Forum Discussion
OSPF redistribute kernel uses 127.1.1.1 forward address
Hi All,
We are trying to advertise a virtual address into OSPF using the following imish config
router ospf 24
auto-cost reference-bandwidth 40000
bfd all-interfaces
redistribute kernel metric 1000 metric-type 1 tag 155
area 10.2.0.0 authentication message-digest
area 10.2.0.0 nssa
network 0.0.0.0/0 area 10.2.0.0
The problem we are seeing is that area 0.0.0.0 on our core switches are not installing the routes in the RIB even though it shows up in the OSPF database.
switch3 show ip route 10.2.6.20 vrf TEST
IP Route Table for VRF "TEST"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%' in via output denotes VRF
Route not found
The fact that it shows up as external means the type 7 LSA are being translated to type 5 LSAs correctly
switch3 show ip ospf database external 10.2.6.20 vrf TEST
OSPF Router with ID (10.8.1.3) (Process ID TEST VRF TEST)
Type-5 AS External Link States
Link ID ADV Router Age Seq Checksum Tag
10.2.6.20 10.3.1.13 246 0x80000017 0x6f76 155
10.2.6.20 10.3.1.14 1379 0x80000016 0x6b7a 155
10.2.6.20 10.4.1.13 262 0x80000016 0x697c 155
10.2.6.20 10.4.1.14 1696 0x80000015 0x6580 155
However it seems that the forward address used (tmm0) is not reachable and that is why it doesn't show up in the RIB.
switch3 show ip ospf database external 10.2.6.20 detail vrf TEST
OSPF Router with ID (10.8.1.3) (Process ID TEST VRF TEST)
Type-5 AS External Link States
LS age: 317
Options: 0x2 (No TOS-capability, No DC)
LS Type: Type-5 AS-External
Link State ID: 10.2.6.20 (Network address)
Advertising Router: 10.3.1.13
LS Seq Number: 0x80000017
Checksum: 0x6f76
Length: 36
Network Mask: /32
Metric Type: 1 (Same units as link state path)
TOS: 0
Metric: 1000
Forward Address: **127.1.1.1**
External Route Tag: 155
Additionally our spine switches see the F5 continuously advertising 127.1.1.0/24 and determine it to be bogus
2016 Aug 26 21:44:13.034 switch13 %URIB-5-BOGUS_PREFIX: urib [29034] (TEST-base) "ospf-TEST" tried to add 127.1.1.0/24
Is there a way to change this so redistributed kernel routes can have a forward address of a self/floating IP?
Is there some other configuration that I have missed?
Thanks in advance.- Fred_WittenbergHistoric F5 Account
Just out of curiosity have you tried apply a route-map to filter outbound advertisements so that only the intended self/floating IP's are advertised? Not sure where the 127 address is coming from without seeing your entire config but this would be a quick way to prevent it from being advertised.
- Paedrig_69869Nimbostratus
Thanks Fred, some testing has indicated that redistributing kernel routes with a route map that sets the next hop IP does change the behavior of the forward address.
I would imagine that using this in conjunction with a prefix list would allow only the desired addresses to be advertised though we haven't tested to this extent yet.
If there are specific things about our config that you think would be worth verifying please let me know and I'll see if I can post them.
- Fred_WittenbergHistoric F5 Account
Hi Paedrig, correct - you wouldn't necessarily need to set the next-hop however, simply filtering the outbound advertisement should work as intended. You can use both next-hop and the outbound filter in combination for the desired effect. Also, I would suggest as a best practice to filter inbound out the adjacent router, this would prevent any error advertisements in both directions.
Something like this should do the trick:
redistribute kernel route-map virtual-addresses-out
access-list virtual-addresses permit x.x.x.x/xx
route-map virtual-addresses-out permit 10 match ip address virtual-addresses
If you want to upload you config to iHealth and/or open a case I'd be happy to take a look at your config.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com