Hi,
I'm using bird 1.4.5 with BGP and have a problem where routes seem to be
lost under my setup.
I find that if two BGP peers with the same routes are importing each others
routes, a third BGP peer someone ends up picking neither of their routes
after killing and restarting bird on one peer only.
The problem goes away if I configure these two peers to not import each
others routes - however that is not ideal as while both peers share some
common routes, they also have some unique routes which should be shared.
Apologies for the long email. The setup is:
10.72.1.1 - (AS 65001) - Primary Internet feed
10.72.1.2 - (AS 65002) - Secondary Internet feed
10.72.1.254 (AS 65003) - LAN Router (LAN is NAT'd, 192.168.18.0/24)
I have various VPNs connecting into both .1 and .2, so they have some
resilience to outages. The remote ends take care of route weighting so .1
is prioritised over .2 using static routes (no BGP or other routing
protocol etc). I want .254 to always have the best route to these VPNs.
* Each router has a BGP link to the others.
* .254 (65003) imports all routes exported by .1 (65001) and .2 (65002).
* .254 (65003) exports a single LAN route, 192.186.18.0/24 to .1 and .2
* .1 (65001) imports all routes exported by .2 and .254
* .1 (65001) exports all routes from the ipsec0 device or 'vpn' rt_protos
* .2 (65002) imports all routes exported by .1 and .254
* .2 (65002) exports all routes from the ipsec0 device or 'vpn' rt_protos
The routes exported by .1 & .2 have their bgp localpref offset based on the
linux metric of the static route being imported, so BGP knows .2's routes
are less important than .1's.
The 'vpn' rt_protos routes on .1 look like:
10.10.10.0/29 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 15
192.168.3.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 10
192.168.2.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 10
192.168.254.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 10
192.168.0.0/16 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 10
172.16.0.0/12 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1
metric 10
10.0.0.0/8 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.1 metric
10
The 'vpn' rt_protos routes on .2 look like:
192.168.3.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2
metric 20
192.168.2.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2
metric 20
192.168.254.0/24 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2
metric 20
192.168.0.0/16 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2
metric 20
172.16.0.0/12 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2
metric 20
10.0.0.0/8 dev vpn-3b42d3c8 proto vpn scope link src 10.72.1.2 metric
20
When I kill & restart .2, .254 loses routing info to not just .2 but also
.1. I need .1 and .2 to be exchanging routes with each other, as there will
be some VPNs that will only terminate on .1 and some that will only
terminate on .2 and I want to be able to route traffic between them. E.g. A
remote endpoint on .2 should be able to access a non-common/unique remote
endpoint on .1. In this example, it's 10.10.10.0/29.
Below are my tests demonstrating
1. The problem when both peers are importing from each other
2. No problem when both peers aren't importing from each other
All logs are taken from .254 (AS 65003). The immediate cause of the problem
is the "rejected by protocol" messages here, although I do not know why the
protocol feels like it must reject routes.
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
10.0.0.0/8 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.0.0/16 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.2.0/24 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.3.0/24 via 10.72.1.1 on eth0
Full tests:
#### #### #### Where .1 and .2 import each others routes ### ### ###
### Start bird
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_1: Initializing
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_2: Initializing
Jan 16 13:01:08 lanrouter daemon.info bird: Chosen router ID 10.72.1.254
according to interface eth0
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_1: Starting
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_1: State changed to
start
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_2: Starting
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_2: State changed to
start
Jan 16 13:01:08 lanrouter daemon.info bird: Started
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_2: Started
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_2: Connect delayed by
5 seconds
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_1: Started
Jan 16 13:01:08 lanrouter daemon.debug bird: AS65003_1: Connect delayed by
5 seconds
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Incoming connection
from 10.72.1.2 (port 58289) accepted
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Incoming connection
from 10.72.1.1 (port 58374) accepted
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Got
OPEN(as=65002,hold=240,id=0a480102)
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: BGP session
established
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Connected to table
master
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: State changed to
feed
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2: Got End-of-RIB
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Got
OPEN(as=65001,hold=240,id=027e8ddb)
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Got KEEPALIVE
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: BGP session
