Re: Testing release
On Fri, Nov 07, 2014 at 11:06:46AM +0100, Gustavo Ponza wrote: : On the 'ppp' type link from my linux machine to a Mikrotik router there are only HELLO signal from both sides and no exchange of routes, as shown below. Which one in the dump is BIRD and which is Mikrotik? The BIRD router ID is 10.58.2.10 in 'bird.conf' and the Mikrotik local address is 10.58.2.3, being the LAN 10.58.2.2/28 With the old BIRD the link to Mikrotik was established? This is the first time I install a PPTP Server (version pptpd-1.4.0) on the linux machine and use the Mikrotik as a Client, so no other experience. This seems that Mikrotik uses 'broadcast' mode for the ppp1, while BIRD uses 'ptp' mode. Try to configure Mikrotik to use ptp mode. And for some reason it ignores the Hellos from BIRD, perhaps it is because of different modes. You could also check whether ppp counterpart on Mikrotik uses reverse addresses (10.58.2.3 and ptp 44.208.58.1) than ppp1 on Linux. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: How to export address from loopback via BGP
On Tue, Nov 11, 2014 at 03:54:59PM +0400, Eugene Prokopiev wrote:
Hi,
How to export address 1.1.1.1/32 from lo interface via BGP? I tried to do:
router id 2.2.2.2;
protocol kernel {
}
protocol static {
route 1.1.1.1/32 via lo;
}
protocol bgp {
local as 65000;
neighbor 2.2.2.1 as 65000;
export filter { accept; };
}
but there are no any prefixes on neighbor 2.2.2.1 :(
Hi
You are missing 'protocol device', which is necessary for other protocols
to find network devices.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
Re: RTD_BLACKHOLE overridden by matching route.
On Fri, Nov 28, 2014 at 06:44:31PM -0600, Thomas Johnson wrote: I am having some difficulty blackholing a route. The route in question is received from a multihop BGP session (emulating cymru), and I am setting the dest attribute to RTD_BLACKHOLE. However, if the same route is received via another BGP session, the blackhole is overriden, as shown here: The relevant parts of my test configuration are below. Is there some trick to making the blackhole absolute? See this: http://bird.network.cz/pipermail/bird-users/2014-April/004282.html Simple workaround is to set higher preference (like: preference = 200) for blackhole routes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: QNX port of Bird 1.4.5, corrupt linked lists?
On Thu, Dec 11, 2014 at 06:48:10AM +, Pendzik, Edward wrote: Thu Dec 11 01:46:41 EST 2014 Hello. I am working on porting bird 1.4.5 to QNX SP1 (QNX OS service pack 1). QNX is actually close to BSD and there have been very few changes to the code. I have bird built but I get a core dump on initialization. I was hoping that someone could give me some specific ideas on exactly where to look while debugging. I have many years of writing and debugging Linux and Solaris drivers and networking code, but I am not yet familiar with the bird internal data structures. ... confopts=\ --sysconfdir=$btop \ --localstatedir=$btop \ --prefix=$btop \ CC=$HOME/qccbird \ CFLAGS=-V4.4.2,gcc_ntoarmle \ Hello What is the compiler, GCC? If your CFLAGS override options override the default ones, you should keep -fno-strict-aliasing and -fno-strict-overflow as we have some problems with aggresive GCC optimizations in list functions. Or you could try to compile it with disabled optimizations. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: again erroneous Netlink: File exists ?
On Mon, Dec 15, 2014 at 10:51:51AM +0100, dani...@retaggio.net wrote: Il 15.12.2014 10:02 Ondrej Zajicek ha scritto: What you get from these commands: ip r l 192.167.163.224/29 birdc show route all 192.167.163.224/29 root@weyoun:~# ip r l 192.167.163.224/29 192.167.163.224/29 dev eth0 proto kernel scope link src 192.167.163.230 root@weyoun:~# root@weyoun:~# birdc show route all 192.167.163.224/29 BIRD 1.4.5 ready. 192.167.163.224/29 dev eth0 [direct1 17:05:44] ! (240) Type: device unicast univ You are exporting device routes from Direct protocol to the kernel, where device routes are already installed by OS itself. Suggested solution is to completely remove Direct protocol, preferred way to export local prefixes to OSPF is to use stub interfaces in OSPF. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP Link Bandwidth Extended Community?
On Mon, Jan 12, 2015 at 09:30:43AM -0800, dave seddon wrote: Greetings, Thanks Ondrej! With the help from a little IEEE754 converter, it works! From an operational perspective, what's the best way make changes to these Bandwidth values without restarting the BGP sessions? I'd like to be able to make changes, and then push a new update message, like doing a 'clear ip bgp x.x.x.x soft clear out'. I've tried just updating the configurations file and then restarting the reloading the protocol, but that doesn't do it. Just update the configuration and run 'configure' (as with other configuration changes). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Is it good practice to use same router id for bird and bird6 ?
On Thu, Mar 19, 2015 at 09:35:42AM +0100, olivier a wrote: Hi ! Is it good practice to use same router id for bird and bird6 ? I'm wondering if there are some drawbacks or pitfalls ? Hi I see no reason why not to use the same router id. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: OSPF anycast prefix being filtered
On Wed, Apr 01, 2015 at 05:01:01PM +0200, Patrik Lundin wrote: The reason I was trying to avoid the direct protocol is because of this description in the docs (http://bird.network.cz/?get_docf=bird-6.html#ss6.4): === The question is whether it is a good idea to have such device routes in BIRD routing table. OS kernel usually handles device routes for directly connected networks by itself so we don't need (and don't want) to export these routes to the kernel protocol. OSPF protocol creates device routes for its interfaces itself and BGP protocol is usually used for exporting aggregate routes. === I specifically noticed that OSPF is supposed to create routes for its own interfaces. Yes it is supposed to do that. Although handling of 'lo' is kind of special case and in some circumstances does not work as expected. In that case it is often useful to try dummy interface instead of lo interface. It turns out the filtered out messages were not relevant to my problem. The issue was caused by a OSPF network type mismatch. While I was using the BIRD default of point-to-point, the upstream router was configured for broadcast. After the upstream router was changed to use a point-to-point network type everything started to work. It would be nice to know what the meaning of the filtered out lines are, but they do not seem to affect the route announcement. 'filtered out' lines are related to 'import none', e.g. routes were not imported from OSPF to master routing table. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: OSPF type broadcast over GRE for NRHP
On Mon, Mar 02, 2015 at 03:49:48PM -0500, Clint Armstrong wrote: I am trying to use BIRD to run OSPF inside a Phase 3 DMVPN using OpenNHRP. The problem I'm seeing is that it appears to be impossible to force type broadcast on a GRE interface. When I try, the message Cannot use interface gre1 as broadcast, forcing nbma is logged. This may normally make sense, but the OpenNHRP daemon captures multicast traffic on it's interface and forwards it appropriately. A configuration parameter to bypass this protection and allow broadcast on a GRE interface would be very helpful. Hi Kernel reports whether the interface supports multicast and BIRD checks it to see whether it can use modes using multicast on that iface (OSPF 'broadcast' mode in reality uses multicast). You could disable the check by commenting out these lines in proto/ospf/iface.c: if ((ifa-type == OSPF_IT_BCAST) !(iface-flags if_multi_flag)) ifa-type = OSPF_IT_NBMA; But perhaps the simpler way is to fix the value reported by kernel: ip link set greXXX multicast on After that, BIRD accepts the interface as multicast and OSPF broadcast mode can be used. ip a a: 5: gre_x@NONE: POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP mtu 1476 qdisc noqueue state UNKNOWN group default birdc show interfaces: gre_x up (index=5) PtP Multicast AdminUp LinkUp MTU=1476 I don't know about DMVPN / OpenNHRP, but for regular PtP GRE (and other) tunnels it works without problems (packets are just send to the other side). Linux kernel should report multicast flag for PtP GRE tunnels, not reporting it is IMHO a long-term bug in Linux kernel. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: password for BGP in clear-text in bird.conf file?
On Thu, Apr 23, 2015 at 10:05:21AM -0700, Christopher Jay Manders wrote: Hi, I am not sure if this has been brought up before, but it is very sad that the password for BGP AUTH is in clear-text. Is there anything in progress to rectify or discussion about this? Hi There is not much to discuss. Because the way how it is used, the password must be in clear-text-recoverable form. The bird.conf could be protected by unix access rights if necessary. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: bird6 1.4.5 OSPFv3 LSA checksum failures
On Sat, Apr 25, 2015 at 08:54:13PM +0100, Chris Boot wrote: The problem happens because BIRD doesn’t verify the checksum by running Fletcher against the received packet and testing for zero; rather it: - sets the checksum in the packet to 0 - runs the checksum calculation on the LSA data - updates the checksum in the packet (and comes up with a different result) - complains when the result is not the same as what was in the packet I believe the correct way to verify the checksum would be to run the algorithm against the unchanged packet (with the checksum intact) and verify that the result is zero. Would a patch that changes this behaviour be welcome? I’ve written something up against the current git master, but haven’t yet tested it. Hello You are most likley right. As i understand it, these checksums are modulo 255; therefore, in some cases they are not unique. Therefore simple computing new value and comparing it with received does not work. A patch would be definitely welcome. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Where can I find documentation on birdc?
On Mon, Apr 20, 2015 at 03:42:38PM +, Pendzik, Edward wrote: Great, Thank You :-) *Still* looking for: Specifically, exactly what do all the fields mean in the output of birdc show route all ? Well, it is likely that the output of these commands is not explicitly documented as it is mostly considered self-explaining. Although it is true that some more documentation would be sometimes useful. for example, what does the '*' or 'I' mean? '*' is active route, 'I' for OSPF is intra-area route (vs. IA for inter-area and E1, E2 for external routes). what is type: inherit? Strange name for routes imported from kernel protocol. (150/10) is preference/metric? Yes -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Information about Preferred route
On Fri, Apr 17, 2015 at 05:16:55PM +0200, Alexandre Corso wrote: Hello, I was looking into BIRD 1.4.5. I have one BGP session established but I don’t understand all the argument, especially about preferred route? Hi 'Preferred' counts how many routes imported from the protocol are preferred/active for their networks. It is counted per routing table, therefore if you import just one route and propagate it using pipes to hundred routing tables, you would have hundred in 'preferred' counter. L8 Routes: 1 imported, 21745 exported, 263 preferred Can you help me about the line L8 : My peer import 1 route More precisely you imported 1 route from your peer I export 21745 routes I don’t know about preferred -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: [PATCH 1/1] Correct OSPF checksum validation
On Sun, Apr 26, 2015 at 05:10:11PM +0100, Chris Boot wrote: Prior to this patch, BIRD validates the OSPF LSA checksum by calculating a new checksum and comparing it with the checksum in the header. Due to the specifics of the Fletcher checksum used in OSPF, this is not necessarily correct as the checkbytes in the header may be calculated via a different means and end up with a different value that is nonetheless still correct. The documented means of validating the checksum as specified in RFC 905 B.4 is to calculate c0 and c1 from the unchanged contents of the packet, which must result in a zero value to be considered valid. Signed-off-by: Chris Boot bo...@bootc.net Thanks, merged. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: OSPF state inconsistency
On Mon, May 04, 2015 at 10:04:53AM +0200, Przemyslaw Frasunek wrote:
Dear all,
we are using BIRD 1.4.5 with OSPF on PPPoE access servers running FreeBSD 9.3
and mpd 5.7. In order to achieve fail-over, each access server is listening on
the same VLANs. The user connects to access server which first responds with
PPPoE PADO.
Some of our subscribers need additional IPv4 prefix, which is routed via
address
assigned from pool. Such route is added by mpd on connect and deleted on
disconnect or LCP timeout.
