OpenBGPD bug ?
Hi, Since I did update OpenBGPd (complete system update today), I did notice a strange behavior: None of my eBGP sessions are being taken up wether IPv4 or IPv6 Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1 (he-ipv6-bgp-peer): received notification: error in OPEN message, AS unacceptable Tcpdump output: 22:05:53.890039 bgpgw-002.lncsa.com.29176 interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP (OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH, CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1] 22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP (NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos 0xc0] [ttl 1] The setup consists of two OpenBSD boxes (one running current from last month, and the other one current from today). To have it running again I have to copy the old (running on last month's current machine) bgpd bgpctl binaries to the new system and kill both instances of bgpd Any clue ? Thanks
Re: OpenBGPD bug ?
On Mon, Jan 04, 2010 at 10:11:00PM +0100, Laurent CARON wrote: Hi, Since I did update OpenBGPd (complete system update today), I did notice a strange behavior: None of my eBGP sessions are being taken up wether IPv4 or IPv6 Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1 (he-ipv6-bgp-peer): received notification: error in OPEN message, AS unacceptable Tcpdump output: 22:05:53.890039 bgpgw-002.lncsa.com.29176 interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP (OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH, CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1] 22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP (NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos 0xc0] [ttl 1] The setup consists of two OpenBSD boxes (one running current from last month, and the other one current from today). To have it running again I have to copy the old (running on last month's current machine) bgpd bgpctl binaries to the new system and kill both instances of bgpd Any clue ? Yes, please send me the config (bgpd -nvv output is OK) For some reasons your AS number is not set in the open. -- :wq Claudio
Re: OpenBGPD bug ?
On Tue, Jan 05, 2010 at 12:04:10AM +0100, Claudio Jeker wrote: On Mon, Jan 04, 2010 at 10:11:00PM +0100, Laurent CARON wrote: Hi, Since I did update OpenBGPd (complete system update today), I did notice a strange behavior: None of my eBGP sessions are being taken up wether IPv4 or IPv6 Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1 (he-ipv6-bgp-peer): received notification: error in OPEN message, AS unacceptable Tcpdump output: 22:05:53.890039 bgpgw-002.lncsa.com.29176 interco-bgp-nerim.lncsa.com.bgp: P 1:46(45) ack 1 win 65535: BGP (OPEN: Version 4, AS #0, Holdtime 30, ID bgpgw-002.lncsa.com, Option length 16 ((CAP MULTI_PROTOCOL [IPv4 Unicast], CAP ROUTE_REFRESH, CAP AS4 #49463))) (DF) [tos 0xc0] [ttl 1] 22:05:53.937168 interco-bgp-nerim.lncsa.com.bgp bgpgw-002.lncsa.com.29176: P 1:24(23) ack 46 win 16339: BGP (NOTIFICATION: error OPEN Message Error, subcode Bad Peer AS) [tos 0xc0] [ttl 1] The setup consists of two OpenBSD boxes (one running current from last month, and the other one current from today). To have it running again I have to copy the old (running on last month's current machine) bgpd bgpctl binaries to the new system and kill both instances of bgpd Any clue ? Yes, please send me the config (bgpd -nvv output is OK) For some reasons your AS number is not set in the open. OK, I see a problem here. The session engine does not copy the bgpd_conf struct but instead does it bit by bit missing some important ones. This diff should fix the problem for now. It would be better to swap the config but that is a bit more complex. Need to look into that in the morning. -- :wq Claudio Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.279 diff -u -p -r1.279 rde.c --- rde.c 31 Dec 2009 15:34:02 - 1.279 +++ rde.c 4 Jan 2010 23:29:45 - @@ -619,6 +619,9 @@ rde_dispatch_imsg_parent(struct imsgbuf nconf-flags = ~BGPD_FLAG_NO_EVALUATE; } memcpy(conf, nconf, sizeof(struct bgpd_config)); + conf-listen_addrs = NULL; + conf-csock = NULL; + conf-rcsock = NULL; free(nconf); nconf = NULL; parent_set = NULL; Index: session.c === RCS file: /cvs/src/usr.sbin/bgpd/session.c,v retrieving revision 1.303 diff -u -p -r1.303 session.c --- session.c 31 Dec 2009 15:34:02 - 1.303 +++ session.c 4 Jan 2010 23:31:19 - @@ -2360,10 +2360,16 @@ session_dispatch_imsg(struct imsgbuf *ib fatalx(reconf request not from parent); if (nconf == NULL) fatalx(got IMSG_RECONF_DONE but no config); + conf-flags = nconf-flags; + conf-log = nconf-log; + conf-rtableid = nconf-rtableid; + conf-bgpid = nconf-bgpid; + conf-clusterid = nconf-clusterid; conf-as = nconf-as; + conf-short_as = nconf-short_as; conf-holdtime = nconf-holdtime; - conf-bgpid = nconf-bgpid; conf-min_holdtime = nconf-min_holdtime; + conf-connectretry = nconf-connectretry; /* add new peers */ for (p = npeers; p != NULL; p = next) {
Re: OpenBGPD bug ?
