[Xorp-users] bouncing interface kills OSPF - known behavior?
Pavlin Radoslavov
pavlin@icir.org
Fri, 24 Mar 2006 18:57:27 -0800
> Ok as a workaround what I've done is setup Openvpn to restart XORP when
> the tunnel is restarted. I am running openvpn 2.1 beta 11 which added
> the topology feature, that may be the difference in messages.
>
> The logs and config were from the client side, started with command:
> openvpn --config client.conf
>
> After it's connected and OSPF has established adjacency, I control C
> openvpn and then restart it again.
In our testing we used OpenVPN 2.0.5 with just the minimum setup to
have the tunnel created, and we also used Ctrl-C to restart it:
openvpn --local xxx.xxx.xxx.xxx --remote yyy.yyy.yyy.yyy --ifconfig
10.10.10.1 10.10.10.2 --dev tun0
Though, I don't know whether the different openvpn version and the
different setup accounts for the different error messages.
If the tunnel is restarted, can you try to reconfigure the
interface:
set interfaces interface tun0 disable true
commit
set interfaces interface tun0 disable false
commit
It worked for us, but I don't know whether it will work for your
setup. If it works, you could run the above commands as part of your
script. See the XORP user manual for examples how to run xorpsh as
part of a shell script and supply it with the commands.
Pavlin
> --------- client.conf---------------
> client
> up "/etc/init.d/xorp restart"
> dev tun5
> proto udp
> remote xxx.xxx.xxx.xxx 3194
> resolv-retry infinite
> nobind
> user nobody
> group nobody
> persist-key
> persist-tun
> mute-replay-warnings
> ca keys/ca.crt
> cert keys/client-new.crt
> key keys/client-new.key
> tls-auth keys/ta.key 1
> cipher AES-256-CBC
> comp-lzo
> verb 3
> ping 15
> ping-restart 45
> ping-timer-rem
> -------------------------------------
> -----server.conf----------------
> tls-server
> local xxx.xxx.xxx.xxx
> port 3194
> proto udp
> dev tun5
> client-config-dir /etc/openvpn-poptest/ccd
> ca keys/ca.crt
> cert keys/myserver.crt
> key keys/myserver.key
> dh keys/dh2048.pem
> crl-verify keys/crl.pem
> # Configure server mode and supply a VPN subnet
> topology subnet
> mode server
> server 172.25.3.0 255.255.255.0
> ifconfig-pool-persist ipp.txt
> client-to-client
> ping 15
> ping-restart 45
> ping-timer-rem
> tls-auth keys/ta.key 0
> cipher AES-256-CBC
> comp-lzo
> user nobody
> group nobody
> persist-key
> persist-tun
> status openvpn-status.log
> verb 3
> mute 20
>
> Thanks,
> Mark
> Pavlin Radoslavov wrote:
> >> Is there a way to HUP the OSPF process when an interface that is defined
> >> in OSPF toggles between up/down? Once this happens I have to restart
> >> the XORP process and then the neighbor will go back into the 'full'
> >> state. Currently running xorp 1.2.
> >>
> >> So with the config below tun5 goes down for about 30 seconds and then
> >> when it's brought back up is when I have the problem.
> >>
> >
> > In general, have in mind that tunnels and VPNs are not supported
> > (yet). It happens that tunnels are working (if configured before
> > starting XORP), but so far we haven't got around to provide complete
> > support for them. Hence, for the time being you may have to use some
> > work-arounds if a tunnel is removed while XORP is running, etc.
> >
> > Could you provide the exact instuctions/commands about what you are
> > doing. We tried to replicate the problem, but the messages we were
> > seeing were different (e.g., we didn't see the
> > "setsockopt(IP_MULTICAST_IF)" warnings).
> >
> > We saw some issues with bringing the tunnel down and up (by either
> > using "ifconfig tun0 down/up" or just by killing and restarting the
> > openvpn program), but we want to verify whether we are seeing same
> > problem or something else before suggesting any possible
> > work-around.
