IPv4 Anycast with Linux and Quagga

which inserts the rule permitting IP protocol 89 at the start of the INPUT chain. That command will work with most any standard firewall configuration. After all of this, you finally can get Quagga going. Start it with service zebra start and service ospfd start. Your system now should be participating in your OSPF routing scheme.

You can confirm that with a quick look at your router's routing table:

R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
  Last update from 10.0.1.2 on FastEthernet0/0, 00:00:14 ago
  Routing Descriptor Blocks:
  * 10.0.1.2, from 10.0.1.2, 00:00:14 ago, via FastEthernet0/0
      Route metric is 21, traffic share count is 1

To enable remote administration, you must set a password in ospfd.conf as follows:

password YOUR-PASSWORD
enable password YOUR-ENABLE-PASSWORD

If you are feeling paranoid about your server establishing neighbor relationships with devices other than your router, you can disable OSPF automatic neighbor discovery on your server with the following additional commands in ospfd.conf:

interface eth0
  ip ospf network non-broadcast

router ospf
  neighbor ROUTER-ID-OF-ROUTER

This configuration has each endpoint in its own OSPF NSSA area. You just as easily could have the endpoints become part of whatever area is already in existence, as long as that area allows external routes. Having each server in its own area gives you a little more control over what kind of routes propagate to and from each endpoint. It is a bit more work, both initially and when you move a server to a different router. It also means your servers have to be able to connect directly to an ABR with access to area 0, which may or may not be possible in your network.

Anycast with one endpoint is fairly useless, so let's take a look at a simple deployment scenario. Each endpoint is configured exactly like the endpoint we just configured, with the exception of the service address and the OSPF area number.

In this scenario, let's say we have anycast running between two sites (for instance, a main office and a satellite office) connected over a WAN. There is one anycast endpoint at each site. The main office is 10.0.1.0/24, the satellite office is 10.0.2.0/24, and our anycast address is 10.0.0.1, from our anycast subnet, 10.0.0.0/25 (Figure 1).

Figure 1. Two-Site, Two-Server Environment

OSPF on R1 is configured as follows:

router ospf 1
 log-adjacency-changes
 network 10.0.1.0 0.0.0.255 area 10.0.1.2
 network 10.0.0.128 0.0.0.128 area 0.0.0.0
 area 10.0.1.2 nssa no-summary default-information-originate
 area 10.0.1.2 authentication message-digest
 area 0.0.0.0 authentication message-digest

OSPF on R2 is configured as follows:

router ospf 1
 log-adjacency-changes
 network 10.0.2.0 0.0.0.255 area 10.0.2.2
 network 10.0.0.128 0.0.0.128 area 0.0.0.0
 area 10.0.2.2 nssa no-summary default-information-originate
 area 10.0.2.2 authentication message-digest
 area 0.0.0.0 authentication message-digest

R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
  Last update from 10.0.1.2 on FastEthernet0/0, 00:00:14 ago
  Routing Descriptor Blocks:
  * 10.0.1.2, from 10.0.1.2, 00:00:14 ago, via FastEthernet0/0
      Route metric is 21, traffic share count is

R2>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
  Last update from 10.0.2.2 on FastEthernet0/0, 00:05:07 ago
  Routing Descriptor Blocks:
  * 10.0.2.2, from 10.0.2.2, 00:05:07 ago, via FastEthernet0/0
      Route metric is 21, traffic share count is 1

Traffic from each of the sites is flowing to the local anycast endpoint. Here's what happens if we take out the main office endpoint:

Endpoint1# ifdown lo:0
Endpoint1#

R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "ospf 1", distance 110, metric 85, type extern 1
  Last update from 10.0.0.130 on Serial0/0, 00:00:21 ago
  Routing Descriptor Blocks:
  * 10.0.0.130, from 10.0.2.2, 00:00:21 ago, via Serial0/0
      Route metric is 85, traffic share count is 1

R2>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
  Last update from 10.0.2.2 on FastEthernet0/0, 00:05:07 ago
  Routing Descriptor Blocks:
  * 10.0.2.2, from 10.0.2.2, 00:05:07 ago, via FastEthernet0/0
      Route metric is 21, traffic share count is 1

All traffic starts to flow to the remaining endpoint, as designed and desired.