BGP won't install routes into kernel. Neighbor is AWS over VTI



  • I'm on 2.4.4-RELEASE-p3 (amd64).

    I've installed FRR and the BGP configuration is straight forward and works fine. For reference this is via a VTI tunnel to an AWS endpoint. This is my config:

    log syslog
    
    # BGP Config
    router bgp 65000
      bgp log-neighbor-changes
      bgp router-id 169.254.36.138
      timers bgp 10 30
      address-family ipv4 unicast
       network 192.168.8.0/24
      exit-address-family
    
      # BGP Neighbors
      neighbor 169.254.36.137 remote-as 64512
      neighbor 169.254.36.137 description AWS VPC Neighbor tunnel 1
      neighbor 169.254.36.137 disable-connected-check
      address-family ipv4 unicast
        neighbor 169.254.36.137 activate
        no neighbor 169.254.36.137 send-community
      exit-address-family
    

    The session is ESTABLISHED and I'm getting and sending the expected routes:

    BGP table version is 3, local router ID is 169.254.36.138, vrf id 0
    Default local pref 100, local AS 65000
    Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
                   i internal, r RIB-failure, S Stale, R Removed
    Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
    Origin codes:  i - IGP, e - EGP, ? - incomplete
    
       Network          Next Hop            Metric LocPrf Weight Path
    *> 10.2.0.0/16      169.254.36.137         100             0 64512 i
    *> 192.168.8.0/24   0.0.0.0                  0         32768 i
    
    Displayed  2 routes and 2 total paths
    

    The problem is that FRR only occasionally installs that 10.2/16 route into the kernel. When it's not there it forwards that 10.2/16 traffic via my default route. I'm really stuck trying to figure out why. Interestingly I can't get any logs out of FRR either. /var/log/frr is empty, there is nothing in system.log or routing.log.

    I did add the comment "log file /var/log/frr/frr.log debug" to the config file. It doesn't really output much:

    2020/05/19 18:16:41 BGP: Vty connection from ::1
    2020/05/19 18:17:16 BGP: %ADJCHANGE: neighbor 169.254.36.137(Unknown) in vrf default Up
    2020/05/19 18:17:17 BGP: %NOTIFICATION: rcvd End-of-RIB for IPv4 Unicast from 169.254.36.137 in vrf default
    

    I did see comments around patch 9668 and I don't know that this is related. Maybe? I'm not sure what /etc/rc.newipsecdns is.

    Thoughts?



  • what do you mean by "When it's not there".?

    if the next hop is not available , the traffic will be forwarded via default route.


Log in to reply