OpenBGPD transparent-as issue

[Tom Martin]

Hi all,

At the moment we are running some tests to use OpenBGPD as a Route-server
instead of using Quagga. The first tests are very positive, but we are
facing one major problem. We tried our solution on OpenBSD 4.4 as well under
4.5. When we made one route-server, which means that we remove the private
AS to al the neighbors, and this not working under OpenBGPD. The
route-server can easily make an connection to a lot of quagga/cisco routers,
but when a OpenBGPD client wants to join we are facing the following error
on the server side:


May  6 17:00:01 openBSD4-5 bgpd[5747]: neighbor 192.168.113.100 (test.4):
received notification: error in UPDATE message, AS-Path unacceptable

At the client side we see a fatal error:

Apr 6 17:00:05 bsd bgpd[24969]: neighbor 192.168.113.1 (test): state change
Established -> Idle, reason: Fatal error

When we use quagga as client the session is doing fine on both sides, even
with community filters. When we are using OpenBGPD we keep facing this
message until we are removing the following line: transparent-as yes. Is
this a comment problem, or is this a bad configuration of us?

Configuration route-server:
#macros
ASN="64512"
peer1="192.168.113.2"
AS1="64513"
peer2="192.168.113.3"
AS2="64514"
peer3="192.168.113.4"
AS3="64515"
peer4="192.168.113.100"
AS4="64516"
peer5="192.168.113.101"
AS5="65534"

# global configuration
router-id 192.168.113.1
AS $ASN
log updates
transparent-as yes

# network 10.0.1.0/24

neighbor $peer1 {
        remote-as       $AS1
        descr           test.1
        announce        all
        max-prefix      100     restart 300
        softreconfig    in yes
#       tcp md5sig key  deadbeef
}

neighbor $peer2 {
        remote-as       $AS2
        descr           test.2
        announce        all
        softreconfig    in yes
        max-prefix      100     restart 1
}

neighbor $peer3 {
        remote-as       $AS3
        descr           test.3
        announce        all
        softreconfig    in yes
        max-prefix      100     restart 300
}

neighbor $peer4 {
        remote-as      $AS4
        descr           test.4
        local-address   192.168.113.1
        holdtime        180
        holdtime min    3
        announce        all
        softreconfig    in yes
#        max-prefix      100     restart 300
}

neighbor $peer5 {
        remote-as       $AS5
        descr           test.5
        announce        all
        softreconfig    in yes
        max-prefix      100     restart 300
}



# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24

# Filter the general prefixes
# deny to any community *:*
# allow to any community 64512:64512

# Filter the per-peer prefixes
allow to $peer1 community $ASN:neighbor-as
deny  to $peer1 community 0:neighbor-as
allow to $peer2 community $ASN:neighbor-as
deny  to $peer2 community 0:neighbor-as
allow to $peer3 community $ASN:neighbor-as
deny  to $peer3 community 0:neighbor-as
allow to $peer4 community $ASN:neighbor-as
deny  to $peer4 community 0:neighbor-as

Easy configuration of a client:

AS 64516
router-id 192.168.113.100
# log updates
network 3.3.3.0/24

neighbor 192.168.113.1 {
        remote-as       64512
        descr           test
        local-address   192.168.113.100
        holdtime        180
        holdtime min    3
        announce        all
        max-prefix      100     restart 300
        softreconfig    in yes
}


Thanks in advance!

Tom Martin

-- 
View this message in context: 
http://n2.nabble.com/OpenBGPD-transparent-as-issue-tp2815387p2815387.html
Sent from the OpenBSD Misc mailing list archive at Nabble.com.