Unfortunately, we are experiencing OSPF state inconsistency between access
servers, when user quickly disconnects from one node and connects to another.
This is such example, which caused routing loop:
...
Any ideas, how to fix it?
Hi
First, try switching to version 1.5.0 . There were several problems in
earlier versions esp. when external routes were swiftly originated and
withdrawn.
protocol direct {
import filter {
accept;
};
};
You probably do not need direct protocol.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
Re: key/value structure
On Fri, May 08, 2015 at 11:35:33PM +0200, Pavlos Parissis wrote:
Hi,
For each ip_prefix I advertize I need to add a BGP community in the form
of (ASN,RouterID).
I have the following mapping between IPs and RouterIDs
ip_prefix, RouterID
10.10.10.1, 1
10.10.10.2, 2
10.10.10.3, 3
10.10.10.4, 1
10.10.10.5, 2
10.10.10.6, 3
.
So, inside a function I need to express the following
lookup_community_router_id() {
return some_kind_of_dict_structure(net.ip)
}
and the use it in a filter/function
filter {
bgp.community((, lookup_community_router_id(net)));
accept;
}
Is this possible?
Hi
Surprisingly, it is possible - you could use big case expression which
returns appropriate value. As case uses the same implementation as sets,
it will be fairly efficient:
function lookup(ip val)
{
case val {
10.10.10.1: return 1;
10.10.10.2: return 2;
...
}
return 0;
}
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
Re: bird1.5.0 and MyOSPF: Bad packet from 192.168.0.XX via eth0 - my own router ID (0)
On Mon, May 18, 2015 at 01:19:16PM +0200, Arkadiusz Miśkiewicz wrote: On various machines with OSPF bird 1.5.0 reports bad packets. It doesn't get its own ID right? It should. The '(0)' in the log message means nothing. Perhaps the other machines also use 192.168.0.164? Could you check it with tcpdump? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Modifying function called in filter does not take effect
On Sat, Mar 21, 2015 at 10:25:46AM -0700, Eric Cables wrote: I'm hoping someone can tell me whether this behavior is expected or not. I am using BIRD as a RR, and running into a behavior where modifying a policy, within a function called by a filter, requires a hard BGP session reset or stop/start of BIRD, rather than a 'configure soft.' Route Refresh is supported by the RR client. I am using a unique filter for each RR client; each filter calls a function that is shared amongst all filters -- basically matching routes that all RR clients should receive. This was first instantiated with a single BGP community match in the function, and a 'configure soft' worked fine. I then went back and added a second if statement to the function, expecting 'configure soft' to put the new policy into effect, but what I noticed is that the only way for RR clients to receive the newly accepted routes was to hard down/up the BGP session. That is because you used 'configure soft' and not just 'configure'. There is also 'reload' command that should help instead of restaring the session. If 'configure soft' is used, filters are changed but only new updates are affected, you have to manually call 'reload' or 'restart'. If 'configure' is used, protocols are reloaded (or restarted, if reload / route refresh is not available) as necessary. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird4 ospf not learning/distributing p2p links routes
On Tue, May 26, 2015 at 12:05:35PM +0200, daniele wrote: Hi all, Is it normal that routes flagged as H, ie. /32 routes in p2p links in linux routing table, are not learnt and distributed by ospf? In my ospf area I need all the routers to know about the different p2p endpoint addresses which are not distributed by ospf in bird4. The only networks that are distributed are non-p2p subnets. Currently the only way to make this happen is to manually set some /32 static routes.. not really flexible. Hi Non-stub ptp addresses are not propagated by design based on assumption that in many cases you either don't want them to be propagated or are propagated anyways as 'loopback' /32 addresses. And it is generally easier to add stub address when necessary than remove them when unwanted. But i admit that this is counterintuitive and sometimes impractical and we should have some configurable option to handle it, with default to distribute them. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: OSPFv3 and stub interfaces without lladdr
On Mon, Jun 01, 2015 at 10:39:39PM +0200, Christian Tacke wrote: Hi, On Sun, May 31, 2015 at 01:34:46 +0200, Hans van Kranenburg wrote: In favor of intuitive behaviour for users, I'd vote to have bird6 just happily treat stub without ipv6 link local the same way as it does with IPv4 on stub interfaces. So addresses on the lo in linux, and e.g. also the openvpn example (which I fixed in the same way, putting some fe80 on the link to satisfy bird) would work out of the box as stub. We (Hans, _robbat2 and me) looked further into this, especially we started to look into the sources. We learned, that the current situation is not as easy as one might hope. As this looks like a bigger rewrite, we need to understand the current behaviour. Hi There are several implementation issues related to OSPF interfaces and addresses: First, BIRD generally handle interfaces without any IP address as down regardless of their admin status. This helps in some cases (like when 802.1x negotiation should happen before using the iface) but it is limitation in cases when unnumbered interfaces should be used. Alhough this is not an issue for you as you want to use stub interfaces with global addresses, but it is is related problem. Second, OSPFv2 and OSPFv3 share most code and because OSPFv2 has separate interface-instance per network prefix, it depends mainly on address- -notifications than on iface-notifications. The same design was carried over to OSPFv3, only waiting for regular addresses was replaced by waiting for link-local addresses. This also solves issues when link-local address appears later than iface or is changed. The idea seems be to have only one ospf-interface (show ospf interface) per real interface / lladdr. And the networks connected to that single ospf-interface. This is in contrast to ipv4, where one has one ospf-interface per each primary address on the interface. First note: If there are multiple lladdr on one real interface, multiple ospf-interfaces are created. We gussed, that the assumption was, that there is only one lladdr per interface. -- Is this assumption covered by any RFC? I doubt so. -- Is this behaviour intended, or is this a bug? Well this was supposed to be handled by 'secondary' flag for an address, but it seems like Linux IPv6 behavior is different than IPv4 behavior and does not use secondary flags (muliple addresses from the same network are attached to the iface) in IPv6. If we want to create (one or many) stub ospf-interface(s) for an interface without lladdr, the arising questions are: -- create one ospf-interface or many? -- If one, which address should be used for it? All of this gets more complex, when considering, that this has to be torn down and replaced by the classic stuff, if a lladdr gets added to the interface. Thoughts? Proper solution would be like: 1) Have separate ospf_if_notify() for OSPFv2 and OSPFv3 like it is already done for ospf_ifa_notify[23](). 2) Add/remove OSPFv3 ifaces per interface based on events in ospf_if_notify3(), not in ospf_ifa_notify3(). 3) If there is no link-local address, interface should be stub. If link-local address apprears/disappears, interface should be unstubbified/stubbified. 4) It is likely that there are code in OSPF assuming ospf_iface-addr is non-NULL, this should be fixed It is a question what should be done when old link-local address disappears but there is another one. I think that OSPFv3 uses mainly Router ID and not IP address to identify neighbors so the address could be changed withouth much disturbance to neighbors, but i would have to check that. If you want to make a patch doing this, i would be glad, otherwise i would look at this issue in the future. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP extented communities checks
On Thu, May 28, 2015 at 11:48:25AM +0200, Arnaud Fenioux wrote: Thank you for your answer, So, I’m surprised RO are not working for me! What do you mean by RO were not working for you? RO communities were set in routes but matching expressions return bad results? Could someone update the GitHub examples, as RT seams more logical, and works like expected? Perhaps i will fix this. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP multipath support
On Mon, Jun 08, 2015 at 12:36:07PM +0200, Gruber Gerold wrote: please allow me to add the pointer to the also wished noise suppression in OSPF, where a delay between appearance or disappearance of a route and it's propagation to the neighbours would also improve the stability of the landscape and lower the noise caused by flapping routes. (Cisco boxes behave this way, from our observations.) Hi This is AFAIK fixed in 1.5.0 - LSAs are originated at most once per MinLSInterval (5 s). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP multipath support
On Sun, Jun 07, 2015 at 11:23:03PM -0700, João Taveira Araújo wrote: I finally got round to running your latest dev version. One problem that sticks out is that every RIB change results in a FIB change. Not every change, only changes that may affect the resulting merged routes. It is true that we do not have reliable way to eliminate 'empty' FIB updates and therefore we err on the side of propagating unnecessary 'changes'. But that is not something new, BIRD has always such behavior. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP multipath support
On Fri, May 22, 2015 at 12:13:31PM +0200, Alexander Frolkin wrote: Hi Ondrej, I was wondering how hard it would be to add BGP multipath support to BIRD, or if anyone was working on it already? BGP multipath is one thing we are currently working on. That's great news! Do you know when it's likely to be available? Hi There is devel version of BGP multipath in our Git. Currently it allows to merge routes that have the same preference, bgp_local_pref, bgp_path length, bgp_origin, bgp_med (if relevant), ibgp/ebgp and igp_metric. As BGP multipath is non-standard, i wonder what kind of BGP multipath behavior is expected by users and which options are necessary. I will probably add some option to relax check for equal bgp_path length. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Enhanced Route Refresh Capability (rfc7313)
On Tue, Jun 23, 2015 at 01:47:41PM +0200, Arnaud Fenioux wrote: Hello, We updated one of our Route-server and noticed that a few number of our peers could not establish IPv6 sessions with us. The reason in the logs was Received: Required capability missing???. After some tcpdump and investigation we found that Enhanced Route Refresh Capability was newly advertised (as explained in the bird release notes). Sadly Juniper boxes do think that this capability is mandatory (only) in IPv6. Well, they should ignore it if they don't know/like it. The problem is specific to IPv6 sessions, IPv4 sessions works fine? Or perhaps the problem is triggered on both, but as a fallback, the capability negotiation was disabled on second try, which works for IPv4, but not for IPv6 (as multiprotocol cap. must be here)? We have disabled route refresh (enhanced and regular), as a work-around, for these peers. enable route refresh off; Would it be possible to only disable enhanced route refresh in the configuration file for a next release of bird? I considered such option for 1.5.0 but thought it would be unnecessary. I will probably reconsider that. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird 1.5.0: protocol 'direct' looses routes
On Tue, Jun 16, 2015 at 03:20:25PM +0300, Andrew wrote:
Thanks for the example, it is very descriptive. The problem here is that
'direct' protocol is a stateless translation of address announcements to
route announcements, but routing tables do not consider interface as part
of route key, therefore only one route for a prefix is remembered and
I will write a patch for this.
Yes, it'll be great.
