This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOLVED: UTM 9 Not Multicasting OSPF HELLO Messages

I am attempting to enable OSPF on my Home UTM 9 (firmware version 9.605-1) on a LAN interface that is directly connected to another router (of a different brand). My configuration is as follows.

Interfaces and Routing --> Dynamic Routing (OSPF)

  • Area
    • Name: normal 0.0.0.0
    • Area-ID: 0.0.0.0
    • Area-type: Normal
    • Auth-type: Off
    • Connect via Interface: LAN1
  • Interfaces
    • Name: LAN1
    • Interface: LAN1
    • Auth-type: Off
    • Cost: 0
    • Advanced
      • Hello interval: 10
      • Retransmit interval: 5
      • Dead interval: 40
      • Priority: 1
      • Transmit delay: 1
  • Advanced
    • Redistribute connected <-- Checked
      • Metric: 10
  • Global
    • OSPF status: Toggled on (i.e. green)
    • Router ID: 192.168.30.1 (i.e. the IP address on the LAN1 interface)

Network Protection --> Firewall

  • LAN1 ----- (OSPF) -----> Multicast
    • Enabled
  • Multicast ----- (OSPF) -----> LAN1
    • Enabled

Here, OSPF is defined as a service definition with the following characteristics:

  • Name: OSPF
  • Type of definition: IP
  • Protocol number: 89

Here, multicast is defined as a network definition with the following characteristics:

  • 224.0.0.0/4
  • Interface: Any

When I log into the UTM 9 as root and run tcpdump on the LAN1 interface, I see OSPFv2 "Hello" messages from the attached router being sent to multicast address 224.0.0.5, but I do not see the UTM 9 emitting any OSPF "Hello" messages.

From the configuration description above, is anybody able to see what I am doing wrong? If any further configuration information is needed, please let me know and I will provide it.

Thank you in advance.

EDIT TO ADD:

It seems that enabling OSPF does not subscribe to the relevant OSPF multicast groups: 224.0.0.5 and 224.0.0.6

This shouldn't affect *outbound* multicast OSPF messages though.

For *inbound* messages, as I indicated above, tcpdump shows they are hitting the NIC, but I doubt they are getting passed up the TCP/IP stack given the lack of a subscription.

my-utm:/root # ip maddr show eth0
2: eth0
link 33:33:00:00:00:01
link 33:33:00:00:00:02 users 2
link 01:00:5e:00:00:01
inet 224.0.0.1
inet6 ff05::2
inet6 ff01::2
inet6 ff02::2
inet6 ff02::1
inet6 ff01::1

 



This thread was automatically locked due to age.
Parents Reply Children
  • So, now I'm confused.  Are you just experimenting with OSPF?  If not, what drove you to try it?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi Bob,

    No, I am not experimenting with OSPF. I want to actually use it in my network.

    Having said that, my network is very small. I have only three routers, and I am planning on using only one area (area 0). The two non-UTM routers are downstream of the LAN1 interface of my Sophos UTM 9. Since I occasionally add / remove subnets on the downstream routers, I'd like to share their routes dynamically rather than manage them manually as static routes.

    I have OSPF successfully running between the other two routers, and I would like to share their routes up to my Sophos UTM 9.

    If it was the simplicity of my OSPF configuration that caused confusion / surprise, that is merely a result of the small size / simplicity of my network. But I have a feeling I might be missing something much more fundamental---something more you were expecting to see in my screenshots. If this is the case, I'd be very appreciative of a pointer in the direction in which I need to go dig and learn.

    Thank you kindly in advance for your time and expertise.

    Regards,

    Dave

  • OK, let's take a step back here.

    Even though I have OSPF enabled in the web GUI, I don't see anything that's obviously a daemon for handling OSPF.

    If I SSH into the Sophos UTM and look at the process list, what is the name of the process that acts as a daemon for the OSPF routing protocol?

  • OK, this was just a simple case of a missing check in a checkbox. I'd mistaken a check box for the "garbage can" icon one frequently sees in the UTM UI and which is used to delete an item.

    In addition to defining an interface, one must also say on a per-area basis which interfaces are to be a part of that area (which makes sense).

    Having done this, there is now an ospfd daemon running and routes are being exchanged.