OpenBGPD 5.4 - No route received when neighbor from a AS is down

Michel Blais Thu, 07 May 2015 08:59:27 -0700

I know, I must update but unless it's a know bug and was fix on >= 5.5, I
would really like to understand why this is happening.


I have 2 BGP peer from different provider (AS5769 and AS22652). It's happen
2 times that I was not able to ping my neighbor ($peervid1) at AS5769
connected to em1 but still able to ping AS22652 neighbor on em1
($peerfibn1). The bug is that when it's happen, I don't have any external
routes in the RIB. If I check neighbors via "bgpclt show", I see that
AS22652 is connected since last collomn show a number while last collone of
AS5769 will show in alternace "active" or "connecting".

If I set AS5769 neighbors down so it's stop trying to connect with, still
no external route in RIB.

If I add a static default route to AS22652 neighbor, I now have access to
internet but still no external route in RIB. As soon as AS5769 peer ping
again, I now receive external router and use route from both AS.

Unfortunatly, that what BGP should fix, be able to pass traffic through the
other carrier when one is down. Could it be because one is multihop whiile
the other not ?

Thanks
Michel

BGP Config:

#macros
ASTargp="40864"
ASVid="5769"
ASFibN="22652"

RouterID="XX.YYY.49.238"
LocalVid="AAA.BBB.111.30"
LocalFibN="XX.YYY.49.238"
peervid1="AAA.BBB.111.29"
peerfibn1="CCC.DDD.143.199"

# global configuration
AS $ASTargo
router-id $RouterID

network 96.125.192.0/24
network 96.125.193.0/24
network 96.125.194.0/23
network 96.125.196.0/22
network 96.125.200.0/22
network 96.125.204.0/22
network 64.119.223.0/24
network 68.67.46.0/23
network 68.67.48.0/24
network 68.67.55.0/24
network 207.253.65.0/24
network 207.253.123.0/24
network 207.253.124.0/24
network 207.253.199.0/24
network 216.113.32.0/24
network 216.113.39.0/24
network 216.113.104.0/22

# Config Videotron
group "peering $ASVid" {
        remote-as $ASVid
        local-address $LocalVid
        neighbor $peervid1 {
                descr   "AS Videotron peer"
                announce self
                tcp md5sig password XXXXXXX
        }
}

# Config Fibrenoire
group "peering $ASFibN" {
        remote-as $ASFibN
        local-address $LocalFibN
        multihop 32
        neighbor $peerfibn1 {
                descr   "AS Fibrenoire peer"
                announce self
                tcp md5sig password YYYYYYY
        }
}

# filter out prefixes longer than 24 or shorter than 8 bits for IPv4
# and longer than 48 or shorter than 16 bits for IPv6.
deny from any
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 16 - 48

# accept a default route (since the previous rule blocks this)
#allow from any prefix 0.0.0.0/0

deny quick to $peerfibn1 prefix 207.253.65.0/24
deny quick to $peerfibn1 prefix 207.253.123.0/24
deny quick to $peerfibn1 prefix 207.253.124.0/24
deny quick to $peerfibn1 prefix 207.253.199.0/24
deny quick to $peerfibn1 prefix 216.113.32.0/24
deny quick to $peerfibn1 prefix 216.113.39.0/24
deny quick to $peerfibn1 prefix 216.113.104.0/22

# filter bogus networks according to RFC5735
deny from any prefix 0.0.0.0/8 prefixlen >= 8           # 'this' network
[RFC1122]
deny from any prefix 10.0.0.0/8 prefixlen >= 8          # private space
[RFC1918]
deny from any prefix 100.64.0.0/10 prefixlen >= 10      # CGN Shared
[RFC6598]
deny from any prefix 127.0.0.0/8 prefixlen >= 8         # localhost
[RFC1122]
deny from any prefix 169.254.0.0/16 prefixlen >= 16     # link local
[RFC3927]
deny from any prefix 172.16.0.0/12 prefixlen >= 12      # private space
[RFC1918]
deny from any prefix 192.0.2.0/24 prefixlen >= 24       # TEST-NET-1
[RFC5737]
deny from any prefix 192.168.0.0/16 prefixlen >= 16     # private space
[RFC1918]
deny from any prefix 198.18.0.0/15 prefixlen >= 15      # benchmarking
[RFC2544]
deny from any prefix 198.51.100.0/24 prefixlen >= 24    # TEST-NET-2
[RFC5737]
deny from any prefix 203.0.113.0/24 prefixlen >= 24     # TEST-NET-3
[RFC5737]
deny from any prefix 224.0.0.0/4 prefixlen >= 4         # multicast
deny from any prefix 240.0.0.0/4 prefixlen >= 4         # reserved

# filter bogus IPv6 networks according to IANA
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 2001:2::/48 prefixlen >= 48        # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28       # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32      # docu range
[RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16          # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7            # unique local
unicast
deny from any prefix fe80::/10 prefixlen >= 10          # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10          # old site local
unicast
deny from any prefix ff00::/8 prefixlen >= 8            # multicast

OpenBGPD 5.4 - No route received when neighbor from a AS is down

Reply via email to