On 05/01/2010 00:36, Claudio Jeker wrote: OK, I see a problem here. The session engine does not copy the bgpd_conf struct but instead does it bit by bit missing some important ones. This diff should fix the problem for now. It would be better to swap the config but that is a bit more complex. Need to look into that in the morning. The patch did solve the problem I was encountering with latest CVS bgpd. Feel free to ask for some tests since I do have a redundant setup, it is easier to test stuffs. Thanks
Re: OpenBGPD bug??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: group peering AS { remote-as neighbor $principal { descr Link Principal announce all local-address $mypeer1 depend on carp1 set metric 1 set localpref 200 } neighbor $backup { descr Link BKP announce all local-address $mypeer2 depend on carp2 set metric 10 set localpref 100 } } group peering bogon { remote-as 65333 neighbor $peer_bogon1 { descr Peering Bogon 1 local-address $my_bogon depend on carp0 multihop 64 announce none max-prefix 1000 tcp md5sig password X } neighbor $peer_bogon2 { descr Peering Bogon 2 local-address $my_bogon depend on carp0 multihop 64 announce none max-prefix 1000 tcp md5sig password } } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any prefixlen 8 - 24 match to $principal set community :200 match to $backup set community :100 #BOGON allow from any community 65333:888 set pftable bogons allow from any community 65333:888 set nexthop blackhole # do not accept a default route deny from any prefix 0.0.0.0/0 # filter bogus networks deny from any prefix 10.0.0.0/8 prefixlen = 8 deny from any prefix 172.16.0.0/12 prefixlen = 12 deny from any prefix 192.168.0.0/16 prefixlen = 16 deny from any prefix 169.254.0.0/16 prefixlen = 16 deny from any prefix 192.0.2.0/24 prefixlen = 24 deny from any prefix 224.0.0.0/4 prefixlen = 4 deny from any prefix 240.0.0.0/4 prefixlen = 4 The only relevant messages in the log before the crash is: Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change Active - OpenSent, reason: Connection opened Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenSent - OpenConfirm, reason: OPEN message received Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenConfirm - Established, reason: KEEPALIVE message received Feb 25 21:53:28 my_router bgpd[3075]: fatal in RDE: rde_dispatch_imsg_parent: pipe closed Feb 25 21:53:28 my_router bgpd[8131]: fatal in SE: session_dispatch_imsg: pipe closed: Connection refused But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 []'s Nadal Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem por serem experientes +---+ | Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE | |Coordenador Tecnico| | Fone: + 55 41 3331 8200 | | FAX: + 55 41 3331 8256 | | OndaRPC | | www.ondarpc.com.br | |Registered Linux User: 56841 | | PGP KEY: www.keyserver.net KEY ID 6ABB668D| +---+ Henning Brauer escreveu: * Anderson Nadal [EMAIL PROTECTED] [2007-02-26 05:28]: I found a possible OpenBGPD bug. you're petty much leaving out all relevant information. you don't mention which version you run, you don't show your config, and you don't show complete logs at time of failure. impossible to track down possible bugs like this. that said, chances are very good this is fixed in -current/4.1. Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF4x9kLQAusHT90XQRAru6AKC4vsg8pCcBi/ZIj+8g2QXBKu17AQCfZpsu H6fXMN/4UzQmG1gM0EWnYvc= =J3k7 -END PGP SIGNATURE-
Re: OpenBGPD bug??
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBGPD bug??
Ok, i will try a upgrade to 4.0 or 4.1 I know about logging update enabled, i just told you. :) Thanks for your help. []'s Nadal Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem por serem experientes +---+ | Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE | |Coordenador Tecnico| | Fone: + 55 41 3331 8200 | | FAX: + 55 41 3331 8256 | | OndaRPC | | www.ondarpc.com.br | |Registered Linux User: 56841 | | PGP KEY: www.keyserver.net KEY ID 6ABB668D| +---+ Henning Brauer escreveu: * Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for
OpenBGPD bug??
