Re: RPKI support without SSH transport

[Clemens Schrimpe]

> On 25. Mar 2020, at 13:37, Ondrej Zajicek  wrote:
> 
> Yes, current code in git should be OK, all code in ssh_transport.c is
> commented out.

Confirmed. Thank you very much for the great work (not only this patch ... :-)

Greetings,

Clemens

OSPF v3 in VRF stuck in 'Alone' state

[bauen1]

Hello,

I'm running bird inside a vrf and I'm trying to setup an OSPF v3 ipv4 and ipv6 
"peering" over a wireguard vpn inside that vrf.

And bird does see the interface (as ptp), and sends 'HELLO' OSPF packets over 
the interface, these packets also arrive at the other side (where the same is 
happening).

However bird doesn't seem to receive the incoming packets, they do appear in 
tcpdump but not in birds log output with 'debug all'.

The OSPF protcol on both sides is stuck in the 'Alone' State with no neighbours.


bird version:

jhserver:

v2.0.4-44-gd843c274


dn42-uk-london0:

2.0.7


Both interfaces have all necessary ip / ipv6 addresses:


66: dn42-uk-london0:  mtu 1420 qdisc noqueue 
master vrf-dn42 state UNKNOWN group default qlen 1000   
 
    link/none
    inet 172.20.18.226 peer 172.20.18.225/32 scope link dn42-uk-london0
   valid_lft forever preferred_lft forever
    inet6 fdbb:baba:2468:2::4445 peer fdbb:baba:2468::1/128 scope global
   valid_lft forever preferred_lft forever
    inet6 fe80::55d2:c4ab peer fe80::c87a:cc67/64 scope link
   valid_lft forever preferred_lft forever

26: jhserver-dn42:  mtu 1500 qdisc noqueue 
master dn42 state UNKNOWN group default qlen 1000
    link/none
    inet 172.20.18.225 peer 172.20.18.226/32 scope link jhserver-dn42
   valid_lft forever preferred_lft forever
    inet6 fdbb:baba:2468::1 peer fdbb:baba:2468:2::4445/128 scope global
   valid_lft forever preferred_lft forever
    inet6 fe80::c87a:cc67 peer fe80::55d2:c4ab/64 scope link
   valid_lft forever preferred_lft forever


Relevant part of the config:

jhserver:

 protocol ospf v3 dn42_ospf_ip4 {   

  
   router id DN42_OWNIP;

  
   debug all;   

  
   vrf "vrf-dn42";  

  
   ipv4 {   

  
 table dn42_ip4;

  
 export all;

  
 import keep filtered;  

  
 import none;   

  
   };   

  
   area 0.0.0.0  {  

  
 interface "vrf-dn42" { 

  
   stub yes;

  
 }; 

  
 interface "dn42-uk-london0" {  

  
 }; 

  
   };   

Re: Direct protocol affects BGP

[Fabiano D'Agostino]

ah okay thanks, I understand now!

Il giorno mer 25 mar 2020 alle ore 17:33 Alexander Zubkov 
ha scritto:

