OpenBGPD bug ?
Hi, Since I did update OpenBGPd (complete system update today), I did notice a strange behavior: None of my eBGP sessions are being taken up wether IPv4 or IPv6 Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1 (he-ipv6-bgp-peer): received notification: error in OPEN message, AS unacceptable Tcpdump output: 22:05:53.890039 bgpgw-002.lncsa.com.29176 interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP (OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH, CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1] 22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP (NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos 0xc0] [ttl 1] The setup consists of two OpenBSD boxes (one running current from last month, and the other one current from today). To have it running again I have to copy the old (running on last month's current machine) bgpd bgpctl binaries to the new system and kill both instances of bgpd Any clue ? Thanks
Re: OpenBGPD bug ?
On Mon, Jan 04, 2010 at 10:11:00PM +0100, Laurent CARON wrote: Hi, Since I did update OpenBGPd (complete system update today), I did notice a strange behavior: None of my eBGP sessions are being taken up wether IPv4 or IPv6 Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1 (he-ipv6-bgp-peer): received notification: error in OPEN message, AS unacceptable Tcpdump output: 22:05:53.890039 bgpgw-002.lncsa.com.29176 interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP (OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH, CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1] 22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP (NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos 0xc0] [ttl 1] The setup consists of two OpenBSD boxes (one running current from last month, and the other one current from today). To have it running again I have to copy the old (running on last month's current machine) bgpd bgpctl binaries to the new system and kill both instances of bgpd Any clue ? Yes, please send me the config (bgpd -nvv output is OK) For some reasons your AS number is not set in the open. -- :wq Claudio
Re: OpenBGPD bug ?
On Tue, Jan 05, 2010 at 12:04:10AM +0100, Claudio Jeker wrote:
On Mon, Jan 04, 2010 at 10:11:00PM +0100, Laurent CARON wrote:
Hi,
Since I did update OpenBGPd (complete system update today), I did
notice a strange behavior:
None of my eBGP sessions are being taken up wether IPv4 or IPv6
Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1
(he-ipv6-bgp-peer): received notification: error in OPEN message, AS
unacceptable
Tcpdump output:
22:05:53.890039 bgpgw-002.lncsa.com.29176
interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP
(OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option
length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH,
CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1]
22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp
bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP
(NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos
0xc0] [ttl 1]
The setup consists of two OpenBSD boxes (one running current from
last month, and the other one current from today).
To have it running again I have to copy the old (running on last
month's current machine) bgpd bgpctl binaries to the new system
and kill both instances of bgpd
Any clue ?
Yes, please send me the config (bgpd -nvv output is OK)
For some reasons your AS number is not set in the open.
OK, I see a problem here. The session engine does not copy the bgpd_conf
struct but instead does it bit by bit missing some important ones.
This diff should fix the problem for now. It would be better to swap the
config but that is a bit more complex. Need to look into that in the
morning.
--
:wq Claudio
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.279
diff -u -p -r1.279 rde.c
--- rde.c 31 Dec 2009 15:34:02 - 1.279
+++ rde.c 4 Jan 2010 23:29:45 -
@@ -619,6 +619,9 @@ rde_dispatch_imsg_parent(struct imsgbuf
nconf-flags = ~BGPD_FLAG_NO_EVALUATE;
}
memcpy(conf, nconf, sizeof(struct bgpd_config));
+ conf-listen_addrs = NULL;
+ conf-csock = NULL;
+ conf-rcsock = NULL;
free(nconf);
nconf = NULL;
parent_set = NULL;
Index: session.c
===
RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
retrieving revision 1.303
diff -u -p -r1.303 session.c
--- session.c 31 Dec 2009 15:34:02 - 1.303
+++ session.c 4 Jan 2010 23:31:19 -
@@ -2360,10 +2360,16 @@ session_dispatch_imsg(struct imsgbuf *ib
fatalx(reconf request not from parent);
if (nconf == NULL)
fatalx(got IMSG_RECONF_DONE but no config);
+ conf-flags = nconf-flags;
+ conf-log = nconf-log;
+ conf-rtableid = nconf-rtableid;
+ conf-bgpid = nconf-bgpid;
+ conf-clusterid = nconf-clusterid;
conf-as = nconf-as;
+ conf-short_as = nconf-short_as;
conf-holdtime = nconf-holdtime;
- conf-bgpid = nconf-bgpid;
conf-min_holdtime = nconf-min_holdtime;
+ conf-connectretry = nconf-connectretry;
/* add new peers */
for (p = npeers; p != NULL; p = next) {
Re: OpenBGPD bug ?
