Re: BIRD drops specific IPv6 session for no reason
double check that your router have arp entry and route for that peer when that happens. Example if your router get wrong route for peer it can send response packets (or some cases arp requests) to wrong interface. So dump your another interfaces also at same time and you will see what it do. Probably watch for route and arp with proper grep and -n is also your friend if that happens very often. On 28/02/2020 13.41, Stavros Konstantaras wrote: > Hi Bird community, > > We are investigating a weird customer issue regarding our Bird Route Servers > (version 1.6.3) and a specific IPv6 session. Customer reports a sudden drop > of his IPv6 session and -until now- we could not relate those drops with any > issue or instability. Everything seems normal and no other customer > complained at the moment of the incident. > > > > After some packet capturing at the moment of the event, we discovered that > BIRD does not send a response messages to the customer’s BGP keepalive > messages (see attached picture), which result to the BGP hold timer to expire > and the sessions to be dropped. We observed this anomaly with both RSs but at > different time slots and the tcpdump capture was running at the Interface > were Bird is sending all BGP traffic for customers. At the moment of the > event, we didn’t do any maintenance or other RS related work. > > Has any of you experienced this in the past? If yes, how did you solve this? > Any related feedback is welcomed. > > > > > > > > Best regards, > > Stavros Konstantaras | Sr. Network Engineer | AMS-IX > M +31 (0) 620 89 51 04 | T +31 20 305 8999 > ams-ix.net <http://ams-ix.net> > -- F-Solutions Oy Tapio Haapala PL7, 90571 Oulu GSM +358400998371 Skype burner- IRC Burner@ircnet
Re: Limit on how many neighbors
Have you tested use realbroadcast flag at bird? It is not compatible with other softwares but usually it helps when you have wierd problems at unstable mobile vpn connections to get all clients initialized. By default ospf use multicast. As sad it is multicast implementations in kernels, switches etc more or less always broken. So I suggest to test that. Another thing is also that I am not sure how good idea it is run over 100 client ospf farm at one "L2". I suggest that you run multiple openvpn servers instances and split connections between them. That way you can get also reduntancy. If you limit max clients at server side and add multiple remote addresses to client side your client will choose next server if first is full. Also if you have multiple physic servers then it allow helps you when you want update one of them. Naturally that splitting is just workaround for original problem and then we will not never know what that problem was in first place :) That why for curiosity I suggest first to test with that "real bloardact yes" flag at all routers and we will see that is that problem in bird it self or on openvpn bridge/kernel side. Magnus Löfqvist kirjoitti 14.10.2017 klo 20.27: Hi again, Just a throught, we dont need our endpoints to know about each other, in fact, we do firewalling not to allow traffic between them. Are there any better solutions, instead of ospf, where we can have more than 100 endpoints getting there routes from a central server, and where we dont need to specify evry neigboor at the system? / Magnus *Från:* Magnus Löfqvist *Sänt:* 13 okt. 2017 23:31 *Till:* Ondrej Zajicek *Kopia:* bird-users@network.cz *Ämne:* Re: Limit on how many neighbors Hi, I agree with you, it should not be the case here. But, we are running over mobile networks, and the openvpn adds some overhead. Running some tcpdump shows that the packet lenght of the hello packet is just about 480, and that should be ok. If we change to another openvpn instance/interface and change over to that it works directly. I have also updated bird on our mainrouter to 1.6.3 (latest), but the issue still exist. I have attached our config files (bird.conf (mainrouter), bird_client.conf (from one of the end router)). My OSPF knowlege are limited, so I guess that I have made some errors :) The main feature we need is to distribute some external routes (10.3.50.0/24, 10.3.60.0/24), and distribute back the endpoints IP networks (10.98.x.x/30) / Magnus *Från:* Ondrej Zajicek*Sänt:* 13 okt. 2017 13:13 *Till:* Magnus Löfqvist *Kopia:* bird-users@network.cz *Ämne:* Re: Limit on how many neighbors On Thu, Oct 12, 2017 at 11:43:03AM +, Magnus Löfqvist wrote: > Hi, > > We are running Bird with OSPF between embedded routers (openwrt) (mobile routers). > The routers are connected to our main server with openvpn, and we are using bird ontop on openvpn to deliver routes to the end routers. > > This have worked quite well, but today we notice some glitches. > We had some routers that did not finish election (ie, stand in init instead of being full). > When we count, there are exactly 100 devices that are in "full", and 3 in init. > > Are there any limit on how many neighbors/routers? Hi There is AFAIK no hard limit, but there is an issue that if you have too many neighbors, you end with Router-LSA that does not fit into MTU and will be sent using fragmented IP packets. Which usually works, but may be problematic. But that is probably not relevant, as if there were such problem, they would stuck in later stage of exchange and not in 'init'. So i have no idea why they stuck in 'init'. Isn't there any misconfiguration? Is there anything in logs? Did they corrected after restart? -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santi...@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Re: Monitoring routes from Nagios