You could try attached patch
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
diff --git a/nest/rt-dev.c b/nest/rt-dev.c
index 87ffc5e..f6bc143 100644
--- a/nest/rt-dev.c
+++ b/nest/rt-dev.c
@@ -51,7 +51,10 @@ dev_ifa_notify(struct proto *p, unsigned c, struct ifa *ad)
DBG(dev_if_notify: device shutdown: prefix not found\n);
return;
}
- rte_update(p, n, NULL);
+
+ /* Use iface ID as local source ID */
+ struct rte_src *src = rt_get_source(p, ad-iface-index);
+ rte_update2(p-main_ahook, n, NULL, src);
}
else if (c IF_CHANGE_UP)
{
@@ -61,8 +64,11 @@ dev_ifa_notify(struct proto *p, unsigned c, struct ifa *ad)
DBG(dev_if_notify: %s:%I going up\n, ad-iface-name, ad-ip);
+ /* Use iface ID as local source ID */
+ struct rte_src *src = rt_get_source(p, ad-iface-index);
+
rta a0 = {
- .src = p-main_source,
+ .src = src,
.source = RTS_DEVICE,
.scope = SCOPE_UNIVERSE,
.cast = RTC_UNICAST,
@@ -75,7 +81,7 @@ dev_ifa_notify(struct proto *p, unsigned c, struct ifa *ad)
e = rte_get_temp(a);
e-net = n;
e-pflags = 0;
- rte_update(p, n, e);
+ rte_update2(p-main_ahook, n, e, src);
}
}
signature.asc
Description: Digital signature
Re: Bird 1.5.0: protocol 'direct' looses routes
On Wed, Jun 17, 2015 at 01:25:28PM +0300, Andrew wrote: 17.06.2015 13:09, Ondrej Zajicek пишет: On Tue, Jun 16, 2015 at 11:11:22PM +0300, Andrew wrote: Also, with 1.5.0 I have long OSPF initialization (near 2 minutes - 1.4.5 and quagga starts much faster). I have OSPF debug log; should I attach it to mail (does mailing list supports attaches), or should I send it to your personal mail? The mailing list accepts attachments, you could send logs there. Also it would be useful to attach your OSPF configuration. Or you could send it directly to my personal mail, if you want. In 1.5.0 there are changes in OSPF initialization, it is much faster in my test setup but it is possible that there might be some issues in some border cases. Unfortunately, OSPF initialization is just loosely specified by RFC 2328 and there are plenty of unspecified details. I wonder if others have some negative or positive experience with OSPF initialization (neighbor establishment) in 1.5.0 compared to previous versions. Ok, log is in attach. Relevant neihgbors are 10.255.192.101 and 10.255.192.102, while the local router ID is 10.255.0.21? What OSPF implementation is used by these neighbors? How long it took for BIRD 1.4.5 and Quagga? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird 1.5.0: protocol 'direct' looses routes
On Thu, Jun 18, 2015 at 11:25:13AM +0300, Andrew wrote: What OSPF implementation is used by these neighbors? How long it took for BIRD 1.4.5 and Quagga? These neighbors work with quagga 0.99.22. BIRD 1.4.5 starts much faster (currently I haven't possibility to check it - test box isn't near me and it's down); quagga on neighbor xxx.xxx.202.4 (IP 192.168.255.91) starts in some seconds (it's old 0.99.9) Well, it is likely a minor compatibility problem between Quagga and BIRD. During the loading phase one side sends LSREQ packets and the other side answers with LSUPD packets. As LSREQ has larger cappacity, one LSREQ packet should be answered by more (~3) LSUPD packets. BIRD waits for all these LSUPD packets before sending another LSREQ, but in this case Quagga is sending just one or two LSUPD, therefore BIRD does not answer with next LSREQ immediately but after a timeout. Old behavior was bit more aggresive, BIRD sends next LSREQ immediately after the first LSUPD, which may lead to a request storm where one LSA was requested and transmitted multiple times (because remaining LSUPD packets are still pending and would also lead to LSREQ). I would discuss this issue with Quagga devs. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird 1.5.0: protocol 'direct' looses routes
On Tue, Jun 16, 2015 at 11:11:22PM +0300, Andrew wrote: Also, with 1.5.0 I have long OSPF initialization (near 2 minutes - 1.4.5 and quagga starts much faster). I have OSPF debug log; should I attach it to mail (does mailing list supports attaches), or should I send it to your personal mail? The mailing list accepts attachments, you could send logs there. Also it would be useful to attach your OSPF configuration. Or you could send it directly to my personal mail, if you want. In 1.5.0 there are changes in OSPF initialization, it is much faster in my test setup but it is possible that there might be some issues in some border cases. Unfortunately, OSPF initialization is just loosely specified by RFC 2328 and there are plenty of unspecified details. I wonder if others have some negative or positive experience with OSPF initialization (neighbor establishment) in 1.5.0 compared to previous versions. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird 1.5.0: protocol 'direct' looses routes
On Tue, Jun 16, 2015 at 01:39:24PM +0300, Andrew wrote: 13.06.2015 10:43, Andrew пишет: Hi all. I'm testing bird 1.5.0 on PPPoE BRAS, and today noticed that sometimes it looses routes. For ex., today it looses near 5 networks of 103 total (before restart - it has 98 routes, after - 103) Possibly this may be related with tunnel session hangup - when user reconnects with same IP and then old session is dropped, bird may loose this route while route is present in system. But I'm not sure about this. Trouble is confirmed on test machine. Testing result: Hi Thanks for the example, it is very descriptive. The problem here is that 'direct' protocol is a stateless translation of address announcements to route announcements, but routing tables do not consider interface as part of route key, therefore only one route for a prefix is remembered and later removed. We could fix that in a similar way how BGP add path is implemented - using separate route source per iface id. In that case, if you have the same network on more interfaces, direct protocol will generate multiple routes which will compete for being the best route. I will write a patch for this. BTW, the protocol 'loses' not 'looses' routes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP multipath support
On Fri, May 22, 2015 at 12:13:31PM +0200, Alexander Frolkin wrote: Hi Ondrej, I was wondering how hard it would be to add BGP multipath support to BIRD, or if anyone was working on it already? BGP multipath is one thing we are currently working on. That's great news! Do you know when it's likely to be available? I guess we will have working dev version within a week. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Bird 1.4.5 add-path crash
On Wed, Jul 01, 2015 at 09:21:12AM +0200, Martin Pels wrote: Hi Ondrej, On Tue, 30 Jun 2015 19:56:58 +0200 Ondrej Zajicek santi...@crfreenet.org wrote: On Tue, Jun 30, 2015 at 05:24:20PM +0200, Martin Pels wrote: Hello, I'm seeing Bird 1.4.5 crash with a segmentation fault when receiving routes from a peer with add-path enabled. Hello There is one known bug in add-path in BIRD 1.4.5 that is already fixed in 1.5.0, could you try 1.5.0? With 1.5.0 the session does not establish: bird: Started bird: bgp1: Received: Required capability missing Could you try it with disabled route refresh: in bgp block: enable route refresh off; ? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: bgp export not active route
On Thu, Jun 25, 2015 at 11:37:19AM +0200, steck.bsd wrote: Hello is it possible export in bgp a route non active ? I receive the same network from more neighbor and only one is active. I would like export to another neighbor those not active for my bird router. There is 'secondary' option for BGP, which will allow you to export for each network the first route that passes through the export filter. Or you could use 'add path' extension, if the peer supports that. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: converting our anycast node from quagga
On Fri, Jul 03, 2015 at 04:26:26PM +0200, Peter Hudec wrote: Hi, I just started to play with bird. My anycast node setup is as follows. - each anycast server is serving form 1 up to 3 anycast prefixes - the anycast adresses are assigned to the dummyX interfaces as /32(IPv4) or /128(IPv6) - the BGP/quagga/ is advertising the /24 or /48 (added aggregate-address /24 (/48) summary-only - if I put the dummyX interface down, the BGP will stop announce the route associated to this interface, both IPv4 and IPv6 - if I put the dummyX interface up, the BGP will start announce the route The setup is a little more complex (metric, communities, preferencies, ..), but this is the main idea how it works. In another words I could stop/start announce the anycast prefix without reconfiguring the bgp daemon. Please, could someone point me how to do this in bird. There is direct protocol, but I see /32 routes, not /24 Hi Direct protocol just create routes based on assigned addresses. You could define static device routes using static protocol. These should also appear/disappear based on whether the associated interface goes up/down. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: converting our anycast node from quagga
On Fri, Jul 03, 2015 at 05:41:32PM +0200, Peter Hudec wrote: Hi Ondrej, you're right. I used static protocol, added routd to interfaces and added 'check link' switch. This should work even without 'check link' option. That option is for link up/down events (e.g. on ethernet) while admin up/down events should be handled always. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BIRD removing BGP routes from other daemon - FreeBSD
On Thu, Jul 02, 2015 at 08:30:01PM -0300, Cassiano Peixoto wrote: Hi Ondrej, Thanks for your help. I've changed as you suggested on sysdep/bsd/krt-sock.c to PROTO2 and i worked fine. I'd would like know what kind of problem i would have if i keep this change on my bird. Can i run into some issues with other protocols or systems? I have no idea. These PROTOx flags IMHO are not really well documented. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BIRD removing BGP routes from other daemon - FreeBSD
On Fri, Jun 26, 2015 at 11:19:31AM +0300, Alexander V.Chernikov wrote: 25.06.2015, 10:41, Ondrej Zajicek santi...@crfreenet.org: On Thu, Jun 18, 2015 at 05:14:41PM -0300, Cassiano Peixoto wrote: i don't know about OpenBGP. I wonder if there is a better way to distinguish route ownership in BSD systems (like there is u8 rtm_protocol field in Linux). Well, there is auto-filled rtm_pid field, so theoretically we can check if this pid (if filled) and flush routes only if it is not currently running (yes, it is not ideal). That is a possibility, but it is more complicated (e.g. different ownership checking during initiation and later) and probably not worth the effort. Seems to me like adding option to make the flag configurable would be sufficient. The similar approach is used by route6d, so it seems that it is not completely silly approach. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP multipath support
On Wed, May 20, 2015 at 06:19:27PM +0200, Alexander Frolkin wrote: Hello, I was wondering how hard it would be to add BGP multipath support to BIRD, or if anyone was working on it already? Hello BGP multipath is one thing we are currently working on. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: BGP extented communities checks
On Thu, May 21, 2015 at 11:37:23PM +0200, Arnaud Fenioux wrote: Hi folks! I have played with extended communities with some of my peers, and have written this function below to facilitate my checks. On the examples found on github (https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_multiple_RIBs and https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_single_RIB) I have noticed that RO are used : if (ro,myas,peeras) ~ bgp_ext_community then return true; bgp_ext_community.delete([(ro,0,*)]); But according to my tests, RT should be used. Did anybody made the same ascertainment? Hi Well, you could use either RT or RO, they are just different classes of extended communities. But semantically, using RT makes more sense. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Routes disappear after reloading BIRD configuration
On Thu, May 21, 2015 at 04:05:10PM -0700, Robert Brockbank wrote:
Hi,
I've got two hosts each running BIRD within a docker container. If I
restart BIRD on one of the hosts, I drop routes.
I have the kernel option persist set, running bird with the -R option and
set kernel and bgp to have graceful restart.
Restarting the service, sending in a SIGHUP or entering configure on
birdc all cause routes to be dropped temporarily.
Any thoughts on what might be causing this? Is this just a configuration
issue? I've outlined my set up below, including config files etc.
Hi
Seems like a bug in handling unnamed protocols derived from a template.
As a workaround, just add an explicit name to bgp protocols:
protocol bgp bgp_p1 from bgp_template {
neighbor 172.17.8.101 as 64511;
}
One other question, are there any plans to allow dynamic reconfiguration
(e.g. adding and removing a peer) without restarting the protocols?
Adding and removing peers (i.e. BGP protocols) with reconfiguration
should not restart other protocols.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
Re: [PATCH] static: Support for BFD controlled static routes
On Tue, Jul 14, 2015 at 06:33:30AM +, Steve Atkinson wrote:
Hi,
This is my first submission into the community, it is a change to the static
protocol to support the addition / deletion of static routes based on the
availability of the gateway as determined by BFD.
This was implemented as a proof of concept for one of our customers, it
appears to work although has only been tested against the bfd-beacon, with
routes exported to a remote BGP associated router.
