OSPF, missing external network prefix
Hi. I have a bunch of bird routers. Recently I discovered that at least one prefix from LSADB isn't installed in FIB: (first here's what bird thinks about it) # birdc BIRD 1.4.4 ready. bird> show ospf lsadb lsid 192.168.114.192 Global Type LS ID Router Age Sequence Checksum 0005 192.168.114.192 192.168.0.15 498 8385d906 bird> show route for 192.168.114.193 0.0.0.0/0 via 178.161.152.73 on vlan600 [bgpv4sat 2015-12-04] * (100) [AS16285i] bird> show route for 192.168.114.192/26 0.0.0.0/0 via 178.161.152.73 on vlan600 [bgpv4sat 2015-12-04] * (100) [AS16285i] (and the actual FIB) # route -n get 192.168.114.193 route to: 192.168.114.193 destination: 0.0.0.0 mask: 0.0.0.0 gateway: 178.161.152.73 fib: 0 interface: vlan600 flags:recvpipe sendpipe ssthresh rtt,msecmtuweightexpire 0 0 0 0 1500 1 0 [root@crystal-alpha:local/etc]# route -n get 192.168.114.192/26 route: writing to routing socket: No such process I really want to inverstigate why. So far I have import ACL in bird, but this prefix doesn't seem to match: protocol ospf ospfv4 { rfc1583compat yes; export filter exportospfv4; import filter importospfv4; area 0.0.0.44 { interface "vlan1"; interface "gre0"; interface "gre1" { cost 15111; }; }; } filter importospfv4 { if net ~ [ 172.16.0.0/31, 172.16.1.80/31, 172.16.1.81/32, 172.16.1.80/32, 172.16.0.0/32, 172.16.0.1/32 ] then { print "ospfv4 import: net rejected: ", net; reject; } if net = 0.0.0.0/0 then { print "ospfv4 import: net rejected: ", net; reject; } else { print "ospfv4 import: net accepted: ", net; accept; } } Anyway, there's no signs of this missing prefix in logs. I've also noticed one more thing, may be important: this prefix is originating from a branch office. It's present and installed on all othe area 0 routers, no matter what vendor they're from, but is missing on the routers which aren't from area 0, but only if they're bird. It's present on Cisco ones (may be a coincident though, since I doesn't have any Cisco device connected with area 0 via bird). Thanks. Eugene.
AW: default route via OSPF depending on the ISP
Hi Christian, > - Have a static route (in its own static protocol) in bird, > activated by default. Check ✓ >- Run an external script, that pings the isp regularly. In > fact, I am considering to let icinga do that. >- If the ping fails, let that script (icinga) call > "birdc disable static_isp_route" What do you mean by "static_isp_route"? Got some more detailed information of that? >- If the ping works again, call > "birdc enable static_isp_route" >- Finally: Be annoyed, that your isp doesn't support bfd or > ospf/bgp. Check ✓ Thanks in advance. -Ursprüngliche Nachricht- Von: Christian Tacke [mailto:christian.tacke+bird.network...@cosmokey.com] Gesendet: Donnerstag, 3. Dezember 2015 19:46 An: Rohrmann Sascha Cc: bird-users@network.cz Betreff: Re: default route via OSPF depending on the ISP Hi Sascha, On Thu, Dec 03, 2015 at 15:12:10 +, Rohrmann Sascha wrote: [...] > Second problem is, not every ISP supports BFD yet because BFD is kinda new. > I was thinking about a simple ping which checks the availability of the > opposite party. > Am I able to include a simple shell script in bird? > E.g.: > === > Include ping.sh (ping check) > If (ping.sh = 1) > { > export 0.0.0.0/0 via eth0; > } > === > > Do you have more information and/or tips for me, by chance? [...] As I have exactly the same problem, here's, what I am planing to do: - Have a static route (in its own static protocol) in bird, activated by default. - Run an external script, that pings the isp regularly. In fact, I am considering to let icinga do that. - If the ping fails, let that script (icinga) call "birdc disable static_isp_route" - If the ping works again, call "birdc enable static_isp_route" - Finally: Be annoyed, that your isp doesn't support bfd or ospf/bgp. In our case, the major difference is: We're not going to ping, but query the state of the modem. Which in itself is annoying, because we're forced to use an avm fritzbox and the only way to ask it about its state is by doing upnp. Cheers Christian -- www.cosmokey.com
AW: default route via OSPF depending on the ISP
Hi Ondrej, >> Do you have more information and/or tips for me, by chance? > As others wrote, you could do periodic pinging by e.g. fping and > enable/disable a static > protocol using birdc (birdc disable XXX). > See the attached script, which does something like that and estimating packet > loss. Thank you very much for that script. I have two additional questions about this: 1) Why do you stop the whole routing process if the ISP is down? Isn't there a chance to "only" stop distributing the default-route and keep the OSPF process? If yes, how am I able to realize that? 2) If 1) isn't possible, is there a way to check and count incoming routes from eBGP so that the router sees that the connection works and distributes the default-route after the check? My goal is to only stop distributing the default-route and not to kill any routing-protocol such as OSPF. Thanks in advance. -Ursprüngliche Nachricht- Von: Ondrej Zajicek [mailto:santi...