Re: 7.4 hard locks with bgpd on link change

David Gwynne Tue, 23 Jan 2024 16:18:44 -0800

this should be fixed in src/sys/net/if_sec.c r1.10.

sorry for the delay :(


> On 4 Nov 2023, at 13:01, Jason Tubnor <ja...@tubnor.net> wrote:
> 
> 
> On 3/11/2023 8:58 pm, Claudio Jeker wrote:
>> Do I understand you correctly that bgpd runs over the sec(4) interface
>> which routes over em1?
> 
> Correct (also OSPF). Here is the iked.conf and ifconfig sec10:
> 
> ikev2 active esp from any to any peer 192.168.1.1 srcid 172.16.1.1 dstid 
> 192.168.1.1 iface sec10
> 
> sec10: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
>         index 7 priority 0 llprio 3
>         groups: sec egress
>         inet 10.0.0.253 --> 10.0.1.254 netmask 0xfffffe00
> 
>> Does bgpd install any routes over em1? `bgpctl show next` should tell you
>> which nexthops use which interface.
> 
> See below. Redacted for privacy:
> 
> fwtst06# bgpctl sho nex
> Flags: * = nexthop valid
> 
>   Nexthop         Route              Prio Gateway         Iface
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/32   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/32   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/32   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/32   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/32   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/23   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/23   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/26   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/26   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/26   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/30    4 connected       em0 (UP, 1000 Mbps)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/30    4 connected       em0 (UP, 1000 Mbps)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/30   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> * XXX.XXX.XXX.XXX XXX.XXX.XXX.XXX/30   32 XXX.XXX.XXX.XXX sec10 (UP, unknown)
> 
>> 
>> This could well be an issue inside sec(4) since that interface is new.
>> If you could give use some example config to rebuild the case it would
>> help a lot.
> fwtst06# cat /etc/hostname.sec10
> inet 10.0.0.253 255.255.254.0 10.0.1.254 mtu 1380
> up
> fwtst06# grep sec /etc/pf.conf
> set skip on { lo, sec }
> fwtst06# cat /etc/ospfd.conf
> router-id $ospf_id
> 
> area 0.0.0.0 {
>         interface sec10 {
>             type p2p
> }
>         interface em0 {
>                 type p2p
>         }
> }
> 
> /etc/bgpd.conf <snip>
> 
> group "ibgp" {
>         remote-as $bgpasn
>         local-address $laif
> 
>         neighbor 10.8.8.8              # router reflector 1 ipv4
>         neighbor 10.9.9.9              # router reflector 2 ipv4
> 
>         neighbor $em0neighbor {
>                 route-reflector
>         }
> }
>

Re: 7.4 hard locks with bgpd on link change

Reply via email to