OpenBSD BGP



  • HI,

    I've the latest pfsense version installed, with some packages (zabbix, openBGP,etc) . In last days, my BGP is going down constantly. This service was working for months and 0 errors. And now this…

    root@linux:~# ping 100.100.100.100
    PING 100.100.100.100 (100.100.100.100) 56(84) bytes of data.
    ( i have change the ip gateway)

    We have some services running in a server (in office) that need this working to get backups and sync information outside office.

    It can be a problem in hardware of pfsense? a problem with pfsense itself?

    I'm almost trying to give up of pfsense, and try to install a mikrotik or other router.

    Thanks.



  • No one will be able to offer any help without knowing what the routing log and openbgpd status are showing.



  • Status:

    Neighbor                  AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
    N GW                  0000          0          0    0 Never    Active
    nterface      Nexthop state  Flags          Link state
    ovpns1        ok            UP            active
    lo0            ok            UP            invalid
    enc0          invalid                      invalid
    pfsync0        invalid                      invalid
    pflog0        invalid                      invalid
    em0            ok            UP            Ethernet, active, 1000 MBit/s
    nfe0          ok            UP            Ethernet, active, 100 MBit/s
    re0            invalid                      Ethernet, no carrier
    sk0            invalid        UP            Ethernet, no carrier

    Error Log:

    gateways.log:Jun 22 09:02:30 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
    gateways.log:Jun 22 09:02:30 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
    gateways.log:Jun 22 09:02:31 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
    gateways.log:Jun 22 09:02:31 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
    gateways.log:Jun 22 09:02:32 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65

    thanks



  • So no OpenBGP errors in the log? What about the summary, nexthop, neighbor status?



  • OpenBGPD Summary
    Neighbor                  AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
    N GW                  1111          0          0    0 Never    Active

    OpenBGPD Nexthops
    Flags: * = nexthop valid

    Nexthop        Route              Prio Gateway        Iface

    OpenBGPD Neighbors
    BGP neighbor is 100.100.100.100, remote AS 1111
    Description: N GW
      BGP version 4, remote router-id 0.0.0.0
      BGP state = Active
      Last read Never, holdtime 240s, keepalive interval 80s

    Message statistics:
                      Sent      Received 
      Opens                    0          0
      Notifications            0          0
      Updates                  0          0
      Keepalives              0          0
      Route Refresh            0          0
      Total                    0          0

    Update statistics:
                      Sent      Received 
      Updates                  0          0
      Withdraws                0          0
      End-of-Rib              0          0

    Local host:            (unknown), Local port:     
      Remote host:            (unknown), Remote port:



  • It appears you are not getting any routes from the peer router.
    The fact that the pinger showed the remote router down seems to indicate the transit layer to 100.100.100.100 failed.
    Is that IP provider-assigned, or did you obfuscate the real IP? That block is not a traditional private space, but is supposed to be used by service providers for their internal networks.



  • @dotdash:

    It appears you are not getting any routes from the peer router.
    The fact that the pinger showed the remote router down seems to indicate the transit layer to 100.100.100.100 failed.
    Is that IP provider-assigned, or did you obfuscate the real IP? That block is not a traditional private space, but is supposed to be used by service providers for their internal networks.

    I've obfuscate the real ip.


Log in to reply