established
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Connected to table
master
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: State changed to
feed
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Sending KEEPALIVE
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.72.1.0/24 dev eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.3.0/24 via 10.72.1.2 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < added
192.168.18.0/24 dev breth1
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.19.0/24 dev eth2
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_2 < filtered out
172.16.0.0/12 via 10.72.1.1 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1 < rejected by
protocol 172.16.0.0/12 via 10.72.1.1 on eth0
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Got UPDATE
Jan 16 13:01:12 lanrouter daemon.debug bird: AS65003_1: Got End-of-RIB
### .1 and .2 connected. bird knows about both. Correct linux routes
installed:
# ip route list proto bird
10.10.10.0/29 via 10.72.1.1 dev eth0
192.168.3.0/24 via 10.72.1.1 dev eth0
192.168.2.0/24 via 10.72.1.1 dev eth0
192.168.254.0/24 via 10.72.1.1 dev eth0
192.168.0.0/16 via 10.72.1.1 dev eth0
172.16.0.0/12 via 10.72.1.1 dev eth0
10.0.0.0/8 via 10.72.1.1 dev eth0
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.0.0.0/8 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.0.0/16 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.2.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.3.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.18.0/24 dev breth1 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
192.168.254.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
172.16.0.0/12 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:01:12] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
Jan 16 13:02:15 lanrouter daemon.debug bird: AS65003_1: Sending KEEPALIVE
Jan 16 13:02:18 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:02:22 lanrouter daemon.debug bird: AS65003_1: Got KEEPALIVE
Jan 16 13:02:27 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
### I kill -9 bird on .2
Jan 16 13:02:38 lanrouter daemon.err bird: AS65003_2: Received:
Administrative shutdown
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2: BGP session closed
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2: State changed to
stop
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed 10.0.0.0/8
via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.3.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.254.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2 > removed
172.16.0.0/12 via 10.72.1.2 on eth0
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2: Down
Jan 16 13:02:38 lanrouter daemon.debug bird: AS65003_2: State changed to
down
### bird internally still knows about the routes on .1
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:01:08] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.0.0.0/8 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:01:08] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.0.0/16 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.2.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.3.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.18.0/24 dev breth1 [kernel1 13:01:08] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:01:08] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
192.168.254.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
172.16.0.0/12 via 10.72.1.1 on eth0 [AS65003_1 13:01:11] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
### I restart bird on .2
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Connecting to
10.72.1.2 from local address 10.72.1.254
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Connected
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Got
OPEN(as=65002,hold=240,id=0a480102)
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: BGP session
established
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: Connected to table
master
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2: State changed to
feed
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2 < filtered out
10.0.0.0/8 via 10.72.1.1 on eth0
Jan 16 13:02:42 lanrouter daemon.debug bird: AS65003_2 < filtered out
10.10.10.0/29 via 10.72.1.1 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2: Got UPDATE
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added 10.0.0.0/8
via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added
192.168.3.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added
192.168.254.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2 > added 172.16.0.0/12
via 10.72.1.2 on eth0
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2: Got UPDATE
Jan 16 13:02:43 lanrouter daemon.debug bird: AS65003_2: Got End-of-RIB
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1: Got UPDATE
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
10.0.0.0/8 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.0.0/16 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.2.0/24 via 10.72.1.1 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_2 < rejected by
protocol 192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:02:44 lanrouter daemon.debug bird: AS65003_1 > removed [replaced]
192.168.3.0/24 via 10.72.1.1 on eth0
### Bird internally now lost all routes it used to know about on .1, and
hasn’t picked up any routes from .2
### Except for the one route that .1 & .2 don’t have in common (
10.10.10.0/29).
