BGP won't install routes into kernel. Neighbor is AWS over VTI
I'm on 2.4.4-RELEASE-p3 (amd64).
I've installed FRR and the BGP configuration is straight forward and works fine. For reference this is via a VTI tunnel to an AWS endpoint. This is my config:
log syslog # BGP Config router bgp 65000 bgp log-neighbor-changes bgp router-id 169.254.36.138 timers bgp 10 30 address-family ipv4 unicast network 192.168.8.0/24 exit-address-family # BGP Neighbors neighbor 169.254.36.137 remote-as 64512 neighbor 169.254.36.137 description AWS VPC Neighbor tunnel 1 neighbor 169.254.36.137 disable-connected-check address-family ipv4 unicast neighbor 169.254.36.137 activate no neighbor 169.254.36.137 send-community exit-address-family
The session is ESTABLISHED and I'm getting and sending the expected routes:
BGP table version is 3, local router ID is 169.254.36.138, vrf id 0 Default local pref 100, local AS 65000 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 10.2.0.0/16 169.254.36.137 100 0 64512 i *> 192.168.8.0/24 0.0.0.0 0 32768 i Displayed 2 routes and 2 total paths
The problem is that FRR only occasionally installs that 10.2/16 route into the kernel. When it's not there it forwards that 10.2/16 traffic via my default route. I'm really stuck trying to figure out why. Interestingly I can't get any logs out of FRR either. /var/log/frr is empty, there is nothing in system.log or routing.log.
I did add the comment "log file /var/log/frr/frr.log debug" to the config file. It doesn't really output much:
2020/05/19 18:16:41 BGP: Vty connection from ::1 2020/05/19 18:17:16 BGP: %ADJCHANGE: neighbor 169.254.36.137(Unknown) in vrf default Up 2020/05/19 18:17:17 BGP: %NOTIFICATION: rcvd End-of-RIB for IPv4 Unicast from 169.254.36.137 in vrf default
I did see comments around patch 9668 and I don't know that this is related. Maybe? I'm not sure what /etc/rc.newipsecdns is.
what do you mean by "When it's not there".?
if the next hop is not available , the traffic will be forwarded via default route.