Hello
Thanks for the patch. It is one thing i wanted to have implemented, just
i hadn't found the time to do it. There were some problems with the patch
(like not handling protocol reconfiguration, unnecessary function
locate_route_with_bfd_req() and some minor issues) and it is a simple
thing i rather implemented it anew. See:
https://gitlab.labs.nic.cz/labs/bird/commit/538264cf1a7690d90b2953aebff21958c2b55c44
It depends on a previous patch for general route options. There is a
slightly different syntax, 'bfd' is one option in a block of options:
route 10.0.0.0/24 via 10.1.1.1 { bfd; };
Also there is a minor semantic change - BFD session is required to be
established before the route is activated. Although other BFD-enhanced
protocols use BFD just in advisory manner (i.e. if BFD session cannot
be established, it is just disregarded), seems to me that for static
protocol, which does not have native way to establish liveness of
a neighbor, the mandatory manner (no session - no route) makes much
more sense.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
To err is human -- to blame it on a computer is even more so.
signature.asc
Description: Digital signature
Re: Dropped netlink updates during scans
On Thu, Aug 13, 2015 at 04:31:53PM +, Shaun Crampton wrote: We set our scan time to 2s and then create many routes using ip route add². With many (say 50k) routes, the scan starts taking a second or more so BIRD is ignoring about 50% of the route updates and only picking them up on the scan. Do you see any warnings in log when a route is missed? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Device protocol not recognizing interface address change
On Thu, Aug 13, 2015 at 06:29:27PM +0100, Israel G. Lugo wrote: Hello, I work with Bernardo. One piece of additional information: the problem seems to be caused by the interfaces being link down when BIRD comes up. They are already configured by the OS scripts, but they haven't finished negotiating the link yet (NO-CARRIER, state DOWN). Hi So these interfaces are UP but not LOWER_UP in 'ip addr list' output? I guess that you have enabled 'check link' in OSPF? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Setting BIRD up for uninterrupted package upgrades
On Tue, Aug 11, 2015 at 06:51:14PM +, Matt Dupre (projectcalico.org) wrote: Hi all, I'm working on Project Calico (http://www.projectcalico.org/), where we've been using BIRD as a BGP Router. We'd like to be able to set BIRD up such that we can upgrade the package in future without removing any routes. Does anyone have a good way to do this - we're using Ubuntu 14.04 (upstart) and RHEL 7.1 (systemd)? I've got graceful restart configured (`graceful restart;` in the protocols and `-R` on the command line), and this works great for unexpected restarts (such as segfaults) - upstart / systemd restarts BIRD and it resumes normal operation without removing any routes. We've considered modifying the job/service to kill BIRD instead of stopping it gracefully (for example as a pre-stop command), but I'm just wondering if there's a better way. Hello There is currently no command for 'pre-restart shutdown' and also there is no automatic detection for GR recovery at start. Currently you have to kill BIRD instead (which should be OK) and add -R option for GR recovery at start. Note that -R option should be added only for the restart, not for the regular start (that is why it is a command-line option and not a part of the configuration). Although adding it always is not a big problem. We probably should add such features. I am open to suggestions how this should behave - how such 'pre-restart shutdown' command could be named, should the daemon return different return value (probably not) and where the external state (to know whether we should/shouldn't do GR recovery at startup) for GR could be stored, and how it could be integrated with distribution scripts/unit files. For the external state, there are some simple solutions like keeping an empty file in /run along the bird.ctl - if this file is here at start, we do GR recovery. But the problematic part here is to avoid distribution scripts messing with it in an improper way. Another, perhaps more elegant way would be to look if there are any BIRD routes the in routing table, if so, do GR recovery. But that will not work if both 'persist' and 'graceful restart' options are enabled for the kernel protocol. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: Route reflector not setting originator_id
On Thu, Jul 16, 2015 at 04:29:12PM -0700, Evelio VILA wrote: Hello, I have a very simple setup with one rr and one rr client. Im not seeing ORIGINATOR_ID nor CLUSTER_LIST attributes appended to the updates sent to the rr client. Aren't those supposed to be mandatory per RFC 4456 ? Hello I am not sure what is your exact setting, but ORIGINATOR_ID and CLUSTER_LIST are set when the route is reflected on route reflector. They are not set when the route is locally originated on a route reflector. AFAIK RFC 4456 does not specify such case, but it probably makes sense to add these attributes even in this case. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: listen address bug
On Wed, Jul 15, 2015 at 03:36:36PM +, b...@unicycle.net wrote: Hi, I've been debugging a bird6.conf (doing two ASN's) for almost two days, finding each time only one half working, and so being convinced it should work. So finaly I could made a clear conclusion: listen bgp address 2001::2a port 179; listen bgp address 2001::1a port 179; Hi Generally only the last listen directive works. With this setting, you are just listening on 2001::1a instead of on ::. Do you use explicit source address option for BGP sessions? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: OSPF and mass route deletion
On Tue, Jul 14, 2015 at 10:20:22AM +0300, Andrew wrote: When routes are deleted (for ex., terminating a lot of PPP tunnels for some reason in same time), it seems like each removed route is sent into separate OSPF packet that causes troubles with OSPF in some cases (for ex., there's troubles with old quagga). Is there a possibility to add some rate-limiting (for ex., limit to 10 messages per second), and aggregate separate 'route deleted' messages to one packet? AFAIK, multiple flush LSAs can be packed to one LSA when flushed together (i.e. the routes are deleted together), but there is no time-limit. If these routes are deleted as separate (but immediate) events, then it is possible that the OSPF packet with just one flushed LSA is sent before waiting for next route delete (and therefore next flushed LSA. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) To err is human -- to blame it on a computer is even more so. signature.asc Description: Digital signature
Re: bird 1.5.0-4 ospf Inactivity timer expired.
On Mon, Oct 26, 2015 at 04:48:13PM +0600, Andrey Kitsul wrote: > Hello, > > If I do not need to import routes from kernel to bird, can I disable the > import and learn for kernel protocol? Yes, but it does not help you. Periodic scans took time because you have high number of your (BGP) routes in kernel FIB. One solution would be to set OSPF dead timers to tens of seconds and use BFD for fast failure detection. BFD runs in separate thread and is not affected by the kernel scans. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: bird 1.5.0-4 ospf Inactivity timer expired.
On Tue, Oct 27, 2015 at 10:25:06AM +0600, Andrey Kitsul wrote: > Hello, > > Packets debug in attachment (TRACE + WARN), problem: "2015-10-27 10:02:28 > ospf_area0: Inactivity timer expired for nbr 195.x.y.z2 on > eth0.1889" > In pcap dump I see ospf Hello packets per second from other ospf nbr. > > 2015-10-27 10:02:25 ospf_area0: HELLO packet received from nbr > 195.x.y.z4 on greegw4 > 2015-10-27 10:02:25 ospf_area0: HELLO packet received from nbr > 195.x.y.z2 on greegw2 > 2015-10-27 10:02:25 ospf_area0: HELLO packet received from nbr > 195.a.b.c1 on eth1.2508 > 2015-10-27 10:02:25 ospf_area0: HELLO packet received from nbr > 195.x.y.z4 on eth0.1889 > 2015-10-27 10:02:26 kernel1: Scanning routing table > 2015-10-27 10:02:26 kernel1: Pruning table master > 2015-10-27 10:02:26 kernel1: Pruning inherited routes > 2015-10-27 10:02:26 Event 0x00442440 0x took > 1619 ms > 2015-10-27 10:02:26 ospf_area0: HELLO packet sent via greegw4 > 2015-10-27 10:02:26 ospf_area0: HELLO packet sent via greegw2 > 2015-10-27 10:02:26 ospf_area0: HELLO packet sent via eth1.2508 > 2015-10-27 10:02:26 ospf_area0: HELLO packet sent via eth0.1889 > 2015-10-27 10:02:28 ospf_area0: HELLO packet sent via eth0.1889 > 2015-10-27 10:02:28 ospf_area0: HELLO packet sent via eth1.2508 > 2015-10-27 10:02:28 ospf_area0: HELLO packet sent via greegw2 > 2015-10-27 10:02:28 ospf_area0: HELLO packet sent via greegw4 > 2015-10-27 10:02:28 ospf_area0: Inactivity timer expired for nbr > 195.x.y.z2 on eth0.1889 Hi The long kernel scan caused remaining events to be queued and this sequence of timer events (containing neighbor expiration event) was processed before BIRD started to process incoming socket events (e.g. the incoming HELLO). The incoming hello was processed immediately after that: > 2015-10-27 10:02:28 ospf_area0: HELLO packet received from nbr > 195.x.y.z2 on eth0.1889 > 2015-10-27 10:02:28 ospf_area0: New neighbor 195.x.y.z2 on eth0.1889, > IP address 195.x.y.z2 -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: bird 1.5.0-4 ospf Inactivity timer expired.
On Mon, Oct 26, 2015 at 05:40:08PM +0600, Andrey Kitsul wrote: > Why ospf restart? Dead interval 4sec not been reached. Well, it is counted from the last received hello, so you have to add 'packets' to OSPF debug to see when it started. Also timers in BIRD have generally second granularity, so 4 sec timer may timeout in some cases in 3.1 sec. And there is also one minor bug that may cause some timers to te triggered ~1 s earlier. So all these factors together, 4 s (or smaller) dead timers in BIRD may be unreliable. I would suggest at least 8-10 s. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: bird: KIF: Invalid broadcast address 255.255.255.255 for em1
On Tue, Nov 10, 2015 at 03:40:58PM +0100, Job Snijders wrote: > Hi Fellow BIRD users, > > It appears that BIRD does not fully appreciate RFC3021 style addresses > on Ubuntu 15.04, when I start BIRD: > > syslog:Nov 10 15:25:15 eunetworks-2 bird: KIF: Invalid broadcast > address 255.255.255.255 for em1 > syslog:Nov 10 15:25:15 eunetworks-2 bird: KIF: Invalid broadcast > address 255.255.255.255 for p2p2.1003 BIRD works with RFC 3021 style addresses without problems, it is just confused by the fact that directed broadcast address for the iface is configured to 255.255.255.255, which is address reserved for link-local broadcast. BIRD should work without problems on these interfaces (unless you use broadcast like in RIPv1), it is just warning. > Should I configure the Linux side of things differently or is this > something that needs resolving in BIRD itself? IMHO reasonable setting would be to not set directed broadcast address on such interfaces. Link-local broadcast address works for any interfaces and need not be configured. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: RIP with MD5 authentication
On Thu, Nov 12, 2015 at 06:28:34PM +0100, Alexander Velkov wrote:
> Hi Pavel,
>
> I tried your suggestion and defined the password field as a single line. I
> tried out the behavior on different architectures.
Single line versus one password in passwords block should not make difference.
> - when bird runs on a little endian box, then there is no error and the
> boxes can successfully authenticate, even when the pass is specified in a
> passwords block.
> - when bird runs on a big endian box (e.g. running an arm processor), then
> the error "MD5 tail signature is not there" occurs as before no matter if
> the pass is defined in one line or in a passwords block.
Yes, issue with MD5 not working with big endian is known bug in current
RIP, fixed in rip-new.
> Another question. In Quagga you may define a key-chain containing multiple
> keys to be used for the MD5 authentication. Does it work the same way in
> bird ? I thought defining a passwords block containing multiple password
> entries like:
>
> passwords {
> password "secret 1";
> password "secret 2";
> };
Yes, this should work. Note that with multiple passwords it is a good
idea to explicitly specify 'id' key parameter.