> Than I see no problem. When you have direct protocol off - your router
> have nothing imported to the bird's routing table and so nothing is
> exported to the bgp peer. A kernel protocol does not import those
> routes, from the documentation:
>
> > Note that routes created by OS kernel itself, namely direct routes
> representing IP subnets of associated interfaces, are not imported even
> with learn enabled. You can use Direct protocol to generate these direct
> routes.
>
> On Wed, Mar 25, 2020 at 5:21 PM Fabiano D'Agostino
>  wrote:
> >
> > Yes, I disabled direct protocol on both routers. The full bird.conf is
> the following:
> > log syslog all;
> > ipv4 table master4;
> > ipv6 table master6;
> > router1 bgp configuration:
> > protocol bgp {
> > ipv4 {
> > import all;
> > export all;
> >};
> >local as 1;
> >neighbor 192.168.2.22 as 2;
> > }
> > protocol device {
> > }
> > protocol kernel {
> > ipv4 {
> > table master4;
> > import all;
> > export all;
> > };
> > }
> > protocol static {
> > ipv4;
> > }
> >
> >
> > Il giorno mer 25 mar 2020 alle ore 17:06 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> Do you disable direct protocol on both router1 and router2?
> >> And that is definitely not the full bird config, you do not have a
> >> kernel protocol for example.
> >>
> >> On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > There is no gateway because they are directly connected. However my
> network topology is the following:
> >> > [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
> >> > pc-a:
> >> > enp0s3
> >> > address 192.168.1.11
> >> > gw 192.168.1.1
> >> > router1:
> >> > enp0s3
> >> > address 192.168.1.1
> >> > enp0s8
> >> > 192.168.2.2
> >> >
> >> > router1 bgp configuration:
> >> > protocol bgp {
> >> > ipv4 {
> >> > import all;
> >> > export all;
> >> >}
> >> > local as 1;
> >> > neighbor 192.168.2.22 as 2
> >> >
> >> >
> >> > Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> There is also no gateway in you "route" output on routes exported
> from
> >> >> bird. Maybe you have some filters that causing it? Could you show
> your
> >> >> config if it is not secret?
> >> >>
> >> >> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Yes, 'show route', is from Bird. I don't have route-reflector, but
> just two routers which have a bgp session. Anyway, yes when direct is
> disabled, the bgp session is established.
> >> >> >
> >> >> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >>
> >> >> >> "show route" looks a little weird, is it from bird? There are also
> >> >> >> commonly a protocol and metric shown.
> >> >> >> Those are from your route-reflector? Do you have your bgp
> sessions up
> >> >> >> when direct is disabled?
> >> >> >>
> >> >> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
> >> >> >>  wrote:
> >> >> >> >
> >> >> >> > Good evening Alexander,
> >> >> >> >
> >> >> >> > Direct protocol enabled:
> >> >> >> > 'route' command:
> >> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> >> > 192.168.1.0  *255.255.255.0   U   32
>  enp0s3
> >> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> >> > 192.168.2.0  *255.255.255.0   U32
> enp0s8
> >> >> >> > 192.168.4.0  *255.255.255.0   U32
> enp0s8
> >> >> >> > 'show route' command:
> >> >> >> > 192.168.1.0/24 enp0s3
> >> >> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
> >> >> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
> >> >> >> >
> >> >> >> > Direct protocol disabled:
> >> >> >> > 'route' command:
> >> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> >> > 'show route' command:
> >> >> >> > empty
> >> >> >> >
> >> >> >> > Thanks,
> >> >> >> >
> >> >> >> > Fabiano
> >> >> >> >
> >> >> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >> >>
> >> >> >> >> I think it would be easier if you showed your route tables in
> both cases.
> >> >> >> >>
> >> >> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti <
> irene.lali...@restena.lu> wrote:
> >> >> >> >> >
> >> >> >> >> > Hello guys!
> >> >> >> >> >
> >> >> >> >> > Just because today we encountered again the same issue with
> direct, I am very curious on this:
> >> >> >> >> >
> >> >> >> >> > I totally agree with what you guys explained about 

Re: Direct protocol affects BGP

[Alexander Zubkov]

Than I see no problem. When you have direct protocol off - your router
have nothing imported to the bird's routing table and so nothing is
exported to the bgp peer. A kernel protocol does not import those
routes, from the documentation:

> Note that routes created by OS kernel itself, namely direct routes 
> representing IP subnets of associated interfaces, are not imported even with 
> learn enabled. You can use Direct protocol to generate these direct routes.

