Mailing List Archive: Hiding subnet along routing path

Hi.

I have a question regarding OSPF operation in some specific route
configuration.

Let's say I have two devices, each has 2 network interfaces and both
running OSPF.

---------------------------- --------------------------|
| DEV1 | | DEV2 |
| eth0 eth1|<==>|eth1 eth0|
| 192.168.0.1 192.168.192.1| |192.168.192.2 192.168.1.1|
---------------------------- ---------------------------

The "default" kernel routes are like:
DEV1:
192.168.192.0/24 dev eth1 proto kernel scope link src 192.168.192.1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
DEV2:
192.168.192.0/24 dev eth1 proto kernel scope link src 192.168.192.2
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1

OSPF and route distribution works as expected through this network.

Now, I wanted to hide the eth1 subnet from the outside world by
setting 192.168.192.0/24 route source to eth0 IP address, like:
DEV1:
192.168.192.0/24 dev eth1 scope link src 192.168.0.1
DEV2:
192.168.192.0/24 dev eth1 scope link src 192.168.1.1

This works from routing perspective, but it breaks OSPF. This is
probably expected, since this has broken a link between two
devices/neighbors.

My question is if it is possible to somehow configure OSPF to
work with those modified route sources? To be able to exchange
OSPF messages by hopping over eth1 subnet?

Thank you very much.

RegK

On Tue, Feb 27, 2018 at 5:14 PM, Klemen Sladic <gosturnca@gmail.com> wrote:
> Hi.
>
> I have a question regarding OSPF operation in some specific route
> configuration.
>
> Let's say I have two devices, each has 2 network interfaces and both running
> OSPF.
>
> ---------------------------- --------------------------|
> | DEV1 | | DEV2 |
> | eth0 eth1|<==>|eth1 eth0|
> | 192.168.0.1 192.168.192.1| |192.168.192.2 192.168.1.1|
> ---------------------------- ---------------------------
>
> The "default" kernel routes are like:
> DEV1:
> 192.168.192.0/24 dev eth1 proto kernel scope link src 192.168.192.1
> 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.1
> DEV2:
> 192.168.192.0/24 dev eth1 proto kernel scope link src 192.168.192.2
> 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
>
> OSPF and route distribution works as expected through this network.
>
> Now, I wanted to hide the eth1 subnet from the outside world by
> setting 192.168.192.0/24 route source to eth0 IP address, like:
> DEV1:
> 192.168.192.0/24 dev eth1 scope link src 192.168.0.1
> DEV2:
> 192.168.192.0/24 dev eth1 scope link src 192.168.1.1
>
> This works from routing perspective, but it breaks OSPF. This is
> probably expected, since this has broken a link between two
> devices/neighbors.
>
> My question is if it is possible to somehow configure OSPF to
> work with those modified route sources? To be able to exchange
> OSPF messages by hopping over eth1 subnet?

Hello,

Short answer: No.

Longer answer: Use public IP addresses on routers which are visible to
the public Internet or else translate ICMP messages from private IPs
to public IPs at your network border. If you leak RFC1918 addresses
you will probably break PMTUD which breaks TCP in mysterious and
subtle ways engineered to drive you completely mad.

Alternate answer: MPLS is the tool you're looking for.

Regards,
Bill Herrin

--
William Herrin ................ herrin@dirtside.com bill@herrin.us
Dirtside Systems ......... Web: <http://www.dirtside.com/>
_______________________________________________
Quagga-users mailing list
Quagga-users@lists.quagga.net
https://lists.quagga.net/mailman/listinfo/quagga-users