> >
> > Pavlin
> >
> >
> >> root@marklaptop.localdomain> show ospf4 neighbor
> >> Address Interface State ID Pri Dead
> >> 172.25.3.1 tun5/tun5 Down 11.10.10.10 0 0
> >>
> >> -------config file------------
> >> interfaces {
> >> interface tun5 {
> >> default-system-config
> >> description: "Openvpn-test-interface"
> >> }
> >> interface "eth0.100" {
> >> default-system-config {
> >> }
> >> description: "Test interface"
> >> }
> >> }
> >> fea {
> >> unicast-forwarding4 {
> >> }
> >> }
> >> policy {
> >> policy-statement connected {
> >> term export {
> >> from {
> >> protocol: "connected"
> >> }
> >> }
> >> }
> >> policy-statement static {
> >> term export {
> >> from {
> >> protocol: "static"
> >> }
> >> }
> >> }
> >> }
> >> protocols {
> >> ospf4 {
> >> router-id: 10.10.10.10
> >> area 0.0.0.0 {
> >> interface "eth0.100" {
> >> vif "eth0.100" {
> >> address 1.1.1.1 {
> >> passive: true
> >> }
> >> }
> >> }
> >> interface tun5 {
> >> vif tun5 {
> >> address 172.25.3.4 {
> >> authentication {
> >> md5 1 {
> >> password: "id10t"
> >> }
> >> }
> >> }
> >> }
> >> }
> >> }
> >> traceoptions {
> >> flag {
> >> all {
> >> }
> >> }
> >> }
> >> }
> >> }
> >>
> >> ---- LOG FILE-------
> >> [ 2006/03/24 10:00:27 INFO xorp_rtrmgr:28544 RTRMGR +240
> >> master_conf_tree.cc execute ] Changed modules: interfaces, fea, rib,
> >> policy, ospf4
> >> [ 2006/03/24 10:00:27 INFO xorp_rtrmgr:28544 RTRMGR +99
> >> module_manager.cc execute ] Executing module: interfaces (fea/xorp_fea)
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] MFEA enabled
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] CLI enabled
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] CLI started
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] MFEA enabled
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] CLI enabled
> >> [ 2006/03/24 10:00:28 INFO xorp_fea MFEA ] CLI started
> >> [ 2006/03/24 10:00:29 INFO xorp_rtrmgr:28544 RTRMGR +99
> >> module_manager.cc execute ] Executing module: fea (fea/xorp_fea)
> >> [ 2006/03/24 10:00:35 INFO xorp_rtrmgr:28544 RTRMGR +99
> >> module_manager.cc execute ] Executing module: rib (rib/xorp_rib)
> >> [ 2006/03/24 10:00:37 INFO xorp_rtrmgr:28544 RTRMGR +99
> >> module_manager.cc execute ] Executing module: policy (policy/xorp_policy)
> >> [ 2006/03/24 10:00:39 INFO xorp_rtrmgr:28544 RTRMGR +99
> >> module_manager.cc execute ] Executing module: ospf4 (ospf/xorp_ospfv2)
> >> [ 2006/03/24 10:00:41 TRACE xorp_ospfv2 OSPF ] Event(LoopInd)
> >> Interface(eth0.100/eth0.100) State(Down)
> >> [ 2006/03/24 10:00:41 TRACE xorp_ospfv2 OSPF ] Event(InterfaceUp)
> >> Interface(tun5/tun5) State(Down)
> >> [ 2006/03/24 10:00:41 INFO xorp_rtrmgr:28544 RTRMGR +2228 task.cc
> >> run_task ] No more tasks to run
> >> [ 2006/03/24 10:00:42 TRACE xorp_ospfv2 OSPF ] Event(HelloReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Init)
> >> [ 2006/03/24 10:00:42 TRACE xorp_ospfv2 OSPF ] Event(2-WayReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Init)
> >> [ 2006/03/24 10:00:42 TRACE xorp_ospfv2 OSPF ] Event(BackupSeen)
> >> Interface(tun5/tun5) State(Waiting)
> >> [ 2006/03/24 10:00:42 TRACE xorp_ospfv2 OSPF ] Event(AdjOK?)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(TwoWay)
> >> [ 2006/03/24 10:00:51 TRACE xorp_ospfv2 OSPF ]
> >> Event(DataDescriptionReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(ExStart)
> >> [ 2006/03/24 10:00:51 TRACE xorp_ospfv2 OSPF ] Event(NegotiationDone)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(ExStart)
> >> [ 2006/03/24 10:00:51 TRACE xorp_ospfv2 OSPF ]
> >> Event(DataDescriptionReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(Exchange)