Also note that there is a limitation in RIP MD5 auth with multiple
passwords in BIRD that all passwords share the same sequence number
(with one neighbor), which may cause interoperatbility problems with
implementations that sends separate independent sequence numbers for
each passwords.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
Re: MRT rib dump support
On Wed, Nov 11, 2015 at 11:46:17AM -0800, Evelio VILA wrote: > Hello, > > I just came across this commit > > https://gitlab.labs.nic.cz/labs/bird/blob/3e3e381b98fe8809b560da7cd5dc95641102f1cd/nest/mrtdump.c > > Any ideas when is the feature planned for release :) Hello, likely in the next release. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: RIP with MD5 authentication
On Thu, Nov 12, 2015 at 04:20:06PM +0100, Alex Lalik wrote: > Hello, > > I face a problem when configuring RIP with MD5 authentication in bird. > I find no examples in configuring bird this way, so maybe this could be > added to the documentation. > ... > In case I use plain configuration (authentication plaintext) instead of MD5 > then the boxes connect successfully and routes are exchanged. > Do I use a wrong RIP configuration or is this a bug in bird ? Hello Well, the current RIP implementation is not in a good shape, so this is likely a bug in it. I would suggest to try devel version of BIRD from our Git repository, branch rip-new. It fixes many bugs and adds many new features to the RIP. Note that it also changes some options, e.g. options like authentication, password, port are per-interface (like in OSPF), honor option is removed. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Question regarding interaction between custom protocols and OSPF tables
On Wed, Nov 11, 2015 at 05:13:06PM +, Adam Schultz wrote: > Is it possible to advertise routes from a custom protocol via OSPF as an > internal route type instead of external-1 or external-2? No, such feature is not implemented, but is it an interesting idea. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Route update question
On Fri, Oct 30, 2015 at 06:40:49PM -0400, Jigar Mehta wrote: > I am using my own protocol and wanted to understand more about handling of > route update. When my protocol receives a route, I inform the core using > rte_update() and pass on the new route and when I need to delete I set new > = NULL and call rte_update(). > Problem : > 1. This is the initial route that was installed in the table. > Route1 10.0.1.0/24 Metric : 10 > 2. Received a better route with Metric as 5, so i call rte_update and pass > on the new route. So now, I have > Route1 10.0.1.0/24 Metric: 5 > 3. Protocol again receives an update to delete the cost 5 route (step 2) . > However when I do that, I see that I no longer have any route to 10.0.1.0/24 > instead of having a higher cost route (cost 10 ). Hi This is expected behavior, rte_update() replaces the current route for a network with a new one. The key is only the network, not the metric. If you want to propagate multiple routes for the same network from one protocol to one table, you can use rte_update2() and rt_get_source(). In that case, rte_update2() will replace the route from the same source. You can use metric as ID for rt_get_source(), so the routing table will keep one route per network+metric from your protocol. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: not listening on 179 but iface up
On Sat, Aug 29, 2015 at 07:00:21PM +0200, Kai wrote:
> Dear bird gurus, :)
>
> I'm currently setting up a new iBGP-(only)-member. It is configured to
> connect to 2 internal peers:
>
> protocol bgp wiesbaden1 from bgp_ibgp_wi { # lotuswurzel
> neighbor 10.56.0.23 as wi_as;
> };
>
> protocol bgp wiesbaden2 from bgp_ibgp_wi { # kaschu
> neighbor 10.56.0.208 as wi_as;
> };
>
> and these 2 peers are configured to connect vice-versa.
Hi
What is your bgp_ibgp_wi configuration?
> They don't connect. Additionally bird on the new member doesn't listen
> on port 179. I first tried it to listen explicitly on two of the hosts
> IP addresses (is this possible, by the way?)
No, only the second statement is used.
> and now removed the
> explicit "listen" - so that it should now listen on 0.0.0.0:179, right?
Yes
> It doesn't. :(
Did you try to restart BIRD or just reconfigure BIRD? 'listen' option
cannot be changed by reconfiguring (it is reported in logs).
> I found hints that bird may postpone opening the socket, if the network
> interfaces are not yet up. But at least 4 interfaces _are_ up, including
> the two where the iBGP peers are connected directly.
This is relevant only for single hop BGPs (like EBGPs)
> Any ideas?
What 'show protocols' report for these protocols?
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
Re: Re: not listening on 179 but iface up
On Thu, Sep 10, 2015 at 10:16:18AM +0200, Kai wrote: > Dear Ondrej, > > Maybe there should be a more prominent hint in the manual, that a > config without "protocol device" makes no sense in most situations (if > this really is the case)? Maybe even a warning in the log file? You are right. 'protocol device' is necessary in almost every case. I guess there is one case where it is not needed - regular (multihop) IBGP-only route reflector. But in your case you have option 'direct', so your IBGP sessions are single-hop and wait for interface with proper prefix to appear. You are right, this should be emphasized in the manual. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF & unnumbered interfaces
On Wed, Sep 09, 2015 at 08:55:38AM +0200, Basile Bluntschli wrote: > Hi All > > I was trying to have OSPF run with the "ip unnumbered interface /32" > methodology. > So far it was working when specifing the neighbor on the other end: > ip addr add 192.168.2.1 peer 10.10.10.10 dev lan3 > > Is there a way to have it running without a "neighbor statement"? No, it requires 'peer-address' set up. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: BGP add-path with Juniper
On Thu, Sep 10, 2015 at 04:49:16PM +0300, Stanislaw Datskevich wrote: > > Hi, list. > I'm trying to use BGP add-path feature in BIRD connected my Juniper > router, but I have no luck with it. Hi This is probably the same issue as this: http://comments.gmane.org/gmane.network.bird.user/4158 You could try with both 'capabilities on' and 'enable route refresh off'. Or you could try upgrading firmware on Juniper: http://permalink.gmane.org/gmane.network.bird.user/4241 -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Running Bird bgp through GRE tunnel
On Wed, Sep 09, 2015 at 09:34:20PM +0530, Ajay Raut ( Tech Ops ) wrote: > Hi Baptiste, > > Thanks for the Response, > > Done the changes as you specified on gre-vpn interface configuration. > ... > > Though i see the same issue of No Route to host, Please let me know which > part i have missed here. Hi To find the problem, it would be useful to know outputs of these commands: ip addr list ip route list birdc show interfaces -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: BIRD memory usage
On Mon, Sep 21, 2015 at 10:10:08AM +0200, Alexander Frolkin wrote: > Hi Ondrej, > > > > Is there something we can do to reduce the memory usage? Or could this > > > be a memory leak bug? > > This is definitely a memory leak, probably related to path merging. You > > are using current code from git or patched 1.5.0? I will try to reproduce > > it. > > Thanks. We are using a version from git that supports BGP multipath. > Git describe says v1.5.0-19-g8d9eef1. Hi I cannot reproduce the problem. Could you get me a core dump when the memory consumption is noticeable higher than after the start? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF: directly attached summarized networks announced with metric 0 when link goes down
On Mon, Sep 28, 2015 at 08:58:35PM +0100, Israel G. Lugo wrote: > Hello, > > I have a question regarding BIRD's OSPF and summarized networks. Not > sure if I'm doing the right thing. > > I've got access routers running BIRD, configured as ABR between area 0 > and their respective user-facing areas. > > Access networks are VLAN interfaces, e.g. eth0.161. Backbone connection > is a separate physical interface (eth1). > > If the physical access interface (eth0) goes link down for some reason, > BIRD changes the VLAN OSPF interfaces (eth0.161) to Loopback state. It > stops announcing the directly connected prefixes on the VLAN interfaces, > but it keeps announcing a /32 for the interface's IP, with a metric of 0. > > That in itself isn't the problem. It makes sense, as the IP belongs to > the machine. The problem is, if I use the "network" option (to define > summary LSAs), the /32 will be summarized to the entire prefix, making > it be announced again. What's worse, it is now announced with a metric > of 0, which means it will override any redundant routers I might have. > > ... > > I understand that literally, BIRD is doing what I asked it to do: > summarize A.B.C.0/24. As long as it has some valid route inside that > prefix (in this case the /32), it will announce the whole summarized > network, with a metric equal to the largest cost (RFC 2328, 12.4.3). > > It would seem to me, though, that this case warrants special treatment. > The /32 only exists because the interface transited to Loopback state > when it lost the link. Hello You are right with your analysis of the issue. I agree that in your case it does not make sense, but unfortunately, the behavior is IMHO more or less correct with regard to RFC 2328. I am not sure how it should be modified to be consistent and to make sense in your setting. /32 local definitely should be propagated (at least by default). Perhaps ignoring zero metric /32 from triggering summarization? Or ignoring any local stub network? Or some more general configurable limit for summarization (like minimal cost)? > Is there something I should be doing differently? Or could this perhaps > be a bug, and not intended behavior? Perhaps you could try to use stubnet option with hidden + summary suboptions to hide these /32 routes to not trigger the summary networks. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Missing BFD session with OSPFv3 and same link-local addresses.
On Fri, Sep 25, 2015 at 01:04:45PM +0300, Christos Trochalakis wrote: > Hello all, > > ... > > There is only one bfd session instead of two (one for each link). > > After digging a bit in the source code, it seems that the OSPF protocol > calls `bfd_request_session()` which leads to a call to `bfd_add_request()`. > `bfd_add_request()` tries to reuse an already established session with > **the same destination address** before creating a new one. But B.B.B.B > has the same link-local address on both interfaces (they share the same > mac) so the second session is never created and the first one is > returned. Perhaps a better approach would be to use the (address, iface) > pair when trying to reuse a session. Hello You are right, i just noticed the same problem several weeks ago. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Support for RFC5838
On Sat, Sep 26, 2015 at 09:30:36PM +0200, Ruben Herold wrote: > > hi, > > I haven't found anything in the documentation. So I will ask the list, > is there support for RFC5838 (Support of Address Families in OSPFv3) in > bird? No, we currently support just IPv6 in OSPFv3 -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: pmacct and BIRD on the same box
On Sat, Sep 19, 2015 at 04:35:35PM -0500, Charles van Niman wrote: > Hello, > > I am looking to feed BGP data into pmacct on a linux router I > have running BIRD. Right now, BIRD runs iBGP to five other boxes > [quagga/BIRD mix], on one IP [172.22.150.126], assigned to the > loopback interface, and a handful of eBGP peers on another IP > [172.22.150.127]. > > I see two practical approaches to this, but I am all ears for > more! My original plan was to just put pmacct's BGP peer IP on a > separate loopback IP [172.22.150.119], and peer between BIRD > 172.22.150.126:179 and pmacct 172.22.150.119:179, however since I am > using two different listening IPs in BIRD, it binds to 0.0.0.0. > > I attempted to use the global listen bgp option, but it seems I > am forced to pick between eBGP, iBGP, running multiple BIRD instances, > or renumbering sessions, which I want to avoid :( > > Another way around this seemed to be to use a different TCP port > for pmacct to bind to, however BIRD doesn't seem to support > per-neighbor port settings. Maybe I have just missed this feature, if > so hooray! Hello You can set per-neighbor remote port for BGP in version 1.5.0, but it seems that the documentation on the web is not updated. The documentation in the source package (doc/bird.sgml) or in Debian packages (bird-doc) from the web is up-to-date: neighbor [ip] [port number] [as number] Define neighboring router this instance will be talking to and what AS it is located in. In case the neighbor is in the same AS as we are, we automatically switch to iBGP. Optionally, the remote port may also be specified. The parameter may be used multiple times with different sub-options (e.g., both neighbor 10.0.0.1 as 65000; and neighbor 10.0.0.1; neighbor as 65000; are valid). This parameter is mandatory. Setting per-neighbor listening port or address is not implemented. Setting up pmacct on a different port and binding BIRD on 0.0.0.0 seems more sane to me than depending on outgoing TCP connections. Note that BIRD will not establish outgoing direct BGP connection to a neighbor address that is also an address of a local interface. But incoming connections from such addresses and multihop/iBGP outgoing connections are accepted. Perhaps we should not try to outsmart the user and should handle such addresses as usual. You can workaround that issue either by using multihop BGP or removing the iface from known ifaces in 'device' protocol. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: default route via OSPF depending on the ISP
On Mon, Dec 07, 2015 at 12:07:59PM +, Rohrmann Sascha wrote: > Hi Ondrej, > > >> Do you have more information and/or tips for me, by chance? > > > As others wrote, you could do periodic pinging by e.g. fping and > > enable/disable a static > > protocol using birdc (birdc disable XXX). > > See the attached script, which does something like that and estimating > > packet loss. > > Thank you very much for that script. > > I have two additional questions about this: > > 1)Why do you stop the whole routing process if the ISP is down? > Isn't there a chance to "only" stop distributing the default-route and > keep the OSPF process? I would not stup the whole routing process, i would just shut down static protocol (XXX instead of name in the example) used to originate the default route. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF, missing external network prefix
On Tue, Dec 08, 2015 at 04:49:47PM +0500, Eugene M. Zheganin wrote: > Sure. Since it's 80 kilobytes long (it's an enterprise VPN, big enough), > I thought it would be more comfortable to provide a link on a text file, > here it is: > > http://tech.hq.norma.perm.ru/files/ospf-state.txt > > At the time it was taken the situation didn't resolve, I checked. Seems like the net it is missing also here. Could you get also output of 'show ospf state all'? > You may also notice that bird there is 1.4.4. I also have 1.5.0 bird > with same situation on a different server, and I can provide 'show ospf > state' from it, you you need one. That might be useful. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF, missing external network prefix
On Tue, Dec 08, 2015 at 11:28:00AM +0500, Eugene M. Zheganin wrote: > Hi. > > I have a bunch of bird routers. Recently I discovered that at least one > prefix from LSADB isn't installed in FIB: Hi Could you send me output of 'show ospf state'? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: KRT: Received route with strange next-hop
On Sat, Nov 28, 2015 at 04:16:54PM -0500, Brian Rak wrote: > >Sorry for late answer, 'device route' i call a route for directly > >attached network prefix, with associated iface but without associated > >gateway IP. Perhaps there is a better / more established term for such > >routes. > > > Sorry, my spam filter was delaying this. > > That's what I have I think? I have the '45.63.4.188 dev veth0 scope link' > route, I'm not aware of any other way to add this (and it doesn't use a > gateway IP). Well, the recommended way is to add ptp address: ip addr add A.B.C.D peer 45.63.4.188 dev veth0 instead of just the route (when ptp address is added, the route is also added by the kernel) -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: need some help with filters
On Fri, Dec 04, 2015 at 11:15:16PM +0100, D.Wesołowski wrote: > Hi, > ... > > the last two line don't works. > I'm looking for some hint to make it work as I want ;) You mean this ones? > return (bgp_path.first ~ [ 51931, 51944 ]); > #if bgp_path.first ~ [ 51931, 51944 ] then return true; I guess the problem is that export filters are executed not before BGP internal processing (including AS PATH update), but after that. Therefore, on EBGP session your ASN is prepened and is the first, ASN from whom you received the prefix is the second. This is confusing and a bit silly, but that is how it currently works. I would like to change the order in the future (to first apply filters and then internal protocol processing). You could do either matching based on the source protocol name (proto = "ARPNET"), ASN membership (51931 ~ bgp_path) or AS path pattern matching (bgp_path ~ [= 199943 51931 * =]). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: segfault with BFD
On Tue, Dec 01, 2015 at 11:53:55AM +0100, Bartosz Radwan wrote: > I have similiar config on my Linux router, but in my case source address > exists until i shut the interface down. > When the interface is shut down (ifdown interfacename), bird crashes. > > May be dangerous, i could imaginge situations when i want to shut interface > down or it just happens accidently. Well, it is a bug (fixed in devel branch), not intended behavior. Thanks for the sysctl note. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Issue injecting network overlapping BGP next hop in bird6.