Hy all. I found a possible OpenBGPD bug. I have a bgp session with Cymru to receive a bogon network using bgp. I have others sessions with my local carrier to. Sometimes, the Cymru sessions go down, after some seconds the session is established. Wheel, after some sessions up and down, the bgpd process crash. Look the log: Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change Active - OpenSent, reason: Connection opened Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenSent - OpenConfirm, reason: OPEN message received Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon 1): state change OpenConfirm - Established, reason: KEEPALIVE message received Feb 25 21:53:28 my_router bgpd[3075]: fatal in RDE: rde_dispatch_imsg_parent: pipe closed Feb 25 21:53:28 my_router bgpd[8131]: fatal in SE: session_dispatch_imsg: pipe closed: Connection refused After this, my entire network is down, because there is no more bgp routing. It's is like a max session up/down value in bgpd, after this value is reached, the process crash, I imagine this, because Cymru sessions go down/up every day. Sorry for my english. Thanks for any help.
Re: OpenBGPD bug??
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 05:28]: I found a possible OpenBGPD bug. you're petty much leaving out all relevant information. you don't mention which version you run, you don't show your config, and you don't show complete logs at time of failure. impossible to track down possible bugs like this. that said, chances are very good this is fixed in -current/4.1. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
OpenBGPd BUG in 3.9-beta 12/02/2006
Hi there, seems I get a bug with openbgpd in 3.9-beta snapshot of 12/02/2006. I get some configuration like this group transit { remote-as x local-address xx.xx.xx.3 neighbor xx.xx.xx.1 { descr transit-1 announce self set localpref 220 } neighbor xx.xx.xx.2 { descr transit-2 announce self set localpref 220 } } group remote-cores { remote-as myas local-address zzz.zzz.zzz.1 neighbor zzz.zzz.zzz.3 { descr core-2 announce all set localpref 210 } neighbor zzz.zzz.zzz.2 { descr core-1 announce all set localpref 210 } } group IX-1 { local-address aaa.aaa.aaa.50 announce self set localpref 490 neighbor aaa.aaa.aaa.1 { remote-as 1 } } group IX-2 { local-address bbb.bbb.bbb.10 announce self set localpref 500 neighbor bbb.bbb.bbb.2 { remote-as 2 } } Now the bug trigger when I add a new peer in IX-1 or IX-2 group and that I make bgpctl reload. Uppon this reload *all* the peers get the localpref changed from 500 or 490 (depending of the group) to 100... and the fib is modified ... :/ I have to manualy clear each session to get the correct localpref in each peers... This is IMHO not good... /Xavier
Re: OpenBGPd BUG in 3.9-beta 12/02/2006
On Fri, Feb 24, 2006 at 06:37:00PM +0100, Xavier Beaudouin wrote: Hi there, seems I get a bug with openbgpd in 3.9-beta snapshot of 12/02/2006. I get some configuration like this group transit { remote-as x local-address xx.xx.xx.3 neighbor xx.xx.xx.1 { descr transit-1 announce self set localpref 220 } neighbor xx.xx.xx.2 { descr transit-2 announce self set localpref 220 } } group remote-cores { remote-as myas local-address zzz.zzz.zzz.1 neighbor zzz.zzz.zzz.3 { descr core-2 announce all set localpref 210 } neighbor zzz.zzz.zzz.2 { descr core-1 announce all set localpref 210 } } group IX-1 { local-address aaa.aaa.aaa.50 announce self set localpref 490 neighbor aaa.aaa.aaa.1 { remote-as 1 } } group IX-2 { local-address bbb.bbb.bbb.10 announce self set localpref 500 neighbor bbb.bbb.bbb.2 { remote-as 2 } } Now the bug trigger when I add a new peer in IX-1 or IX-2 group and that I make bgpctl reload. Uppon this reload *all* the peers get the localpref changed from 500 or 490 (depending of the group) to 100... and the fib is modified ... :/ I have to manualy clear each session to get the correct localpref in each peers... This is IMHO not good... I tried it out and can not reproduce it. I have a config with three groups. I added set localpref 500 to one of the groups and removed other set statements from the included neighbors. Started bgpd then I added a new peer to that group and reloaded. This did not change any localpref. Please send me your full config (in private mail) as I think it may be a problem in the way the set localpref statements are converted into filter rules. -- :wq Claudio