OSPFv2/v3 support for OpenBSD devices (ipspace#2697)

Also:
* Increase the integration test OSPFv3 SPF waiting time for OpenBSD
---------
Co-authored-by: Ivan Pepelnjak <ip@ipspace.net>

Author: remilocherer

docs/caveats.md

@@ -502,7 +502,8 @@ See also [](caveats-sros) caveats for further details.
 
 * The virtual disk size of the `qcow2` image you can download from https://bsd-cloud-image.org/ is too small to survive the kernel reordering OpenBSD performs after every boot.
 * The kernel reordering is disabled in the Vagrant box, leaving you with approximately 170 MB of free disk space. You'll have a bit less than that in the *vrnetlab* container.
-* The default role of OpenBSD nodes is **host** unless the node has a loopback interface, in which case the **host** mode is automatically changed to **router** (contrary to most other network devices, OpenBSD does not you allow you to reach non-connected IP addresses unless the IPv4/IPv6 forwarding is enabled).
+* OpenBSD OSPFv3 implementation does not support ABR functionality. It also advertises passive interfaces with a very high cost.
+* The device role on nodes with a loopback interface is automatically changed to **router** (contrary to most other network devices, OpenBSD does not allow you to reach non-connected IP addresses unless the IPv4/IPv6 forwarding is enabled).
 
 (caveats-sonic)=
 ## Sonic

docs/labs/openbsd.md

@@ -1,9 +1,9 @@
 (build-openbsd)=
 # Building an OpenBSD Libvirt Box
 
-You can use the **netlab libvirt package** command to build a OpenBSD Vagrant box:
+You can use the **netlab libvirt package** command to build an OpenBSD Vagrant box:
 