> >> [ 2006/03/24 10:00:51 TRACE xorp_ospfv2 OSPF ] Event(ExchangeDone)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Exchange)
> >> [ 2006/03/24 10:00:52 TRACE xorp_ospfv2 OSPF ] Event(HelloReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Loading)
> >> [ 2006/03/24 10:00:52 TRACE xorp_ospfv2 OSPF ] Event(2-WayReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Loading)
> >> [ 2006/03/24 10:00:52 TRACE xorp_ospfv2 OSPF ] Event(NeighborChange)
> >> Interface(tun5/tun5) State(Backup)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateUpdateReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(Loading)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ] Event(LoadingDone)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Loading)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateRequestReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateAcknowledgementReceived-pseudo-event)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateUpdateReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateAcknowledgementReceived-pseudo-event)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:00:56 TRACE xorp_ospfv2 OSPF ] Ack for LSA not in
> >> retransmission list.
> >> LS age 1 Options 0x2 DC: 0 EA: 0 N/P: 0 MC: 0 E: 1 LS type 0x1 Link
> >> State ID 10.10.10.10 Advertising Router 10.10.10.10 LS sequence number
> >> 0x80000001 LS checksum 0x1246 length 48
> >> Link State Acknowledgement Packet:
> >> Version 2
> >> Type 5
> >> Router ID 11.10.10.10
> >> Area ID 0.0.0.0
> >> Auth Type 2
> >>
> >> LS age 1 Options 0x2 DC: 0 EA: 0 N/P: 0 MC: 0 E: 1 LS type
> >> 0x1 Link State ID 10.10.10.10 Advertising Router 10.10.10.10 LS sequence
> >> number 0x80000001 LS checksum 0x1246 length 48
> >> [ 2006/03/24 10:00:57 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Router
> >> 11.10.10.10(0xb0a0a0a) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:00:57 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Network
> >> 172.25.3.255(0xac1903ff) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:00:57 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Network
> >> 172.25.100.10(0xac19640a) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:00:57 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Router
> >> 255.255.255.255(0xffffffff) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:01:01 TRACE xorp_ospfv2 OSPF ]
> >> Event(LinkStateUpdateReceived-pseudo-event) Interface(tun5/tun5)
> >> Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] Event(HelloReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] Event(2-WayReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] Checking for virtual
> >> links Router-LSA:
> >> LS age 1 Options 0x2 DC: 0 EA: 0 N/P: 0 MC: 0 E: 1 LS type 0x1 Link
> >> State ID 11.10.10.10 Advertising Router 11.10.10.10 LS sequence number
> >> 0x80000005 LS checksum 0xb346 length 48
> >> Nt-bit false
> >> V-bit false
> >> E-bit false
> >> B-bit false
> >> Type 2 Transit network IP address of Designated router
> >> 172.25.100.10 Routers interface address 172.25.100.1 Metric 1
> >> Type 2 Transit network IP address of Designated router
> >> 172.25.3.1 Routers interface address 172.25.3.1 Metric 1
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] Checking for virtual
> >> links Router-LSA:
> >> LS age 1505 Options 0x22 DC: 1 EA: 0 N/P: 0 MC: 0 E: 1 LS type 0x1 Link
> >> State ID 255.255.255.255 Advertising Router 255.255.255.255 LS sequence
> >> number 0x80000816 LS checksum 0x5558 length 36
> >> Nt-bit false
> >> V-bit false
> >> E-bit false
> >> B-bit false
> >> Type 2 Transit network IP address of Designated router
