OpenBSD BGP

silenceti

HI,

I've the latest pfsense version installed, with some packages (zabbix, openBGP,etc) . In last days, my BGP is going down constantly. This service was working for months and 0 errors. And now this…

root@linux:~# ping 100.100.100.100
PING 100.100.100.100 (100.100.100.100) 56(84) bytes of data.
( i have change the ip gateway)

We have some services running in a server (in office) that need this working to get backups and sync information outside office.

It can be a problem in hardware of pfsense? a problem with pfsense itself?

I'm almost trying to give up of pfsense, and try to install a mikrotik or other router.

Thanks.

dotdash

No one will be able to offer any help without knowing what the routing log and openbgpd status are showing.

silenceti

Status:

Neighbor                  AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
N GW                  0000          0          0    0 Never    Active
nterface      Nexthop state  Flags          Link state
ovpns1        ok            UP            active
lo0            ok            UP            invalid
enc0          invalid                      invalid
pfsync0        invalid                      invalid
pflog0        invalid                      invalid
em0            ok            UP            Ethernet, active, 1000 MBit/s
nfe0          ok            UP            Ethernet, active, 100 MBit/s
re0            invalid                      Ethernet, no carrier
sk0            invalid        UP            Ethernet, no carrier

Error Log:

gateways.log:Jun 22 09:02:30 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
gateways.log:Jun 22 09:02:30 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
gateways.log:Jun 22 09:02:31 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
gateways.log:Jun 22 09:02:31 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65
gateways.log:Jun 22 09:02:32 pfSense dpinger: FIBER100GW 100.100.100.100: sendto error: 65

thanks

dotdash

So no OpenBGP errors in the log? What about the summary, nexthop, neighbor status?

silenceti

OpenBGPD Summary
Neighbor                  AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
N GW                  1111          0          0    0 Never    Active

OpenBGPD Nexthops
Flags: * = nexthop valid

Nexthop        Route              Prio Gateway        Iface

OpenBGPD Neighbors
BGP neighbor is 100.100.100.100, remote AS 1111
Description: N GW
  BGP version 4, remote router-id 0.0.0.0
  BGP state = Active
  Last read Never, holdtime 240s, keepalive interval 80s

Message statistics:
                  Sent      Received 
  Opens                    0          0
  Notifications            0          0
  Updates                  0          0
  Keepalives              0          0
  Route Refresh            0          0
  Total                    0          0

Update statistics:
                  Sent      Received 
  Updates                  0          0
  Withdraws                0          0
  End-of-Rib              0          0

Local host:            (unknown), Local port:     
  Remote host:            (unknown), Remote port:

dotdash

It appears you are not getting any routes from the peer router.
The fact that the pinger showed the remote router down seems to indicate the transit layer to 100.100.100.100 failed.
Is that IP provider-assigned, or did you obfuscate the real IP? That block is not a traditional private space, but is supposed to be used by service providers for their internal networks.

silenceti

@dotdash:

It appears you are not getting any routes from the peer router.
The fact that the pinger showed the remote router down seems to indicate the transit layer to 100.100.100.100 failed.
Is that IP provider-assigned, or did you obfuscate the real IP? That block is not a traditional private space, but is supposed to be used by service providers for their internal networks.

I've obfuscate the real ip.