[Bug 242671] net/openbgpd6 fails to update FIB
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Dec 16 20:33:55 UTC 2019
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=242671
Bug ID: 242671
Summary: net/openbgpd6 fails to update FIB
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: Individual Port(s)
Assignee: pi at FreeBSD.org
Reporter: alarig at swordarmor.fr
Assignee: pi at FreeBSD.org
Flags: maintainer-feedback?(pi at FreeBSD.org)
Hi,
I have a FreeBSD VM for an AS112 node, the BGP is done with OpenBGPD.
root at as112:~ # uname -a
FreeBSD as112.grifon.fr 12.0-RELEASE-p12 FreeBSD 12.0-RELEASE-p12 GENERIC
amd64
root at as112:~ # pkg info openbgpd6
openbgpd6-6.6p0
Name : openbgpd6
Version : 6.6p0
Installed on : Mon Dec 16 20:13:44 2019 CET
Origin : net/openbgpd6
Architecture : FreeBSD:12:amd64
Prefix : /usr/local
Categories : net
Licenses : ISCL
Maintainer : pi at FreeBSD.org
WWW : http://www.openbgpd.org/
Comment : Free implementation of the Border Gateway Protocol, Version 4
Options :
IPV6LLPEER : on
Annotations :
FreeBSD_version: 1200086
repo_type : binary
repository : poudriere
Flat size : 435KiB
Description :
OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4.
It allows ordinary machines to be used as routers exchanging routes with
other systems speaking the BGP protocol.
This is the portable version and it does not have the means to
influence kernel routing tables. It is only suitable for route
servers/collectors.
WWW: http://www.openbgpd.org/
Here is my configuration:
router-id 89.234.186.134
AS 112
fib-update yes
network 192.175.48.0/24
network 192.31.196.0/24
network 2620:4f:8000::/48
network 2001:4:112::/48
group "peering" {
announce IPv4 unicast
announce IPv6 unicast
neighbor 89.234.186.129 {
remote-as 204092
descr "Grifon nominoe IPv4"
}
neighbor 2a00:5884:0:100::1:1 {
remote-as 204092
descr "Grifon nominoe IPv6"
}
neighbor 89.234.186.130 {
remote-as 204092
descr "Grifon budic IPv4"
}
neighbor 2a00:5884:0:100::1:2 {
remote-as 204092
descr "Grifon budic IPv6"
}
neighbor 185.1.89.1 {
remote-as 206165
descr "Breizh-IX RS1 IPv4"
enforce neighbor-as no
set localpref 150
}
neighbor 2001:7f8:b1::1 {
remote-as 206165
descr "Breizh-IX RS1 IPv6"
enforce neighbor-as no
set localpref 150
}
neighbor 185.1.89.2 {
remote-as 206165
descr "Breizh-IX RS2 IPv4"
enforce neighbor-as no
set localpref 150
}
neighbor 2001:7f8:b1::2 {
remote-as 206165
descr "Breizh-IX RS2 IPv6"