> >> 172.25.100.10 Routers interface address 172.25.100.10 Metric 1
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] [OSPF] Running filter:
> >> Import on route: 172.25.100.0/24
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] [OSPF] Running filter:
> >> Export-SourceMatch on route: 172.25.100.0/24
> >> [ 2006/03/24 10:01:02 TRACE xorp_ospfv2 OSPF ] Add route Net
> >> 172.25.100.0/24 Nexthop 172.25.3.1 metric 2 equal false discard false policy
> >> [ 2006/03/24 10:01:12 TRACE xorp_ospfv2 OSPF ] Event(HelloReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:12 TRACE xorp_ospfv2 OSPF ] Event(2-WayReceived)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:21 WARNING xorp_fea XrlFeaTarget ] Handling method
> >> for raw_packet4/0.1/send failed: XrlCmdError 102 Command failed
> >> setsockopt(IP_MULTICAST_IF, 172.25.3.4) failed: Cannot assign requested
> >> address
> >> [ 2006/03/24 10:01:21 ERROR xorp_ospfv2:28549 OSPF +181 xrl_io.cc
> >> send_cb ] Cannot send a packet on interface tun5 vif tun5: 102 Command
> >> failed setsockopt(IP_MULTICAST_IF, 172.25.3.4) failed: Cannot assign
> >> requested address
> >> [ 2006/03/24 10:01:52 TRACE xorp_ospfv2 OSPF ] Event(InactivityTimer)
> >> Interface(tun5/tun5) Neighbour(172.25.3.1) State(Full)
> >> [ 2006/03/24 10:01:52 TRACE xorp_ospfv2 OSPF ] Event(NeighborChange)
> >> Interface(tun5/tun5) State(Backup)
> >> [ 2006/03/24 10:01:53 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Router
> >> 11.10.10.10(0xb0a0a0a) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:01:53 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Network
> >> 172.25.3.1(0xac190301) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:01:53 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Network
> >> 172.25.100.10(0xac19640a) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:01:53 TRACE xorp_ospfv2 OSPF ] Node: OSPFv2 Router
> >> 255.255.255.255(0xffffffff) 0.0.0.0(0) not reachable
> >> [ 2006/03/24 10:01:53 TRACE xorp_ospfv2 OSPF ] Delete route Net
> >> 172.25.100.0/24
> >> [ 2006/03/24 10:01:53 ERROR xorp_fea:28545 FEA +503
> >> fticonfig_entry_set_netlink.cc delete_entry ] Error checking netlink
> >> request: AF_NETLINK NLMSG_ERROR message: No such process
> >> [ 2006/03/24 10:01:53 ERROR xorp_fea:28545 FEA +71 fti_transaction.cc
> >> operation_result ] FTI transaction commit failed on DeleteEntry4: net =
> >> 172.25.100.0/24 nexthop = 0.0.0.0 ifname = vifname = metric = 0
> >> admin_distance = 0 xorp_route = false is_deleted = false is_unresolved =
> >> false is_connected_route = false
> >> [ 2006/03/24 10:01:53 WARNING xorp_fea XrlFeaTarget ] Handling method
> >> for redist_transaction4/0.1/commit_transaction failed: XrlCmdError 102
> >> Command failed DeleteEntry4: net = 172.25.100.0/24 nexthop = 0.0.0.0
> >> ifname = vifname = metric = 0 admin_distance = 0 xorp_route = false
> >> is_deleted = false is_unresolved = false is_connected_route = false
> >> [ 2006/03/24 10:01:53 ERROR xorp_rib:28547 RIB +914 redist_xrl.cc
> >> dispatch_complete ] Failed to commit transaction: 102 Command failed
> >> DeleteEntry4: net = 172.25.100.0/24 nexthop = 0.0.0.0 ifname = vifname
> >> = metric = 0 admin_distance = 0 xorp_route = false is_deleted = false
> >> is_unresolved = false is_connected_route = false
> >>
> >> _______________________________________________
> >> Xorp-users mailing list
> >> Xorp-users@xorp.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users
> >>
> >
> >
> _______________________________________________
> Xorp-users mailing list
> Xorp-users@xorp.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users