On 21/04/06, Ben Ashton <[EMAIL PROTECTED]> wrote:
>
> Hi Guys/Gals
>
> I have a stock install of OpenBSD/BGP 3.8 and I'm finding some weird
> happenings. I'm part of the Virt-IX project (http://www.virt-ix.net/),
> which is a training ground for learning BGP.
>
> The Setup is an OpenVPN connection to a peering LAN (194.126.235.0/24_
> where other participants host there routers. Below is my 'bgpctl sh'
>
> # bgpctl sh
> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
> State/PrefixRcvd
> New-V-IX 65438 1750 1749 0 1d05h06m 1
> New-V-IX 64542 1221 1223 0 12:08:02 1
> New-V-IX 65213 1752 1751 0 1d05h08m 1
> cymrubogon-p2 65333 1751 1750 0 18:34:29
> 63/1000
> cymrubogon-p1 65333 1753 1750 0 1d05h08m
> 63/1000
> New-V-IX 0 0 0 0 Never Active
> Melchior 65101 115012 3503 0 1d04h13m 183805
> default virt-ix 31064 147297 3506 0 1d04h07m 183799
> tvk 65126 1753 1751 0 1d05h08m 2
> Lex van Roon (r3boot 65342 3497 3505 0 15:59:06 1
> daviper 64662 1753 1754 0 10:02:14 2
> lotjuh 65188 1752 1751 0 1d05h08m 1
> mszabo 65302 1752 1751 0 1d05h08m 1
> # bgpctl -n sh
> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
> State/PrefixRcvd
> 194.126.235.89 65438 1750 1749 0 1d05h06m 1
> 194.126.235.49 64542 1221 1224 0 12:08:06 1
> 194.126.235.51 65213 1752 1751 0 1d05h08m 1
> 38.229.0.5 65333 1751 1750 0 18:34:33
> 63/1000
> 206.71.160.162 65333 1753 1750 0 1d05h08m
> 63/1000
> 194.126.235.0/24 0 0 0 0 Never Active
> 194.126.235.7 65101 115012 3503 0 1d04h13m 183805
> 194.126.235.1 31064 147297 3507 0 1d04h07m 183799
> 194.126.235.29 65126 1753 1751 0 1d05h08m 2
> 194.126.235.111 65342 3497 3506 0 15:59:10 1
> 194.126.235.43 64662 1753 1754 0 10:02:18 2
> 194.126.235.3 65188 1752 1751 0 1d05h08m 1
> 194.126.235.47 65302 1752 1751 0 1d05h08m 1
>
> (My bgpd.conf is at the bottom)
>
>
> I've done some traffic engineering and selected some non optimal
> routing;
>
> As you can see, I'm looking at the AS path to www.openbgpd.com
> (81.209.180.64)
>
> bgpctl bgpd
> # bgpctl sh ip bgp 81.209.180.64
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> *> 81.209.180.0/22 194.126.235.1 150 15 65101 31064 15703
> 13237 24640 i
> * 81.209.180.0/22 194.126.235.1 100 15 31064 31064 15703
> 13237 24640 i
> #
>
> The selected path to 81.209.180.64 is thru:-
> 65101 31064 15703 13237 24640
>
> As you can see, AS65101 (194.126.235.7) is the preferred route, but has
> the same gateway as AS31064 (the optimal route) just to double check
> that its not a glitch, I do a traceroute to www.openbgpd.com
>
> # traceroute www.openbgpd.com
> traceroute to www.openbgpd.com (81.209.180.64), 64 hops max, 40 byte
> packets
> 1 rtr-1.peering.virt-ix.net (194.126.235.1) 10.360 ms 10.277 ms
> 10.197 ms
> 2 c1201-gateway.trueserver.nl (213.193.208.73) 16.562 ms 17.771 ms
> 17.921 ms
> 3 AMS-IX.AMS-1-eth010-101.nl.lambdanet.net (195.69.144.212) 11.199 ms
> 11.106 ms 10.990 ms
> 4 DUS-2-pos700.de.lambdanet.net (82.197.128.29) 17.578 ms 17.549 ms
> 18.49 ms
> 5 HAN-7-pos600.de.lambdanet.net (217.71.105.125) 22.427 ms 21.874 ms
> 22.775 ms
> 6 HAM-4-pos010.de.lambdanet.net (217.71.105.34) 28.18 ms 27.124 ms
> 27.191 ms
> 7 ge2.cr10.ham.bsws.de (80.86.162.34) 26.241 ms 26.597 ms 26.375 ms
> 8 ge0.cr20.ham.bsws.de (80.86.183.4) 26.954 ms 26.806 ms 27.17 ms
> 9 064.n30.ham.bsws.de (81.209.180.64) 27.87 ms 27.357 ms 27.180 ms
>
>
> I would expect the first two hops to be:-
>
> 1 virtix-gw.melchioraelmans.nl (194.126.235.7)
> 2 rtr-1.peering.virt-ix.net (194.126.235.1)
> 3 ..
