24
exit
!
interface tunnel1
ip address 10.0.0.2/32
ip nhrp map 10.0.0.1 192.168.0.1
ip nhrp map multicast 192.168.0.1
ip nhrp network-id 1
ip nhrp nhs dynamic nbma 192.168.0.1
ip nhrp registration no-unique
ip ospf network point-to-point dmvpn
exit
!
router ospf
ospf router-id 10.0.0.2
network 10.0.0.0/24 area 0
network 172.16.2.0/24 area 0
exitCisco Hub Configuration :
interface Tunnel1000
ip address 10.0.0.1 255.255.255.0
no ip redirects
ip nhrp map multicast dynamic
ip nhrp network-id 1
ip nhrp registration no-unique
ip nhrp shortcut
ip ospf network point-to-multipoint
ip ospf hello-interval 10
tunnel source FastEthernet0/0
tunnel mode gre multipoint
tunnel key 42
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
duplex half
!
interface FastEthernet1/0
ip address 172.16.1.254 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 10.0.0.1
network 10.0.0.0 0.0.0.255 area 0
network 172.16.1.0 0.0.0.255 area 0OSPF Neighbor Table :
Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
10.0.0.1 1 Full/- 1m33s 27.568s 10.0.0.1 tunnel1:10.0.0.2 0 0 0FRR Route Table :
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
O 10.0.0.1/32 [110/10] via 10.0.0.1, tunnel1 onlink, weight 1, 00:02:06
N>* 10.0.0.1/32 [10/0] is directly connected, tunnel1, weight 1, 00:02:13
O 10.0.0.2/32 [110/10] via 0.0.0.0, tunnel1 onlink, weight 1, 00:02:14
C>* 10.0.0.2/32 is directly connected, tunnel1, 00:02:14
K>* 169.254.0.0/16 [0/1000] is directly connected, enp0s8, 00:02:14
O>* 172.16.1.0/24 [110/11] via 10.0.0.1, tunnel1 onlink, weight 1, 00:02:06
O 172.16.2.0/24 [110/100] is directly connected, enp0s8, weight 1, 00:02:14
C>* 172.16.2.0/24 is directly connected, enp0s8, 00:02:14
C>* 192.168.0.0/24 is directly connected, enp0s3, 00:02:14
Hello, I am encountering an issue while trying to set up OSPF in a DMVPN Phase 1. I am working on GNS3 with a Cisco OS as the Hub and two FRR version 9.2 installed on Debian 12 as the Spokes. Here is an overview of the topology:
My problem arises from OSPF; the hosts in the area cannot identify each other as neighbors (the hello packets circulate on my network, but none reach the destination). Here are my configurations:
HUB:
Spoke 1:
Spoke 2:
My DMVPN links are up and running, but no OSPF neighbors are defined. Here is the DMVPN table of the Hub :
I specify that I have properly set up my tunnel interfaces and activated multicast with iptables on my FRRs as indicated in the documentation. Thank you in advance for your response.