[Xorp-users] How to notify the OSPF process to use FEA on a different machine?
Mingcy.Xu
mingcy.xu at gmail.com
Mon Sep 15 17:40:56 PDT 2008
Hi Pavlin,
The script approach works fine after I excluded the eth0 from the XORP
configuration.
Thanks a lot for your great help. I do feel sorry for having taken so much
of your time.
Have a nice day.
Regards,
Mingcy.Xu
-----Original Message-----
From: Pavlin Radoslavov [mailto:pavlin at ICSI.Berkeley.EDU]
Sent: Saturday, September 13, 2008 1:13 AM
To: Mingcy.Xu
Cc: 'Pavlin Radoslavov'; Xorp-Users
Subject: Re: [Xorp-users] How to notify the OSPF process to use FEA on a
different machine?
Please try the same experiment (i.e., by using the help of the ssh script),
but exclude eth0 from your XORP configuration. This interface is your
control communication channel to the fea and it has to be stable. We want to
avoid any changes to the remote host
(xorp_fea) that might affect this interface configuration or the routing
between the xorp_fea and xorp_rtrmgr hosts.
To make things simpler and easier to debug, I'd suggest that initially you
use static routes instead of OSPF, so it is obvious what is happening (i.e.,
what routes are added to the xorp_fea kernel).
Pavlin
Mingcy.Xu <mingcy.xu at gmail.com> wrote:
> I tried the script approach but got a different result. The following
> is the detailed information.
>
> Host Lab_62(10.20.1.1) : xorp_rtrmgr
> Host Lab_59(10.20.1.2) : xorp_fea
>
>
> 1. On the FEA host I have XORP built inside the
> /home/Martin/xorp-1.5 directory
>
>
> 2. Create the following script and place it instead of the
> fea/xorp_fea binary on the rtrmgr side:
>
> #!/bin/sh
> ssh root at 10.20.1.2 'env XORP_FINDER_SERVER_ADDRESS=10.20.1.1
> XORP_FINDER_CLIENT_ADDRESS=10.20.1.2 /home/Martin/xorp-1.5/fea/xorp_fea'
>
> Note that 10.20.1.1 is the IP address of the rtrmgr (local)
> host, and 10.20.1.2 is the IP address of the fea (remote)host.
>
> When I run this script on rtrmgr host, I did notice the fea process
> was started on the FEA host.
>
>
> 3. Setup environmental variables for the Finder on the rtrmgr host:
>
> [root at Lab_62 xorp-1.5]# env |more
> HOSTNAME=Lab_62
> TERM=vt100
> SHELL=/bin/bash
> XORP_FINDER_SERVER_ADDRESS=10.20.1.1
> XORP_FINDER_CLIENT_ADDRESS=10.20.1.1
> ...
> ///////////////////////////////////////////
>
> 4. Make sure that ssh without typing a password works to the fea host.
>
> [root at Lab_62 ~]# ssh 10.20.1.2
> Last login: Fri Sep 12 13:43:01 2008 from 10.20.1.1
> [root at Lab_59 ~]#
> (No password needed.)
>
> To achieve this,I use the following scheme:
> 1. Run ssh-keygen on the rtrmgr host to create an RSA key-pair
> with an empty password.
> 2. Copy the public key to the FEA host.
> 3. Add the public key to the /root/.ssh/authorized_keys file on
> the FEA host.
>
>
> 5. Start the rtrmgr on the local host:
> (the config.boot file used is listed below.)
>
> [root at Lab_62 rtrmgr]# ./xorp_rtrmgr -a 10.20.1.2 [ 2008/09/12 15:02:05
> INFO xorp_rtrmgr:3348 IPC +477 sockutil.cc set_preferred_ipv4_addr ]
> Changing to address 10.20.1.1 for IPv4 based XRL communication.
