alien OSPF route

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

alien OSPF route

Marko Cupać
Hi,

I saw this in my log for the first time, after adding 'no redistribute
default':

ospfd[10921]: alien OSPF route 10.30.1.47/32

My ospfd.conf is quite minimal:

router-priority 0
router-id IP.ADD.RE.SS
no redistribute default
area 0.0.0.0 {
        interface bnx0   { metric 100 }
}

How to further investigate this? I see this on OpenBSD firewall which
connects to Cisco router. The address appears to be smartphone on one
of remote networks.

Thank you in advance,
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: alien OSPF route

Remi Locherer
On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote:

> Hi,
>
> I saw this in my log for the first time, after adding 'no redistribute
> default':
>
> ospfd[10921]: alien OSPF route 10.30.1.47/32
>
> My ospfd.conf is quite minimal:
>
> router-priority 0
> router-id IP.ADD.RE.SS
> no redistribute default
> area 0.0.0.0 {
>         interface bnx0   { metric 100 }
> }
>
> How to further investigate this? I see this on OpenBSD firewall which
> connects to Cisco router. The address appears to be smartphone on one
> of remote networks.

ospfd logs this message  when it sees a routing entry with priority 32
which it did not originate.

When you see this during the start of ospfd it could be from another ospfd
running in the same rdomain. I had this when I wanted to do a config check
but missed to option "-n" and started a second instance. There is now
a check for this in the startup of ospfd in -current.

You will also see this message when you add a static route with the
"-priority 32". ospfd removes such routes after logging it.

What did you do after adding "no redistribute default" to the config file?
Restart with rcctl, reload with ospfctl?

And why did you add "no redistribute default"? By default your default
route is not redistributed.

Remi

Reply | Threaded
Open this post in threaded view
|

Re: alien OSPF route

Marko Cupać
On Thu, 13 Sep 2018 21:13:11 +0200
Remi Locherer <[hidden email]> wrote:

> On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote:
> > Hi,
> >
> > I saw this in my log for the first time, after adding 'no
> > redistribute default':
> >
> > ospfd[10921]: alien OSPF route 10.30.1.47/32
>
>
> ospfd logs this message  when it sees a routing entry with priority 32
> which it did not originate.

Thank you for clarification, Remi. Indeed, this firewall gets
default route with priority of 32 from downstream cisco router, which
is visible in routing table:

Internet:
Destination   Gateway          Flags   Refs      Use   Mtu  Prio Iface
default       193.53.106.254   UGS     1187 10456064776     -     8 bnx1
default       192.168.225.6    UG         0        0     -    32 carp1


> When you see this during the start of ospfd it could be from another
> ospfd running in the same rdomain. I had this when I wanted to do a
> config check but missed to option "-n" and started a second instance.
> There is now a check for this in the startup of ospfd in -current.

Those addresses reported as alien routes are on subnet which is
connected to another openbsd box, something like this:

openbsd---cisco---openbsd

All those three boxes talk OSPF. But on remote openbsd box which
probably reports those routes, vlan interfaces for these subnets are
set as passive, so they shouldn't get any updates even if someone ran
OSPF on their phone.

> You will also see this message when you add a static route with the
> "-priority 32". ospfd removes such routes after logging it.
>
> What did you do after adding "no redistribute default" to the config
> file? Restart with rcctl, reload with ospfctl?

Restart with rcctl.

> And why did you add "no redistribute default"? By default your default
> route is not redistributed.

I thought this firewall's carp partner to-be was getting default route
from it, but it doesn't - it gets it from downstream cisco router.

I don't see any negative effects on my network, just curious if I
should be worried :)

Regards,
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: alien OSPF route

Remi Locherer
On Fri, Sep 14, 2018 at 10:07:35AM +0200, Marko Cupać wrote:

> On Thu, 13 Sep 2018 21:13:11 +0200
> Remi Locherer <[hidden email]> wrote:
>
> > On Thu, Sep 13, 2018 at 05:21:37PM +0200, Marko Cupać wrote:
> > > Hi,
> > >
> > > I saw this in my log for the first time, after adding 'no
> > > redistribute default':
> > >
> > > ospfd[10921]: alien OSPF route 10.30.1.47/32
> >
> >
> > ospfd logs this message  when it sees a routing entry with priority 32
> > which it did not originate.
>
> Thank you for clarification, Remi. Indeed, this firewall gets
> default route with priority of 32 from downstream cisco router, which
> is visible in routing table:

This is a different thing! ospfd learns the default route from another
router and installs it into the routing table with prio 32. Prio 32 is
the prio of OSPF in OpenBSD.

> Internet:
> Destination   Gateway          Flags   Refs      Use   Mtu  Prio Iface
> default       193.53.106.254   UGS     1187 10456064776     -     8 bnx1
> default       192.168.225.6    UG         0        0     -    32 carp1

The route learned via ospf is not used in this case since you have a
static default route.

