Hello,
I’m willing to use LXD to emulate a basic network. To support basic routing protocols, I use quagga(v1.2) in containers. I enabled the zebra and ospfd modules of quagga, and added some simple configurations by vtysh. For each link, I created a linux bridge by lxc network create, and attach containers on it. However when I created a simple network for test, which is shown below, a strange problem occurred. In this network I cannot ping 10.0.6.2 from R1, however all of the last IPs in this picture works. Also, ping from R2 is in the same situation, which means all of interfaces can work, except 10.0.3.2.
First I wondered that I maybe did a wrong quagga configuration, however the same topology created at network emulator, such as Cisco PacketTracer, works well. And I’m sure that all of quagga configrations were same. Now I get confused. Is there any suggestions?
PS: My English is poor, so that I may explain more if you cannot get the point from my description.
Does the the R8 get the ping and reply but traffic never gets back to R1?
Where does the traffic get to when you ping? where does it stop? run tcpdumps on all the hops / links until you find the last hop.
Thanks.
I have tried to run tcpdumps on R8. However, ICMP echo request packets are captured from one of the interfaces but ICMP echo responses are not captured on neither of the interfaces. And all fields of the ICMP echo request packets captured are correct, including MAC addresses and IP addresses. However, the ICMP stat in netstat -s has not changed(including errors), which may shows that the container doesn’t exactly handle the ICMP packets.
And I also have tried to run tcpdumps on other containers. The ICMP echo request packets are transfered as each container’s route table shows. It seems that the problem is R8 get the packet but don’t want to make a response.
if its receiving it verified by tcpdump then silently dropping it, then it sounds a bit like reverse path issues, if the icmp request is received on eth0 but the route back to the sending node is via eth1 then the kernel will drop it by default unless you disabled reverse path verification in sysctl.conf
not sure really without seeing the routing tables on each of the routers.
Ospf should pretty much just be turned on and it should just build its database and work on that basic network.
Thanks! Your guess is completely correct, and it works correctly after setting rp_filter to zero.
In fact, R8 gets the R1’s icmp request from eth0, and the route table shows icmp reply should reply via eth1. I’m not familiar with OSPF, so I had tried RIP. However, the problem remains. Only by your way the network works as expected. Maybe the container randomly determines the route path in the case of the same path cost?
Anyway, the problem is solved now, thank you for your help!
Cool.
Seems strange that OSPF isn’t sorting the routing, I thought as long as all nodes in the same area they should agree on the link state database.
Also check out FRR routing instead of Quagga, its much better and has more up-to-date features including BFD, VRF, MPLS, EVPN… (its a fork of quagga as they weren’t introducing features fast enough.)