-* Download the OpenBSD **qcow2** image from https://bsd-cloud-image.org/ into an empty directory
+* Download the OpenBSD **qcow2** image from [https://bsd-cloud-image.org/](https://bsd-cloud-image.org/) into an empty directory
 * Execute **netlab libvirt package openbsd _img-file-name_** and follow the instructions
 
 ```{warning}

docs/module/ospf.md

@@ -68,6 +68,7 @@ The following table describes the per-platform support of individual router-leve
 | Mikrotik RouterOS 7      | ✅| ❌ | ✅| ❌ | ❌ |
 | Nokia SR Linux           | ✅| ✅| ✅| ✅ [❗](caveats-srlinux) | ✅ [❗](caveats-srlinux) |
 | Nokia SR OS[^SROS]       | ✅| ✅| ✅| ✅ [❗](caveats-sros) | ❌ |
+| OpenBSD                  | ✅| ❌ | ✅ [❗](caveats-openbsd) | ✅| ✅|
 | VyOS                     | ✅| ✅| ✅| ✅| ✅|
 
 
@@ -132,6 +133,7 @@ The following table documents the common interface-level OSPF features:
 | Mikrotik RouterOS 7      | ✅ | ✅ | ❌  | ✅ |
 | Nokia SR Linux           | ✅ | ✅ | ✅ | ✅ |
 | Nokia SR OS[^SROS]       | ✅ | ✅ | ✅ | ✅ |
+| OpenBSD                  | ✅ | ✅ | ✅ | ✅ [❗](caveats-openbsd) |
 | VyOS                     | ✅ | ✅ | ✅ | ✅ |
 
 **Notes:**
@@ -162,6 +164,7 @@ These devices also support optional OSPF interface attributes:
 | Cumulus Linux 5.x (NVUE) | ✅ | ✅ | ❌  | ❌  |
 | Dell OS10                | ✅ | ✅ | ✅ | ❌  |
 | FRR                      | ✅ | ✅ | ✅ | ❌  |
+| OpenBSD                  | ✅ | ✅ | ✅ | ❌  |
 
 OSPF routing daemons support these optional OSPF interface attributes:
 

docs/platforms.md

@@ -325,6 +325,7 @@ Routing protocol [configuration modules](module-reference.md) are supported on t
 | Mikrotik RouterOS 7   | ✅   |   ❌   |   ❌  | ✅  |   ❌  |
 | Nokia SR Linux        | ✅   |  ✅   |   ❌  | ✅  |   ❌  |
 | Nokia SR OS[^SROS]    | ✅   |  ✅   |   ❌  | ✅  | ✅  |
+| OpenBSD               | ✅   |   ❌   |   ❌  |  ❌  |   ❌  |
 | Sonic                 |  ❌   |   ❌   |   ❌  | ✅  |   ❌  |
 | VyOS                  | ✅   |  ✅   |   ❌  | ✅  |   ❌  |
 

netsim/ansible/templates/ospf/openbsd.j2

@@ -0,0 +1,8 @@
+{% import "openbsd.ospfv2.j2" as ospfv2 %}
+{% import "openbsd.ospfv3.j2" as ospfv3 %}
+{% if ospf.af.ipv4 is defined %}
+{{   ospfv2.config(False,ospf,netlab_interfaces) }}
+{% endif %}
+{% if ospf.af.ipv6 is defined %}
+{{   ospfv3.config(False,ospf,netlab_interfaces) }}
+{% endif %}

netsim/ansible/templates/ospf/openbsd.ospfv2.j2

@@ -0,0 +1,55 @@
+{% macro config(ospf_vrf,ospf_data,intf_data) %}
+{%- set areas = intf_data|selectattr('ipv4', 'defined')|map(attribute='ospf.area', default='')|reject('eq', '')|sort|unique %}
+#!/bin/sh
+
+cat <<OSPFD_CONF >/etc/ospfd.conf
+{% if ospf_data.router_id|ipv4 %}
+router-id {{ ospf_data.router_id }}
+{% endif %}
+spf-delay msec 100
+spf-holdtime msec 200
+{% if ospf_data.default is defined %}
+{%   set dfd = ospf_data.default %}
+redistribute default set { metric {{ dfd.cost|default(100) }} type {{ dfd.type|default('e1')|replace('e','') }} }
+{% endif %}
+
+{% for a in areas %}
+area {{ a }} {
+{%   for l in intf_data if l.ospf.area is defined and l.ospf.area is eq a and 'ipv4' in l %}
+{%     if l.ifname == "lo0" %}
+    interface {{ l.ifname }}:{{ l.ipv4 | ipaddr('address') }} {
+{%     else %}
+    interface {{ l.ifname }} {
+{%     endif %}
+{%     if l.ospf.network_type is defined and l.ospf.network_type == 'point-to-point' %}
+        type p2p
+{%     endif %}
+{%     if l.ospf.passive|default(False) %}
+        passive
+{%     endif %}
+{%     if l.ospf.cost is defined %}
+        metric {{ l.ospf.cost }}
+{%     endif %}
+{%     if l.ospf.timers.hello is defined %}
+        hello-interval {{ l.ospf.timers.hello }}
+{%     endif %}
+{%     if l.ospf.timers.dead is defined %}
+        router-dead-time {{ l.ospf.timers.dead }}
+{%     endif %}
+{%     if l.ospf.priority is defined %}
+        router-priority {{ l.ospf.priority }}
+{%     endif %}
+{%     if l.ospf.password is defined %}
+        auth-key {{ l.ospf.password }}
+        auth-type simple
+{%     endif %}
+    }
+{%   endfor -%} 
+}
+{% endfor %} 
+OSPFD_CONF
+
+chmod 640 /etc/ospfd.conf
+rcctl enable ospfd
+rcctl restart ospfd
+{% endmacro %}

netsim/ansible/templates/ospf/openbsd.ospfv3.j2

@@ -0,0 +1,47 @@
+{% macro config(ospf_vrf,ospf_data,intf_data) %}
+{%- set areas = intf_data|selectattr('ipv6', 'defined')|map(attribute='ospf.area', default='')|reject('eq', '')|sort|unique %}
+#!/bin/sh
+
