Hi,
I'm running what I would call a fairly basic setup composed of:
- 4 routers (OpenBGPd) / R{1..4}
- 2 transits AS{8218,13193}
- my AS: 49463
- BGP session over loopback interfaces (2a02:27d0:0:112::1 /
2a02:27d0:100:114::4)
- Several peering sessions (HE, ...)
R1 - bgpd.conf:
AS 49463
network 2a02:27d0::/48
socket "/var/www/logs/bgpd.rsock" restricted
group "eBGP_Transit" {
announce self
holdtime 30
holdtime min 3
set med 100
neighbor 2001:7a8:1:9FF2::1 {
remote-as 13193
descr ev6_gw-001_to_NERIM
local-address 2001:7a8:1:9FF2::2
announce IPv6 unicast
announce IPv4 none
}
}
group "iBGP_VTY_TMM" {
remote-as 49463
announce all
set nexthop self
neighbor 2a02:27d0:100:114::4 {
descr iv6_gw-001_to_004
local-address 2a02:27d0:0:112::1
announce IPv6 unicast
announce IPv4 none
set prepend-neighbor 4
set prepend-self 1
}
}
deny from any
allow from any inet6 prefixlen 16 - 48
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast
deny from any prefix ff00::/8 prefixlen >= 8 # multicast
R4 - bgpd.conf:
AS 49463
network 2a02:27d0:100::/48
socket "/var/www/logs/bgpd.rsock" restricted
group "eBGP_Transit_NEO" {
remote-as 8218
holdtime 30
holdtime min 3
announce self
set med 100
neighbor 2001:1b48:2:103::175 {
descr ev6_gw-004_to_NEO
local-address 2001:1b48:2:103::176
announce IPv4 none
announce IPv6 unicast
}
}
group "iBGP_VTY_TMM" {
remote-as 49463
announce all
neighbor 2a02:27d0:0:112::1 {
descr iv6_gw-004_to_001
local-address 2a02:27d0:100:114::4
announce IPv6 unicast
announce IPv4 none
set prepend-neighbor 1
set prepend-self 1
set nexthop self
}
}
deny from any
allow from any inet6 prefixlen 16 - 48
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast
deny from any prefix ff00::/8 prefixlen >= 8 # multicast
On R1:
# bgpctl show | egrep '(iv6_gw-001_to_004|ev6_gw-001_to_NERIM)'
ev6_gw-001_to_NERIM 13193 302495 94094 0 01w3d21h 10543
iv6_gw-001_to_004 49463 317993 154496 0 00:53:17 2
I receive 10543 IPv6 prefixes from my transit, but only 2 over the iBGP
session.
# bgpctl show rib nei iv6_gw-001_to_004 in
I* 2001:7f8:4::/48 2a02:27d0:100:114::4 100 200 49463 49463 49463
49463 49463 49463 49463 49463 8218 8218 5459 i
I* 2a02:27d0:100::/48 2a02:27d0:100:114::4 100 0 49463 49463 49463
49463 49463 49463 49463 49463 i
# bgpctl show rib nei iv6_gw-001_to_004 out
*> 2001:559:8008::/48 2001:7a8:1:9ff2::1 100 100 49463 13193 3356
7015 7015 7015 7015 ?
*> 2001:7f8:4::/48 2001:7a8:1:9ff2::1 100 100 49463 13193 5459 i
AI*> 2a02:27d0::/48 :: 100 0 49463 i
On R4:
# bgpctl show | egrep '(iv6_gw-004_to_001|ev6_gw-004_to_NEO)'
ev6_gw-004_to_NEO 8218 8451 331 0 00:54:35 10849
iv6_gw-004_to_001 49463 263 562 0 00:54:35 3
I receive 10849 IPv6 prefixes from my transit, but only 3 over the iBGP
session.
# bgpctl show rib nei iv6_gw-004_to_001 in
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
I*> 2001:559:8008::/48 2a02:27d0:0:112::1 100 100 49463 49463 13193
3356 7015 7015 7015 7015 ?
I* 2001:7f8:4::/48 2a02:27d0:0:112::1 100 100 49463 49463 13193
5459 i
I*> 2a02:27d0::/48 2a02:27d0:0:112::1 100 0 49463 49463 i
# bgpctl show rib nei iv6_gw-004_to_001 out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
*> 2001:7f8:4::/48 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 5459 i
*> 2402:da00::/32 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:2000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:4000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:6000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:8000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:a000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:c000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*> 2402:da00:e000::/35 2001:1b48:2:103::175 100 200 49463 49463 49463
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
AI*> 2a02:27d0:100::/48 :: 100 0 49463 49463 49463 49463
i
Is is really strange since the very same setup is working fine over IPv4
(all routes are seen over iBGP).
Note: When shutting sessions to my peerings (I mean all peerings), I see
the PrfRcvd increasing, which means I then begin to receive prefixes and
my sessions seem to be well configured.
Hint: on my R3 router (basically the same config as R4 with different
IPs) I have:
match from group Peering_France-IX set { localpref 450 }
On R4:
match from group Peering_France-IX set { localpref 250 }
Please note Peering_France-IX group contains both IPv4 *and* IPv6
sessions (IPv4 sessions don't exhibit this behavior).
Did I miss something obvious or...? :$
Thanks
Laurent
PS: tests conducted with *and* without pf.
