Hi all,
I've installed the 4.5-current as of 28 Aprilon a VMWare ESXi machine
to test how OpenBSD could work as a looking glass. All works well but
every now and then the following happens:
On the OpenBSD router:
May 25 12:00:05 bgplg bgpd[24599]: fatal in SE: pipe write error: Broken pipe
May 25 12:00:05 bgplg bgpd[12631]: Lost child: route decision engine
terminated; signal 11
May 25 12:00:05 bgplg bgpd[12631]: Terminating
At the same time of course I see the session flapping on the two peers
this bgpd istance is connected to:
2009-05-25 12:00:07 Local7.Info router2 neighbor 10.16.145.247 Down
Peer closed the session
2009-05-25 12:00:07 Local7.Info router1 neighbor 10.16.145.247 Down
Peer closed the session
It looks like the bgpd terminates when there's a big number of bgp
updates at once, but I'm still investigating this. The strangest thing
is this one. After the sessions go down, the remaining bgpd process
(the parent) still tries to connect to the routers, but without the
configured md5 password, so that I've a dozillion lines like this in
the cisco logs:
2009-05-25 12:00:43 Local7.Info router1 No MD5 digest from
10.16.145.247(179) to 10.16.145.18(30948) (RST)
2009-05-25 12:00:45 Local7.Info router2 No MD5 digest from
10.16.145.247(179) to 10.16.145.19(47318) (RST)
2009-05-25 12:00:45 Local7.Info router1 No MD5 digest from
10.16.145.247(179) to 10.16.145.18(30948) (RST)
2009-05-25 12:00:47 Local7.Info router2 No MD5 digest from
10.16.145.247(179) to 10.16.145.19(47318) (RST)
2009-05-25 12:00:49 Local7.Info router1 No MD5 digest from
10.16.145.247(179) to 10.16.145.18(30948) (RST)
2009-05-25 12:00:51 Local7.Info router2 No MD5 digest from
10.16.145.247(179) to 10.16.145.19(47318) (RST)
2009-05-25 12:00:57 Local7.Info router1 No MD5 digest from
10.16.145.247(179) to 10.16.145.18(30948) (RST)
2009-05-25 12:00:59 Local7.Info router2 No MD5 digest from
10.16.145.247(179) to 10.16.145.19(47318) (RST)
etc. etc.
There's no other signs of activity on the OpenBSD daemon logs after the:
May 25 12:00:05 bgplg bgpd[12631]: Terminating
The solution is of course, kill the process, and restart the whole
thing (a bgpctl restart would do no good), but I think the parent
process should not try to connect to the two peers without the
configured md5 password anyway?
Here're the dmesg and the relevant config files:
dmesg
-----
OpenBSD 4.5-current (GENERIC) #118: Tue Apr 28 17:32:38 MDT 2009
[email protected]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(R) CPU E5430 @ 2.66GHz ("GenuineIntel" 686-class) 2.67 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3
real mem = 402157568 (383MB)
avail mem = 380280832 (362MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/30/08, BIOS32 rev. 0 @ 0xfd880, SMBIOS
rev. 2.31 @ 0xe0010 (45 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 01/30/2008
bios0: VMware, Inc. VMware Virtual Platform
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd880/0x780
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x1e00! 0xca000/0x1000
0xdc000/0x4000! 0xe0000/0x4000!
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
extent `pciio' (0x0 - 0xffff), flags=0
0x1050 - 0x106f
0x1080 - 0x10ff
0x1400 - 0x147f
extent `pcimem' (0x0 - 0xffffffff), flags=0
0x1000 - 0x9ffff
0xca000 - 0xcbfff
0xdc000 - 0x17ffffff
0xf4000000 - 0xf4800fff
0xf8000000 - 0xfbffffff
0xfec00000 - 0xfec0ffff
0xfee00000 - 0xfee00fff
0xfffe0000 - 0xffffffff
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <NECVMWar, VMware IDE CDR00, 1.00> ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled
vga1 at pci0 dev 15 function 0 "VMware Virtual SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: irq 9
scsibus1 at mpi0: 16 targets, initiator 7
sd0 at scsibus1 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct fixed
sd0: 2048MB, 512 bytes/sec, 4194304 sec total
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
vic0 at pci0 dev 17 function 0 "AMD 79c970 PCnet-PCI" rev 0x10: irq
11, address 00:0c:29:b6:da:05
isa0 at piixpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask e765 netmask ef65 ttymask ffff
mtrr: Pentium Pro MTRR support
softraid0 at root
root on sd0a swap on sd0b dump on sd0b
bgpd.conf
---------
# $OpenBSD: bgpd.conf,v 1.8 2007/03/29 13:37:35 claudio Exp $
# sample bgpd configuration file
# see bgpd.conf(5)
#macros
peer1="10.16.145.18"
peer2="10.16.145.19"
# global configuration
AS 65535
router-id 10.16.145.247
# holdtime 180
# holdtime min 3
# listen on 127.0.0.1
# listen on ::1
fib-update no
route-collector yes
# log updates
# network 10.0.1.0/24
# neighbors and peers
group "iBGP" {
remote-as 65535
neighbor $peer1 {
descr "Peer with router1"
announce none
tcp md5sig password xxxxxx
}
neighbor $peer2 {
descr "Peer with router2"
announce none
tcp md5sig password xxxxxx
}
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from { 10.16.145.18, 10.16.145.19 }
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
rc.conf.local
-------------
ntpd_flags= # enabled during install
bgpd_flags="-r /var/www/logs/bgpd.rsock"
httpd_flags=""
bgpctl sh ip bgp mem
--------------------
RDE memory statistics
286825 IPv4 network entries using 8.8M of memory
589560 prefix entries using 18.0M of memory
103208 BGP path attribute entries using 7.9M of memory
60120 BGP AS-PATH attribute entries using 2.0M of memory,
and holding 103208 references
5050 BGP attributes entries using 118K of memory
and holding 189293 references
5049 BGP attributes using 39.5K of memory
RIB using 36.8M of memory
Thanks!
]\/[arco
--
I'm Winston Wolf, I solve problems.