On Wed, Mar 25, 2020 at 5:21 PM Fabiano D'Agostino
 wrote:
>
> Yes, I disabled direct protocol on both routers. The full bird.conf is the 
> following:
> log syslog all;
> ipv4 table master4;
> ipv6 table master6;
> router1 bgp configuration:
> protocol bgp {
> ipv4 {
> import all;
> export all;
>};
>local as 1;
>neighbor 192.168.2.22 as 2;
> }
> protocol device {
> }
> protocol kernel {
> ipv4 {
> table master4;
> import all;
> export all;
> };
> }
> protocol static {
> ipv4;
> }
>
>
> Il giorno mer 25 mar 2020 alle ore 17:06 Alexander Zubkov  
> ha scritto:
>>
>> Do you disable direct protocol on both router1 and router2?
>> And that is definitely not the full bird config, you do not have a
>> kernel protocol for example.
>>
>> On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
>>  wrote:
>> >
>> > There is no gateway because they are directly connected. However my 
>> > network topology is the following:
>> > [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
>> > pc-a:
>> > enp0s3
>> > address 192.168.1.11
>> > gw 192.168.1.1
>> > router1:
>> > enp0s3
>> > address 192.168.1.1
>> > enp0s8
>> > 192.168.2.2
>> >
>> > router1 bgp configuration:
>> > protocol bgp {
>> > ipv4 {
>> > import all;
>> > export all;
>> >}
>> > local as 1;
>> > neighbor 192.168.2.22 as 2
>> >
>> >
>> > Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov 
>> >  ha scritto:
>> >>
>> >> There is also no gateway in you "route" output on routes exported from
>> >> bird. Maybe you have some filters that causing it? Could you show your
>> >> config if it is not secret?
>> >>
>> >> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
>> >>  wrote:
>> >> >
>> >> > Yes, 'show route', is from Bird. I don't have route-reflector, but just 
>> >> > two routers which have a bgp session. Anyway, yes when direct is 
>> >> > disabled, the bgp session is established.
>> >> >
>> >> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov 
>> >> >  ha scritto:
>> >> >>
>> >> >> "show route" looks a little weird, is it from bird? There are also
>> >> >> commonly a protocol and metric shown.
>> >> >> Those are from your route-reflector? Do you have your bgp sessions up
>> >> >> when direct is disabled?
>> >> >>
>> >> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
>> >> >>  wrote:
>> >> >> >
>> >> >> > Good evening Alexander,
>> >> >> >
>> >> >> > Direct protocol enabled:
>> >> >> > 'route' command:
>> >> >> > Destination Gateway GenmaskFlags Metric iface
>> >> >> > 192.168.1.0  *255.255.255.0   U   0 
>> >> >> > enp0s3
>> >> >> > 192.168.1.0  *255.255.255.0   U   32   enp0s3
>> >> >> > 192.168.2.0  *255.255.255.0   U   0 
>> >> >> > enp0s8
>> >> >> > 192.168.2.0  *255.255.255.0   U32  enp0s8
>> >> >> > 192.168.4.0  *255.255.255.0   U32  enp0s8
>> >> >> > 'show route' command:
>> >> >> > 192.168.1.0/24 enp0s3
>> >> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
>> >> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
>> >> >> >
>> >> >> > Direct protocol disabled:
>> >> >> > 'route' command:
>> >> >> > Destination Gateway GenmaskFlags Metric iface
>> >> >> > 192.168.1.0  *255.255.255.0   U   0 
>> >> >> > enp0s3
>> >> >> > 192.168.2.0  *255.255.255.0   U   0 
>> >> >> > enp0s8
>> >> >> > 'show route' command:
>> >> >> > empty
>> >> >> >
>> >> >> > Thanks,
>> >> >> >
>> >> >> > Fabiano
>> >> >> >
>> >> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov 
>> >> >> >  ha scritto:
>> >> >> >>
>> >> >> >> I think it would be easier if you showed your route tables in both 
>> >> >> >> cases.
>> >> >> >>
>> >> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti 
>> >> >> >>  wrote:
>> >> >> >> >
>> >> >> >> > Hello guys!
>> >> >> >> >
>> >> >> >> > Just because today we encountered again the same issue with 
>> >> >> >> > direct, I am very curious on this:
>> >> >> >> >
>> >> >> >> > I totally agree with what you guys explained about the need of 
>> >> >> >> > the direct protocol. Once we set it then reachability works and 
>> >> >> >> > all is ok.
>> >> >> >> >
>> >> >> >> > Our big question is why was it working before the moment it lost 
>> >> >> >> > the BGP session?? In other words: the set up :
>> >> >> >> >
>> >> >> >> > RS - BGP session 

Re: Direct protocol affects BGP

[Fabiano D'Agostino]

