BGP problems

peco1si

Hi!

1. problem:
When I start bgpd it starts normally but in system logs I get this errors.

Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): state change OpenSent -> Idle, reason: NOTIFICATION received
Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): received notification: error in OPEN message, unknown subcode 8
Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): received notification: error in OPEN message, unknown subcode 8
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): state change OpenConfirm -> Idle, reason: NOTIFICATION received
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): received notification: Cease, unknown subcode 5
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): received notification: Cease, unknown subcode 5
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): state change OpenSent -> OpenConfirm, reason: OPEN message received
Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): state change Connect -> OpenSent, reason: Connection opened
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): state change Connect -> OpenSent, reason: Connection opened
Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): state change Idle -> Connect, reason: Start
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): state change Idle -> Connect, reason: Start
Dec 8 12:37:19 bgpd[33973]: neighbor 212.18.39.17 (Amis): state change None -> Idle, reason: None
Dec 8 12:37:19 bgpd[33973]: neighbor 212.93.236.85 (Sinfonika): state change None -> Idle, reason: None
Dec 8 12:37:19 bgpd[33972]: route decision engine ready
Dec 8 12:37:19 bgpd[33973]: session engine ready
Dec 8 12:37:19 bgpd[33971]: cannot bind to 212.18.39.18:179: Address already in use
Dec 8 12:37:19 bgpd[33971]: cannot bind to 212.18.39.18:179: Address already in use
Dec 8 12:37:19 bgpd[33971]: startup

2. problem:
Is that I'm sending default route to the other ISP. Why? I've set option to "announce self".
I hope you understand what is my problem.

This is my bgpd.conf:
AS 44073
listen on 212.18.39.18
router-id 91.198.112.1
network 91.198.112.0/24
group "Amis" {
        remote-as 8591
        neighbor 212.18.39.17 {
                descr "Amis"
                announce self
        }
}
group "Sinfonika" {
        remote-as 5435
        neighbor 212.93.236.85 {
                descr "Sinfonika"
                announce self
        }
}
deny from any
deny to any
allow from 212.18.39.17
allow to 212.18.39.17
allow from 212.93.236.85
allow to 212.93.236.85

thanks for replyes

bobe

Solution for 1st problem was killing a bunch of bgpd processes and restart bgpd.

For 2nd just simple addition:
allow to 212.18.39.17 prefix 91.198.112.0/24
…
allow to 212.93.236.85 prefix 91.198.112.0/24

bobe

pfSense 1.2 GUI doesn't support editing of bgpd.conf so one could add "prefix …" to the end of allow to ACL, like:
allow to 212.18.39.17 prefix 91.198.112.0/24

Is someone working on this?
If not, where one (me?) could start working on this?
Regards
Robert

djmizt

looks like you are binding bgpd on one subnet. here's a bgpd.conf that works with the latest pfsense version. (note that I set the announce on the group level, you can do this on the neighbor level also, also I like to define things even tho they are the default - just for my own sanity)

AS 12345
holdtime 60
listen on 127.0.0.1  #try this to so solve your binding problem
router-id 111.111.111.111
network 123.123.123.0/24

group "upstream" {
        announce self
        announce capabilities yes
        set localpref 90
        softreconfig in yes
        softreconfig out yes
        neighbor 63.169.230.189 {
                descr "Sprint Upstream"
                remote-as 1239
                depend on em1
                max-prefix 270000
        }
        neighbor 204.9.204.29 {
                descr "US Colo Upstream"
                multihop 3
                remote-as 32743
                depend on em2
                max-prefix 270000
        }
}

group "any2_peers" {
         announce self
         announce capabilities yes
         depend on em3
         set localpref 110
         softreconfig in yes
         softreconfig out yes
         neighbor 206.223.143.33 {
                descr "WV Fiber"
                remote-as 19151
                max-prefix 4000
        }
        neighbor 206.223.143.79 {
                descr "Peer 1 Networks"
                remote-as 13768
                max-prefix 2000
}
        neighbor 206.223.143.63 {
                descr "Singapore Telecom"
                remote-as 7473
                max-prefix 20000
        }
}

Sample filter section:

Filter Section

First deny everything from all

deny from any
deny to any

Allow to/from our peers

All groups  must be listed here to receive and send updates

allow from group upstream
allow to group upstream
allow from group any2_peers
allow to group any2_peers

Filter out Default Route, RFC1918 and other IANA reserved IP blocks

deny from any prefix 0.0.0.0/0
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4

+++++++++++++++++++++++++++++++++

hope this helps