Hi,
Looks like it is the check that the route is not returned to the
session where it was received from.
Regards,
Alexander
On Sun, Dec 10, 2023 at 2:32 PM Ivan Agarkov <ivan.agar...@gmail.com> wrote:
>
> Hello!
>
> I'm creating a BGP lab for my students and found interesting and unexpected
> behavior.
>
> I'm getting reject message when receiving route:
> 2023-12-10 15:10:53.724 <TRACE> isp1.ipv4 > added [best] 10.200.0.0/16 0L 4G
> unicast
> 2023-12-10 15:10:53.724 <TRACE> isp1.ipv4 < rejected by protocol
> 10.200.0.0/16 0L 4G unicast
>
> But then the route appears in ip route:
> 10.200.0.0/16 dev 201 proto bird scope link metric 32
>
> I've dug into the source code and found that the reject is happening here:
> proto/bgp/attrs.c:1641 if (src == p) return -1 into bgp_preexport function.
>
> The question is: what is happening and does it look valid/expected?
>
> Wireguard configuration is the same on all peers:
>
> [Interface]
> Address=10.10.10.201/32
> PrivateKey=******
> Table=off
>
> [Peer]
> Endpoint=*******
> PublicKey=*****
> PersistentKeepalive=25
> AllowedIPs=0.0.0.0/0
>
> My configuration for BIRD peers:
> ==== local bird.conf ====
> log stderr all;
> router id 10.10.10.201;
>
> protocol device {
> scan time 10;
> }
>
> protocol kernel {
> ipv4 {
> import all;
> export all;
> };
> learn;
> }
>
> protocol static {
> ipv4;
> route 10.201.0.0/16 via "wlp41s0"; # wifi device
> route 10.10.10.0/24 via "201"; # wireguard device
> }
>
> protocol bgp isp1 {
> router id 10.10.10.201;
> local 10.10.10.201 as 65201;
> neighbor 10.10.10.200 as 65200;
> source address 10.10.10.201;
> multihop;
> ipv4 {
> import filter {
> if net ~ 10.0.0.0/8 then accept;
> else reject;
> };
> export filter {
> if net ~ 10.201.0.0/16 then accept;
> else reject;
> };
>
> };
> debug all;
> }
> ==== /client bird.conf ====
>
> ==== remote bird.conf ====
> log stderr all;
>
> protocol kernel {
> learn; # Learn all alien routes from the kernel
> persist; # Don't remove routes on bird shutdown
> scan time 20; # Scan kernel routing table every 20 seconds
> import all; # Default is import all
> export all; # Default is export none
> # kernel table 5; # Kernel table to synchronize with (default: main)
> }
>
> protocol device {
> scan time 10;
> }
>
> protocol static {
> export all;
> route 10.10.10.0/24 via "200"; # wireguard device
> route 10.200.0.0/16 via 10.200.200.200; # virtual network
> }
>
> template bgp cpr_ne {
> local as 65200;
> router id 10.10.10.200;
> multihop;
> source address 10.10.10.200;
> import filter {
> if net ~ 10.201.0.0/16 then accept;
> else if net ~ 10.202.0.0/16 then accept;
> else if net ~ 10.203.0.0/16 then accept;
> else if net ~ 10.204.0.0/16 then accept;
> else if net ~ 10.205.0.0/16 then accept;
> else if net ~ 10.206.0.0/16 then accept;
> else if net ~ 10.207.0.0/16 then accept;
> else if net ~ 10.208.0.0/16 then accept;
> else reject;
> };
> export filter {
> if net ~ 10.200.0.0/16 then accept;
> else reject;
> };
> }
>
> protocol bgp cpr201 from cpr_ne {
> neighbor 10.10.10.201 as 65201;
> }
> protocol bgp cpr202 from cpr_ne {
> neighbor 10.10.10.202 as 65202;
> }
> protocol bgp cpr203 from cpr_ne {
> neighbor 10.10.10.203 as 65203;
> }
> protocol bgp cpr204 from cpr_ne {
> neighbor 10.10.10.204 as 65204;
> }
> protocol bgp cpr205 from cpr_ne {
> neighbor 10.10.10.205 as 65205;
> }
> protocol bgp cpr206 from cpr_ne {
> neighbor 10.10.10.206 as 65206;
> }
> protocol bgp cpr207 from cpr_ne {
> neighbor 10.10.10.207 as 65207;
> }
> protocol bgp cpr208 from cpr_ne {
> neighbor 10.10.10.208 as 65208;
> }
> ==== remote bird.conf ====
