Page MenuHomeDevCentral
Create Task
Maniphest T2324

Ensure OSPF default route is used by all IntraNought nodes
Open, NormalPublic
Actions

Description

In the current setup, IntraNought nodes still rely on a static default gateway (172.27.27.1), which leads to inconsistent and asymmetric routing.

For example, traffic from Windriver correctly reaches IntraNought nodes through the GRE tunnel and the active router. However, the return traffic does not follow the same path: it is sent to the static gateway (172.27.27.1), which corresponds to a different router (e.g. router-001, a non-active router).

Additionally, the tunnel between Windriver and router-001 is no longer used. Windriver prefers the more specific /27 route via gre1 over the broader /24 route via gre0, so traffic is routed through the active router instead, as it should.

traceroute to 172.27.27.7 (172.27.27.7), 64 hops max, 40 byte packets
 1  172.27.27.243 (172.27.27.243)  5.635 ms  5.650 ms  5.634 ms
 2  * * *

So we need to ensure that:

  • IntraNought nodes receive the default route from the active router
  • default gateway (172.27.27.1) should be replaced
  • traffic always follows the active router
  • failover (CARP) is properly reflected in routing

Related Objects

Event Timeline

yousra renamed this task from Ensure all IntraNought nodes use OSPF for default routing to Ensure all IntraNought nodes use OSPF-learned default route from the active router.Mon, May 4, 14:07
yousra renamed this task from Ensure all IntraNought nodes use OSPF-learned default route from the active router to Ensure OSPF default route is used by all IntraNought nodes.
yousra triaged this task as Normal priority.
yousra created this task.
yousra updated the task description. (Show Details)Mon, May 4, 14:10
yousra updated the task description. (Show Details)
yousra updated the task description. (Show Details)Mon, May 4, 14:23
yousra added a comment.Mon, May 4, 14:32

After testing Complector with OSPF enabled to receive the default route, it works as expected.

[yousra@complector ~]$ netstat -rn

Routing tables

Internet:
Destination        Gateway            Flags         Netif Expire
default            172.27.27.12       UG1            vmx0
127.0.0.1          link#2             UHS             lo0
172.27.27.0/27     link#1             U              vmx0
172.27.27.7        link#2             UHS             lo0

As a result, the ping works :

[yousra@windriver /usr/local/etc/frr]$ traceroute 172.27.27.7

traceroute to 172.27.27.7 (172.27.27.7), 64 hops max, 40 byte packets
 1  172.27.27.243 (172.27.27.243)  5.805 ms  5.644 ms  5.604 ms
 2  complector (172.27.27.7)  6.015 ms  5.828 ms  5.705 ms
yousra updated the task description. (Show Details)Mon, May 4, 14:33
yousra mentioned this in T2303: Installation and configuration of FRRouting.Mon, May 4, 14:36
yousra mentioned this in D4099: Add PF firewall configuration management for routers.Mon, May 4, 18:00
yousra added a comment.EditedMon, May 4, 18:03

However, after the default route was changed, complector could no longer reach the Internet (e.g. ping 8.8.8.8).

fixed in D4099

[yousra@complector /opt/salt/nasqueron-operations/roles/router/pf]$ traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 40 byte packets
 1  172.27.27.12 (172.27.27.12)  0.257 ms  0.316 ms  0.149 ms
 2  51.210.99.252 (51.210.99.252)  0.603 ms  0.661 ms  0.542 ms
 3  10.162.98.154 (10.162.98.154)  0.683 ms  0.761 ms
    10.162.98.156 (10.162.98.156)  0.789 ms
 4  10.17.152.66 (10.17.152.66)  0.599 ms
    10.17.152.64 (10.17.152.64)  0.590 ms
    10.17.152.74 (10.17.152.74)  0.628 ms
.....
yousra added a project: Servers.Mon, May 4, 18:13
yousra edited projects, added Drake network; removed Servers.
yousra added a comment.Mon, May 4, 20:15

When router-002 takes over, the default route changes as expected.

[yousra@complector ~]$ netstat -rn

Internet:
Destination        Gateway            Flags         Netif Expire
default            172.27.27.11       UG1            vmx0
127.0.0.1          link#2             UHS             lo0
172.27.27.0/27     link#1             U              vmx0
172.27.27.7        link#2             UHS             lo0

[yousra@windriver /usr/local/etc/frr]$ traceroute 172.27.27.7

traceroute to 172.27.27.7 (172.27.27.7), 64 hops max, 40 byte packets
 1  172.27.27.243 (172.27.27.243)  5.809 ms  7.197 ms  5.708 ms
 2  complector (172.27.27.7)  5.881 ms  5.680 ms  6.234 ms

Internet is accessible thanks to D4099:

[yousra@complector /opt/salt/nasqueron-operations/roles/router/pf]$ traceroute 8.8.8.8

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 40 byte packets
 1  172.27.27.11 (172.27.27.11)  0.299 ms  0.116 ms  0.094 ms
 2  51.210.99.252 (51.210.99.252)  0.642 ms  0.522 ms  0.438 ms
 3  10.162.98.156 (10.162.98.156)  0.658 ms
    10.162.98.154 (10.162.98.154)  0.618 ms  0.618 ms
 4  10.17.152.72 (10.17.152.72)  0.493 ms
    10.17.152.66 (10.17.152.66)  0.589 ms
    10.17.152.72 (10.17.152.72)  0.678 ms
 5  10.73.240.65 (10.73.240.65)  0.423 ms
    10.73.240.64 (10.73.240.64)  0.384 ms
    10.73.240.67 (10.73.240.67)  0.475 ms
 6  172.20.16.32 (172.20.16.32)  3.005 ms
    172.20.16.40 (172.20.16.40)  3.582 ms
    172.20.16.32 (172.20.16.32)  1.994 ms
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator