>Synopsis: bgp route issue on inet6 over gif
>Category: system
>Environment:
System : OpenBSD 5.8
Details : OpenBSD 5.8 (GENERIC.MP) #1236: Sun Aug 16 02:31:04 MDT 20
15
[email protected]:/usr/src/sys/arch/amd64/compi
le/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
After an upgrade to 5.8, our v6 routes stopped working:
$ ping6 people.debian.org
ping6: sendmsg: No route to host
ping6: wrote 2001:41c8:1000:21::21:30 32 chars, ret=-1
>How-To-Repeat:
We first have a gif tunnel with HE.net, using this configuration
(as found in various websites):
# cat /etc/hostname.gif0
tunnel 1.1.1.1 216.66.84.50
inet6 alias 2001:470:11:96::2 128
inet6 dest 2001:470:11:96::1
Here is the result in ifconfig:
# ifconfig gif0
gif0: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> mtu 1280
priority: 0
groups: gif egress
tunnel: inet 1.1.1.1 -> 216.66.84.50
inet6 fe80::abcd:abff:fecd:abcd%gif0 -> prefixlen 64 scopeid
0x15
inet6 2001:470:11:96::2 -> 2001:470:11:96::1 prefixlen 128
Then we run a BGP session on top if it:
# cat /etc/bgpd.conf
...
peer_he_ebgp="2001:470:11:96::1"
public_he="2001:470:11:96::2"
as_he_ebgp="6939"
listen on $public_he
network 2A01:474::/32
group "EBGP6" {
remote-as $as_he_ebgp
neighbor $peer_he_ebgp {
descr "peer eBGP6"
local-address $public_he
depend on carp106
}
announce self
}
Here is what the nexthop looks like:
# bgpctl show nexthop
Nexthop Route Prio Gateway Iface
* 2001:470:11:96::1 2001:470:11:96::1/128 8 2001:470:11:96::2 gif0
(UP, unknown)
And the resulting route
# route -n show | grep ^2001:41c8
2001:41c8::/32 2001:470:11:96::2 UG
0 1155 - 48 gif0
So the route shows as being used, but ping still gets "No route
to host". What alarmed me was that the Gateway in the BGP
nexthop and in the route is 2001:470:11:96::2, i.e. *our* side
of the tunnel. I guess the kernel then does not know it should
push the packet over gif0, and rather pushes it to itself, thus
a routing loop.
I guess this is a bug in bgpd, which only sees the local IP
of the nexthop interface and uses that as gateway, instead of
finding the "dest" IP.
>Fix:
I changed the gif0 configuration to this (which looks saner to
me, actually):
# cat /etc/hostname.gif0
tunnel 1.1.1.1 216.66.84.50
inet6 2001:470:11:96::2/126
So that the ifconfig looks like that:
# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif
tunnel: inet 1.1.1.1 -> 216.66.84.50
inet6 fe80::abcd:abff:fecd:abcd%gif0 -> prefixlen 64 scopeid
0x1b
inet6 2001:470:11:96::2 -> prefixlen 126
and thus we get "connected" as gateway in BGP:
# bgpctl show nexthop
* 2001:470:11:96::1 2001:470:11:96::1/128 0 connected gif0 (UP,
unknown)
and the route becomes
# route -n show | grep ^2001:41c8
2001:41c8::/32 2001:470:11:96::1 UG
0 243 - 48 gif0
and it then does work. The issue is that since on the Internet
I have only found the previous way of configuring gif, most
probably everybody is using it, and thus will all hit the same
issue...