Yes, I disabled direct protocol on both routers. The full bird.conf is the
following:
log syslog all;
ipv4 table master4;
ipv6 table master6;
router1 bgp configuration:
protocol bgp {
ipv4 {
import all;
export all;
   };
   local as 1;
   neighbor 192.168.2.22 as 2;
}
protocol device {
}
protocol kernel {
ipv4 {
table master4;
import all;
export all;
};
}
protocol static {
ipv4;
}


Il giorno mer 25 mar 2020 alle ore 17:06 Alexander Zubkov 
ha scritto:

> Do you disable direct protocol on both router1 and router2?
> And that is definitely not the full bird config, you do not have a
> kernel protocol for example.
>
> On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
>  wrote:
> >
> > There is no gateway because they are directly connected. However my
> network topology is the following:
> > [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
> > pc-a:
> > enp0s3
> > address 192.168.1.11
> > gw 192.168.1.1
> > router1:
> > enp0s3
> > address 192.168.1.1
> > enp0s8
> > 192.168.2.2
> >
> > router1 bgp configuration:
> > protocol bgp {
> > ipv4 {
> > import all;
> > export all;
> >}
> > local as 1;
> > neighbor 192.168.2.22 as 2
> >
> >
> > Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >>
> >> There is also no gateway in you "route" output on routes exported from
> >> bird. Maybe you have some filters that causing it? Could you show your
> >> config if it is not secret?
> >>
> >> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
> >>  wrote:
> >> >
> >> > Yes, 'show route', is from Bird. I don't have route-reflector, but
> just two routers which have a bgp session. Anyway, yes when direct is
> disabled, the bgp session is established.
> >> >
> >> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >>
> >> >> "show route" looks a little weird, is it from bird? There are also
> >> >> commonly a protocol and metric shown.
> >> >> Those are from your route-reflector? Do you have your bgp sessions up
> >> >> when direct is disabled?
> >> >>
> >> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
> >> >>  wrote:
> >> >> >
> >> >> > Good evening Alexander,
> >> >> >
> >> >> > Direct protocol enabled:
> >> >> > 'route' command:
> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> > 192.168.1.0  *255.255.255.0   U   32
>  enp0s3
> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> > 192.168.2.0  *255.255.255.0   U32
> enp0s8
> >> >> > 192.168.4.0  *255.255.255.0   U32
> enp0s8
> >> >> > 'show route' command:
> >> >> > 192.168.1.0/24 enp0s3
> >> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
> >> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
> >> >> >
> >> >> > Direct protocol disabled:
> >> >> > 'route' command:
> >> >> > Destination Gateway GenmaskFlags Metric iface
> >> >> > 192.168.1.0  *255.255.255.0   U   0
>  enp0s3
> >> >> > 192.168.2.0  *255.255.255.0   U   0
>  enp0s8
> >> >> > 'show route' command:
> >> >> > empty
> >> >> >
> >> >> > Thanks,
> >> >> >
> >> >> > Fabiano
> >> >> >
> >> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov <
> gr...@qrator.net> ha scritto:
> >> >> >>
> >> >> >> I think it would be easier if you showed your route tables in
> both cases.
> >> >> >>
> >> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti <
> irene.lali...@restena.lu> wrote:
> >> >> >> >
> >> >> >> > Hello guys!
> >> >> >> >
> >> >> >> > Just because today we encountered again the same issue with
> direct, I am very curious on this:
> >> >> >> >
> >> >> >> > I totally agree with what you guys explained about the need of
> the direct protocol. Once we set it then reachability works and all is ok.
> >> >> >> >
> >> >> >> > Our big question is why was it working before the moment it
> lost the BGP session?? In other words: the set up :
> >> >> >> >
> >> >> >> > RS - BGP session with the ROUTER - and behind the Router we
> have Caches.
> >> >> >> >
> >> >> >> > Before the router was announcing to the RS(BIRD v2.0.7) the
> caches and that they are reachable by the router. Without any direct.
> >> >> >> >
> >> >> >> > Until one day we lose the bgp session, and we can ping the
> caches from the RS but not reachable . Once we set it as direct on the bird
> then all is fine.
> >> >> >> >
> >> >> >> > Question is why was it working before without direct ?? :=)
> >> >> >> >
> >> >> >> > Many thanks for your time!
> >> >> >> >
> >> >> >> > Have a great day all!
> >> >> >> >
> >> >> >> > Irene.
> >> >> >> >
> >> >> >> > On 23/03/2020 17:07, Fabiano D'Agostino wrote:
> >> >> >> >
> >> >> >> > Hi Bernd,
> >> >> >> > no, the routing "from the kernel" doesn't come 

Re: Direct protocol affects BGP

[Alexander Zubkov]

Do you disable direct protocol on both router1 and router2?
And that is definitely not the full bird config, you do not have a
kernel protocol for example.

