bfd or ospf problem?
Hello! I run two Centos 7 servers. They are connected over ipsec+gre, both run bird 2.0.5 ospf. I also have bfd enabled: bfd yes; in this interface and protocol bfd { interface "gre*" { interval 200 ms; }; }; Both sides had following messages in logs: Sep 12 08:18:23 ast-p245a bird: bfd1: Bad packet from 192.168.201.85 - unknown session id (1935426703) Sep 12 08:18:45 ast-ngdu2 bird: bfd1: Bad packet from 192.168.201.86 - unknown session id (913048279) And I had ospf error messages: Sep 8 03:31:04 ast-p245a bird: MyOSPF: Authentication failed for nbr 192.168.46.74 on gre2 - lower sequence number (rcv 1565416592, old 1566997226) Sep 8 03:31:04 ast-p245a bird: MyOSPF: Authentication failed for nbr 192.168.46.74 on gre2 - lower sequence number (rcv 1565416592, old 1566997226) Sep 8 03:31:04 ast-ngdu2 bird: MyOSPF: Authentication failed for nbr 192.168.26.2 on gre2 - lower sequence number (rcv 1565670907, old 1567089417) Sep 8 03:31:04 ast-ngdu2 bird: MyOSPF: Authentication failed for nbr 192.168.26.2 on gre2 - lower sequence number (rcv 1565670907, old 1567089417) One of servers got NetworkManager problem as result today Sep 8 03:31:21 ast-p245a NetworkManager[987]: [1567899081.4736] platform-linux: netlink: read: too many netlink events. Need to resynchronize plat form cache There are many such messages in log And had connectivity problem, so I rebooted it and disabled bfd on both sides. Problem disappeared. May be there were problem on link, but I have two another servers on this link with identical config, but they run quagga. Don't sure this is bird problem, but may be somebody had the same problem before? Thank you!
Re: BIRD 2.0.6 and 1.6.8
On 12. 09. 19 0:09, Robert Scheck wrote: > On Wed, 11 Sep 2019, Ondrej Filip wrote: >> we just released two new versions - 1.6.8 and 2.0.6. > > Who ever maintains ftp://bird.network.cz/pub/bird/fedora/: it could be > a good idea for the admins to fix the permissions (missing read access > for 1.6.7 and 2.0.5) in order to make the repository usable...just in > case somebody uses that repository. Thank you for pointing this out. Fixed. Ondrej > > > Regards, > Robert >
Re: BIRD 2.0.6 and 1.6.8
On Wed, 11 Sep 2019, Ondrej Filip wrote: > we just released two new versions - 1.6.8 and 2.0.6. Users consuming BIRD RPM packages from Fedora or EPEL (for RHEL/CentOS) repositories can get updated packages likely tomorrow or so - once they reached a mirror near to you. Alternatively the builds are available at the buildsystem via https://bodhi.fedoraproject.org/updates/?like=bird Who ever maintains ftp://bird.network.cz/pub/bird/fedora/: it could be a good idea for the admins to fix the permissions (missing read access for 1.6.7 and 2.0.5) in order to make the repository usable...just in case somebody uses that repository. Regards, Robert
Re: [bird-users] bird >=2.0.4 Stack underflow and most routes become filtered
Robert Scheck wrote on 11/09/2019 17:28: is soon meant more like "in a month"? Talk about measuring miles in inches. :D
BIRD 2.0.6 and 1.6.8
Dear BIRD users, we just released two new versions - 1.6.8 and 2.0.6. Version 1.6.8 just includes important bugfixes. Version 2.0.6 o RAdv: Solicited unicast RAs o BGP: Optional Adj-RIB-Out o BGP: Extended optional parameters length o Filter: Sets and set expressions in path masks o Several important bugfixes Cheers! Ondrej
Re: Re: bird >=2.0.4 Stack underflow and most routes become filtered
On Wed, Sep 11, 2019 at 05:28:21PM +0200, Robert Scheck wrote: > On Tue, 10 Sep 2019, Ondrej Zajicek wrote: > > We plan to release a new version soon with this and other fixes. > > That sounds like it makes sense for a package maintainer like me to hold my > breath for a 2.0.6 - which also addresses the CVE from yesterday or so? Or > is soon meant more like "in a month"? Hi Yes, 2.0.6 will address this CVE. I hope it will be released during tomorrow, it is already prepared in git: https://gitlab.labs.nic.cz/labs/bird/commit/5235c3f78da15826b0654ba68dc7a897faa42c98 -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: Re: bird >=2.0.4 Stack underflow and most routes become filtered
On Tue, 10 Sep 2019, Ondrej Zajicek wrote: > We plan to release a new version soon with this and other fixes. That sounds like it makes sense for a package maintainer like me to hold my breath for a 2.0.6 - which also addresses the CVE from yesterday or so? Or is soon meant more like "in a month"? Regards Robert
Re: Kernel protocol and IPv6 route issue with Bird 2.0
On 9/11/19 2:23 PM, Ondrej Zajicek wrote: > On Wed, Sep 11, 2019 at 12:31:16PM +, Nigel Kukard wrote: >> Hi guys, >> >> I'm having an issue where IPv6 routes from the kernel routing table >> don't appear to end up in my t_kernel6 table. Despite the next-hop being >> link-local and the interface being UP. >> ... >> Here is the error I'm getting in my logs and fc11::/64 is not being >> shown in my t _kernel6 table... >> >> 2019-09-11 11:40:36.653 KRT: Received route fc11::/64 with strange >> next-hop fc10::2 >> ... >> Here is the kernel routing table 'ip -6 route'... >> >> fc00::/64 dev eth0 proto kernel metric 256 pref medium >> fc10::/64 dev eth1 proto kernel metric 256 pref medium >> *fc11::/64 via fc10::2 dev eth1 metric 1024 pref medium* >> fe80::/64 dev eth0 proto kernel metric 256 pref medium >> fe80::/64 dev eth1 proto kernel metric 256 pref medium > Hi > > Works for me: > > bird> show route table t_kernel6 > Table t_kernel6: > fc11::/64unicast [kernel2 16:20:13.398] (10) > via fc10::2 on eth0 > > What is your 'show interfaces' status? > I believe I just found the issue. On the first kernel table scan, I get the "strange next-hop" for the IPv6 route. This is perhaps a second or so after the environment is created. On the second kernel table scan the route is correctly added. In normal circumstances it shouldn't be a problem. I triggered it by running tests a few seconds after bird started. Either adding a sleep after starting bird exceeding the scan time or reducing the scan time worked for me. My first guess would be IPv6 DAD causing it, however I've not looked further into it or tested disabling IPv6 DAD. Sorry for the noise. -N
