jared r r spiegel
Wed, 04 Jan 2006 16:21:30 -0800
On Wed, Jan 04, 2006 at 09:42:44PM +0100, Sylwester S. Biernacki wrote: > > What do you think about it? Any ideas what to look for?
one - if you are reloading pf ( pfctl -f /etc/pf.conf ), that will
clear the table; but that's probably not your issue.
two - if you have two peers, A and B, and both of them write to the
same pf table <IX>, i believe the following scenario is true:
- establish session with A and learn about 1.2.3.4/30; 1.2.3.4/30 is
written to pftable <IX>
- establish session with B and learn about 1.2.3.4/30; 1.2.3.4/30 is
written to pftable <IX>, but it's already there, who cares; or maybe
it isn't written because it's already there
either way, pftable <IX> still has 1.2.3.4/30 in it.
- A loses its route for 1.2.3.4/30 and thus you lose it out of the session
with A, bgpd removes 1.2.3.4/30 from pftable <IX>
it's still valid via B, but it got removed when A lost it.
i use a unique pftable per BGP peer ( and then just reference
each table in my pf rules in { braces } ) to avoid that
could be this is fixed already and one of my peers is an old version?
( 3.8 stable; 3.8 current dec.16; 3.8 current from oct.2 )
--
jared
[ openbsd 3.8 GENERIC ( dec 16 ) // i386 ]