> > When you see this during the start of ospfd it could be from another
> > ospfd running in the same rdomain. I had this when I wanted to do a
> > config check but missed to option "-n" and started a second instance.
> > There is now a check for this in the startup of ospfd in -current.
>
> Those addresses reported as alien routes are on subnet which is
> connected to another openbsd box, something like this:
>
> openbsd---cisco---openbsd
>
> All those three boxes talk OSPF. But on remote openbsd box which
> probably reports those routes, vlan interfaces for these subnets are
> set as passive, so they shouldn't get any updates even if someone ran
> OSPF on their phone.
>
> > You will also see this message when you add a static route with the
> > "-priority 32". ospfd removes such routes after logging it.
> >
> > What did you do after adding "no redistribute default" to the config
> > file? Restart with rcctl, reload with ospfctl?
>
> Restart with rcctl.

Did you save the console output and daemon log from the restart?
Can you share it?

It could mean that the "old" ospfd did not properly clean up it's routes
and the "new" ospfd removed the routes from the "old" one.

>
> > And why did you add "no redistribute default"? By default your default
> > route is not redistributed.
>
> I thought this firewall's carp partner to-be was getting default route
> from it, but it doesn't - it gets it from downstream cisco router.
>
> I don't see any negative effects on my network, just curious if I
> should be worried :)

Would I be in charge of running this network I would want to know where
these alien routes come from. But I think it did not affect your network
badly since you did not mention an outage. ;-)

>
> Regards,
> --
> Before enlightenment - chop wood, draw water.
> After  enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: alien OSPF route

Marko Cupać
On Fri, 14 Sep 2018 15:27:30 +0200
Remi Locherer <[hidden email]> wrote:

> Did you save the console output and daemon log from the restart?
> Can you share it?

I restarted ospfd again with rcctl, console output gives just usual:

ospfd(ok)
ospfd(ok)

The second one waiting a bit more than I remember it used to.

Here's ospfd-related stuff from daemon log:

Sep 14 15:40:58 nat1 ospfd[34802]: route decision engine exiting
Sep 14 15:40:58 nat1 ospfd[73845]: ospf engine exiting
Sep 14 15:40:58 nat1 ospfd[2242]: kernel routing table decoupled
Sep 14 15:40:58 nat1 ospfd[2242]: terminating
Sep 14 15:40:58 nat1 ospfd[55815]: startup
Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.45/32
Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.56/32
Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.6.81/32
Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.19.42/32

First three alien routes are on openbsd router two hops away, the last
one is my laptop which is one hop away.

Could it be these are routes installed when someone connects through
ssh? I am connected through ssh, and it is possible that my colleague
also connected through ssh from 10.30.1.X and 10.30.6.X addresses.

> Would I be in charge of running this network I would want to know
> where these alien routes come from. But I think it did not affect
> your network badly since you did not mention an outage. ;-)

My point exactly :) If you have any idea where to start looking I'd be
grateful for any tips.

Thank you for helping me with this.
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: alien OSPF route

Remi Locherer
On Fri, Sep 14, 2018 at 03:48:36PM +0200, Marko Cupać wrote:

> On Fri, 14 Sep 2018 15:27:30 +0200
> Remi Locherer <[hidden email]> wrote:
>
> > Did you save the console output and daemon log from the restart?
> > Can you share it?
>
> I restarted ospfd again with rcctl, console output gives just usual:
>
> ospfd(ok)
> ospfd(ok)
>
> The second one waiting a bit more than I remember it used to.
>
> Here's ospfd-related stuff from daemon log:
>
> Sep 14 15:40:58 nat1 ospfd[34802]: route decision engine exiting
> Sep 14 15:40:58 nat1 ospfd[73845]: ospf engine exiting
> Sep 14 15:40:58 nat1 ospfd[2242]: kernel routing table decoupled
> Sep 14 15:40:58 nat1 ospfd[2242]: terminating

At this point no IPv4 routes with priority 32 should exists on host nat1.
You can check this with "route -n show -priority 32". But according to the
following log entries there still where some.

How many OSPF routes do you have on host nat1? Which OpenBSD version?
If I find the time I'll try to reproduce this.

> Sep 14 15:40:58 nat1 ospfd[55815]: startup
> Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.45/32
> Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.1.56/32
> Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.6.81/32
> Sep 14 15:40:58 nat1 ospfd[55815]: alien OSPF route 10.30.19.42/32
>
> First three alien routes are on openbsd router two hops away, the last
> one is my laptop which is one hop away.
>
> Could it be these are routes installed when someone connects through
> ssh? I am connected through ssh, and it is possible that my colleague
> also connected through ssh from 10.30.1.X and 10.30.6.X addresses.
>
> > Would I be in charge of running this network I would want to know
> > where these alien routes come from. But I think it did not affect
> > your network badly since you did not mention an outage. ;-)
>
> My point exactly :) If you have any idea where to start looking I'd be
> grateful for any tips.
>
> Thank you for helping me with this.
> --
> Before enlightenment - chop wood, draw water.
> After  enlightenment - chop wood, draw water.
>
> Marko Cupać
> https://www.mimar.rs/