Hello,

I'm running OpenBSD4.1 from the CD and just updated my source-tree to
current a few minutes ago. I only compiled ospfd, ospfctl, bgpd and
bgpdctl and installed it. I left the rest of the system untouched.

I'm running one eBGP and one iBGP Session which worked fine with 4.1.
Box A is running eBGP (fullfeed) + iBGP to box B. Box B is only running
iBGP to Box A. After establishing the iBGP session and receiving
roundabout 21000 prefixes from Box B eBGP the session state changes to idle.

I think the problem is something with the update-messages (error in
UPDATE message, attribute length wrong), as I can red in the logfile of
Box A - hm, timestamps aren't right so don't matter of the difference:


/var/log/daemon.log Box A
Apr 29 16:47:26 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
state change Idle -> Connect, reason: Start
Apr 29 16:47:26 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
state change Connect -> OpenSent, reason: Connection opened
Apr 29 16:47:26 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
state change OpenSent -> OpenConfirm, reason: OPEN message received
Apr 29 16:47:26 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
state change OpenConfirm -> Established, reason: KEEPALIVE message received
Apr 29 16:47:29 pinky bgpd[4248]: nexthop 10.0.0.8 now valid: via 10.0.0.1
Apr 29 16:47:29 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
received notification: error in UPDATE message, attribute length wrong
Apr 29 16:47:29 pinky bgpd[8823]: neighbor 10.0.0.8 (iBGP AS35548):
state change Established -> Idle, reason: NOTIFICATION received


/var/log/daemon.log Box B
Apr 29 16:36:55 brain bgpd[26561]: neighbor 10.0.0.9 (iBGP AS35548):
state change Active -> OpenSent, reason: Connection opened
Apr 29 16:36:55 brain bgpd[26561]: neighbor 10.0.0.9 (iBGP AS35548):
state change OpenSent -> OpenConfirm, reason: OPEN message received
Apr 29 16:36:55 brain bgpd[26561]: neighbor 10.0.0.9 (iBGP AS35548):
state change OpenConfirm -> Established, reason: KEEPALIVE message received
Apr 29 16:36:58 brain bgpd[12776]: nexthop 10.1.1.25 now valid: via
194.9.86.2
Apr 29 16:36:58 brain bgpd[26561]: neighbor 10.0.0.9 (iBGP AS35548):
state change Established -> Idle, reason: Fatal error

Interfaces Box A (lo1 is redistributed by OSPF)
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        groups: lo
        inet 10.0.0.9 netmask 0xffffffff
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0f:1f:66:3f:d2
        media: Ethernet 100baseTX full-duplex
        status: active
        inet 10.1.1.26 netmask 0xfffffffc broadcast 10.1.1.27
        inet6 fe80::20f:1fff:fe66:3fd2%em0 prefixlen 64 scopeid 0x1em1:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:0f:1f:66:3f:d3
        media: Ethernet 1000baseT full-duplex (1000baseT
full-duplex,master,rxpause,txpause)
        status: active
        inet 10.0.0.2 netmask 0xfffffffc broadcast 10.0.0.3
        inet6 fe80::20f:1fff:fe66:3fd3%em1 prefixlen 64 scopeid 0x2


Interfaces Box B (lo1 is redistributed by OSPF)
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33224
        groups: lo
        inet 10.0.0.8 netmask 0xffffffff
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:06:5b:ec:48:c5
        media: Ethernet 1000baseT full-duplex (1000baseT
full-duplex,rxpause,txpause)
        status: active
        inet 10.0.0.1 netmask 0xfffffffc broadcast 10.0.0.3
        inet6 fe80::206:5bff:feec:48c5%em1 prefixlen 64 scopeid 0x2


bgpd.conf Box A
# global configuration
AS 35548
router-id 10.0.0.9
holdtime 90
holdtime min 3
network 10.0.0.0/24

# iBGP configuration
neighbor 10.0.0.8 {
        remote-as               35548
        descr                   iBGP AS35548
        local-address           10.0.0.9
        announce                all
        tcp md5sig password     secret
}

# eBGP configuration
neighbor 10.1.1.25 {
        remote-as               24989
        descr                   eBGP Link
        local-address           10.1.1.26
        announce                self
        tcp md5sig password     secret2
}

# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any IPv4 prefixlen 8 - 24

# do not accept a default route
deny from any prefix 0.0.0.0/0

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4


/etc/bgpd.conf Box B
# global configuration
AS 35548
router-id 10.0.0.8
holdtime 90
holdtime min 3
network connected

# iBGP configuration
neighbor 10.0.0.9 {
        remote-as               35548
        descr                   iBGP AS35548
        local-address           10.0.0.8
        announce                all
        tcp md5sig password     gC7SA2w8
}

# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any IPv4 prefixlen 8 - 24

# do not accept a default route
deny from any prefix 0.0.0.0/0

# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

Regards,

Falk

Reply via email to