BGP stops working after upgrade to 2.5
-
After upgrading from 2.4.5p1 to 2.5 BGP stopped working. First I assumed it was because of my IPsec VTI tunnel, however when i manually add the routes they just work and when I ping the endpoint of the tunnel they just reply, both IPv4 and IPv6 work.
Even tried using a WireGuard tunnel however this doesn't work either. I'm able to ping the end point route traffic through the tunnel but BGP just doesn't work.
-
Same problem here. BGP neighbors come online, but no routes are exchanged, zebra routing table does not get updated. Same problem on neighbors, no routes present from the pfsense device.
-
This fixes it
https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routesLook at reply from jimp. That doesn't require editing the raw config.
The default changed to not accept or distribute routes to a neighboer without a policy in place. This would only affect those who don't already use a route map on their neighbors, so for most the main change will be adding an "Allow-All" route map and then setting that as the route map filter on each neighbor.
Under FRR, go to Global Settings, Route Maps, add a new one that just has:
Name: Allow-All Action: Permit Sequence: 100 (or whatever)Then under BGP, edit each neighbor and set it as both entries (inbound and outbound) for Route Map Filter under Peer Filtering.
It's a more secure default, but it may catch some by surprise.
That can be added before upgrade, too, which would prevent this from ever being a problem.
-
We also ran into this issue:
First we deleted /tmp/config.cache
This resulted in a very long boot up time (at starting apcupsd package).
But it finally came up.
https://forum.netgate.com/post/965863Afterwards we had the issue with no "route map filter" configured on one path.
This was resolved by configuring the "Allow-all" filter like suggested.https://forum.netgate.com/post/962875
Thanks