Guide to Configuring FRR with OSPF on IPv4 and IPv6 (link-local) and CSF
This guide explains how to configure FRR (Free Range Routing) on Ubuntu to manage OSPF for IPv4 and OSPFv3 for IPv6 using link-local addresses. It also covers CSF firewall adjustments to allow OSPF traffic.
1. Installing FRR and Enabling the Service
First, install FRR and its required components. Update the package list and install FRR using:
sudo apt-get update sudo apt-get install frr frr-pythontools
After installation, enable and start FRR so it runs automatically at startup:
sudo systemctl enable frr sudo systemctl start frr
Then open the main FRR configuration file:
sudo nano /etc/frr/frr.conf
2. Enabling OSPF and OSPFv3 Daemons
Next, enable the OSPF and OSPFv3 daemons. Open the following file:
sudo nano /etc/frr/daemons
Set the following values:
ospfd=yes ospf6=yes
Save the file and restart FRR:
sudo systemctl restart frr
3. Configuring FRR for OSPF (IPv4) and OSPFv3 (IPv6)
Now configure FRR to manage both OSPF and OSPFv3. Open the FRR configuration file:
sudo nano /etc/frr/frr.conf
Add the following configuration:
frr version 8.4.4 frr defaults traditional hostname myhost.my.domain log syslog informational ip forwarding ipv6 forwarding service integrated-vtysh-config router ospf ospf router-id 203.0.113.24 network 203.0.113.0/24 area 0 exit router ospf6 ospf6 router-id 203.0.113.24 interface ens160 area 0.0.0.0 exit interface ens160 ipv6 ospf6 area 0.0.0.0 ipv6 address fe80::1/64 ip ospf priority 0 ipv6 ospf6 priority 0 exit
This configuration enables IPv4 and IPv6 forwarding and defines OSPF areas for both. Save and exit the file.
4. Configuring CSF to Allow OSPF Traffic
To ensure CSF does not block OSPF packets, modify the /etc/csf/csfpost.sh script:
sudo nano /etc/csf/csfpost.sh
Add the following rules:
#!/bin/bash # Allow OSPF traffic on IPv4 iptables -I INPUT -p 89 -j ACCEPT iptables -I OUTPUT -p 89 -j ACCEPT iptables -I INPUT -d 224.0.0.5 -j ACCEPT iptables -I OUTPUT -d 224.0.0.5 -j ACCEPT iptables -I INPUT -d 224.0.0.6 -j ACCEPT iptables -I OUTPUT -d 224.0.0.6 -j ACCEPT # Allow specific OSPF peers for ip in 203.0.113.1 203.0.113.2 203.0.113.3 203.0.113.4 203.0.113.5 203.0.113.20 do iptables -I INPUT -s $ip -j ACCEPT iptables -I OUTPUT -d $ip -j ACCEPT done # Allow OSPFv3 traffic on IPv6 ip6tables -I INPUT -p 89 -j ACCEPT ip6tables -I OUTPUT -p 89 -j ACCEPT ip6tables -I INPUT -d ff02::5 -j ACCEPT ip6tables -I OUTPUT -d ff02::5 -j ACCEPT ip6tables -I INPUT -d ff02::6 -j ACCEPT ip6tables -I OUTPUT -d ff02::6 -j ACCEPT ip6tables -I INPUT -s fe80::/10 -j ACCEPT ip6tables -I OUTPUT -d fe80::/10 -j ACCEPT
Save the file and make it executable:
sudo chmod +x /etc/csf/csfpost.sh
Restart CSF to apply the rules:
sudo csf -r
5. Verifying the Configuration
Finally, verify that OSPF is working correctly.
- Access the FRR shell:
sudo vtysh
- Check OSPF neighbors (IPv4):
show ip ospf neighbor
- Check OSPFv3 neighbors (IPv6):
show ipv6 ospf6 neighbor
- View the IPv6 routing table:
show ipv6 route
If you see active neighbors and populated routes, the setup is successful. FRR is now configured for both IPv4 and IPv6 OSPF, and CSF is properly allowing OSPF traffic.
Visit our FAQ for more information Get more info about Goline