On Tue, Mar 24, 2020 at 10:50 PM Fabiano D'Agostino
 wrote:
>
> There is no gateway because they are directly connected. However my network 
> topology is the following:
> [pc-a - router1 ]=AS 1 ; [pc-b - router 2]=AS 2;
> pc-a:
> enp0s3
> address 192.168.1.11
> gw 192.168.1.1
> router1:
> enp0s3
> address 192.168.1.1
> enp0s8
> 192.168.2.2
>
> router1 bgp configuration:
> protocol bgp {
> ipv4 {
> import all;
> export all;
>}
> local as 1;
> neighbor 192.168.2.22 as 2
>
>
> Il giorno mar 24 mar 2020 alle ore 22:40 Alexander Zubkov  
> ha scritto:
>>
>> There is also no gateway in you "route" output on routes exported from
>> bird. Maybe you have some filters that causing it? Could you show your
>> config if it is not secret?
>>
>> On Tue, Mar 24, 2020 at 9:53 PM Fabiano D'Agostino
>>  wrote:
>> >
>> > Yes, 'show route', is from Bird. I don't have route-reflector, but just 
>> > two routers which have a bgp session. Anyway, yes when direct is disabled, 
>> > the bgp session is established.
>> >
>> > Il giorno mar 24 mar 2020 alle ore 21:45 Alexander Zubkov 
>> >  ha scritto:
>> >>
>> >> "show route" looks a little weird, is it from bird? There are also
>> >> commonly a protocol and metric shown.
>> >> Those are from your route-reflector? Do you have your bgp sessions up
>> >> when direct is disabled?
>> >>
>> >> On Tue, Mar 24, 2020 at 9:33 PM Fabiano D'Agostino
>> >>  wrote:
>> >> >
>> >> > Good evening Alexander,
>> >> >
>> >> > Direct protocol enabled:
>> >> > 'route' command:
>> >> > Destination Gateway GenmaskFlags Metric iface
>> >> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
>> >> > 192.168.1.0  *255.255.255.0   U   32   enp0s3
>> >> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
>> >> > 192.168.2.0  *255.255.255.0   U32  enp0s8
>> >> > 192.168.4.0  *255.255.255.0   U32  enp0s8
>> >> > 'show route' command:
>> >> > 192.168.1.0/24 enp0s3
>> >> > 192.168.2.0/24  enp0s8 via 192.168.2.22 on enp0s8
>> >> > 192.168.4.0/24 via 192.168.2.22 on enp0s8
>> >> >
>> >> > Direct protocol disabled:
>> >> > 'route' command:
>> >> > Destination Gateway GenmaskFlags Metric iface
>> >> > 192.168.1.0  *255.255.255.0   U   0 enp0s3
>> >> > 192.168.2.0  *255.255.255.0   U   0 enp0s8
>> >> > 'show route' command:
>> >> > empty
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Fabiano
>> >> >
>> >> > Il giorno mar 24 mar 2020 alle ore 21:00 Alexander Zubkov 
>> >> >  ha scritto:
>> >> >>
>> >> >> I think it would be easier if you showed your route tables in both 
>> >> >> cases.
>> >> >>
>> >> >> On Tue, Mar 24, 2020 at 8:57 AM Irene Lalioti 
>> >> >>  wrote:
>> >> >> >
>> >> >> > Hello guys!
>> >> >> >
>> >> >> > Just because today we encountered again the same issue with direct, 
>> >> >> > I am very curious on this:
>> >> >> >
>> >> >> > I totally agree with what you guys explained about the need of the 
>> >> >> > direct protocol. Once we set it then reachability works and all is 
>> >> >> > ok.
>> >> >> >
>> >> >> > Our big question is why was it working before the moment it lost the 
>> >> >> > BGP session?? In other words: the set up :
>> >> >> >
>> >> >> > RS - BGP session with the ROUTER - and behind the Router we have 
>> >> >> > Caches.
>> >> >> >
>> >> >> > Before the router was announcing to the RS(BIRD v2.0.7) the caches 
>> >> >> > and that they are reachable by the router. Without any direct.
>> >> >> >
>> >> >> > Until one day we lose the bgp session, and we can ping the caches 
>> >> >> > from the RS but not reachable . Once we set it as direct on the bird 
>> >> >> > then all is fine.
>> >> >> >
>> >> >> > Question is why was it working before without direct ?? :=)
>> >> >> >
>> >> >> > Many thanks for your time!
>> >> >> >
>> >> >> > Have a great day all!
>> >> >> >
>> >> >> > Irene.
>> >> >> >
>> >> >> > On 23/03/2020 17:07, Fabiano D'Agostino wrote:
>> >> >> >
>> >> >> > Hi Bernd,
>> >> >> > no, the routing "from the kernel" doesn't come via 'learn yes', but 
>> >> >> > via RIB, I mean if I do 'route' it shows the directly connected 
>> >> >> > networks. The problem is that if I use the Direct protocol, the 
>> >> >> > command 'route' shows me two same directly connected networks, one 
>> >> >> > coming from RIB and the other one coming from Bird.
>> >> >> > I tried protocol bgp { direct; }, but it doesn't change.
>> >> >> >
>> >> >> > Thanks,
>> >> >> >
>> >> >> > Fabiano
>> >> >> >
>> >> >> > Il giorno lun 23 mar 2020 alle ore 16:15 Bernd Naumann 
>> >> >> >  ha scritto:
>> >> >> >>
>> >> >> >> On 23.03.20 16:01, Fabiano D'Agostino wrote:
>> >> >> >> > Hi Benedikt,
>> >> >> >> > I am just learning Bird and I 

