FRR support NHRP. We can use FRR nhrpd instead of openNHRP
Description
Details
- Difficulty level
- Hard (possibly days)
- Version
- -
- Why the issue appeared?
- Will be filled on close
- Is it a breaking change?
- Unspecified (possibly destroys the router)
- Issue type
- Internal change (not visible to end users)
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
In progress | FEATURE REQUEST | v.huti | T2326 Migrate NHRP(DMVPN) to FRR | ||
On hold | FEATURE REQUEST | v.huti | T3040 NHRP IPv6 Support |
Event Timeline
FRR nhrpd do not support multicasting over GRE tunnels so OSPF or EIGRP don't work since they use multicast addresses to discover neighbors
As i remember the lack of multicast replication was the reason this stopped up last time it was discussed... And as ospf and eigrp is the most used protocols run over dmvpn i think this is a showstopper for implementimg nhrpd
@hammerstud that would work for you - but it will break everyone elses implementation ;)
@c-po There is some recent news on FRR's NHRPD and multicast support it seems, please see here:
http://docs.frrouting.org/en/latest/nhrpd.html#multicast-functionality
and here:
https://github.com/FRRouting/frr/commit/d75213d26036a2880f23f5e67cb1c890f20299de
@c-po @Viacheslav
Further news on this topic - FRR 8.0 released yesterday (7/29) which includes the aforementioned nhrpd multicast improvements, among a lot of other nice things:
July 29, 2021 The FRR community is pleased to announce FRR 8.0. In this release there are over 2200 commits from 91 different authors. Please note that we expect to release a bugfix point release relatively soon after this release. nhrpd - Add nhrp multicast-nflog-group (1-65535) command - Add configuration options for vici socket path - Add support for forwarding multicast packets - Fix handling of MTU - Fix handling of NAT extension - Retry IPsec under some conditions
I think NHRP Cisco Auth is still missing: https://github.com/FRRouting/frr/blob/master/nhrpd/nhrp_peer.c#L1212
This was sited to me as a concern for migrating to FRR
I agree it would be nice to have the Cisco Auth functionality, however, the original author of opennhrp themselves recommend using FRR nhrpd instead where possible. It appears that most effort going forward will be put into FRR's nhrpd, and not the original opennhrp.
Cisco Auth is a necessity for those who want to migrate from this vendor's hardware to VyOS. You can easily add a VyOS node to an existing DMVPN.
I have created a draft pull request for FRR, but I can still see a bunch of odd bugs.
I'm going to activate it after additional testing by the team.
Most issues involve Wireshark's inability to parse packets correctly and display an exception, although the demons seem to run fine.
https://github.com/FRRouting/frr/pull/14788