>Number: 6628
>Category: user
>Synopsis: bgpd is not able to negotiate IPv6 capabilities with cisco
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Jun 07 15:20:01 GMT 2011
>Closed-Date:
>Last-Modified:
>Originator:
>Release:
>Organization:
>Environment:
System : OpenBSD 4.9
Details : OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar 2 06:57:49 MST
2011
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
No matter what combination of configuration options I try, I can't get OpenBGPd
to correctly announce IPv6 capabilities (from RFC5492) to our ISPs Cisco
hardware.
I tried to disable IPv4 unicast annoncement, as well as 4byte-as, but they all
fail.
IPv4 routes works fine. And BGP connects successfully after automatically
disabling capability announcements, but that leaves me without IPv6.
Output from bgpd -v d:
# bgpd -v -d
startup
peer1 = "X:X:2::22"
peer2 = "X:X:2::23"
new ktable rdomain_0 for rtableid 0
route decision engine ready
session engine ready
RDE reconfigured
listening on X:X:2::1
SE reconfigured
neighbor X:X:2::23 (NG Peer 2): state change None -> Idle, reason: None
neighbor X:X:2::22 (NG Peer 1): state change None -> Idle, reason: None
neighbor X:X:2::23 (NG Peer 2): state change Idle -> Connect, reason: Start
neighbor X:X:2::22 (NG Peer 1): state change Idle -> Connect, reason: Start
neighbor X:X:2::23 (NG Peer 2): state change Connect -> OpenSent, reason:
Connection opened
neighbor X:X:2::22 (NG Peer 1): state change Connect -> OpenSent, reason:
Connection opened
neighbor X:X:2::23 (NG Peer 2): received notification: error in OPEN message,
unsupported capability
neighbor X:X:2::23 (NG Peer 2): received "unsupported capability" notification
without data part, disabling capability announcements altogether
neighbor X:X:2::23 (NG Peer 2): state change OpenSent -> Idle, reason:
NOTIFICATION received
neighbor X:X:2::23 (NG Peer 2): state change Idle -> Connect, reason: Start
neighbor X:X:2::22 (NG Peer 1): received notification: error in OPEN message,
unsupported capability
neighbor X:X:2::22 (NG Peer 1): received "unsupported capability" notification
without data part, disabling capability announcements altogether
neighbor X:X:2::22 (NG Peer 1): state change OpenSent -> Idle, reason:
NOTIFICATION received
neighbor X:X:2::22 (NG Peer 1): state change Idle -> Connect, reason: Start
neighbor X:X:2::23 (NG Peer 2): socket error: Connection refused
neighbor X:X:2::23 (NG Peer 2): state change Connect -> Active, reason:
Connection open failed
neighbor X:X:2::22 (NG Peer 1): socket error: Connection refused
neighbor X:X:2::22 (NG Peer 1): state change Connect -> Active, reason:
Connection open failed
neighbor X:X:2::23 (NG Peer 2): state change Active -> OpenSent, reason:
Connection opened
neighbor X:X:2::23 (NG Peer 2): state change OpenSent -> OpenConfirm, reason:
OPEN message received
neighbor X:X:2::23 (NG Peer 2): state change OpenConfirm -> Established,
reason: KEEPALIVE message received
>How-To-Repeat:
My config:
# macros
peer1="X:X:2::22"
peer2="X:X:2::23"
# global configuration
AS 1
router-id X.X.X.5
fib-update yes
log updates
network X:X:1::/48
listen on X:X:2::1
# neighbors and peers
group "NG" {
remote-as 1
neighbor $peer1 {
descr "NG Peer 1"
announce self
announce IPv4 none
announce IPv6 unicast
tcp md5sig password XXXX
softreconfig in yes
softreconfig out yes
}
neighbor $peer2 {
descr "NG Peer 2"
announce self
announce IPv4 none
announce IPv6 unicast
tcp md5sig password XXXX
softreconfig in yes
softreconfig out yes
}
}
allow from group "NG" inet6
>Fix:
Don't know, but "announce IPv4 none" worked for some other users (perhaps
non-cisco neighbors)
>Release-Note:
>Audit-Trail:
>Unformatted:
