I’m trying to setup Anycast IP with vyatta and I have few questions. First, let me explain my current:
I have one router (router1) on remote location A, (WAN eth0 , LAN eth1 <192.168.2.1/24>), and my second router (router2), is in a different geographic location (location B), it has WAN eth0 and LAN eth1 <10.0.0.0/8>.
Both routers are connected to one another via GRE tunnel, and I’m using OSPF to advertise the routes. Now here’s what I’m trying to do:
I would like to setup anycast IP with vyatta, i.e. server1 behind router1 would use IP 192.168.2.50 and server2 behind router2 would also use IP 192.168.2.50. And then when a client tries to access IP 192.168.2.50, the client would be routed to the nearest server, and if one those servers failed, the client would simply be re-routed to the next working server with IP 192.168.2.50.
I was wondering if such configuration would be possible, and if so, how? I was thinking of something along the lines of announcing 192.168.2.0/24 with iBGP between router1 and router2 (connected via GRE tunnel), and then see if I could assign IPs from that same 192.168.2.0/24 subnet to servers on both locations that use the vyatta routers as gateways.
I know this seems confusing and I may even be going on a completely wrong direction here(not too much experience with networking in general), but maybe someone could point me out in the right direction.
Well, If you can manage referenced servers, you can do this:
Setup OSPF on your routers
Install OSPF od your server → announce your /32 IP from both servers/location
→ Done
If one server goes down, OSPF will choose route to other destination… You can even setup healthcheck or something else on that servers which would shutdown ospfd in failure state.
Packets going through these routers will always end up on “closest” server.
So, I’ve made some progress on this, but still trying to workout some stuff.
I have a server behind router1, which I’ve gone ahead and installed quagga on it. After that, I configured that server so that it uses ospf to advertise the anycast IP I configured on the loopback interface (192.168.51.20).
Progress:
router1 can now see 192.168.51.20 (anycast IP) being advertised:
@router1:~$ show ip route | grep 192.168.51.20
O>* 192.168.51.20/32 [110/30] via 192.168.2.29, eth1, 00:16:53
What I’m still trying to figure out, is how router2 (connected via GRE tunnel to router1), can see that 192.168.51.20/32 OSPF route shown on router1.
On router1, I’ve already added ‘192.168.51.20/32’ (also tried with .0/24) network to my OSPF area, but still no luck. If anyone had has ideas on how I can get the 192.168.51.20/32 OSPF route to be shown on router2, that would be very much appreciated.
I bet you don’t have your GRE Subnet in OSPF Network configuration…
Are both R1 and R2 in same ospf area? Can you possibly post ospf configuration on both R1 and R2?
By the way - If you have time to try something new - instead of Quagga on your server try - http://bird.network.cz it should have smaller HW requirements.
I thought I had forgotten to add my GRE tunnel subnet to the ospf network in router2, but it’s there. Both R1 and R2 have the GRE subnet in the OSPF network. Here’s my OSPF configuration:
R1 (192.168.51.0 is currently set as /24, but initially I had it set to 192.168.51.20/32):
For the config, R1 has GRE tunnel address 192.168.200.2/30 and R2 as tunnel address 192.168.200.1/30. Do you see anything that may need to be changed?
With that said, once I get this working with quagga, I can defintely give BIRD a try.
Welp, nevermind. I finally figured out the problem.
The problem was with my quagga ospf configuration on server1. I had set the following parameter in my ospfd.conf file “redistribute connected metric-type 1”, but it looks like I had to also specify my networks in the ospf area, including the loopback address 192.168.51.20. My server1 ospfd.conf file, now looks similar to this:
router ospf
network 192.168.2.0/24 area 0
network 172.16.1.0/24 area 0
network 192.168.200.0/30 area 0
network 192.168.51.20/32 area 0
redistribute connected metric-type 1
distribute-list ANYCAST out connected
After that, I restarted zebra and ospfd, and now 192.168.51.20/32 is also advertised on router2 through the GRE tunnel:
vyos@router2:~$ show ip route | grep 192.168.51.20
O>* 192.168.51.20/32 [110/30] via 192.168.200.2, tun1, 00:06:06
Now my last step on this will be for me to setup a server behind router2 with that same anycast IP (192.168.51.20/32) configured. And after that I’ll be able to test out how everything is working.
Once again, thank for the help on this. I’ll post further results once I have server behind router2 configured.
I’ve finally finished configuring the Anycast IP (192.168.51.20/32). The only problem I’m facing now, is that when I try to connect to the anycast IP, it appears that one moment I’m redirected to the server behind R1 and soon after it changes to R2. See ping below:
$ ping 192.168.51.20
PING 192.168.51.20 (192.168.51.20) 56(84) bytes of data.
64 bytes from 192.168.51.20: icmp_req=1 ttl=64 time=0.466 ms
64 bytes from 192.168.51.20: icmp_req=2 ttl=64 time=0.418 ms
64 bytes from 192.168.51.20: icmp_req=3 ttl=64 time=0.412 ms
64 bytes from 192.168.51.20: icmp_req=4 ttl=64 time=0.595 ms
64 bytes from 192.168.51.20: icmp_req=5 ttl=64 time=0.569 ms
64 bytes from 192.168.51.20: icmp_req=6 ttl=64 time=0.395 ms
64 bytes from 192.168.51.20: icmp_req=7 ttl=64 time=0.378 ms
64 bytes from 192.168.51.20: icmp_req=8 ttl=63 time=39.6 ms
64 bytes from 192.168.51.20: icmp_req=9 ttl=63 time=39.7 ms
64 bytes from 192.168.51.20: icmp_req=10 ttl=63 time=39.6 ms
64 bytes from 192.168.51.20: icmp_req=11 ttl=63 time=39.7 ms
64 bytes from 192.168.51.20: icmp_req=12 ttl=63 time=39.5 ms
64 bytes from 192.168.51.20: icmp_req=13 ttl=63 time=39.6 ms
64 bytes from 192.168.51.20: icmp_req=14 ttl=63 time=39.4 ms
64 bytes from 192.168.51.20: icmp_req=15 ttl=64 time=0.394 ms
64 bytes from 192.168.51.20: icmp_req=16 ttl=64 time=0.405 ms
64 bytes from 192.168.51.20: icmp_req=17 ttl=64 time=0.400 ms
^C
That ping is done from R2. From the above you can see that when the latency is <40 ms, traffic is going to server behind that router (R2). Now, when the latency increases to over 300 ms, that’s when traffic is going through the GRE tunnel, to server behind R1. When I run ‘show ip route’ in the routers, I also see that the OSPF route 192.168.51.20/31 is getting constantly changed. One minute, it’s routed to the server behind that router, while the next, it’s routing through the GRE tunnel to the remote router.
I’m unsure why it’s behaving that way. Being that I’m using OSPF, my understanding is that servers closer to or near router1, will always be directed to 192.168.51.20 that’s behind that router, and for clients closer to R2, they would be routed to 192.168.51.20 behind R2.
Any thoughts as to why the OSPF route is changing about every 5 seconds?
Hi it seems to me, like ospf is load-balancing traffic, can you post show ip route ospf from both routers? You should setup metrics etc… so that on R1 Server1 is “best-path” and on R2 Server2 is “best-path”.
I was finally able figure out the issue. The problem was my quagga ospf configuration in the servers itself. I was using the same ‘router-id’ parameter for both of them and that was causing conflicts. I modified the router-id so that they were unique. After that, ospf routes stayed consistent. With that said, they’re still some settings I need to play around with like the metrics you mentioned, but at this time, everything appears good. I’ll be performing some more tests later on.
