FRR Turning Ubuntu 22.04.1 Into an OSPF Router

In this post I’m going to turn a normal Ubuntu server install into an OSPF router. In this example we’re going to be using a Ubuntu install with 2 ethernet interfaces, we’ve already setup pfSense on the uplink interface with Free Range Routing (FRR) and its areas and we are only going to focus on ipv4 at this time.
In this example we are going to use 10.0.50.0/28 as our transit network (or uplink for this router), our gateway’s (pfSense box) address is 10.0.50.1 and we are going to announce 10.200.1.0/30 for our vlan.

Configure Prereqs​

Enable IP Forwarding​

sudo sysctl -w net.ipv4.ip_forward=1

Make it Persist​

You’ll want to edit this file /etc/sysctl.conf with your favorite editor, if you don’t the change will revert back to off at the next reboot.
(I generally use vi on CentOS or nano on Debian based distros)

...
net.ipv4.ip_forward = 1
...

Install FRR​

Add the keys​

curl -s https://deb.frrouting.org/frr/keys.asc | sudo apt-key add -

Add the FRR apt Source List​

echo deb https://deb.frrouting.org/frr $(lsb_release -s -c) frr-stable | sudo tee -a /etc/apt/sources.list.d/frr.list

Update & Install FRR​

sudo apt update && sudo apt install frr frr-pythontools

Enable OSPF​

Enable the Daemon​

I usually manually edit the file at /etc/frr/daemons but you can also use the following command to edit it without going into the file

sudo sed -i s/ospfd=no/ospfd=yes/g /etc/frr/daemons

Stop and restart required services​

systemctl stop firewalld
systemctl restart frr
systemctl enable frr

At this point you are setup and ready to configure OSPF, pretty simple.

Configure OSPF & Announce Routes​

Configure our network interfaces​

For this example I’m only going to use my uplink interface ens18 and then one of my downlinks ens19.10.
We’re going to start by adding a vlan to our ens19 interface. So lets add our vlan. sudo nano /etc/netplan/00-installer-config.yaml by default 00-installer-config.yaml is the default config straight out of the box with a fresh Ubuntu installation.
We’re going to add the following to the file, the spacing in this file is important.

..
  vlans:
    vlan.10:
      id: 10
      link: ens19
      addresses: [10.200.1.1/30]
..

So my file now looks like

# This is the network config written by 'subiquity'
network:
  ethernets:
    ens18:
      addresses:
      - 10.0.50.2/28
      gateway4: 10.0.50.1
      nameservers:
        addresses:
        - 208.67.222.222
        - 208.67.220.220
        search: []
    ens19:
      dhcp4: true
  vlans:
    vlan.10:
      id: 10
      link: ens19
      addresses: [10.200.1.1/30]
  version: 2

and now lets apply the change

sudo netplan apply

Set basic router configuration​

Now we need to enter vtysh so type the command sudo vtysh. It should open a vtysh session to allow you to configure

config t # enter a configuration session
hostname vm-rtr # set the hostname of this router
ipv4 forwarding # ensure IPv4 forwarding is enabled
service integrated-vtysh-config # make it an integrated session

Set interface configuration​

ens18 is our uplink and is set as the same IP as the physical interface from netplan. ens19.10 is our downlink and is also set to the same IP as with netplan.

interface ens18 # this is our uplink
ip address 10.0.50.2/28
exit
interface ens19.10 # this is our downlink
ip address 10.200.1.2/30
exit

Configure the OSPF router​

router ospf
ospf router-id 10.0.50.2
redistribute connected
redistribute static
network 10.0.50.0/28 area 0.0.0.0
network 10.200.1.0/30 area 0.0.0.0
exit

Check the running config​

If you run the command show running-config from vtysh you should now get an output similar to below.

Building configuration...
Current configuration:
!
frr version 8.5
frr defaults traditional
hostname vm-rtr
log syslog informational
no ipv6 forwarding
service integrated-vtysh-config
!
interface ens18
 ip address 10.0.50.2/28
exit
!
interface ens19.10
 ip address 10.200.1.1/30
exit
!
router ospf
 ospf router-id 10.0.50.2
 redistribute connected
 redistribute static
 network 10.0.50.0/28 area 0.0.0.0
 network 10.200.1.0/30 area 0.0.0.0
exit
!
end

If you want this change to persist you need to run write file from the vtysh session

Check that your neighbors are up​

Run show ip ospf neighbor to check that you can see you uplink router (in this case its my pfsense box).

Neighbor ID     Pri State           Up Time         Dead Time Address         Interface                        RXmtL RqstL DBsmL
10.0.50.1         1 Full/DR         10m51s            30.165s 10.0.50.1       ens18:10.0.50.2                      0     0     0

Check your routes​

If you run show ip route from the vtysh session you should get a similar output below.

Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,
       f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup
       t - trapped, o - offload failure
K>* 0.0.0.0/0 [0/0] via 10.0.50.1, ens18, 00:12:04
O   10.0.50.0/28 [110/1] is directly connected, ens18, weight 1, 00:12:04
C>* 10.0.50.0/28 is directly connected, ens18, 00:12:04
O   10.200.1.0/30 [110/1] is directly connected, vlan.10, weight 1, 00:12:04
C>* 10.200.1.0/30 is directly connected, vlan.10, 00:12:04

Finally lets check on our pfSense box to make sure it also sees the neighbor and routes
Neighbors

Neighbor ID     Pri State           Dead Time Address         Interface                        RXmtL RqstL DBsmL
10.0.50.2         1 Full/Backup       39.278s 10.0.50.2       vtnet1.50:10.0.50.1                  0     0     0

Routes

============ OSPF network routing table ============
N    10.0.50.0/28          [10] area: 0.0.0.0
                           directly attached to vtnet1.50
N    10.200.1.0/30         [11] area: 0.0.0.0
                           via 10.0.50.2, vtnet1.50
============ OSPF router routing table =============
R    10.0.50.2             [10] area: 0.0.0.0, ASBR
                           via 10.0.50.2, vtnet1.50
============ OSPF external routing table ===========

Verify with VM​

So I joined a VM to vlan 50 of the OSPF routers switch and assigned the VM the IP of 10.200.1.2. If I run a traceroute from there you can see the hops between the routers.

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:
  1    <1 ms    <1 ms    <1 ms  10.200.1.1 # this is our ubuntu ospf router
  2    <1 ms    <1 ms    <1 ms  10.0.50.1 # this is the pfSense box
  3    <1 ms    <1 ms    <1 ms  192.168.1.1 # this is my edge router (for now)
  4     2 ms     1 ms     1 ms  10.26.1.67 # this is out on the google fiber network
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7    13 ms    13 ms    12 ms  23-255-224-120.mci.googlefiber.net [23.255.224.120]
  8    15 ms    18 ms    15 ms  23-255-224-107.mci.googlefiber.net [23.255.224.107]
  9    13 ms    13 ms    13 ms  142.251.64.199
 10    13 ms    13 ms    13 ms  142.251.60.7
 11    13 ms    13 ms    13 ms  dns.google [8.8.8.8]
Trace complete.