+cat <<OSPFD_CONF >/etc/ospf6d.conf
+{% if ospf_data.router_id is defined %}
+router-id {{ ospf_data.router_id }}
+{% endif %}
+spf-delay 1
+spf-holdtime 1
+{% if ospf_data.default is defined %}
+{%   set dfd = ospf_data.default %}
+redistribute default set { metric {{ dfd.cost|default(100) }} type {{ dfd.type|default('e1')|replace('e','') }} }
+{% endif %}
+
+{% for a in areas %}
+area {{ a }} {
+{%   for l in intf_data if l.ospf.area is defined and l.ospf.area is eq a and 'ipv6' in l %}
+    interface {{ l.ifname }} {
+{%     if l.ospf.network_type is defined and l.ospf.network_type == 'point-to-point' %}
+        type p2p
+{%     endif %}
+{%     if l.ospf.passive|default(False) %}
+        passive
+{%     endif %}
+{%     if l.ospf.cost is defined %}
+        metric {{ l.ospf.cost }}
+{%     endif %}
+{%     if l.ospf.timers.hello is defined %}
+        hello-interval {{ l.ospf.timers.hello }}
+{%     endif %}
+{%     if l.ospf.timers.dead is defined %}
+        router-dead-time {{ l.ospf.timers.dead }}
+{%     endif %}
+{%     if l.ospf.priority is defined %}
+        router-priority {{ l.ospf.priority }}
+{%     endif %}
+    }
+{%   endfor -%} 
+}
+{% endfor %} 
+OSPFD_CONF
+
+chmod 640 /etc/ospf6d.conf
+rcctl enable ospf6d
+rcctl restart ospf6d
+{% endmacro %}

netsim/devices/openbsd.py

@@ -3,6 +3,7 @@
 #
 from box import Box
 
+from ..utils import log
 from . import _Quirks, report_quirk
 from ._common import check_indirect_static_routes
 
@@ -22,9 +23,45 @@ def check_loopback(node: Box, topology: Box) -> None:
       category=Warning,
       node=node)
 
+"""
+OpenBSD OSPFv3 implementation is not an ABR
+"""
+def check_ospf6_quirks(node: Box) -> None:
+  if 'ospf' not in node.get('module',[]):                   # Is the device running OSPF?
+    return
+  if 'ipv6' not in node.ospf.get('af',{}):                  # Does it run OSPF with IPv6?
+    return
+  area_set = { intf.ospf.area                               # Collect OSPF areas into a set
+                 for intf in node.interfaces +              # ... going through all interfaces
+                   [ node.get('loopback',{}) ]              # ... plus the loopback
+                   if 'ospf' in intf and 'ipv6' in intf }   # ... when the interface uses OSPF and has an IPv6 address
+  if len(area_set) > 1:                                     # Do we have more than one area per device?
+    report_quirk(
+      f'node {node.name} cannot be an OSPFv3 ABR',
+      more_hints=['OpenBSD OSPFv3 daemon does not implement the ABR functionality'],
+      quirk='ospfv3_abr',
+      category=log.IncorrectType,
+      node=node)
+
+  passive_list = []
+  for intf in node.interfaces:                              # Next, check for 'passive' OSPF interfaces
+    if 'ospf' not in intf or 'ipv6' not in intf:            # Skip interfaces not running OSPF or not having an IPv6 address
+      continue
+    if 'cost' in intf.ospf and 'passive' in intf.ospf:      # Find passive interfaces with explicit cost
+      passive_list.append(intf.ifname)
+
+  if passive_list:
+    report_quirk(
+      f'node {node.name} uses passive OSPFv3 interfaces with OSPF cost ({",".join(passive_list)})',
+      more_hints=['OpenBSD OSPFv3 daemon sets the cost of passive interfaces to 65535'],
+      quirk='ospfv3_passive',
+      category=Warning,
+      node=node)
+
 class OpenBSD(_Quirks):
 
   @classmethod
   def device_quirks(self, node: Box, topology: Box) -> None:
     check_loopback(node,topology)
     check_indirect_static_routes(node)
+    check_ospf6_quirks(node)

netsim/devices/openbsd.yml

@@ -5,7 +5,7 @@ interface_name: vio{ifindex}
 loopback_interface_name: lo{ifindex}
 ifindex_offset: 1
 mgmt_if: vio0
-role: host
+role: router
 features:
   routing:
     static: true
@@ -14,6 +14,13 @@ features:
     ipv6:
       use_ra: true
       lla: true
+  ospf:
+    unnumbered: false
+    import: [ connected, static ]
+    default: true
+    password: true
+    priority: true
+    timers: true
 libvirt:
   create_template: openbsd.xml.j2
   image: netlab/openbsd

tests/integration/ospf/ospfv3/01-network.yml

@@ -30,6 +30,9 @@ links:
   ospf.network_type: point-to-point
   mtu: 1500
 
+defaults.devices.openbsd.netlab_validate.x1_lb.wait: 20
+defaults.devices.openbsd.netlab_validate.x2_lb.wait: 20
+
 validate:
   adj:
     description: Check OSPF adjacencies