FRR 7.5 full bgp table very slow and AS paths not working
-
I'm running pfSense for IPv6 bgp routing. After upgrading to 2.5.0 the VM gets really slow when loading the full table from 2 peers. I checked the running processes and found multiple 'netstat --libxo json -nWr' running for over 10 seconds an more. Sometimes the webinterface times out with "bad gateway". Reducing the number of routes helps. Never had that problem with 2.4.x
Another problem occured after the update... the service won't start with any configured AS path filters. My guess is it gets inserted in the wrong configuration section.
Anyone have the same problems?
-
I'm having a smiliar issue with ipv4 internal networks - have you seen this:
https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routes
-
Take a look at this one:
https://redmine.pfsense.org/issues/11364
See if your situation matches and if you can help reproduce the issue.
-
Thanks for the links. I don't really need the full table on this device, but I'd like to reduce the number of learned routes by using an AS path filter. However here's a bit of my config:
...
neighbor 2001:1:2:3::4 update-source 2001:1:2:3::3
!
bgp as-path access-list <peer> permit <peer as>
address-family ipv6 unicast
network ....I guess the "bgp as-path..." just moved to the wrong position :(
-
I have one such instance where the pfSense has 1GB RAM and only needs to announce one IPv6 /48 but the upstream is set to send full tables. pfSense will eventually OOM, start swapping out and web UI will lock up/die. To only receive default route I placed a prefix filter.
This is then attached to the neighbor settings
This allows this tiny instance to survive being sent full tables. We discard all but the default route. The outbound filter is just a prefix list containing the /48 I want to announce and then deny all else. This is to satisfy the new default of "bgp ebgp-requires-policy"
Is that what you are looking for ?
-
@archang3l said in FRR 7.5 full bgp table very slow and AS paths not working:
Thanks for the links. I don't really need the full table on this device, but I'd like to reduce the number of learned routes by using an AS path filter. However here's a bit of my config:
...
neighbor 2001:1:2:3::4 update-source 2001:1:2:3::3
!
bgp as-path access-list <peer> permit <peer as>
address-family ipv6 unicast
network ....I guess the "bgp as-path..." just moved to the wrong position :(
Redmine issue created:
https://redmine.pfsense.org/issues/11445 -
fixed in FRR 1.1.0_6