On 05/01/2010 00:36, Claudio Jeker wrote: OK, I see a problem here. The session engine does not copy the bgpd_conf struct but instead does it bit by bit missing some important ones. This diff should fix the problem for now. It would be better to swap the config but that is a bit more complex. Need to look into that in the morning. The patch did solve the problem I was encountering with latest CVS bgpd. Feel free to ask for some tests since I do have a redundant setup, it is easier to test stuffs. Thanks
Re: OpenBGPD bug??
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok Henning.
I'm using 3.9, and my config is:
group peering AS {
remote-as
neighbor $principal {
descr Link Principal
announce all
local-address $mypeer1
depend on carp1
set metric 1
set localpref 200
}
neighbor $backup {
descr Link BKP
announce all
local-address $mypeer2
depend on carp2
set metric 10
set localpref 100
}
}
group peering bogon {
remote-as 65333
neighbor $peer_bogon1 {
descr Peering Bogon 1
local-address $my_bogon
depend on carp0
multihop 64
announce none
max-prefix 1000
tcp md5sig password X
}
neighbor $peer_bogon2 {
descr Peering Bogon 2
local-address $my_bogon
depend on carp0
multihop 64
announce none
max-prefix 1000
tcp md5sig password
}
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
match to $principal set community :200
match to $backup set community :100
#BOGON
allow from any community 65333:888 set pftable bogons
allow from any community 65333:888 set nexthop blackhole
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
The only relevant messages in the log before the crash is:
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change Active - OpenSent, reason: Connection opened
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change OpenSent - OpenConfirm, reason: OPEN message received
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change OpenConfirm - Established, reason: KEEPALIVE message
received
Feb 25 21:53:28 my_router bgpd[3075]: fatal in RDE:
rde_dispatch_imsg_parent: pipe closed
Feb 25 21:53:28 my_router bgpd[8131]: fatal in SE:
session_dispatch_imsg: pipe closed: Connection refused
But, i have a lot os this messages all the time:
Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw
87.236.67.0/24
Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw
87.236.66.0/23
[]'s
Nadal
Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem
por serem experientes
+---+
| Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE |
|Coordenador Tecnico|
| Fone: + 55 41 3331 8200 |
| FAX: + 55 41 3331 8256 |
| OndaRPC |
| www.ondarpc.com.br |
|Registered Linux User: 56841 |
| PGP KEY: www.keyserver.net KEY ID 6ABB668D|
+---+
Henning Brauer escreveu:
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 05:28]:
I found a possible OpenBGPD bug.
you're petty much leaving out all relevant information.
you don't mention which version you run, you don't show your config,
and you don't show complete logs at time of failure. impossible to
track down possible bugs like this.
that said, chances are very good this is fixed in -current/4.1.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4x9kLQAusHT90XQRAru6AKC4vsg8pCcBi/ZIj+8g2QXBKu17AQCfZpsu
H6fXMN/4UzQmG1gM0EWnYvc=
=J3k7
-END PGP SIGNATURE-
Re: OpenBGPD bug??
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBGPD bug??
Ok, i will try a upgrade to 4.0 or 4.1 I know about logging update enabled, i just told you. :) Thanks for your help. []'s Nadal Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem por serem experientes +---+ | Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE | |Coordenador Tecnico| | Fone: + 55 41 3331 8200 | | FAX: + 55 41 3331 8256 | | OndaRPC | | www.ondarpc.com.br | |Registered Linux User: 56841 | | PGP KEY: www.keyserver.net KEY ID 6ABB668D| +---+ Henning Brauer escreveu: * Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for
OpenBGPD bug??