BGP FlowSpec Route-reflector

[vincent . ma]

Hello,

I'm trying to advertise bgpflowspec route from sflow-rt to bird.

I have only "Import withdraws" although I send updates routes.

Can you help me please ?

bird> show protocol all sflow
Name   Proto  Table  State  Since Info
sflow  BGP---up 15:33:04.256  Established
  BGP state:  Established
Neighbor address: 192.168.10.3
Neighbor AS:  65000
Local AS: 65000
Neighbor ID:  192.168.10.3
Local capabilities
  Multiprotocol
AF announced: ipv4 flow4
  Route refresh
  Graceful restart
  4-octet AS numbers
  Enhanced refresh
  Long-lived graceful restart
Neighbor capabilities
  Multiprotocol
AF announced: ipv4 ipv6 flow4 flow6
  4-octet AS numbers
Session:  internal multihop AS4
Source address:   192.168.10.2
Hold timer:   122.161/180
Keepalive timer:  33.965/60
  Channel flow4
State:  UP
Table:  flowtab4
Preference: 100
Input filter:   ACCEPT
Output filter:  ACCEPT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received   rejected   filteredignored   accepted
  Import updates:  0  0  0  0  0
  Import withdraws:4  0---  4  0
  Export updates:  0  0  0---  0
  Export withdraws:0---------  0
BGP Next hop:   192.168.10.2
  Channel ipv4
State:  UP
Table:  master4
Preference: 100
Input filter:   ACCEPT
Output filter:  ACCEPT
Routes: 0 imported, 0 exported, 0 preferred
Route change stats: received   rejected   filteredignored   accepted
  Import updates:  0  0  0  0  0
  Import withdraws:1  0---  1  0
  Export updates:  0  0  0---  0
  Export withdraws:0---------  0
BGP Next hop:   192.168.10.2
IGP IPv4 table: master4



bird.conf :

router id 192.168.10.2;
flow4 table flowtab4;

protocol bgp client1 {
   debug all;
   local 192.168.10.2 as 65000;
   neighbor 192.168.10.1 as 65000;
   flow4 {
   import all;
   export all;
 };

   ipv4 {
   import all;
   export all;

   };

}

protocol bgp sflow {
   debug all;
   local 192.168.10.2 as 65000;
   neighbor 192.168.10.3 port 1179 as 65000;
   flow4 {
   import all;
   export all;
 };

   ipv4 {
   import all;
   export all;

   };
}

Re: RPKI support without SSH transport

[Clemens Schrimpe]

> On 25. Mar 2020, at 13:37, Ondrej Zajicek  wrote:
> 
> Yes, current code in git should be OK, all code in ssh_transport.c is
> commented out.

