Route update problem:
pfSense1 area0/area10 -- pfSense2 area0/area10 -- pfSense3 area10
If while using a connection from pfSense3 (ssh), I cannot reach pfSense1 if I simply rename the interface on pfSense1 in the Web GUI. This is odd because FRR uses the base name not the cosmetic name (/conf/config.xml uses wan|lan|opt1... and /var/etc/frr/frr.conf uses vmx0, vmx1, ...).
Renaming in the web interface in pfSense1, when you click Apply, this is where pfSense3 can reach pfSense1 but the return route seems like its missing, rebooting pfSense1 fixes the problem (frr-reload didn't work)
Systems Info:
2.7.2-RELEASE (amd64) [all 3 pfSense]
built on Wed Dec 6 20:10:00 UTC 2023
FreeBSD 14.0-CURRENT
Vendor: VMware, Inc.
Version: VMW201.00V.21805430.B64.2305221830
Release Date: Mon May 22 2023
AMD EPYC 3251 8-Core Processor
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: No
Keep in mind for below, some are using portgroups and some is using trunking in VMware (this is why you see VLANing in some but not others). This network converges if everything is rebooted, but if I change the interface name in pfSense1, traffic cannot make its way back to pfSense3 (this was noticed via tcpdump traces). Also if I try to ping pfSense3 from pfSense1, no route to host, but pfSense2 knows.
pfSense1 info
config.xml:
<frrospfdareas>
<config>
<area>0.0.0.10</area>
<descr></descr>
<type>nssa</type>
<defaultcost>0</defaultcost>
<shortcut>disable</shortcut>
<authtype></authtype>
<row>
<rangeprefix></rangeprefix>
<rangecost></rangecost>
<subprefix></subprefix>
</row>
<exportlist>none</exportlist>
<importlist>none</importlist>
<filterlist_out>none</filterlist_out>
<filterlist_in>none</filterlist_in>
</config>
<config>
<area>0.0.0.0</area>
<descr></descr>
<type>none</type>
<defaultcost></defaultcost>
<shortcut>default</shortcut>
<authtype></authtype>
<row>
<rangeprefix></rangeprefix>
<rangecost></rangecost>
<subprefix></subprefix>
</row>
<exportlist>none</exportlist>
<importlist>none</importlist>
<filterlist_out>none</filterlist_out>
<filterlist_in>none</filterlist_in>
</config>
</frrospfdareas>
<frrospfdinterfaces>
<config>
<interface>opt17</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric></metric>
<interfacearea>0.0.0.10</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
<config>
<interface>opt5</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric>14</metric>
<interfacearea>0.0.0.0</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
</frrospfdinterfaces>
<frr>
<config>
<enable>on</enable>
<routerid>101.17.2.251</routerid>
<password><![CDATA[password]]></password>
<passwordencrypt></passwordencrypt>
<ignoreipsecrestart></ignoreipsecrestart>
<carpstatusvid>none</carpstatusvid>
<logging></logging>
<pkgloglevel>0</pkgloglevel>
<enablesnmpagentx></enablesnmpagentx>
<row>
<routevalue></routevalue>
<routetarget>none</routetarget>
</row>
<nht>none</nht>
<service_force_restart></service_force_restart>
</config>
</frr>
<frrbfd>
<config>
<enable>on</enable>
</config>
</frrbfd>
frr.conf:
service integrated-vtysh-config
!
ip router-id 101.17.2.251
!
interface vmx0.952
ip ospf network point-to-point
ip ospf bfd
ip ospf area 0.0.0.10
interface vmx0.1511
ip ospf network point-to-point
ip ospf cost 14
ip ospf bfd
ip ospf area 0.0.0.0
!
router ospf
ospf router-id 101.17.2.251
redistribute connected
area 0.0.0.0 shortcut default
area 0.0.0.10 nssa
area 0.0.0.10 shortcut disable
!
bfd
!
