Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: OSPF question

  1. #1
    Master Untangler
    Join Date
    Feb 2013
    Posts
    102

    Default OSPF question

    Dear Support,
    is it possible to change OSPF metric so tunnel will have priority?

    Default metric is 20 for everyone


  2. #2
    Master Untangler
    Join Date
    Feb 2013
    Posts
    102

    Default

    Sorry, found in interface cost in Interface Overrides, need to un tick auto cost and put manually

  3. #3
    Untangle Ninja jcoehoorn's Avatar
    Join Date
    Mar 2010
    Location
    York, NE
    Posts
    1,774

    Default

    OSPF is one of those things I wish I understood better.

    I've read lots of stuff, but I fail to see the use case for modern switching/traffic patterns. For example, when I started at the college here, we had a few OSPF areas configured. But when we replaced our core layer-3 switch in 2012 (I guess technically it's a router), we had some consulting help and they recommended removing them, because they weren't accomplishing anything.

    We do have a wireless link to a field house about 3/4 mile off campus, where there are a few vlans. I could maybe see using OSPF to help traffic in that building get routed without needing to push packets both up the wireless link to get routed to the right vlan and then back again, when they might otherwise never need to leave the building. But we have surprisingly little traffic where that's an issue; mostly people today just want to get to the internet, or pull a file off the file server. Even in communications between two local devices (say, streaming to a chromecast/appleTV) they're typically on the same vlan already anyway.

    I suppose on a truly huge network it might help reduce/manage load on a central router by spreading it around among various area devices. But modern hardware is so stinking fast, by the time you've paid money for devices with OSPF support in each area you could usually have just bought a fast enough router for a simpler network.
    Last edited by jcoehoorn; 11-13-2019 at 08:24 AM.
    Five time Microsoft ASP.Net MVP managing a Lenovo RD330 / E5-2420 / 16GB with Untangle 15.1.0 to protect 500Mbits for ~450 residential college students and associated staff and faculty

  4. #4
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Location
    Sunnyvale, CA
    Posts
    9,012

    Default

    Quote Originally Posted by boris.minakov View Post
    Sorry, found in interface cost in Interface Overrides, need to un tick auto cost and put manually
    Metrics are in /admin/index.do#config/network/advanced/dynamic_routing/ospf/advanced_options default metric or use redistribute static metric.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,946

    Default

    Quote Originally Posted by jcoehoorn View Post
    OSPF is one of those things I wish I understood better.
    That's pretty normal honestly, OSPF and BGP are protocols to dynamically build routing tables, and resolve routing loops when they happen. I don't build networks with loops, or redundant links. And if I do have redundant interior links, those are handled via Cisco's LAG groups usually configured with a cluster.

    So yeah, by the time the border gateway gets involved, there's two perhaps three static routes and I'm done. There's no benefit to the dynamic routing support at all. Nor should dynamic routing be used at this level. BUT, if you don't have a star or bus topology in your campus, and you've got a big huge loop of stuff, and you don't want to statically route everything these features come in handy.

    TLDR, your experience is normal, assuming mine is normal too.
    yotefn likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Master Untangler
    Join Date
    Oct 2013
    Posts
    188

    Default

    There are no short answers to what OSPF (or BGP) is for but here are a few, more obvious reasons I can think of:

    OSPF is really for networks that have hundreds, even thousands of routers, typical of very large multi-national companies or a carrier/ISP. OSPF is an open standard so it works with any equipment vendor that adheres to the standard, Untangle included. It's also scalable... it's got no hop limits, unlike RIP (15 hops) or EIGRP (224 hops).

    OSPF only sends out tiny Hello packets to check on the availability of its neighbors (ie. link-state) and will only send out updates when parameters of any of its link state changes (ie. bandwidth, delay, and load) or if a link or neighbor dies. In other words, it is far less chatty than for instance, RIP, the latter sending out the whole routing table to all its neighbors every 30 seconds.