Hy all. I found a possible OpenBGPD bug. I have a bgp session with Cymru to receive a bogon network using bgp. I have others sessions with my local carrier to. Sometimes, the Cymru sessions go down, after some seconds the session is established. Wheel, after some sessions up and down, the bgpd process crash. Look the log: Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change Active - OpenSent, reason: Connection opened Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenSent - OpenConfirm, reason: OPEN message received Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenConfirm - Established, reason: KEEPALIVE message received Feb 25 21:53:28 my_router bgpd[3075]: fatal in RDE: rde_dispatch_imsg_parent: pipe closed Feb 25 21:53:28 my_router bgpd[8131]: fatal in SE: session_dispatch_imsg: pipe closed: Connection refused After this, my entire network is down, because there is no more bgp routing. It's is like a max session up/down value in bgpd, after this value is reached, the process crash, I imagine this, because Cymru sessions go down/up every day. Sorry for my english. Thanks for any help.
Re: OpenBGPD bug??
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 05:28]: I found a possible OpenBGPD bug. you're petty much leaving out all relevant information. you don't mention which version you run, you don't show your config, and you don't show complete logs at time of failure. impossible to track down possible bugs like this. that said, chances are very good this is fixed in -current/4.1. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
OpenBGPd BUG in 3.9-beta 12/02/2006
Hi there,
seems I get a bug with openbgpd in 3.9-beta snapshot of 12/02/2006.
I get some configuration like this
group transit {
remote-as x
local-address xx.xx.xx.3
neighbor xx.xx.xx.1 {
descr transit-1
announce self
set localpref 220
}
neighbor xx.xx.xx.2 {
descr transit-2
announce self
set localpref 220
}
}
group remote-cores {
remote-as myas
local-address zzz.zzz.zzz.1
neighbor zzz.zzz.zzz.3 {
descr core-2
announce all
set localpref 210
}
neighbor zzz.zzz.zzz.2 {
descr core-1
announce all
set localpref 210
}
}
group IX-1 {
local-address aaa.aaa.aaa.50
announce self
set localpref 490
neighbor aaa.aaa.aaa.1 {
remote-as 1
}
}
group IX-2 {
local-address bbb.bbb.bbb.10
announce self
set localpref 500
neighbor bbb.bbb.bbb.2 {
remote-as 2
}
}
Now the bug trigger when I add a new peer in IX-1 or IX-2 group and
that I make bgpctl reload.
Uppon this reload *all* the peers get the localpref changed from 500
or 490 (depending of the group) to 100... and the fib is
modified ... :/
I have to manualy clear each session to get the correct localpref in
each peers...
This is IMHO not good...
/Xavier
Re: OpenBGPd BUG in 3.9-beta 12/02/2006
On Fri, Feb 24, 2006 at 06:37:00PM +0100, Xavier Beaudouin wrote:
Hi there,
seems I get a bug with openbgpd in 3.9-beta snapshot of 12/02/2006.
I get some configuration like this
group transit {
remote-as x
local-address xx.xx.xx.3
neighbor xx.xx.xx.1 {
descr transit-1
announce self
set localpref 220
}
neighbor xx.xx.xx.2 {
descr transit-2
announce self
set localpref 220
}
}
group remote-cores {
remote-as myas
local-address zzz.zzz.zzz.1
neighbor zzz.zzz.zzz.3 {
descr core-2
announce all
set localpref 210
}
neighbor zzz.zzz.zzz.2 {
descr core-1
announce all
set localpref 210
}
}
group IX-1 {
local-address aaa.aaa.aaa.50
announce self
set localpref 490
neighbor aaa.aaa.aaa.1 {
remote-as 1
}
}
group IX-2 {
local-address bbb.bbb.bbb.10
announce self
set localpref 500
neighbor bbb.bbb.bbb.2 {
remote-as 2
}
}
Now the bug trigger when I add a new peer in IX-1 or IX-2 group and
that I make bgpctl reload.
Uppon this reload *all* the peers get the localpref changed from 500
or 490 (depending of the group) to 100... and the fib is
modified ... :/
I have to manualy clear each session to get the correct localpref in
each peers...
This is IMHO not good...
I tried it out and can not reproduce it. I have a config with three
groups. I added set localpref 500 to one of the groups and removed other
set statements from the included neighbors. Started bgpd then I added a
new peer to that group and reloaded. This did not change any localpref.
Please send me your full config (in private mail) as I think it may be a
problem in the way the set localpref statements are converted into
filter rules.
--
:wq Claudio
