Loading
IPv4 Anycast with Linux and Quagga
Ease configuration headaches and improve availability with anycast.
which inserts the rule permitting IP protocol 89 at the start of the INPUT chain. That command will work with most any standard firewall configuration. After all of this, you finally can get Quagga going. Start it with service zebra start and service ospfd start. Your system now should be participating in your OSPF routing scheme.
You can confirm that with a quick look at your router's routing table:
R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
Last update from 10.0.1.2 on FastEthernet0/0, 00:00:14 ago
Routing Descriptor Blocks:
* 10.0.1.2, from 10.0.1.2, 00:00:14 ago, via FastEthernet0/0
Route metric is 21, traffic share count is 1
To enable remote administration, you must set a password in ospfd.conf as follows:
password YOUR-PASSWORD enable password YOUR-ENABLE-PASSWORD
If you are feeling paranoid about your server establishing neighbor relationships with devices other than your router, you can disable OSPF automatic neighbor discovery on your server with the following additional commands in ospfd.conf:
interface eth0 ip ospf network non-broadcast router ospf neighbor ROUTER-ID-OF-ROUTER
This configuration has each endpoint in its own OSPF NSSA area. You just as easily could have the endpoints become part of whatever area is already in existence, as long as that area allows external routes. Having each server in its own area gives you a little more control over what kind of routes propagate to and from each endpoint. It is a bit more work, both initially and when you move a server to a different router. It also means your servers have to be able to connect directly to an ABR with access to area 0, which may or may not be possible in your network.
Anycast with one endpoint is fairly useless, so let's take a look at a simple deployment scenario. Each endpoint is configured exactly like the endpoint we just configured, with the exception of the service address and the OSPF area number.
In this scenario, let's say we have anycast running between two sites (for instance, a main office and a satellite office) connected over a WAN. There is one anycast endpoint at each site. The main office is 10.0.1.0/24, the satellite office is 10.0.2.0/24, and our anycast address is 10.0.0.1, from our anycast subnet, 10.0.0.0/25 (Figure 1).
Figure 1. Two-Site, Two-Server Environment
OSPF on R1 is configured as follows:
router ospf 1 log-adjacency-changes network 10.0.1.0 0.0.0.255 area 10.0.1.2 network 10.0.0.128 0.0.0.128 area 0.0.0.0 area 10.0.1.2 nssa no-summary default-information-originate area 10.0.1.2 authentication message-digest area 0.0.0.0 authentication message-digest
OSPF on R2 is configured as follows:
router ospf 1
log-adjacency-changes
network 10.0.2.0 0.0.0.255 area 10.0.2.2
network 10.0.0.128 0.0.0.128 area 0.0.0.0
area 10.0.2.2 nssa no-summary default-information-originate
area 10.0.2.2 authentication message-digest
area 0.0.0.0 authentication message-digest
R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
Last update from 10.0.1.2 on FastEthernet0/0, 00:00:14 ago
Routing Descriptor Blocks:
* 10.0.1.2, from 10.0.1.2, 00:00:14 ago, via FastEthernet0/0
Route metric is 21, traffic share count is
R2>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
Last update from 10.0.2.2 on FastEthernet0/0, 00:05:07 ago
Routing Descriptor Blocks:
* 10.0.2.2, from 10.0.2.2, 00:05:07 ago, via FastEthernet0/0
Route metric is 21, traffic share count is 1
Traffic from each of the sites is flowing to the local anycast endpoint. Here's what happens if we take out the main office endpoint:
Endpoint1# ifdown lo:0
Endpoint1#
R1>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "ospf 1", distance 110, metric 85, type extern 1
Last update from 10.0.0.130 on Serial0/0, 00:00:21 ago
Routing Descriptor Blocks:
* 10.0.0.130, from 10.0.2.2, 00:00:21 ago, via Serial0/0
Route metric is 85, traffic share count is 1
R2>show ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "ospf 1", distance 110, metric 21, type NSSA extern 1
Last update from 10.0.2.2 on FastEthernet0/0, 00:05:07 ago
Routing Descriptor Blocks:
* 10.0.2.2, from 10.0.2.2, 00:05:07 ago, via FastEthernet0/0
Route metric is 21, traffic share count is 1
All traffic starts to flow to the remaining endpoint, as designed and desired.
______________________
White Paper
Fabric-Based Computing Enables Optimized Hyperscale Data Centers
Today’s modular x86 servers are compute-centric, designed as a least common denominator to support a wide range of IT workloads. Those generic, virtualized IT workloads have much different resource optimization requirements than hyperscale and cloud applications. They have resulted in a “one size fits all” enterprise IT architecture that is not optimized for a specific set of IT workloads, and especially not emerging hyperscale workloads, such as web applications, big data, and object storage. In this report, you will learn how shifting the focus from traditional compute-centric IT architectures to an innovative disaggregated fabric-based architecture can optimize and scale your data center.
Sponsored by AMD
White Paper
Red Hat White Paper: Using an Open Source Framework to Catch the Bad Guy
Built-in forensics, incident response, and security with Red Hat Enterprise Linux 6
Every security policy provides guidance and requirements for ensuring adequate protection of information and data, as well as high-level technical and administrative security requirements for a system in a given environment. Traditionally, providing security for a system focuses on the confidentiality of the information on it. However, protecting the data integrity and system and data availability is just as important. For example, when processing United States intelligence information, there are three attributes that require protection: confidentiality, integrity, and availability.
Learn more about catching the bad guy in this free white paper.
Sponsored by DLT Solutions
- RSS Feeds
- New Products
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Home, My Backup Data Center
- New Products
- Paranoid Penguin - Building a Secure Squid Web Proxy, Part IV
- Developer Poll
- Trying to Tame the Tablet
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.
Developer Poll
44 min 25 sec ago
4 hours 58 min ago
7 hours 30 min ago
12 hours 9 min ago
14 hours 32 min ago
1 day 7 hours ago
1 day 9 hours ago
1 day 11 hours ago
1 day 11 hours ago
1 day 12 hours ago