Re: Two similar kernel routes with different metrics on bird 1.6.4
On Wed, Sep 11, 2019 at 12:48:11PM +0300, Andrew wrote: > Hi all. > > I have two default kernel routes with different metrics (for failover, when > first gateway becomes unreachable - all traffic is switched to second gw). I > want to pipe it to other kernel table to gracefully handle connections to > second IP. Unfortunatelly, I can't force bird to learn route with higher > metric - bird just ignores it. > > Option 'merge paths' does nothing in that case. Import filter doesn't help - > it seems like route is dropped somewhere in protocol, before passing to > filter. > > How can I force bird to learn route with higher metric? Hi That is unfortunately not supported. Only one route per network can be imported. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: Kernel protocol and IPv6 route issue with Bird 2.0
On Wed, Sep 11, 2019 at 12:31:16PM +, Nigel Kukard wrote: > Hi guys, > > I'm having an issue where IPv6 routes from the kernel routing table > don't appear to end up in my t_kernel6 table. Despite the next-hop being > link-local and the interface being UP. > ... > Here is the error I'm getting in my logs and fc11::/64 is not being > shown in my t _kernel6 table... > > 2019-09-11 11:40:36.653 KRT: Received route fc11::/64 with strange > next-hop fc10::2 > ... > Here is the kernel routing table 'ip -6 route'... > > fc00::/64 dev eth0 proto kernel metric 256 pref medium > fc10::/64 dev eth1 proto kernel metric 256 pref medium > *fc11::/64 via fc10::2 dev eth1 metric 1024 pref medium* > fe80::/64 dev eth0 proto kernel metric 256 pref medium > fe80::/64 dev eth1 proto kernel metric 256 pref medium Hi Works for me: bird> show route table t_kernel6 Table t_kernel6: fc11::/64unicast [kernel2 16:20:13.398] (10) via fc10::2 on eth0 What is your 'show interfaces' status? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Kernel protocol and IPv6 route issue with Bird 2.0
Hi guys, I'm having an issue where IPv6 routes from the kernel routing table don't appear to end up in my t_kernel6 table. Despite the next-hop being link-local and the interface being UP. IPv4 routes I have no problem with, working as expected. I must be doing something wrong on my side, if someone could kindly point me in the right direction. (the below is configuration I'm testing with, I have manually set the MAC addresses and IP's for testing purposes within a LXC container so I can test results across configuration changes) Here is the snippet of config with... protocol device { description "Device protocol"; scan time 10; }; protocol kernel kernel4 { description "Kernel protocol for IPv4"; metric 600; learn; ipv4 { table t_kernel4; export all; import all; }; }; protocol kernel kernel6 { description "Kernel protocol for IPv6"; metric 600; learn; ipv6 { table t_kernel6; export all; import all; }; }; Here is the error I'm getting in my logs and fc11::/64 is not being shown in my t _kernel6 table... 2019-09-11 11:40:36.653 KRT: Received route fc11::/64 with strange next-hop fc10::2 The interface is however UP and fc10::2 is link local. Here is the output of 'ip link'... (eth1 is UP) 1: lo: mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0@if3: mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 02:01:00:00:00:01 brd ff:ff:ff:ff:ff:ff link-netnsid 0 4: *eth1*@if5: mtu 1500 qdisc noqueue state *UP* mode DEFAULT group default qlen 1000 link/ether 02:01:00:00:00:02 brd ff:ff:ff:ff:ff:ff link-netnsid 0 Here is the output of 'ip -6 address'... 1: lo: mtu 65536 state UNKNOWN qlen 1 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if3: mtu 1500 state UP qlen 1000 inet6 fc00::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::1:ff:fe00:1/64 scope link valid_lft forever preferred_lft forever 4: eth1@if5: mtu 1500 state UP qlen 1000 inet6 *fc10::1/64* scope global valid_lft forever preferred_lft forever inet6 fe80::1:ff:fe00:2/64 scope link valid_lft forever preferred_lft forever Here is the kernel routing table 'ip -6 route'... fc00::/64 dev eth0 proto kernel metric 256 pref medium fc10::/64 dev eth1 proto kernel metric 256 pref medium *fc11::/64 via fc10::2 dev eth1 metric 1024 pref medium* fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium Kind Regards -N
Two similar kernel routes with different metrics on bird 1.6.4
Hi all. I have two default kernel routes with different metrics (for failover, when first gateway becomes unreachable - all traffic is switched to second gw). I want to pipe it to other kernel table to gracefully handle connections to second IP. Unfortunatelly, I can't force bird to learn route with higher metric - bird just ignores it. Option 'merge paths' does nothing in that case. Import filter doesn't help - it seems like route is dropped somewhere in protocol, before passing to filter. How can I force bird to learn route with higher metric?