In this post I’m going to turn a normal Ubuntu server install into an OSPF router. In this example we’re going to be using a Ubuntu install with 2 ethernet interfaces, we’ve already setup pfSense on the uplink interface with Free Range Routing (FRR) and its areas and we are only going to focus on ipv4 at this time.
In this example we are going to use 10.0.50.0/28 as our transit network (or uplink for this router), our gateway’s (pfSense box) address is 10.0.50.1 and we are going to announce 10.200.1.0/30 for our vlan.
Configure Prereqs
Enable IP Forwarding
sudo sysctl -w net.ipv4.ip_forward=1
Make it Persist
You’ll want to edit this file /etc/sysctl.conf with your favorite editor, if you don’t the change will revert back to off at the next reboot.
(I generally use vi on CentOS or nano on Debian based distros)
...
net.ipv4.ip_forward = 1
...
Install FRR
Add the keys
curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -
Add the FRR apt Source List
echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable | sudo tee -a /etc/apt/sources.list.d/frr.list
Update & Install FRR
sudo apt update && sudo apt install frr frr-pythontools
Enable OSPF
Enable the Daemon
I usually manually edit the file at /etc/frr/daemons but you can also use the following command to edit it without going into the file
sudo sed -i s/ospfd=no/ospfd=yes/g /etc/frr/daemons
Stop and restart required services
systemctl stop firewalld
systemctl restart frr
systemctl enable frr
At this point you are setup and ready to configure OSPF, pretty simple.
Configure OSPF & Announce Routes
Configure our network interfaces
For this example I’m only going to use my uplink interface ens18 and then one of my downlinks ens19.10.
We’re going to start by adding a vlan to our ens19 interface. So lets add our vlan. sudo nano /etc/netplan/00-installer-config.yaml by default 00-installer-config.yaml is the default config straight out of the box with a fresh Ubuntu installation.
We’re going to add the following to the file, the spacing in this file is important.
...
vlans:
vlan.10:
id: 10
link: ens19
addresses: [10.200.1.1/30]
...
So my file now looks like
# This is the network config written by 'subiquity'
network:
ethernets:
ens18:
addresses:
- 10.0.50.2/28
gateway4: 10.0.50.1
nameservers:
addresses:
- 208.67.222.222
- 208.67.220.220
search: []
ens19:
dhcp4: true
vlans:
vlan.10:
id: 10
link: ens19
addresses: [10.200.1.1/30]
version: 2
and now lets apply the change
sudo netplan apply
Set basic router configuration
Now we need to enter vtysh so type the command sudo vtysh. It should open a vtysh session to allow you to configure
config t # enter a configuration session
hostname vm-rtr # set the hostname of this router
ipv4 forwarding # ensure IPv4 forwarding is enabled
service integrated-vtysh-config # make it an integrated session
Set interface configuration
ens18 is our uplink and is set as the same IP as the physical interface from netplan. ens19.10 is our downlink and is also set to the same IP as with netplan.
interface ens18 # this is our uplink
ip address 10.0.50.2/28
exit
interface ens19.10 # this is our downlink
ip address 10.200.1.2/30
exit
Configure the OSPF router
router ospf
ospf router-id 10.0.50.2
redistribute connected
redistribute static
network 10.0.50.0/28 area 0.0.0.0
network 10.200.1.0/30 area 0.0.0.0
exit
Check the running config
If you run the command show running-config from vtysh you should now get an output similar to below.
Building configuration...
Current configuration:
!
frr version 8.5
frr defaults traditional
hostname vm-rtr
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
interface ens18
ip address 10.0.50.2/28
exit
!
interface ens19.10
ip address 10.200.1.1/30
exit
!
router ospf
ospf router-id 10.0.50.2
redistribute connected
redistribute static
network 10.0.50.0/28 area 0.0.0.0
network 10.200.1.0/30 area 0.0.0.0
exit
!
end
If you want this change to persist you need to run write file from the vtysh session
Check that your neighbors are up
Run show ip ospf neighbor to check that you can see you uplink router (in this case its my pfsense box).
Neighbor ID Pri State Up Time Dead Time Address Interface RXmtL RqstL DBsmL
10.0.50.1 1 Full/DR 10m51s 30.165s 10.0.50.1 ens18:10.0.50.2 0 0 0
Check your routes
If you run show ip route from the vtysh session you should get a similar output below.
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
f - OpenFabric,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/0] via 10.0.50.1, ens18, 00:12:04
O 10.0.50.0/28 [110/1] is directly connected, ens18, weight 1, 00:12:04
C>* 10.0.50.0/28 is directly connected, ens18, 00:12:04
O 10.200.1.0/30 [110/1] is directly connected, vlan.10, weight 1, 00:12:04
C>* 10.200.1.0/30 is directly connected, vlan.10, 00:12:04
Finally lets check on our pfSense box to make sure it also sees the neighbor and routes
Neighbors
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
10.0.50.2 1 Full/Backup 39.278s 10.0.50.2 vtnet1.50:10.0.50.1 0 0 0
Routes
============ OSPF network routing table ============
N 10.0.50.0/28 [10] area: 0.0.0.0
directly attached to vtnet1.50
N 10.200.1.0/30 [11] area: 0.0.0.0
via 10.0.50.2, vtnet1.50
============ OSPF router routing table =============
R 10.0.50.2 [10] area: 0.0.0.0, ASBR
via 10.0.50.2, vtnet1.50
============ OSPF external routing table ===========
Verify with VM
So I joined a VM to vlan 50 of the OSPF routers switch and assigned the VM the IP of 10.200.1.2. If I run a traceroute from there you can see the hops between the routers.
Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.200.1.1 # this is our ubuntu ospf router
2 <1 ms <1 ms <1 ms 10.0.50.1 # this is the pfSense box
3 <1 ms <1 ms <1 ms 192.168.1.1 # this is my edge router (for now)
4 2 ms 1 ms 1 ms 10.26.1.67 # this is out on the google fiber network
5 * * * Request timed out.
6 * * * Request timed out.
7 13 ms 13 ms 12 ms 23-255-224-120.mci.googlefiber.net [23.255.224.120]
8 15 ms 18 ms 15 ms 23-255-224-107.mci.googlefiber.net [23.255.224.107]
9 13 ms 13 ms 13 ms 142.251.64.199
10 13 ms 13 ms 13 ms 142.251.60.7
11 13 ms 13 ms 13 ms dns.google [8.8.8.8]
Trace complete.