@crfreenet.org] Gesendet: Samstag, 5. Dezember 2015 16:34 An: Rohrmann Sascha Cc: bird-users@network.cz Betreff: Re: default route via OSPF depending on the ISP On Thu, Dec 03, 2015 at 03:12:10PM +, Rohrmann Sascha wrote: > > Well, you could use static default-route and 'check link' option, but that > > will help you only in the third case, not in the second one. > > For the second case, you must have some other way to establish > > whether ISP is up or down, either by running some routing protocol between > > you and ISP, or running BFD session. > > Just as you said, that will only help me in the third case. > In which way should BFD be able to accomplish my goal? > In my understandings BFD only checks if the link is available. If this isn't > given, BFD tells Bird this problem. BFD checks whether specified/destination IP is available (but it also must run BFD). Therefore both link and host must be up. > Second problem is, not every ISP supports BFD yet because BFD is kinda new. That is true, and also BFD-controlled static routes are only in devel version of BIRD, not in v1.5.0 > I was thinking about a simple ping which checks the availability of the > opposite party. > Am I able to include a simple shell script in bird? No > Do you have more information and/or tips for me, by chance? As others wrote, you could do periodic pinging by e.g. fping and enable/disable a static protocol using birdc (birdc disable XXX). See the attached script, which does something like that and estimating packet loss. > > I was thinking about the bfd protocol, but bfd is kinda new and you can't > > run more than one instance in bird. > > Well, is there any reason why to run multiple BFD instances in BIRD? > > Well... you could create one bfd instance for one single interface. > Furthermore you could then check the availability for e.g. my problem instead > of checking all BFD instances. I don't understand here. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
ospf: Socket error on ix0: Permission denied + a lot KIF: Received address message for unknown interface
Hello. I have a FreeBSD x64 10.2-p7 system with Bird 1.5.0 acting as a PPPOE concentrator using MPD5 version 5.7 The system has 2 physical interfaces: ix0 ( a /30 connection to another freebsd router - ABR running Bird ) ix1 ( listening for PPPOE via MPD5 ) And many virtual interfaces when a PPPOE connection is established that follow this pattern: ng1, ng2, ng3 ... etc Here's my bird config (This router is running in a Totally Stubby Area 0.0.0.1): router id 172.16.116.5; protocol kernel { export all; } protocol direct { interface "ix0", "ng*"; } protocol device { scan time 10; } protocol static { } protocol ospf { tick 2; area 0.0.0.1 { stub yes; summary no; networks { 10.10.0.0/16; 125.40.44.0/22; }; interface "ix0" { dead count 4; type broadcast; }; interface "ng*" { stub yes; }; }; } This router also has a firewall enabled (ipfw) with the following rules: 00100 deny ip from any to not 125.40.44.0/22 out recv ng* xmit ng* 01000 pipe tablearg ip from any to table(2) out via ng* 01010 deny ip from any to any out via ng* 01020 pipe tablearg ip from table(1) to any in via ng* 01030 deny ip from any to any in via ng* 65534 allow ip from any to any 65535 deny ip from any to any What happens when I turn the system on and receive about 800 connections (e.g around 800 ng interfaces are created) is this in the logs: Dec 2 03:59:41 pppoe1 bird: ospf1: Socket error on ix0: Permission denied Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 124 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 123 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 125 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 126 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 127 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 128 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 130 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 129 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 131 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 133 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 132 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 134 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 136 Dec 2 03:59:41 pppoe1 last message repeated 2 times Dec 2 03:59:41 pppoe1 bird: KIF: Received address message for unknown interface 135 Dec 2 03:59:41 pppoe1 last message repeated 2 times and much more As it can be seen I see tons of KIF: Received address message for unknown interface messages which I am not sure if it means anything serious. These happen anytime a ng interface is brought up/down. The worst is ospf1: Socket error on ix0: Permission denied because bird doesn't appear to listen and form any adjacency via ospf on this interface. At first I thought this may be due to a race condition, e.g Bird might load faster than the firewall rules and with ipfw the only loaded rule at startup is 'deny ip from any to any' which could explain the permission error. However if I manually stop bird and restart it after the system has fully booted I still receive the permission error, despite that there's now an 'allow ip from any to any' rule present. Interestingly I have an identical setup created with VirtualBox for this router and when I test with only 2 PPPOE connections it doesn't complain about any permission error. Same firewall rules and everything else. System starts up the same way, but no permission error. And the router forms adjacency.. I do still see of KIF: Received address message for unknown interface messages, though. Any ideas what can be the cause? Thank you.