OSFP in vti in helium

system · October 14, 2014, 1:24pm

Sorry for bad English, first.

In Helium release doesnt work OSPF on VTI interfaces.
IpSec Tunnels go up, and packets from OSPF go throught tunnels, but nothing work. No errors in log.
Monitor of VTI interface show that packet from other router come, but monitor of OSFP doesnt show HELLO packet.
On eth interfaces all works fine.
Config migrated from 1.0.5 - all works.

And second: In last vyatta-config update from comunity repositiry is some error: after update i recieve error about EC2 key. Config file doesnt load nothing else firewall. Interfaces come with state A\D.
And after “load” command i recieve error “get_parsed_tmpl: failed to parse tmpl”.

system · October 28, 2014, 7:29am

We are aware of the VTI problem and we are working on it.

As of the second part, I assume by “update from comunity repositiry” you mean “apt-get dist-upgrade”? Congrats, you have to redeploy your instance now, or add a new image.
Never, never do apt-get upgrade. Never. “add system image” is the only supported upgrade method, the rest may have unpredictable consequences.

The problem is common enough to justify writing migration scripts that replace the distribution name with the current branch so people at least don’t break their machines beyond any repair by making this mistake though.

ghost · March 9, 2015, 6:31pm

hello
Is this issue resolved?

JFL · March 10, 2015, 1:55pm

Yes, I use OSPF over VTI tunnel in production, with VyOS 1.1.3

However note that I’ m investigation a strange bug in this configuration :

when connected (in SSH) to a VyOs I reach trough a VTI tunnel I have sometimes the interface that freeze (display a few lines as result of a command and freeze)

I do not encounter this issue when connecting from a machine that doesn’t have to pass trough the tunnel.

ghost · March 10, 2015, 5:49pm

I tested 1.1.3 but not running.

vpn ipsec sa
Peer ID / IP Local ID / IP

10.0.1.3 10.0.1.2

Tunnel  State  Bytes Out/In   Encrypt  Hash    NAT-T  A-Time  L-Time  Proto
------  -----  -------------  -------  ----    -----  ------  ------  -----
vti     up     0.0/0.0        aes256   sha1    no     1308    1800    all

VTI and OSPF Configuration
set interfaces vti vti0 address ‘1.1.1.1/30’
set interfaces vti vti0 ip ospf network point-to-point
set interfaces vti vti0 ip ospf cost ‘10’
set interfaces vti vti0 ip ospf dead-interval ‘40’
set interfaces vti vti0 ip ospf hello-interval ‘10’
set interfaces vti vti0 ip ospf priority ‘1’
set interfaces vti vti0 ip ospf retransmit-interval ‘5’
set interfaces vti vti0 ip ospf transmit-delay ‘1’

set protocols ospf area 0.0.0.0 area-type ‘normal’
set protocols ospf area 0.0.0.0 network ‘192.168.10.0/24’
set protocols ospf area 0.0.0.0 network ‘1.1.1.1/32’
set protocols ospf neighbor 1.1.1.2 poll-interval ‘60’
set protocols ospf neighbor 1.1.1.2 priority ‘0’
set protocols ospf parameters abr-type ‘cisco’
set protocols ospf parameters router-id ‘1.1.1.1’

VTI interface not enabled ospf

sh ip ospf interface vti0
vti0 is up
ifindex 7, MTU 1500 bytes, BW 0 Kbit <UP,POINTOPOINT,RUNNING,NOARP>
OSPF not enabled on this interface

JFL · March 10, 2015, 6:04pm

try :

set protocols ospf area 0.0.0.0 network 10.1.1.0/30

(on both routers)

for OSPF to enable an interfaces there must be a network statement that contain at least an IP of this interface.

ghost · March 10, 2015, 6:32pm

How do I make such a bug.
Running.
Thanks JFL.