On Fri, Dec 04, 2015 at 02:23:04PM -0800, João Taveira Araújo wrote: > Hi, > > I'm running into a difference in behaviour between bird and bird6, > although admittedly it may come from netlink itself. I'm using bird > 1.5.0, but have also tried with build from latest git head. > > Assume a connection to an upstream router over a link addressed with > 10.0.0.0/31 or ::0/127 for IPv4 and IPv6 respectively. For IPv4, > the upstream announces the follow prefix: > > 10.0.0.0/31 via 10.0.0.0 on eth0 [session 22:14:01] ! (100) > BGP.next_hop: 10.0.0.0 > > In this case the route fails to be injected into the FIB, because a > route already exists from proto kernel, as the interface is addressed > from that prefix. > > In IPv6, the same thing happens, but on restarting bird6 all routes > fail to get injected, each with the following error: "Netlink: No > route to host". Hi Thanks for the report. I guess that in IPv6, the ::0/127 succeed to be injected, because it has different metric (kernel added ones have 256 by default while userspace have 1024 by default), se there are two routes afterwards, but when BIRD want to remove its route during restart, kernel seems to ignore the protocol field of the route and remove the kernel route instead of the BIRD route. Without the kernel route, kernel does not allow routes with related next hop to be injected. In IPv4, kernel checks protocol field and do not remove routes from other protocols when one is specified. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF export filter
On Sat, Dec 05, 2015 at 04:40:06PM +0100, Ondrej Zajicek wrote: > On Thu, Dec 03, 2015 at 03:50:54AM +0300, Anton Kiryushkin wrote: > > But in birdc I didn't see any metrics. I have two server with same config > > and same addresses on interfaces lo and dummy0 with different priorities. > > Could you help me with export filter? > > Hi > > First, to export some route as an external route to OSPF, it must be created > by some other protocol. Perhaps you have to add static or direct protocol to > your config? If the prefix 77.71.22.23/32 is e.g. on dummy0, then it will > not be exported through export filter, but propagated as internal route. > The interface has to be enabled in order to propagate its prefixes. > Anton Kiryushkin wrote: > showed me nothing. But 'show ospf state' showed me both ips with metric 0. Now i see that. These prefixes are on dummy0 and generated internally, therefore export filter does not apply. Because they are /32, metric specified for the dummy interface (100) also does not apply. You can use 'stubnet' option to explicitly add stub network with specified metric. Or you could use direct or static protocol and export filter to propagate it as an external route. In both cases, you don't configure dummy0 as an OSPF interface. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: default route via OSPF depending on the ISP
On Thu, Dec 03, 2015 at 03:12:10PM +, Rohrmann Sascha wrote:
> > Well, you could use static default-route and 'check link' option, but that
> > will help you only in the third case, not in the second one.
> > For the second case, you must have some other way to establish whether ISP
> > is up or down, either by running some routing protocol between
> > you and ISP, or running BFD session.
>
> Just as you said, that will only help me in the third case.
> In which way should BFD be able to accomplish my goal?
> In my understandings BFD only checks if the link is available. If this isn't
> given, BFD tells Bird this problem.
BFD checks whether specified/destination IP is available (but it also must run
BFD).
Therefore both link and host must be up.
> Second problem is, not every ISP supports BFD yet because BFD is kinda new.
That is true, and also BFD-controlled static routes are only in devel version
of BIRD,
not in v1.5.0
> I was thinking about a simple ping which checks the availability of the
> opposite party.
> Am I able to include a simple shell script in bird?
No
> Do you have more information and/or tips for me, by chance?
As others wrote, you could do periodic pinging by e.g. fping and enable/disable
a static protocol
using birdc (birdc disable XXX). See the attached script, which does something
like that and
estimating packet loss.
> > I was thinking about the bfd protocol, but bfd is kinda new and you can't
> > run more than one instance in bird.
> > Well, is there any reason why to run multiple BFD instances in BIRD?
>
> Well... you could create one bfd instance for one single interface.
> Furthermore you could then check the availability for e.g. my problem instead
> of checking all BFD instances.
I don't understand here.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
#!/usr/bin/perl
$ip = 'A.B.C.D';
$logfile = "/var/log/XXX";
$logfile2= "/var/log/YYY";
$link_up = "/usr/sbin/birdc enable XXX";
$link_down = "/usr/sbin/birdc disable XXX";
$cmd = 'fping -c 40 -p 50 ' . $ip . ' 2>&1 >/dev/null';
$state = 0;
$start = 1;
$counter = 50;
$tc = 0;
open(LOGFILE, '>>', $logfile);
print LOGFILE localtime () . ': watchdog (' . $ip . ") started\n";
close(LOGFILE);
while (1)
{
$unreach = `$cmd`;
$unreach =~ s/.*\/([[:digit:]]+)%.*/\1/s;
open(LOGFILE2, '>>', $logfile2);
if ($tc == 0)
{
print LOGFILE2 localtime () . ":";
}
print LOGFILE2 " " . (0+$unreach) . "%";
$tc ++;
if ($tc > 10)
{
print LOGFILE2 "\n";
$tc = 0;
}
close(LOGFILE2);
if ($unreach == 0)
{
$counter -= 100;
}
elsif ($unreach < 3)
{
$counter -= 50;
}
elsif ($unreach < 6)
{
$counter -= 10;
}
else
{
$counter += $unreach;
}
if ($counter > 300)
{
$counter = 300;
}
if ($counter < 0)
{
$counter = 0;
}
if ((($start) && ($unreach < 6)) ||
(($state == 0) && ($counter < 30)))
{
system ($link_up);
$state = 1;
$start = 0;
open(LOGFILE, '>>', $logfile);
print LOGFILE localtime () . ': Link (' . $ip . ") online\n";
close(LOGFILE);
}
if ((($start) && ($unreach >= 6)) ||
(($state == 1) && ($counter > 95)))
{
system ($link_down);
$state = 0;
$start = 0;
open(LOGFILE, '>>', $logfile);
print LOGFILE localtime () . ': Link (' . $ip . ") offline\n";
close(LOGFILE);
}
sleep 2;
}
signature.asc
Description: Digital signature
Re: default route via OSPF depending on the ISP
On Thu, Dec 03, 2015 at 02:34:02PM +, Rohrmann Sascha wrote: > Dear users of the Bird internet routing daemon, > > First of all I am sorry for my e-mail which I have sent some minutes before. > It was a mistake and you can ignore my last mail. > > Now to my question: > > I want my OSPF to distribute the default-route ONLY and ONLY if the ISP is > available. > Means, if the link, or the IP isn't available, my OSPF should be quite. > > Further information: > > ISP (ISP is up) > l(Link is up) > R1 (Interface is up) > > R1: everything is ok, I can reach the ISP, so I am the default-gateway for > everybody below me. > > ISP (ISP is down) > l(Link is up) > R1 (Interface is up) > > R1: Oh gosh! The ISP is down! I am now no longer the default-gateway for > everybody below me. > > ISP (ISP is up) > l(Link is down) > R1 (Interface is up) > > R1: Oh, I can't reach my ISP... Ok, I need to stop telling everybody below me > I am the default-gateway. Well, you could use static default-route and 'check link' option, but that will help you only in the third case, not in the second one. For the second case, you must have some other way to establish whether ISP is up or down, either by running some routing protocol between you and ISP, or running BFD session. > I was thinking about the bfd protocol, but bfd is kinda new and you can't run > more than one instance in bird. Well, is there any reason why to run multiple BFD instances in BIRD? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: ECMP support
On Tue, Dec 15, 2015 at 10:33:30AM -0500, Brian Rak wrote: > Does BIRD handle sending ECMP routes via BGP? With 1.5.0, even if I enable > 'add paths on', BIRD only sends one route even when it knows about multiple. > To me, 8d9eef17713a9b38cd42bd59c4ce76c3ef6c2fc2 only appears to be related > to populating the kernel routing table here, which I'm not using. I am not sure whether i understand the question. If you have multiple routes and ADD-PATH enabled on both sides, then all routes are propagated. If you have one route with ECMP next hop, it is propagated as one route in BGP (regardless of ADD-PATH). In which use case are you interested? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Bird and RIP
On Tue, Jan 05, 2016 at 01:56:01PM +0300, Anton Kiryushkin wrote: > What about metric for each virtual interface? I mean ve1 has metric 5, and > ve2 has metric 2 ? How to export this setting? As I wrote before, from > another side I saw metric from physical interface. My config is: Hi Metrics in RIP are generally understood as in-metric (increased by receiver). Therefore, 'metric' option for an interface specifies an increase of metrics for routes received through that interface. It does not influence routes originated by the router itself, like locally reachable prefixes. You have to modify rip_metric in the export filter. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: route withdraws on BGP route-refresh
On Mon, Dec 28, 2015 at 10:41:26AM +0200, Christos Trochalakis wrote: > On Thu, Dec 10, 2015 at 12:10:35PM +0200, Christos Trochalakis wrote: > >Hello all, > > > >While debugging a route-refresh issue we discovered that when a route-refresh > >is received, bird, instead of just sending an update containing the exported > >routes, also withdraws **all known routes** from its peer. In our case, it > >withdraws the whole FIRT sending multiple BGP updates. Is this the expected > >behaviour? We are using bird 1.4.5. > > > >We believe that the opposite router has trouble processing all those > >withdrawed > >routes which leads to other connectivity issues. > > > > Any comments on that? > > Let me restate the issue, bird withdraws every route in its routing > table despite the fact that those routes were never exported to that > protocol. I am not familiar with bird internals so I don't know if bird > keeps track of the exported routes per protocol. Hi BIRD does not explicitly keep track of the exported routes per protocol. In normal operation, it just evaluates filters on both the old and the new route to see if it is necessary to send an update - if both are rejected, then no withdraw is sent. But this approach is not used for full table refeed (which may be triggered by reconfiguration, explicit command or received route-refresh). In refeed, every available route is either propagated or withdrawn, mainly to handle situation where export filters were changed and therefore we cannot reliably decide whether routes were exported in the past. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Trouble with inter and intra area filtering between two areas.