enforce neighbor-as no
set localpref 150
}
}
# do not send or use routes from neighbors without further explicit
# configuration
deny from any
deny to any
# filter out prefixes longer than 24 or shorter than 8 bits for IPv4
# and longer than 48 or shorter than 16 bits for IPv6.
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 16 - 48
# filter bogus networks according to RFC5735
deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network
[RFC1122]
deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space
[RFC1918]
deny from any prefix 100.64.0.0/10 prefixlen >= 10 # CGN Shared [RFC6598]
deny from any prefix 127.0.0.0/8 prefixlen >= 8 # localhost [RFC1122]
deny from any prefix 169.254.0.0/16 prefixlen >= 16 # link local [RFC3927]
deny from any prefix 172.16.0.0/12 prefixlen >= 12 # private space
[RFC1918]
deny from any prefix 192.0.2.0/24 prefixlen >= 24 # TEST-NET-1 [RFC5737]
deny from any prefix 192.168.0.0/16 prefixlen >= 16 # private space
[RFC1918]
deny from any prefix 198.18.0.0/15 prefixlen >= 15 # benchmarking
[RFC2544]
deny from any prefix 198.51.100.0/24 prefixlen >= 24 # TEST-NET-2 [RFC5737]
deny from any prefix 203.0.113.0/24 prefixlen >= 24 # TEST-NET-3 [RFC5737]
deny from any prefix 224.0.0.0/4 prefixlen >= 4 # multicast
deny from any prefix 240.0.0.0/4 prefixlen >= 4 # reserved
# filter bogus IPv6 networks according to IANA
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 0100::/64 prefixlen >= 64 # Discard-Only
[RFC6666]
deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10 # old site local
unicast
deny from any prefix ff00::/8 prefixlen >= 8 # multicast
## filter bogon AS numbers
## http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
deny from any AS 23456 # AS_TRANS
deny from any AS 64496 - 64511 # Reserved for use in docs and
code RFC5398
deny from any AS 64512 - 65534 # Reserved for Private Use
RFC6996
deny from any AS 65535 # Reserved RFC7300
deny from any AS 65536 - 65551 # Reserved for use in docs and
code RFC5398
deny from any AS 65552 - 131071 # Reserved
deny from any AS 4200000000 - 4294967294 # Reserved for Private Use
RFC6996
deny from any AS 4294967295 # Reserved RFC7300
allow to any prefix 2620:4f:8000::/48
allow to any prefix 2001:4:112::/48
allow to any prefix 192.175.48.0/24
allow to any prefix 192.31.196.0/24
The BGP sessions are up, but the FIB is empty (and I have a permission denied
when I try to print it from bgpd):
root at as112:~ # bgpctl show summary
Neighbor AS MsgRcvd MsgSent OutQ Up/Down
State/PrfRcvd
Grifon nominoe IPv4 204092 136105 152 0 01:14:56 799528
Grifon nominoe IPv6 204092 29247 152 0 01:14:56 78083
Grifon budic IPv4 204092 174092 153 0 01:14:56 799529
Grifon budic IPv6 204092 34591 153 0 01:14:56 78085
Breizh-IX RS1 IPv4 206165 200 153 0 01:14:56 83
Breizh-IX RS1 IPv6 206165 193 153 0 01:14:56 32
Breizh-IX RS2 IPv4 206165 212 155 0 01:14:56 69
Breizh-IX RS2 IPv6 206165 213 155 0 01:14:56 71
root at as112:~ # bgpctl show rib | head
flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
S = Stale, E = Error
origin validation state: N = not-found, V = valid, ! = invalid
origin: i = IGP, e = EGP, ? = Incomplete
flags ovs destination gateway lpref med aspath origin
*> N 1.0.0.0/24 89.234.186.129 100 50 204092 34019 13335
i
* N 1.0.0.0/24 89.234.186.130 100 50 204092 198507 13335
i
*> N 1.0.4.0/22 89.234.186.129 100 50 204092 34019 6939
4826 38803 56203 i
* N 1.0.4.0/22 89.234.186.130 100 50 204092 198507 6939
4826 38803 56203 i
root at as112:~ # bgpctl show fib
flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic
N = BGP Nexthop reachable via this route
r = reject route, b = blackhole route
flags prio destination gateway
permission denied
root at as112:~ # route get 1.0.0.0/24
route: route has not been found
root at as112:~ # netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 89.234.186.129 UGS vtnet2
89.234.186.128/29 link#3 U vtnet2
89.234.186.134 link#3 UHS lo0
127.0.0.1 link#4 UH lo0
172.17.0.0/24 link#1 U vtnet0
172.17.0.27 link#1 UHS lo0
185.1.89.0/24 link#2 U vtnet1
185.1.89.16 link#2 UHS lo0
192.31.196.1 link#5 UH lo1
192.175.48.1 link#5 UH lo1
192.175.48.6 link#5 UH lo1
192.175.48.42 link#5 UH lo1
Internet6:
Destination Gateway Flags Netif
Expire
::/96 ::1 UGRS lo0
default 2a00:5884:0:100::1:1 UGS vtnet2
::1 link#4 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:4:112::/64 link#5 U lo1
2001:4:112::1 link#5 UHS lo0
2001:7f8:b1::/64 link#2 U vtnet1
2001:7f8:b1::12 link#2 UHS lo0
2620:4f:8000::/64 link#5 U lo1
2620:4f:8000::1 link#5 UHS lo0
2620:4f:8000::6 link#5 UHS lo0
2620:4f:8000::42 link#5 UHS lo0
2a00:5884:0:100::1:0/112 link#3 U vtnet2
2a00:5884:0:100::1:10 link#3 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%vtnet1/64 link#2 U vtnet1
fe80::fc7a:e9ff:fea9:1ba2%vtnet1 link#2 UHS lo0
fe80::%vtnet2/64 link#3 U vtnet2
fe80::c54:abff:fef6:f9ec%vtnet2 link#3 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0
fe80::%lo1/64 link#5 U lo1
fe80::1%lo1 link#5 UHS lo0
ff02::/16 ::1 UGRS lo0
root at as112:~ #
Regards,
--
Alarig
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list