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:01:12] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.18.0/24 dev breth1 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:01:09] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
# ip route list proto bird
10.10.10.0/29 via 10.72.1.1 dev eth0
### Config on .1 (AS 65001):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter export_AS65001_1 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
filter export_AS65001_2 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65001_1 {
local as 65001;
neighbor 10.72.1.254 as 65003;
import all;
export filter export_AS65001_1;
}
protocol bgp AS65001_2 {
local as 65001;
neighbor 10.72.1.2 as 65002;
import all;
export filter export_AS65001_2;
}
### Config on .2 (AS 65002):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter export_AS65002_1 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
filter export_AS65002_2 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65002_1 {
local as 65002;
neighbor 10.72.1.254 as 65003;
import all;
export filter export_AS65002_1;
}
protocol bgp AS65002_2 {
local as 65002;
neighbor 10.72.1.1 as 65001;
import all;
export filter export_AS65002_2;
}
### Config on .254 (AS 65003):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter lans {
if ifname ~ "breth1" then {
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65003_1 {
debug all;
local as 65003;
neighbor 10.72.1.1 as 65001;
import all;
export filter lans;
}
protocol bgp AS65003_2 {
debug all;
local as 65003;
neighbor 10.72.1.2 as 65002;
import all;
export filter lans;
}
#### #### #### Where .1 and .2 do not import each others routes ### ### ###
### Start bird
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_1: Initializing
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_2: Initializing
Jan 16 13:11:40 lanrouter daemon.info bird: Chosen router ID 10.72.1.254
according to interface eth0
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_1: Starting
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_1: State changed to
start
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_2: Starting
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_2: State changed to
start
Jan 16 13:11:40 lanrouter daemon.info bird: Started
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_2: Started
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_2: Connect delayed by
5 seconds
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_1: Started
Jan 16 13:11:40 lanrouter daemon.debug bird: AS65003_1: Connect delayed by
5 seconds
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Incoming connection
from 10.72.1.2 (port 41464) accepted
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Got
OPEN(as=65002,hold=240,id=0a480102)
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: BGP session
established
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: Connected to table
master
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2: State changed to
feed
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2 < filtered out
10.72.1.0/24 dev eth0
Jan 16 13:11:42 lanrouter daemon.debug bird: AS65003_2 < added
192.168.18.0/24 dev breth1
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Incoming connection
from 10.72.1.1 (port 44841) accepted
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Got
OPEN(as=65001,hold=240,id=027e8ddb)
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Sending KEEPALIVE
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Got KEEPALIVE
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: BGP session
established
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Connected to table
master
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: State changed to
feed
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.0.0.0/8 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
10.72.1.0/24 dev eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.3.0/24 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < added
192.168.18.0/24 dev breth1
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.19.0/24 dev eth2
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
192.168.254.0/24 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1 < filtered out
172.16.0.0/12 via 10.72.1.2 on eth0
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: State changed to up
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Sending UPDATE
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Sending End-of-RIB
Jan 16 13:11:44 lanrouter daemon.debug bird: AS65003_1: Got UPDATE
### .1 and .2 connected. bird knows about both. Correct linux routes
installed:
# ip route list proto bird
10.10.10.0/29 via 10.72.1.1 dev eth0
192.168.3.0/24 via 10.72.1.1 dev eth0
192.168.2.0/24 via 10.72.1.1 dev eth0
192.168.254.0/24 via 10.72.1.1 dev eth0
192.168.0.0/16 via 10.72.1.1 dev eth0
172.16.0.0/12 via 10.72.1.1 dev eth0
10.0.0.0/8 via 10.72.1.1 dev eth0
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.0.0.0/8 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.0.0/16 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.2.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.3.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.18.0/24 dev breth1 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
192.168.254.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
172.16.0.0/12 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:11:42] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
Jan 16 13:12:44 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:12:49 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
Jan 16 13:12:49 lanrouter daemon.debug bird: AS65003_1: Sending KEEPALIVE
Jan 16 13:12:50 lanrouter daemon.debug bird: AS65003_1: Got KEEPALIVE
### I kill -9 bird on .2
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2: Connection closed
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2: BGP session closed
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2: State changed to
stop
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed 10.0.0.0/8
via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.0.0/16 via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.2.0/24 via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.3.0/24 via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed
192.168.254.0/24 via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2 > removed
172.16.0.0/12 via 10.72.1.2 on eth0
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2: Down
Jan 16 13:13:06 lanrouter daemon.debug bird: AS65003_2: State changed to
down
### bird internally still knows about the routes on .1
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.0.0.0/8 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.0.0/16 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.2.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.3.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
192.168.18.0/24 dev breth1 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
192.168.254.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
172.16.0.0/12 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
### I restart bird on .2
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Connecting to
10.72.1.2 from local address 10.72.1.254
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Connected
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Sending
OPEN(ver=4,as=65003,hold=240,id=0a4801fe)
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Got
OPEN(as=65002,hold=240,id=0a480102)
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Sending KEEPALIVE
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Got KEEPALIVE
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: BGP session
established
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: Connected to table
master
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2: State changed to
feed
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2 < filtered out
0.0.0.0/0 via 10.72.1.1 on eth0
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2 < filtered out
10.0.0.0/8 via 10.72.1.1 on eth0
Jan 16 13:13:31 lanrouter daemon.debug bird: AS65003_2 < filtered out
10.10.10.0/29 via 10.72.1.1 on eth0
### Bird internally now lost all routes it used to know about on .1, and
hasn’t picked up any routes from .2
### Except for the one route that .1 & .2 don’t have in common (
10.10.10.0/29).