On Tue, Dec 15, 2015 at 05:38:11AM +0100, LU wrote:
> Hello.
>
> Here's my setup with 4 routers:
>
>area 0
> / \
> R1 R2
> | |
> | |
> R3 -- R4
> \ area1 /
>
> What I am trying is to prevent routes that fall in 10.0.0.0/8 range from
> being announced from Area 1 routers (R3, R4) to Area 0 routers (R1, R2). At
> the same time I want Area 1 routers (R3, R4) to exchange these routes
> between themselves.
>
> I thought that I could achieve it by using "networks { 10.0.0.0/8 hidden;
> };" in Area 1 routers configs. Documentation says: "Hidden networks are not
> propagated into other areas." It does indeed prevent annoucement to Area 0
> routers from Area 1, but at the same time it also filters these routes out
> between Area 1 routers (R3, R4) which is not what I want, I expected it not
> getting filtered from Area 1 routers. (Since they are the same area).
>
> Is there any way I can filter 10.0.0.0/8 from reaching Area 0 from Area 1,
> but at the same time keep such routes announced between Area 1 routers?
Hi
Such config should work as you expected (i.e. routes are propagated
inside Area 1, but are not translated to summary LSAs for Area 0).
Could you send me output of 'show route' and 'show ospf state'?
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
Re: pattern matching for bgp communities
On Tue, Nov 24, 2015 at 12:19:29PM +0100, Job Snijders wrote: > Hi all, > > Is there a way to do pattern matching or regex matching on the BGP > communities associated with a prefix? Hi I don't think so. Generally, we could add something like member/filter operation on communities and similar list-based properties using general boolean function in a similar way like 'where' operator is used to filter routes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: KRT: Received route with strange next-hop
On Thu, Nov 19, 2015 at 08:25:01AM -0500, Brian Rak wrote: > >Generally, BIRD expects that the next hop address is reachable by > >interface address prefix. In your case you just add device route for > >45.63.4.188/32 instead of adding peer address of 45.63.4.188 to veth0. It > >is true that for the kernel the difference does not matter in this > >regard and that the warning is not important in this case. > > What do you mean by 'device route'? I'm not sure how that differs from what > I have, and not finding a lot of references to that phrase online. Hi Sorry for late answer, 'device route' i call a route for directly attached network prefix, with associated iface but without associated gateway IP. Perhaps there is a better / more established term for such routes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: bird development
On Tue, Jan 12, 2016 at 09:43:19AM +0100, Daniel Wendler wrote: > Hello everybody, > > the last bird version (1.5.0) was released around 8 month ago > and since then, there were no bug fix release or something. > > On the RIPE 69 "Bird short update" Ondrej mentioned the 1.5 version > is the last one of the 1.X releases and shows the future of bird with > 2.x in Q1/2015 and final (3.x) in Q3/2015. > > As we now have Q1/2016 i want to know if there is an updated Roadmap > for the bird development? Will there an 1.5.1 release? Hi We plan to have 2.x release at the end of 2016-01. Also, release 1.6.0 is planned afterwards (from current master branch, major number update due to changes in RIP). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Empty lists
On Thu, Jun 02, 2016 at 04:40:48PM +0200, Stefan Plug wrote: > Hi guys, > > Using Bird 1.5.0 > Is is somehow possible to have an empty list? > define AllowedExportAsList = []; Hi I guess you mean sets, not lists. I think it is not possible to have an empty set in BIRD. The grammar requires there is at least one item. One reason is that sets have a type (int set, prefix set, ...) based of the content. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: New "channels" feature in future version of Bird?
On Fri, Jun 17, 2016 at 01:40:45PM +0200, Jan Matejka wrote: > Import and export filters should stay as they were before. The > "channels" feature is just an internal abstraction layer between routing > tables and protocols. Hi I would disagree a bit here. Channels are not just an internal abstraction, they are explicit, user-visible concept representing connection between routing tables and protocols. Such connections always existed, but were implicit. In the int-new branch they are explicit. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: AS out of range
On Sun, Jun 19, 2016 at 06:08:59PM +0700, David S. wrote: > Dear All, > > I don't want to advertise my network to some 1317xx, and I found the > following error: > > /usr/local/etc/bird.conf, line 14: Value 1317xx out of range (0-65535) > Does bird have AS limitation on bgp community filtering? BGP communities are generally limited to 16bit AS numbers. You have to use extended communities for 32bit AS numbers. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: [PATCH v2 2/2] Add the Babel protocol.
On Mon, Jan 18, 2016 at 12:03:46AM +0100, Juliusz Chroboczek wrote: > > I have one more general question. Is ETX cost algorithm really > > a reasonable idea? [...] It seems to me that in many cases it will lead > > to oscillations, because packet loss in wireless networks usually > > depends on traffic load. It seems to me that dynamic cost algorithms > > based on packet loss should at least use some hysteresis. > > You're right, we're doing hysteresis in babeld. This is described in > Section III.E of > > http://arxiv.org/pdf/1403.3488.pdf Thanks, i will check that. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: [PATCH v2 2/2] Add the Babel protocol.
On Mon, Jan 18, 2016 at 12:15:31AM +0100, Juliusz Chroboczek wrote: > > Where BABEL_MIN_MTU is 540 (512 adjusted for IP and UDP headers). > > Should this be 560? The control traffic is carried over IPv6. You are right, 540 is for IPv4. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: [PATCH v2 0/2] Add the Babel routing protocol to Bird
On Thu, Jan 14, 2016 at 11:24:57PM +0100, Toke Høiland-Jørgensen wrote: > This is the updated patch to add the Babel protocol to Bird. It is updated > quite > a bit compared to the previous version. Specifically: Hi Thanks for the updated patch! Seems like most of my comments were incorporated to the patch. I will do a review in a couple of days. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: bird does not speak OSPF on a GRE tunnel interface
On Mon, Jun 27, 2016 at 03:26:41PM +0200, Alexander Velkov wrote: > Hi Ondrej, > > Thanks for you answer! I did exactly this and bird finally became more > 'chatty' :). > This is very nice, although I expected that bird is "sensing" the state of > the interfaces (e.g. through the device/direct protocols). Yes, it does that. But you still have to specify which interfaces it is allowed to use for specific protocols. You can use wildcards (e.g. "eth*") instead of specific interfaces. > What is "scanned" actually by the 'device' protocol ? List of interfaces and its addresses/prefixes. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: RIP with MD5 authentication
On Thu, Jun 23, 2016 at 04:04:48PM +0200, Alexander Velkov wrote: > Hello again, > > Error 1: > > You are right, it seems that quagga (ripd) really sends two packets when it > starts - the first one is unencrypted with metric 16, the others are > properly encrypted. The first one is RIP request, rest are RIP responses. Quagga apparently do not sign RIP requests. They are optional, so it is not a big problem, but AFAIK they should be signed and verified in the same way as RIP requests. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: BIRD and ECMP on Linux seems flaky
On Tue, Jan 19, 2016 at 04:11:10PM +0100, Arno Töll wrote: > Hi, > > On Tuesday 12 January 2016 00:09:34 Wilco Baan Hofman wrote: > > > In this case, the API is not symmetrical. You can set routes via the > > multipath structures, but the Linux kernel splits this up into separate > > routes internally, because with IPv6 you can now have multiple routes to > > the same destination that are not linked together (why? Maybe to > > remove/add one of the nexthops independently or something). > > arguably I think bird should adapt to whatever the public APIs of > Linux provide, and not the other way around as long as Linux is a > supported platform to bird. > > This makes me wonder if you guys would accept patches working around > this asymmetry for ECMP route in bird in order to have compliant ECMP > support in bird for IPv6 based on Ondrej Z.'s patch? If so, do you > have any constraints? What about bird 2? Hi Sorry for a late answer. Patches for handling IPv6 ECMP support in Linux with current API could be accepted if they are not too crazy. Unfortunately the API has several problems that complicates its usage from BIRD. E.g.: 1. when asynchronous updates are received, they do not contain the whole route, just the modified next hop. 2. when a new ECMP route appears, it is announced as a sequence of next hops, but there is AFAIK no flag for 'this is last next hop'. Seems to me that there are several options how to workaround that. For start, we could support IPv6 ECMP only in non-learn mode. Or we could support learn/import (for IPv6 ECMP) during periodic scans only. Using RTA_MULTIPATH in IPv6 Linux API is for backwards compatibility (although it does not really provide it), so it would make sense to not use that and just send muliple routes. The patch could be against int-new branch for BIRD 2. Or you could send two patches, one against master for BIRD 1.x and one against int-new for BIRD 2. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: [PATCH master] IPv6 ECMP support fixes for linux
On Wed, Feb 10, 2016 at 04:38:03PM +0100, Mikhail Sennikovskii wrote: > Hello Fellows, > > as a follow-up for the recent discussion about BIRD support of IPv6 ECMP on > Linux > ( http://trubka.network.cz/pipermail/bird-users/2016-January/010163.html ), > I've created a patch, which addresses this problem. Hi Thanks for the patch, i have several comments: 1) In the patch, the incoming direction (collection from kernel) is handled in unix/krt.c, while outgoing direction (krt_replace_rte()) is handled in linux/netlink.c . It would make more sense to handle both directions in the same place. As BIRD uses internally representation with one route and mpnh structure, i would prefer to move collection also to linux/netlink.c, so generic code in unix/krt.c would not care about OS-specific interface (and does not need any changes). Linux code would just collect next hops and then call krt_got_route() for the whole multipath route. 2) Function krt_replace_rte() should be smarter than just flushing the whole old multipath rte. It should compare old and new next hops (we could suppose they are sorted) and either add missing or remove surplussing next hops by calling nl_send_route(). 3) When collecting received routes, you should avoid creating list of routes for the same net, and then merging such list by rt_merge_list(), you could simply collect next hops (struct mpnh *) for the current route. 4) Also rt_merge_list() uses mpnh_merge_rta() which uses rte_update_pool. That is probably not safe outside of nest update code. The linux netlink code should have its own linpool (static and shared, because netlink socket is also shared), so you could allocate mpnh structures from it. The linpool should be flushed when the route is collected and propagated to krt_got_route(). So you don't need to do rta_lookup() for temporary next hops. Note that such linpool could be also used for IPv4 multipath next hops in nl_parse_multipath() instead of nh_buffer. > Note that the patch still does not support the learn mode for IPv6 ECMP. > The support for it can be added later. Well, the learn mode is not really a problem. With the modifications mentioned above, learning would work automatically (it is handled by unix/krt.c, regardless of how route is generated). What is problematic is handling asynchronous notifications (because you don't know inside netlink code what are other next hops and whether you will get another one related to the same net). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: Running BIRD on Virtual Machines
On Tue, Feb 09, 2016 at 06:55:49PM +0300, Joseph M Owino wrote: > Hi. > > We are currently setting up in a new site and are short on physical gear. Is > it feasible to run 2 instances of BIRD on virtual machines. I don't know about any significant issues. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: Can bird include metrics when installing linux kernel routes?
