On Sat, Oct 26, 2019 at 12:13:58AM +0300, Esa Kuusisto wrote:
> >On Fri, Oct 25, 2019 at 11:46 PM Claudio Jeker <[email protected]> wrote:
>
> > > On Fri, Oct 25, 2019 at 11:09:14PM +0300, Esa Kuusisto wrote:
> > > > Hi
> > > >
> > > > I encountered a BGPD problem after upgrade from 6.5 -> 6.6. BGPD
> > crashes to
> > > > "fatal in RDE: prefix_adjout_update: update for non existing prefix"
> > > > problem.
> > > >
> > > > Environment:
> > > > Two OpenBGPD instances. Primary (ROUTER1, now 6.5) and secondary 6.6
> > > > (ROUTER2). Two iBGP instances to local switches (SW1 and SW2). One iBGP
> > > > instances between ROUTER1 and ROUTER2.
> > > > ROUTER1 and ROUTER2 advertise one /22 prefix and one /48 prefix to
> > Internet
> > > > peers. ROUTER1 and ROUTER2 advertise 0/0 routes to SW1 and SW2.
> > > > SW1 and SW2 have same AS as ROUTER1 and ROUTER2. SW1 and SW2 advertise
> > > > longer prefixes from /22 (23 or longer) and /48 (prefixlen 64) to
> > ROUTER1
> > > > and ROUTER2.
> > > > Connection is passive in ROUTER1 and ROUTER2 towards SW1 and SW2. After
> > > > BGPD starts and gets connection from SW1 and SW2 it quits when fatal:
> > > >
> > >
> > > How do you announce the default routes to SW1 and SW2?
> > > If you use 'export default-route' please try to replace them with network
> > > 0/0 and network ::/0 instead. I think I know why it happens.
> > > up_generate_default() injects the default route without adding it to the
> > > prefix tree first so pt_get() fails since there is no 0/0 around.
> >
>
> Using export default-route.
> If I announce 0/0 and ::/0 bgpd runs just fine and looks like it announces
> networks.
>
> I have filter where I only allow default route to SW1 and SW2.
> allow quick to group "SW" prefix { 0.0.0.0/0, ::/0 }, but it leaks all
> routes. With prefixlen 0, it won't announce default route. Little more
> filter debugging, but initial problem has a workaround.
>
That is strange I tested the same and it works for me. Only the default
route gets through. Maybe check with bgpd -nv into what the rules are
expanded. Maybe there is some other one allowing all through.
Anyway here is a fix for the panic (one line change in rde_rib.c) and a fix
to make filter changes work correctly if 'export default-route' is used.
Now changing the filters are also applied to 'export default-route'
neighbors.
--
:wq Claudio
Index: rde.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.489
diff -u -p -r1.489 rde.c
--- rde.c 27 Sep 2019 14:50:39 -0000 1.489
+++ rde.c 26 Oct 2019 08:10:43 -0000
@@ -3257,11 +3257,25 @@ rde_softreconfig_in_done(void *arg, u_in
}
LIST_FOREACH(peer, &peerlist, peer_l) {
- if (peer->reconf_out)
- rib_byid(peer->loc_rib_id)->state = RECONF_RELOAD;
- else if (peer->reconf_rib) {
- u_int8_t aid;
+ u_int8_t aid;
+ if (peer->reconf_out) {
+ if (peer->conf.export_type == EXPORT_NONE) {
+ /* nothing to do here */
+ peer->reconf_out = 0;
+ } else if (peer->conf.export_type ==
+ EXPORT_DEFAULT_ROUTE) {
+ /* just resend the default route */
+ for (aid = 0; aid < AID_MAX; aid++) {
+ if (peer->capa.mp[aid])
+ up_generate_default(out_rules,
+ peer, aid);
+ }
+ peer->reconf_out = 0;
+ } else
+ rib_byid(peer->loc_rib_id)->state =
+ RECONF_RELOAD;
+ } else if (peer->reconf_rib) {
/* dump the full table to neighbors that changed rib */
for (aid = 0; aid < AID_MAX; aid++) {
if (peer->capa.mp[aid])
Index: rde_rib.c
===================================================================
RCS file: /cvs/src/usr.sbin/bgpd/rde_rib.c,v
retrieving revision 1.207
diff -u -p -r1.207 rde_rib.c
--- rde_rib.c 27 Sep 2019 14:50:39 -0000 1.207
+++ rde_rib.c 26 Oct 2019 07:42:15 -0000
@@ -1191,7 +1191,7 @@ prefix_adjout_update(struct rde_peer *pe
p->pt = pt_get(prefix, prefixlen);
if (p->pt == NULL)
- fatalx("%s: update for non existing prefix", __func__);
+ p->pt = pt_add(prefix, prefixlen);
pt_ref(p->pt);
p->peer = peer;