> [ 2008/09/12 15:02:05 INFO xorp_rtrmgr:3348 RTRMGR +239
> master_conf_tree.cc execute ] Changed modules: interfaces, firewall,
> fea, rib, policy, ospf4 [ 2008/09/12 15:02:06 INFO xorp_rtrmgr:3348
> RTRMGR +96 module_manager.cc execute ] Executing module: interfaces
> (fea/xorp_fea) [ 2008/09/12 15:02:08 INFO xorp_rtrmgr:3348 RTRMGR +96
> module_manager.cc execute ] Executing module: firewall (fea/xorp_fea)
> [ 2008/09/12 15:02:12 INFO xorp_rtrmgr:3348 RTRMGR +96
> module_manager.cc execute ] Executing module: fea (fea/xorp_fea) [
> 2008/09/12 15:02:28 ERROR xorp_rtrmgr:3348 XRL +639 xrl_pf_stcp.cc
> die ] XrlPFSTCPSender died: Keepalive timeout [ 2008/09/12 15:02:28
> ERROR xorp_rtrmgr:3348 RTRMGR +1400 task.cc execute_done ] 210
> Transport failed [ 2008/09/12 15:02:28 ERROR xorp_rtrmgr:3348 RTRMGR
> +1998 task.cc task_fail ] Shutting down fatally wounded process (fea)
> [ 2008/09/12 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR +171
> module_manager.cc terminate ] Terminating module: fea [ 2008/09/12
> 15:02:28 ERROR xorp_rtrmgr:3348 RTRMGR +681 master_conf_tree.cc
> commit_pass2_done ] Commit failed: 210 Transport failed [ 2008/09/12
> 15:02:28 ERROR xorp_rtrmgr:3348 RTRMGR +251 master_conf_tree.cc
> config_done ] Configuration failed: 210 Transport failed [ 2008/09/12
> 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR +2228 task.cc run_task ] No
> more tasks to run [ 2008/09/12 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR
> +171 module_manager.cc terminate ] Terminating module: firewall [
> 2008/09/12 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR +171
> module_manager.cc terminate ] Terminating module: interfaces [
> 2008/09/12 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR +194
> module_manager.cc terminate ] Killing module: interfaces Killed by
> signal 15.
> [ 2008/09/12 15:02:28 ERROR xorp_rtrmgr:3348 RTRMGR +747
> module_manager.cc done_cb ] Command
> "/home/Martin/xorp-1.5/fea/xorp_fea": terminated with signal 15.
> [ 2008/09/12 15:02:28 INFO xorp_rtrmgr:3348 RTRMGR +282
> module_manager.cc module_exited ] Module killed during shutdown:
> interfaces
> [root at Lab_62 rtrmgr]#
> [root at Lab_62 rtrmgr]#
>
>
> At this point, I encountered something strange:
>
> 1) the rtrmgr host could not reach FEA host. Its route talbe stayed
> unchanged.
> 2) the FEA host could still reach rtrmgr host. But when I tried to ssh
> rtrmgr host( #ssh 10.20.1.1), I got
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 5e:00:30:a9:72:3e:89:de:4a:07:4e:d8:ca:f7:ae:a6.
> Please contact your system administrator.
> Add correct host key in /root/.ssh/known_hosts to get rid of this message.
> Offending key in /root/.ssh/known_hosts:3 RSA host key for 20.1.1.1
> has changed and you have requested strict checking.
> Host key verification failed.
>
> 3) After I rebooted the FEA host and deleted its
> /root/.ssh/known_hosts, the above two problems were resolved.
>
>
> I have done this experiment for four times, each time I got the same
result.
>
>
> Hi, Pavlin, do you have any doubt that running xorp_static_routes on a
> separate machine with xorp_rtrmgr might be a little different from the
> situation regarding xorp_fea?