line vty
pfsense2 Info
config.xml:
<frrospfdareas>
<config>
<area>0.0.0.10</area>
<descr></descr>
<type>nssa</type>
<defaultcost>0</defaultcost>
<shortcut>disable</shortcut>
<authtype></authtype>
<row>
<rangeprefix></rangeprefix>
<rangecost></rangecost>
<subprefix></subprefix>
</row>
<exportlist>none</exportlist>
<importlist>none</importlist>
<filterlist_out>none</filterlist_out>
<filterlist_in>none</filterlist_in>
</config>
<config>
<area>0.0.0.0</area>
<descr></descr>
<type>none</type>
<defaultcost></defaultcost>
<shortcut>default</shortcut>
<authtype></authtype>
<row>
<rangeprefix></rangeprefix>
<rangecost></rangecost>
<subprefix></subprefix>
</row>
<exportlist>none</exportlist>
<importlist>none</importlist>
<filterlist_out>none</filterlist_out>
<filterlist_in>none</filterlist_in>
</config>
</frrospfdareas>
<frrospfdinterfaces>
<config>
<interface>lan</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric></metric>
<interfacearea>0.0.0.0</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable></bfdenable>
</config>
<config>
<interface>opt2</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric>19</metric>
<interfacearea>0.0.0.0</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
<config>
<interface>opt22</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric></metric>
<interfacearea>0.0.0.10</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
<config>
<interface>opt13</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric>22</metric>
<interfacearea>0.0.0.10</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
</frrospfdinterfaces>
<frr>
<config>
<enable>on</enable>
<routerid>101.17.2.51</routerid>
<password><![CDATA[password]]></password>
<passwordencrypt></passwordencrypt>
<ignoreipsecrestart></ignoreipsecrestart>
<carpstatusvid>none</carpstatusvid>
<logging></logging>
<pkgloglevel>0</pkgloglevel>
<enablesnmpagentx></enablesnmpagentx>
<row>
<routevalue></routevalue>
<routetarget>none</routetarget>
</row>
<nht>none</nht>
<service_force_restart></service_force_restart>
</config>
</frr>
<frrbfd>
<config>
<enable>on</enable>
</config>
</frrbfd>
frr.conf:
service integrated-vtysh-config
!
ip router-id 101.17.2.51
!
interface vmx0.454
ip ospf network point-to-point
ip ospf area 0.0.0.0
interface vmx0.3023
ip ospf network point-to-point
ip ospf cost 19
ip ospf bfd
ip ospf area 0.0.0.0
interface vmx0.952
ip ospf network point-to-point
ip ospf bfd
ip ospf area 0.0.0.10
interface vmx0.311
ip ospf network point-to-point
ip ospf cost 22
ip ospf bfd
ip ospf area 0.0.0.10
!
router ospf
ospf router-id 101.17.2.51
redistribute connected
area 0.0.0.0 shortcut default
area 0.0.0.10 nssa
area 0.0.0.10 shortcut disable
!
bfd
!
line vty
pfSense3 info
config.xml:
<frrospfdareas>
<config>
<area>0.0.0.10</area>
<descr></descr>
<type>nssa</type>
<defaultcost></defaultcost>
<shortcut>default</shortcut>
<authtype></authtype>
<row>
<rangeprefix></rangeprefix>
<rangecost></rangecost>
<subprefix></subprefix>
</row>
<exportlist>none</exportlist>
<importlist>none</importlist>
<filterlist_out>none</filterlist_out>
<filterlist_in>none</filterlist_in>
</config>
</frrospfdareas>
<frrospfdinterfaces>
<config>
<interface>lan</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric></metric>
<interfacearea>0.0.0.10</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable></bfdenable>
</config>
<config>
<interface>opt2</interface>
<descr></descr>
<networktype>point-to-point</networktype>
<passive></passive>
<mtuignore></mtuignore>
<metric>22</metric>
<interfacearea>0.0.0.10</interfacearea>
<acceptfilter></acceptfilter>
<authtype></authtype>
<password></password>
<routerpriorityelections></routerpriorityelections>
<retransmitinterval></retransmitinterval>
<hellointervalinseconds></hellointervalinseconds>
<deadtimer></deadtimer>
<minimalhello></minimalhello>
<bfdenable>on</bfdenable>
</config>
</frrospfdinterfaces>
<frr>
<config>
<enable>on</enable>
<routerid>101.17.2.157</routerid>
<password><![CDATA[password]]></password>
<passwordencrypt></passwordencrypt>
<ignoreipsecrestart></ignoreipsecrestart>
<carpstatusvid>none</carpstatusvid>
<logging></logging>
<pkgloglevel>0</pkgloglevel>
<enablesnmpagentx></enablesnmpagentx>
<row>
<routevalue></routevalue>
<routetarget>none</routetarget>
</row>
<nht>none</nht>
<service_force_restart></service_force_restart>
</config>
</frr>
<frrbfd>
<config>
<enable>on</enable>
</config>
</frrbfd>
frr.conf:
service integrated-vtysh-config
!
ip router-id 101.17.2.157
!
interface vmx1
ip ospf network point-to-point
ip ospf area 0.0.0.10
interface vmx3
ip ospf network point-to-point
ip ospf cost 22
ip ospf bfd
ip ospf area 0.0.0.10
!
router ospf
ospf router-id 101.17.2.157
redistribute connected
area 0.0.0.10 nssa
area 0.0.0.10 shortcut default
!
bfd
!
line vty