> 4 ...
>
> For another example, I have a Neighbour of AS65438 at 194.126.235.89,
> announcing 195.16.86.208/29.
>
> Now when I look at the AS Path to 195.16.86.208/29 I get:-
>
> # bgpctl sh ip bgp 195.16.86.208
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags destination gateway lpref med aspath origin
> *> 195.16.86.208/29 194.126.235.89 150 15 65101 65438 i
> * 195.16.86.208/29 194.126.235.89 100 0 65438 i
> * 195.16.86.208/29 194.126.235.89 100 15 31064 31064 65438
> i
> #
>
> You see, I get the same thing:-
> *> 195.16.86.208/29 194.126.235.89 150 15 65101 65438 i
>
> Out of the three valid routes, AS65101 should be my route and have the
> gateway of 194.126.235.7, but the gateway's addresses are all the same
> for the optimal AS Path and not the engineered AS Path.
>
>
> There are no other routing protocols running, my only guess is that's
> because the peering LAN is on a /24, something else is caching the
> routes.
>
> Please help.
Still kind of drunk, but here goes.
Your peer AS65101 is not setting nexthop self explicitly,
so when they feed you prefixes they themselves have learned
over a peering crossing this /24 they keep the next hop intact
when they bounce the prefixes to you.
Now that's out of the way, I have a general question that has been
> bugging me for ages is, how do you get to see the traffic transferred on
> a OpenBSD box, on Linux boxes you can find that information on the
> interfaces when running 'ifconfig'
netstat -I <interface> -b
is a good start.
> # cat /etc/bgpd.conf
> # bgpd.conf,v 0.4 19/04/2006 21:22:16 ben ashton # virt-ix bgpd
> configuration file
>
> # global configuration
> AS 65103
>
> router-id 194.126.235.13
> holdtime 180
> holdtime min 3
> fib-update yes
> rde med compare always
> #log updates
> listen on 194.126.235.13
>
> network 195.16.84.8/29
>
> group "virt-ix announce self" {
>
> announce self
>
> neighbor 194.126.235.47 {
> descr "mszabo"
> remote-as 65302
> }
> neighbor 194.126.235.3 {
> descr "lotjuh"
> remote-as 65188
> }
> neighbor 194.126.235.43 {
> descr "daviper"
> remote-as 64662
> }
> neighbor 194.126.235.111 {
> descr "Lex van Roon (r3boot)"
> remote-as 65342
> }
> neighbor 194.126.235.29 {
> descr "tvk"
> remote-as 65126
> }
> }
>
> group "virt-ix announce all" {
>
> announce self
>
> neighbor 194.126.235.1 {
> descr "default virt-ix"
> remote-as 31064
> }
>
> neighbor 194.126.235.7 {
> descr "Melchior"
> remote-as 65101
> }
> }
>
> group "New-V-IX" {
> neighbor 194.126.235.0/24 {
> descr "New-V-IX"
> passive
> announce self
> }
> }
>
> group "cymru peering bogon" {
>
> neighbor x.x.x.x {
> descr "cymrubogon-p1"
> remote-as 65333
> multihop 64
> local-address 194.126.235.13
> max-prefix 1000
> announce none
> tcp md5sig password Monkeys
>
> }
> neighbor x.x.x.x {
> descr "cymrubogon-p2"
> remote-as 65333
> multihop 64
> local-address 194.126.235.13
> max-prefix 1000
> announce none
> tcp md5sig password Monkeys
>
> }
> }
>
>
> match from any community *:* set metric 10 match from group "virt-ix
> announce all" set metric 15 match from 194.126.235.1 set
> prepend-neighbor 1 match from 194.126.235.7 set localpref 150
>
> allow from any community 31064:4000 set pftable "VIX-True"
> allow from any community 31064:1000 set pftable "VIX-User"
> allow from any community 31064:500 set pftable "VIX-Orig"
>
> allow from any community 65333:888 set pftable "bogons"
> allow from any community 65333:888 set nexthop blackhole
>
> #allow from any community 31064:4000 set rtlabel "VIX-True"
> #allow from any community 31064:1000 set rtlabel "VIX-User"
> #allow from any community 31064:500 set rtlabel "VIX-Orig"
> #allow from any community 65333:888 set rtlabel "bogons"
>
> deny from any prefix 0.0.0.0/0
> deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix
> 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16
> prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny
> from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix
> 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >=
> 4
>
> #
Time for one last drink, cheers.
/Tony
--
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-
