Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BGP won't install routes into kernel. Neighbor is AWS over VTI

    Scheduled Pinned Locked Moved
    FRR
    2
    2
    411
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gorf
      last edited by

      I'm on 2.4.4-RELEASE-p3 (amd64).

      I've installed FRR and the BGP configuration is straight forward and works fine. For reference this is via a VTI tunnel to an AWS endpoint. This is my config:

      log syslog

# BGP Config
router bgp 65000
  bgp log-neighbor-changes
  bgp router-id 169.254.36.138
  timers bgp 10 30
  address-family ipv4 unicast
   network 192.168.8.0/24
  exit-address-family

  # BGP Neighbors
  neighbor 169.254.36.137 remote-as 64512
  neighbor 169.254.36.137 description AWS VPC Neighbor tunnel 1
  neighbor 169.254.36.137 disable-connected-check
  address-family ipv4 unicast
    neighbor 169.254.36.137 activate
    no neighbor 169.254.36.137 send-community
  exit-address-family

      The session is ESTABLISHED and I'm getting and sending the expected routes:

      BGP table version is 3, local router ID is 169.254.36.138, vrf id 0
Default local pref 100, local AS 65000
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.2.0.0/16      169.254.36.137         100             0 64512 i
*> 192.168.8.0/24   0.0.0.0                  0         32768 i

Displayed  2 routes and 2 total paths

      The problem is that FRR only occasionally installs that 10.2/16 route into the kernel. When it's not there it forwards that 10.2/16 traffic via my default route. I'm really stuck trying to figure out why. Interestingly I can't get any logs out of FRR either. /var/log/frr is empty, there is nothing in system.log or routing.log.

      I did add the comment "log file /var/log/frr/frr.log debug" to the config file. It doesn't really output much:

      2020/05/19 18:16:41 BGP: Vty connection from ::1
2020/05/19 18:17:16 BGP: %ADJCHANGE: neighbor 169.254.36.137(Unknown) in vrf default Up
2020/05/19 18:17:17 BGP: %NOTIFICATION: rcvd End-of-RIB for IPv4 Unicast from 169.254.36.137 in vrf default

      I did see comments around patch 9668 and I don't know that this is related. Maybe? I'm not sure what /etc/rc.newipsecdns is.

      Thoughts?

      1 Reply Last reply Reply Quote 0
      • Z
        Zawi
        last edited by

        what do you mean by "When it's not there".?

        if the next hop is not available , the traffic will be forwarded via default route.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post