>
>
>
> The config.boot used:
>
> /* $XORP: xorp/rtrmgr/config/ospfv2.boot,v 1.1 2007/08/29 06:49:43
> pavlin Exp $ */
>
> policy {
> policy-statement connected {
> term export {
> from {
> protocol: "connected"
> }
> }
> }
> }
>
> interfaces {
>
> interface eth0 {
> disable: false
> discard: false
> vif eth0 {
> disable: false
> address 10.20.1.1 {
> prefix-length: 24
> broadcast: 10.20.1.255
> disable: false
> }
> }
> }
>
> interface eth1 {
> disable: false
> discard: false
> vif eth1 {
> disable: false
> address 10.30.1.1 {
> prefix-length: 24
> broadcast: 10.30.1.255
> disable: false
> }
> }
> }
>
> }
>
> fea {
> unicast-forwarding4 {
> disable: false
> }
> }
>
> protocols {
>
> ospf4 {
> router-id: 10.20.1.1
> area 0.0.0.0 {
> interface eth0 {
> link-type: "broadcast"
> vif eth0 {
> address 10.20.1.1 {
> disable: false
> }
> }
> }
>
> interface eth1 {
> link-type: "broadcast"
> vif eth1 {
> address 10.30.1.1 {
> disable: false
> }
> }
> }
>
> }
>
> traceoptions {
> flag {
> all {
> disable: false
> }
> }
> }
>
> export: "connected"
> }
> }
>
>
>
>
>
>
> -----Original Message-----
> From: Pavlin Radoslavov [mailto:pavlin at ICSI.Berkeley.EDU]
> Sent: Friday, September 12, 2008 5:25 AM
> To: Pavlin Radoslavov
> Cc: Mingcy.Xu
> Subject: Re: [Xorp-users] How to notify the OSPF process to use FEA on
> a different machine?
>
> > I wonder why replacing xorp_fea with the script didn't work for you.
> > Later this afternoon I will do some experiments to see what happens.
>
> I just tried the script approach, and it worked for me.
> Here is what I did:
>
> 1. On the fea host I have XORP precompiled inside the
> /home/pavlin/cxorp directory
>
> 2. Create the following script and place it instead of the
> fea/xorp_fea binary on the rtrmgr side:
>
> #!/bin/sh
> ssh vm-freebsd env XORP_FINDER_SERVER_ADDRESS=192.168.113.1 \
> XORP_FINDER_CLIENT_ADDRESS=192.168.113.130
> /home/pavlin/cxorp/fea/xorp_fea
>
> Note that 192.168.113.1 is the IP address of the rtrmgr (local)
> host, and 192.168.113.130 is the IP address of the fea (remote)
> host.
>
> 3. Setup the following environmental variables on the rtrmgr host:
> setenv XORP_FINDER_SERVER_ADDRESS 192.168.113.1 setenv
> XORP_FINDER_CLIENT_ADDRESS 192.168.113.1
>
> 4. Make sure that ssh without typing a password works to the fea
> host (I use ssh-agent), and that running the fea/xorp_fea script
> actually executes the xorp_fea binary on the remote fea host:
>
> pavlin at rtrmgr[49] /Users/pavlin/cxorp/fea/xorp_fea [ 2008/09/11
> 14:20:11 INFO xorp_fea IPC ] Changing to address 192.168.113.130 for
> IPv4 based XRL communication.
> [ 2008/09/11 14:20:11 INFO xorp_fea IPC ] Changing to address
> 192.168.113.130 for IPv4 based XRL communication.
> [ 2008/09/11 14:20:11 INFO xorp_fea IPC ] Changing to address
> 192.168.113.130 for IPv4 based XRL communication.
> [ 2008/09/11 14:20:11 INFO xorp_fea IPC ] Changing to address
> 192.168.113.130 for IPv4 based XRL communication.
> [ 2008/09/11 14:20:11 ERROR xorp_fea:72561 LIBCOMM +609
> /home/pavlin/xorp/libcomm/comm_sock.c comm_sock_connect4 ] Error
> connecting socket (family = 2, remote_addr = 192.168.113.1, remote_port =
19999):
> Connection refused [ 2008/09/11 14:20:11 ERROR xorp_fea:72561 FINDER
> +384 /home/pavlin/xorp/libxipc/finder_tcp_messenger.cc do_auto_connect
> ] Failed to connect to 192.168.113.1/19999: Connection refused [
> 2008/09/11 14:20:11 ERROR xorp_fea:72561 LIBCOMM +609
> /home/pavlin/xorp/libcomm/comm_sock.c
> comm_sock_connect4 ] Error connecting socket (family = 2, remote_addr
> = 192.168.113.1, remote_port = 19999): Connection refused ...
> (Type Ctrl-C to stop)
>
> 5. Start the rtrmgr on the local host:
> ./xorp_rtrmgr -a 192.168.113.130 -b static.boot
>
>
> Please let me know how it goes.
> Pavlin
>
> _______________________________________________
> Xorp-users mailing list
> Xorp-users at xorp.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users
More information about the Xorp-users
mailing list