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 We use this kind script http://pastebin.com/6kuQSPC1 It check ospf neighbors and diff it to know good state. If neighbor is lost it give critical error and provide diff as message. If there is new neigbors it give warning. Probably not most beautiful way to do it but it serve our needs well. 29.3.2016, 16:07, Stanislaw Datskevich kirjoitti: > Hi Michael, Apparently the only way is parsing birdc or bird.ctl > socket output. Its not a complicated task, perl with a few regexps > should do the trick. > > В Вт, 29/03/2016 в 10:56 +1300, Michael Ludvig пишет: >> Hi >> >> What approach do you have for monitoring routing status in your >> environments? We've got OSPF set up between our sites (offices >> and data centres) and BGP for uplinks from some sites. I want to >> monitor by Nagios that everything is as expected. >> >> For example: - BGP feeds from ISPs look sane (e.g. include >> 0.0.0.0/0 - as that's what we are interested in) - configured >> OSPF peers are all connected - ... what else? >> >> I can write some scripts to parse "birdc show ..." output and >> feed that into Nagios but perhaps someone has a better way to do >> that? >> >> Thanks! >> >> Michael >> >> >> - -- F-Solutions Oy Tapio Haapala PL7, 90571 Oulu GSM 0400 998371 Skype burner- IRC Burner@ircnet -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJW+xWZAAoJECSUPJ4T/HZPlccIAIT+rMnW4OsFpFczNIO7xFVZ JOj4vtJvNmMtQP8N7PAc5QU31A0leGVghl9Pqt4ZHq4ObolfQXaGIiB2qV/Fozqm pbXdswXEYv/Wlfix6EGEPcdH/6w8eQ+kjT9CV7LDoEdRfhNVz/dGJkq42CR0XaFL zmxPGIWL3CdVA7M7eM6liU21fHFWxwQswWDMzevWHqrec9hmMTEHGqOfpqyNVLXb EvRr0rtGQjdUfYhWUiVx1UPUfutjhdfF7KF+FgHAV+7vLypjBAG1zvkmts6dv9Wc NuZYSFbRYOrYRySOdp0iGlIz+GlmkC94hbz93ff4BFjLZJnNJrj8CrS6Z4sFinA= =9pbb -END PGP SIGNATURE-
Re: Advertise prefix without static
Well yes an no. Depending of case. But lets say that way that if your use case is that you have /20 network and then you have smaller (more spesific) netoworks inside your own infra you can do example that way protocol static announce { route x.x.x.x/20 unreachable; } That will generate advertise. Then your more spesific routes will handle real traffic. If you want you can filter these routes so that they will not go to kernel, but as far you have more spesific routes they will not harm you. If you do not have them then you need anyways static routes or some other route source for them and you can use them for advertisement. Most of other softwares allow you to generate fake bgp advertisements in bgp protocol (and in most cases it is even standard way to do it) But I think that bird way is quite logical after you get used to it. 22.11.2015, 14:05, David S. kirjoitti: Hi All, My name is David, I'm from Indonesia. I'm new on BGP and especially Bird. I configure FreeBSD 10.2 with Bird 1.5. I just want to know there is any way to advertise a network prefix without protocol static, please tell how if is it possible. I have read the documentation and I can't find any article that point me to my question. Thanks in advance. Best regards, David S. e. da...@zeromail.us <mailto:da...@zeromail.us> w. http://blog.pnyet.web.id -- Tapio Haapala F-Solutions Oy mobile +358400998371 irc Burner@ircnet skype burner-
Re: High CPU load
I had same kind problem some years a go. Problem was that I accidentaly miscofigure bgp session so that one of peers was connected to ip what was announced via other hop. That caused route flapping and full internet table flapping at that router - 100% cpu load and 10-100Mbps bgp traffic. 8.4.2015, 13:18, Simone Morandini kirjoitti: Hello list, we are running BIRD on our IXP peering platform with no problems since quite a while now. We need to activate a new peer which is expected to announce a considerable amount of prefixes (~100k), and the first try resulted in having nearly 100% cpu load, ~60-70% for BIRD and the remaining for syslog. The machine was hardly manageable, so after a few minutes we had to disable the peer and restart the deamon. The current settings actually make BIRD log everything: log /var/log/bird.log all; log syslog all; so I guess we could start by modifying it: any advice on this? Would you suggest something more, in order to avoid having again a high cpu load? Thanks in advance, Simone. -- Tapio Haapala F-Solutions Oy mobile +358400998371 irc Burner@ircnet skype burner-