# birdcl show route all
BIRD 1.4.5 ready.
0.0.0.0/0 via 10.72.1.1 on eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
10.0.0.0/8 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
10.10.10.0/29 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
10.72.1.0/24 dev eth0 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 10.72.1.254
192.168.0.0/16 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.2.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.3.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
192.168.18.0/24 dev breth1 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.18.253
192.168.19.0/24 dev eth2 [kernel1 13:11:40] * (10)
Type: inherit unicast univ
Kernel.source: 3
Kernel.metric: 0
Kernel.prefsrc: 192.168.19.253
192.168.254.0/24 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
172.16.0.0/12 via 10.72.1.1 on eth0 [AS65003_1 13:11:44] * (100)
[AS65001i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65001
BGP.next_hop: 10.72.1.1
BGP.local_pref: 100
via 10.72.1.2 on eth0 [AS65003_2 13:13:31] (100)
[AS65002i]
Type: BGP unicast univ
BGP.origin: IGP
BGP.as_path: 65002
BGP.next_hop: 10.72.1.2
BGP.local_pref: 100
# ip route list proto bird
10.10.10.0/29 via 10.72.1.1 dev eth0
192.168.3.0/24 via 10.72.1.1 dev eth0
192.168.2.0/24 via 10.72.1.1 dev eth0
192.168.254.0/24 via 10.72.1.1 dev eth0
192.168.0.0/16 via 10.72.1.1 dev eth0
172.16.0.0/12 via 10.72.1.1 dev eth0
10.0.0.0/8 via 10.72.1.1 dev eth0
### Config on .1 (AS 65001):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter export_AS65001_1 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
filter export_AS65001_2 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65001_1 {
local as 65001;
neighbor 10.72.1.254 as 65003;
import all;
export filter export_AS65001_1;
}
protocol bgp AS65001_2 {
local as 65001;
neighbor 10.72.1.2 as 65002;
import none;
export filter export_AS65001_2;
}
### Config on .2 (AS 65002):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter export_AS65002_1 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
filter export_AS65002_2 {
if ifname ~ "ipsec0" then {
bgp_local_pref=1000-krt_metric;
accept;
}
if krt_source = ipp_vpn then {
bgp_local_pref=1000-krt_metric;
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65002_1 {
local as 65002;
neighbor 10.72.1.254 as 65003;
import all;
export filter export_AS65002_1;
}
protocol bgp AS65002_2 {
local as 65002;
neighbor 10.72.1.1 as 65001;
import none;
export filter export_AS65002_2;
}
### Config on .254 (AS 65003):
filter kernel_import1 {
accept;
}
filter kernel_export1 {
accept;
}
filter lans {
if ifname ~ "breth1" then {
accept;
}
reject;
}
protocol kernel kernel1 {
persist;
scan time 20;
export filter kernel_export1;
import filter kernel_import1;
learn;
}
protocol device device1 {
scan time 10;
}
protocol bgp AS65003_1 {
debug all;
local as 65003;
neighbor 10.72.1.1 as 65001;
import all;
export filter lans;
}
protocol bgp AS65003_2 {
debug all;
local as 65003;
neighbor 10.72.1.2 as 65002;
import all;
export filter lans;
}
Is this a bug? Is it intentional and I need to be using a different
approach?
Kind Regards,
Mike