    Before moving further, let me introduce another concept; Routing protocols such as RIP, EIGRP, IS-IS, OSPF, etc. are what's known as Interior Gateway Protocols (IGP). BGP, on the other hand, is an Exterior Gateway Protocol (EGP).

    That said, BGP is a whole new different animal. It relies on a pre-existing TCP connectivity to "see" its neighbors or "peers". And so, it does not work without an IGP underneath it. Putting it another way, BGP sort of sits on top of IGP protocols, the latter handling the lower level link-state activities. In a network of hundreds of routers, there's probably just a handful of BGP-speakers among them. And even if they are separated by non-BGP routers, for as long as an IGP provides a way to make those BGP-speaking routers reachable, they can "peer" among each other. In practical carrier uses, BGP carries most of the public IP address routing table while the IGP protocols handles the private IP addresses (RFC 1918) for physical interconnection of all routers.

    If you do a traceroute from your PC to say, yahoo.com, you will see just several hops, depending on where you are. But in reality, your packets could be passing through a dozen or dozens of actual physical routers. Those aren't visible to you because they're using RFC 1918 / private IP addresses.

    This is as simple as I can explain it. There are whole books written about them so my apologies if I over-simplified several of the concepts.

    The topic is still fresh in my head as I just renewed by CCNP cert a week ago (took and passed TSHOOT).

    HTH

  7. #7
    Master Untangler
    Join Date
    Feb 2013
    Posts
    102

    Default

    Dear All,
    OSPF is not for hundred networks. Its dynamic routing protocol

    its designed to make routing automated and not to use any static routes

    Lets say you have 2 branches

    1) HQ main office with servers has 2 internet connection

    2) Branch has 1


    You make two GRE tunnels from branch to each ISP in HQ

    Now when 1 ISP is dead, you have to change static route to use another tunnel or you have to write script in Cisco / microtik what ever this tunnels are up to monitor the state

    With OSPF state is monitored automatically and route with the best metric is selected as a default for a remote network

    This is not how big your office or network is

    Point is to automate route process (even with 2 branches only, it eliminated any scripting...)
    Last edited by boris.minakov; 11-20-2019 at 11:15 AM.

  8. #8
    Master Untangler
    Join Date
    Feb 2013
    Posts
    102

    Default

    Only one thing i am strugling with UT, is to raise a GRE tunnel, than put IPSEC over the tunnel and after enable OSPF

    In my case ospf works for 3-4 hours that stops, after service restart it works again

    But with out IPSEC (only with GRE) i do not have a problem

  9. #9
    Master Untangler
    Join Date
    Oct 2013
    Posts
    188

    Default

    I concede that there's more than one way to skin a cat. Technically, there's no limit on how small or big your network should be to use OSPF. I was just addressing a number of reasons (which is a large network or the use of multi-vendor routing equipment) where OSPF may be advantageous. But as you've mentioned, you are using OSPF to effectively utilize multiple ISPs for HA. But by that logic, is this something you can also achieve using RIP? (I'm genuinely asking this question as I've yet to try it in the functionality you're after over IPsec-GRE tunnels).

    Anyway, you can maybe manipulate the cost under Interface Overrides, uncheck auto interface cost and enter your preferred cost for each tunnel.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    24,946

    Default

    I hadn't actually considered that use case. Whenever I have a site that needs a more resilient connection, I just get fiber. I don't muck about with multi-wan if I can avoid it, because it creates difficult to troubleshoot complexity. Meanwhile, in my neck of the woods a fiber line is more reliable than two cable connections, or any permutation of DSL, shortwave or satellite.

    Honestly, I'm extremely curious to see where this thread goes. Because it's my understanding that you cannot make routing rules against a VPN interface in Linux. The interface doesn't exist until the tunnel is connected, and the tunnel defines its routes when it stands up. So how exactly does one get away with more than one site-to-site tunnel connecting the same networks? That's an IP conflict... But it's a specific conflict OSPF is designed to mitigate.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2