I'll git pull and try it out asap. Thanks,

Clemens

Re: RPKI support without SSH transport

[Ondrej Zajicek]

On Wed, Mar 25, 2020 at 02:17:13PM +0300, Mikhail Grishin wrote:
> Hi,
> 
> In my case all compiled fine:
> 
> ./configure --disable-libssh

Yes, current code in git should be OK, all code in ssh_transport.c is
commented out.

> CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c
> CC -o obj/proto/rpki/transport.o -c proto/rpki/transport.c
> CC -o obj/proto/static/static.o -c proto/static/static.c
> 
> > No, unfortunately it does not - not any more, at least:
> > 
> > Configured with
> > 
> > ./configure --disable-libssh
> > 
> > it doesn't compile /proto/rpki/ssh_transport.c /because it references
> > "struct ssh_sock" and "SK_SSH_CONNECT", whose definitions are excluded
> > in lib/socket.h unless HAVE_LIBSSH is defined →
> > 
> > CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c
> > proto/rpki/ssh_transport.c: In function 'rpki_tr_ssh_open':
> > proto/rpki/ssh_transport.c:29:40: error: invalid application of
> > 'sizeof' to incomplete type 'struct ssh_sock'
> >sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock));
> > ^~
> > proto/rpki/ssh_transport.c:30:10: error: dereferencing pointer to
> > incomplete type 'struct ssh_sock'
> >  sk->ssh->username = ssh_cf->user;
> >   ^~
> > proto/rpki/ssh_transport.c:34:20: error: 'SK_SSH_CONNECT'
> > undeclared (first use in this function)
> >sk->ssh->state = SK_SSH_CONNECT;
> > ^~
> > 
> > 
> > Again: Thanks for your great support!
> > 
> > Clemens
> > 
> > 
> 

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."

Re: RPKI support without SSH transport

[Mikhail Grishin]

Hi,

In my case all compiled fine:

./configure --disable-libssh
.


CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c
CC -o obj/proto/rpki/transport.o -c proto/rpki/transport.c
CC -o obj/proto/static/static.o -c proto/static/static.c


Clemens Schrimpe пишет 19.03.2020 16:44:

Hello and sorry for the late feedback ... lots of things going on ...


On 14. Jan 2020, at 16:45, Maria Matějka > wrote:


however, attempts to build it without /--disable-libssh/ result in a 
linking error:


Oops, sorry, I missed one include. Here is the fixed patch, now it 
compiles both with and without libSSH.


Maria



No, unfortunately it does not - not any more, at least:

Configured with

./configure --disable-libssh

it doesn't compile /proto/rpki/ssh_transport.c /because it references 
"struct ssh_sock" and "SK_SSH_CONNECT", whose definitions are excluded 
in lib/socket.h unless HAVE_LIBSSH is defined →


CC -o obj/proto/rpki/ssh_transport.o -c proto/rpki/ssh_transport.c
proto/rpki/ssh_transport.c: In function 'rpki_tr_ssh_open':
proto/rpki/ssh_transport.c:29:40: error: invalid application of
'sizeof' to incomplete type 'struct ssh_sock'
   sk->ssh = mb_allocz(sk->pool, sizeof(struct ssh_sock));
^~
proto/rpki/ssh_transport.c:30:10: error: dereferencing pointer to
incomplete type 'struct ssh_sock'
 sk->ssh->username = ssh_cf->user;
  ^~
proto/rpki/ssh_transport.c:34:20: error: 'SK_SSH_CONNECT'
undeclared (first use in this function)
   sk->ssh->state = SK_SSH_CONNECT;
^~


Again: Thanks for your great support!

Clemens