On Wed, Feb 10, 2016 at 04:46:13PM +, Mike C wrote: > Hi, > > Is there a way to make bird include a metric when installing routes into > the linux routing table? I want to base the metric on the length of the BGP > path (so longer path via prepending has higher metric), or failing that, a > local_pref value. Hi You could set krt_metric attribute, but usually it is better to resolve multiple routes inside BIRD and then have just one route per destination in the kernel routing table. What purpose such dynamic setting is supposed to have? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: OSPF default route under special circumstance
On Tue, Feb 16, 2016 at 09:39:37AM +, Rohrmann Sascha wrote:
> Hi,
>
> I have 4 routers:
> ISP1 ISP2
> l l
> A1 A2
> l--l
> B1 B2
>
> A1 is directly connected to its' on ISP and A2 is directly connected to its'
> own ISP, too.
> A1 and A2 are performing eBGP, iBGP and OSPF.
> I already configured all protocols and distributed the default gateway
> (A{1,2}) for B{1,2}.
> For that I created a 0.0.0.0/0 route in the static section of A{1,2} and
> filtered it out in the BGP-, OSPF-, and Kernel-table of A{1,2}:
>
> import filter { if net = 0.0.0.0/0 then reject; accept};
> export all;
>
> So, basicly A{1,2} should throw this default-route only in OSPF and they
> should not have the default-route in their own routing-table.
> But, unfortunately, A{1,2} actually do have this route in their table.
Hi
Well it is hard to say where is a problem without the configuration.
Don't you swap import/export statements? For example, kernel protocol
should have 'export filter { if net = 0.0.0.0/0 then reject; accept};'
if you do not want to export default route to it.
Or you could just have default reject/unreachable route, like in this example:
https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_example_2
Generally, it is a good question what are best practices for configuring
BGP border routers on Linux/BIRD. There is an interesting idea to use two
separate kernel routing tables, one for internal routes and one for
external/BGP routes, just for the sake of clarity.
> How do I have to configure my protocols so that A{1,2} do not show this
> behavior?
> In my understandings, routers like A{1,2} should not have a default-route in
> their routing-table...
>
> My 2nd desire is the following:
> A{1,2} should throw the default-route in the OSPF area if the BGP
> adjacency is reachable and the BGP peer is formed (BGP state should be
> established).
> Is this desire realizable with bird only?
No, that is not possible. Unless you convince your ISPs to send you also
a default route through the BGP and use it to redistribute it to OSPF.
But it is not a big problem - the router with BGP session down already
has external routes from IBGP, so the traffic will be directed to the
other border router.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
Re: iBGP unreachable
On Tue, Apr 12, 2016 at 11:21:15AM +0200, Panda RoboLegs wrote: > Hello, > > there is no IGP. I thought that I can resolve the BGP-Next-Hop via static > default gateway (0.0.0.0/0). > It seems that is not possible. > Does anyone have a link where it is written that BGP next-hop is not > resolvable via static default gw? Hi The default route could be used, but the problem here is that next hops are resolved by more specific routes that arrive through BGP, so you get a cycle. One solution is to put BGP routes to a different routing table than default route / IGP routes and use 'igp table' option in BGP protocols to specify the second table. Another workaround is just to override gw or bgp_next_hop in the import filter, as you already found. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: bird-1.5.0 ipv4 segfaults on configure - is it safe to change bgp protocol names runtime?
On Fri, Mar 18, 2016 at 09:55:11AM +0100, Ondrej Zajicek wrote: > On Fri, Mar 18, 2016 at 08:36:53AM +0100, Bartosz Radwan wrote: > > Hi bird users, > > > > General question is: is it safe to change bgp protocol name runtime? > > It is expected to be safe. Although because protocol names are used as > keys to identify/match protocols, you cannot really rename a protocol - > with a different name, a new one is created and an old one is removed. > > > > I can reproduce error that occurs at configure time in local envoroment, > > hovever there's no any established sessions at all in ths env, not sure if > > errors are the same. > > > > ... > > > > Further details including core files from gdb may be provided if needed. I just noticed that a second half of my previous post is missing. Could you send me the core dumps and binary? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
Re: LSA ID Collision help
On Mon, Mar 21, 2016 at 09:29:29AM -0400, Jigar Mehta wrote: > So I tried tracing down this problem and here is what I got : > > (Note : ... > 4. Due to flooding, we receive LSUPDATE packet from our DR and now since we > have a local copy, we delete the hash entry from lsrqh hash table as per RFC > 2328 13.3 > LSA hash 0069dcb8 removed ID 10.1.1.0 > > < So at this point, there is no hash entry for 10.1.1.0 in lsrqh but we still > have a hash entry in the top graph tree hash table (p->gr) since we call > ospf_disp (ospf hearbeat/ospf table calculations) every second and all of this > is happening within same second > Hi Thanks for the analysis. I think i understand the problem. The hash entry (in p->gr) is in the 'flushing' state (regardless whether we are waiting for implicit ACK by LSUPDATE or whether we already received that and just waiting for periodic cleanup) but because it was not originally created by ospf_originate_lsa() but by ospf_advance_lsa()/ospf_install_lsa() then en->nf is unset for the first hash entry (in p->gr). The check for LSA ID collision is probably just overzealous, in this case the new LSA should be properly propagated. I think the attached patch should fix the problem. If you could try it and report log messages (with debug events for OSPF) related to that LSA origination without and with the patch. > Also, is there a good way to announce from the custom protocol every X > seconds to sync up route tables with other protocols (send its routes > to other protocols). You could announce (by rte_update()) routes periodically every X seconds, but if they are the same as ones already in the routing table, then the updates are ignored as nothing changes. You definitely should not propagate routes directly from one protocol to another (i.e. call rte_announce() from one protocol to another). You could call periodically proto_request_feeding() for the destination protocol, but i doubt there is a good reason for that. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." diff --git a/proto/ospf/topology.c b/proto/ospf/topology.c index 8119cfa..7558d4a 100644 --- a/proto/ospf/topology.c +++ b/proto/ospf/topology.c @@ -278,7 +278,7 @@ ospf_originate_lsa(struct ospf_proto *p, struct ospf_new_lsa *lsa) if (!SNODE_VALID(en)) s_add_tail(>lsal, SNODE en); - if (en->lsa_body == NULL) + if (!en->nf || !en->lsa_body) en->nf = lsa->nf; if (en->nf != lsa->nf) signature.asc Description: Digital signature
Re: bird-1.5.0 ipv4 segfaults on configure - is it safe to change bgp protocol names runtime?
On Fri, Mar 18, 2016 at 08:36:53AM +0100, Bartosz Radwan wrote: > Hi bird users, > > General question is: is it safe to change bgp protocol name runtime? It is expected to be safe. Although because protocol names are used as keys to identify/match protocols, you cannot really rename a protocol - with a different name, a new one is created and an old one is removed. > I can reproduce error that occurs at configure time in local envoroment, > hovever there's no any established sessions at all in ths env, not sure if > errors are the same. > > Here's backtrace: > > > bird: F_1_0901_NEW_NAME: Initializing > bird: F_1_0901_NEW_NAME: Starting > bird: F_1_0901_NEW_NAME: State changed to start > bird: F_1_0901_OLD_NAME: State changed to down > > Program received signal SIGSEGV, Segmentation fault. > 0x00455bfb in ?? () > (gdb) bt > #0 0x00455bfb in ?? () > #1 0x0040e4ee in olock_run_event (unused=) at > ../../nest/locks.c:177 > #2 0x0043b76e in ev_run (e=0x66c010) at event.c:85 > #3 ev_run_list (l=0x66b2e0 ) at event.c:142 > #4 0x0043de3c in io_loop () at io.c:2061 > #5 0x004031d3 in main (argc=, argv=) > at main.c:833 > > > Then i've used much simplier config (just 1 bgp session) in my local > enviroment, after 3rd protocol name change and reconfiguration another error > occurred: > > bird: Removing protocol one_SOME_LONGER > bird: one_SOME_LONGER: Shutting down > bird: one_SOME_LONGER: Shutdown requested > bird: one_SOME_LONGER: State changed to stop > bird: Adding protocol one_SOME_LONGER_NAME > bird: one_SOME_LONGER_NAME: Initializing > bird: one_SOME_LONGER_NAME: Starting > bird: one_SOME_LONGER_NAME: State changed to start > bird: one_SOME_LONGER: Down > > Program received signal SIGSEGV, Segmentation fault. > olock_free (r=0x6751b0) at ../../nest/locks.c:72 > 72rem_node(n); > (gdb) bt > #0 olock_free (r=0x6751b0) at ../../nest/locks.c:72 > #1 0x00445752 in pool_free (P=) at resource.c:81 > #2 0x004457c3 in rfree (res=0x674830) at resource.c:165 > #3 0x0040ae8f in proto_notify_state (p=0x674da0, ps= out>) at ../../nest/proto.c:1387 > #4 0x0043b76e in ev_run (e=0x675120) at event.c:85 > #5 ev_run_list (l=0x66b2e0 ) at event.c:142 > #6 0x0043de3c in io_loop () at io.c:2061 > #7 0x004031d3 in main (argc=, argv=) > at main.c:833 > > Another protocol name change triggered another error: > > bird: Removing protocol one_SOME_LONGER_NAME_2 > bird: one_SOME_LONGER_NAME_2: Shutting down > bird: one_SOME_LONGER_NAME_2: Shutdown requested > bird: one_SOME_LONGER_NAME_2: State changed to stop > bird: Adding protocol one_SOME_LONGER_NAME_2_3 > bird: one_SOME_LONGER_NAME_2_3: Initializing > bird: one_SOME_LONGER_NAME_2_3: Starting > bird: one_SOME_LONGER_NAME_2_3: State changed to start > bird: one_SOME_LONGER_NAME_2: Down > bird: one_SOME_LONGER_NAME_2: State changed to down > bird: Reconfigured > > Program received signal SIGSEGV, Segmentation fault. > 0x0044574f in pool_free (P=) at resource.c:81 > 81r->class->free(r); > (gdb) bt > #0 0x0044574f in pool_free (P=) at resource.c:81 > #1 0x004457c3 in rfree (res=0x6807c0) at resource.c:165 > #2 0x0043d94b in sk_read (s=s@entry=0x680660) at io.c:1786 > #3 0x0043e23c in io_loop () at io.c:2158 > #4 0x004031d3 in main (argc=, argv=) > at main.c:833 > > > Further details including core files from gdb may be provided if needed. > > -- > A: Because it messes up the order in which people normally read text. > Q: Why is top-posting such a bad thing? > Z poważaniem > Bartosz Radwan -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." signature.asc Description: Digital signature
