Netgate SG-1000 microFirewall

Author Topic: frr!!!  (Read 457 times)

0 Members and 1 Guest are viewing this topic.

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
frr!!!
« on: August 12, 2017, 04:49:23 pm »
OK, as with as much time as i've spent modifying the Quagga package over the last 9 months, I've got to say that I am SUPER excited to see FRR out on pfSense now!  I'm likely going to spend this upcoming Monday applying my yet-unsubmitted modifications to the Quagga package as it looks as though the code base is very similar.

Many thanks to Jim-p for this.

I do have a quick question that i'm not finding an immediate answer for - does frr support multiple OSPF instances? vtysh seems to accept the possibility though it doesn't enter the configuration.

Thanks again,

quad

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20797
  • Karma: +1311/-24
    • View Profile
Re: frr!!!
« Reply #1 on: August 14, 2017, 10:18:27 am »
Answering here, so it's both here and in the other thread where you asked: At the moment, it does not support multiple instances.

I could see it being possible, but so rarely used I'm not sure it's worth the drawbacks/extra complexity it would add for typical users that only need a single instance.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #2 on: August 14, 2017, 12:11:54 pm »
Does FRR require pfSense v2.4.x? I'm not seeing it as an available package on my 2.3.4_1 test box.

Thanks

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20797
  • Karma: +1311/-24
    • View Profile
Re: frr!!!
« Reply #3 on: August 14, 2017, 12:13:59 pm »
Does FRR require pfSense v2.4.x? I'm not seeing it as an available package on my 2.3.4_1 test box.

Yes. Eventually, if it tests out and works OK there, it will be enabled for 2.3.4. But for the time being it's only active for 2.4.x
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #4 on: August 14, 2017, 02:18:16 pm »
Does FRR require pfSense v2.4.x? I'm not seeing it as an available package on my 2.3.4_1 test box.

Yes. Eventually, if it tests out and works OK there, it will be enabled for 2.3.4. But for the time being it's only active for 2.4.x

Sounds good. We're loading it into our lab environment this week.

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #5 on: August 15, 2017, 08:12:46 am »
A couple thoughts after working with FRR for the last couple days:
  • Super happy to see that FRR is listed under "Status" now - this is much clearer for engineers trying to see what's going on
  • Would it be possible to get a hook to FRR from the System -> Routing page?

It's nice to see a unified package handling the most critical protocols. At this point, does the pfSense team have a general preference for routing packages going forward? Might FRR become a de-facto component in pfSense?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20797
  • Karma: +1311/-24
    • View Profile
Re: frr!!!
« Reply #6 on: August 15, 2017, 08:16:28 am »
Would it be possible to get a hook to FRR from the System -> Routing page?

No, we don't currently have a way for packages to hook into tabs on other areas yet. The only package that does it is OpenVPN client export but that's only because there is code for that in base, which we try not to do.

It's nice to see a unified package handling the most critical protocols. At this point, does the pfSense team have a general preference for routing packages going forward? Might FRR become a de-facto component in pfSense?

It's too early to say. It's possible, though with a subsystem like frr it works better as a package so it can get updates between formal releases.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #7 on: August 16, 2017, 01:54:20 pm »
Good to know. Any thoughts on enabling the RIP and IS-IS daemons as well?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20797
  • Karma: +1311/-24
    • View Profile
Re: frr!!!
« Reply #8 on: August 16, 2017, 01:57:07 pm »
They may come in as I have time and if I can fit the tabs in without it turning into a drop-down selector.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline quadrinary

  • Jr. Member
  • **
  • Posts: 39
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #9 on: September 08, 2017, 09:52:53 am »
I've submitted a bug fix for the FRR package - the raw configs were being improperly referenced in config.xml. Unfortunately it got rolled into the same pull request as my OSPF cost-shifter for Quagga.

Offline markdegroot

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: frr!!!
« Reply #10 on: September 13, 2017, 08:54:01 am »
The FRR packages looks great guys!

Can anybody comment on the stability of this package? In other words: is it production ready?
« Last Edit: September 13, 2017, 08:59:31 am by markdegroot »

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 20797
  • Karma: +1311/-24
    • View Profile
Re: frr!!!
« Reply #11 on: September 13, 2017, 09:24:20 am »
I'd say yes. The only missing pieces are input validation at the moment which is important but not critical (so long as you are careful with inputs)

It should work better than Quagga for OSPF, and internal tests have already showed it works better against AWS than OpenBGPD. No more pfkey errors or traffic drops.

That said, it is new and we don't have a ton of feedback on it from a wide array of scenarios yet.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!