OSPFv3 route redistribution

General questions
, ,
11

Here is a description of the final solution that we tested and implemented and it works for bot protocols OSPF and OSPFv3:

Environment

  • We have network with two entry points at different locations and from different providers.
  • We operate out own ASN and use BGP to advertise our address ranges.
  • We only receive default routes from our providers at each location.
  • We use active/backup setup for our uplinks with all traffic routed via primary PoP and we only switch to secondary if primary BGP session goes down.
  • We use OSPF and OSPFv3 as IGPs and we want to inject default route from each location if BGP default route is present and assign route metrics to prioritize the primary PoP.
  • Vyos is used for BGP/OSPF/OSPFv3 in each PoP.
  • Vyos instances configured with multiple default routes from different protocols:
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

B>* xxx.xxx.0.0/0 [20/0] via xxx.xxx.216.113, br0, weight 1, 12:23:15
O   xxx.xxx.0.0/0 [110/150] via xxx.xxx.128.174, tun524, weight 1, 12:39:21
S   xxx.xxx.0.0/0 [250/0] via xxx.xxx.216.113, br0, weight 1, 16:19:17
...
  • OSPF/OSPFv3 implementations in FRR provide default-information originate option similar to one provided by Cisco.
  • The default-information originate statement will create default route in OSPF/OSPFv3 if ANY default route is present in the system.
  • In order to provide additional flexibility the default-information originate will also take a route-map as an option.

Problem

  • It appears that specifying protocol bgp in route-map has no effect and this statement cannot be used for route detection.
  • Vyos/FRR also provide redistribute option that may seem as alternative solution, however this option cannot redistribute the default route and this is by design.

Solution

After some experimentation and invaluable help from Vyos community we develop a working solution that satisfies all the requirements.
The general idea to use tags for labeling routes received from BGP and the detect route presence by checking for specific tags in the default-information originate route-map and here are step-by-step instructions:

  • Use an import route-map in BGP to label all received routes with a specific tag:
r5# show policy route-map BGP-IPv4-IMPORT
 rule 10 {
     action permit
     match {
         ip {
             address {
                 prefix-list DEFAULT-ROUTE-IPV4
             }
         }
     }
     set {
         tag 100
     }
 }

and

r5# show protocols bgp | strip-private 
 address-family {
     ipv4-unicast {
         network xxx.xxx.128.0/24 {
         }
     }
 }
 neighbor xxx.xxx.216.113 {
     address-family {
         ipv4-unicast {
             route-map {
                 import BGP-IPv4-IMPORT
             }
             soft-reconfiguration {
                 inbound
             }
         }
     }
     remote-as XXXXXX
     update-source xxx.xxx.216.114
 }
 ...

validation:

r5# run show ip route tag 100
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

B>* 0.0.0.0/0 [20/0] via 104.167.216.113, br0, weight 1, 12:57:15
  • Create another route-map and use it with OSPFs default-information originate to detect presence of BGP default route:
r5# show policy route-map OSPF-ORIGINATE 
 rule 10 {
     action permit
     match {
         tag 100
     }
 }

and finally:

r5# show protocols ospf | strip-private 
 ...
 default-information {
     originate {
         metric 10
         metric-type 1
         route-map OSPF-ORIGINATE
     }
 }
 ...

Validation (from a different node running Juniper SRX):

r7> show route protocol ospf          

inet.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 11:56:36, metric 30, tag 100
                    >  to xxx.xxx.128.183 via irb.100
...

(also note that tag 100 has been propagated to OSPF route from BGP)

Testing

The testing methodology would be as follows

  • shutdown BGP session and make sure that BGP route is gone
r5# set protocols bgp neighbor xxx.xxx.216.113 shutdown
r5# commit

make sure BGP route is gone:

5# run show ip route | strip-private 
Codes: K - kernel route, C - connected, L - local, S - static,
       R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric, t - Table-Direct,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure

O>* 0.0.0.0/0 [110/150] via xxx.xxx.128.174, tun524, weight 1, 13:25:48
S   0.0.0.0/0 [250/0] via xxx.xxx.216.113, br0, weight 1, 17:05:44
...

now check OSPF routes from a different node:

r7> show route protocol ospf    

inet.0: 24 destinations, 24 routes (24 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[OSPF/150] 00:02:56, metric 110, tag 200
                    >  to xxx.xxx.128.184 via irb.100

…and observe that the default route has been replaced with a new one from the backup router with different weight and tag.