BGP not adding to route table , pfSense -> Cisco , restarts every 15 minutes

parsalog · Oct 5, 2012, 8:38 PM

not sure where to post this, I am having a couple issues with OpenBGPD.

I am connecting to Verizons network(cisco) to put my verizon tablets behind our firewall. And I am down to the last step, BGP . It connects, but the route never gets added.

also, this is being done via GRE and IPsec transport. I can ping both sides of the GRE connection for both internal IPs x.x.x.x and y.y.y.y

my config is this

This file was created by the package manager. Do not edit!

AS 12345
fib-update yes
network 0.0.0.0/0
group "Verizon" {
remote-as 1234
neighbor x.x.x.x {
descr "Verizon Las Vegas NV"
announce all
set nexthop x.x.x.x
}
neighbor y.y.y.y {
descr "Verizon Tempe AZ"
announce all
set nexthop y.y.y.y
}
}
deny from any
deny to any
allow from x.x.x.x
allow x.x.x.x
allow from y.y.y.y
allow to y.y.y.y

OpenBGPD Summary

Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd
Verizon Tempe AZ 1234 38 36 0 00:05:27 1
Verizon Las Vegas NV 1234 38 37 0 00:05:27 1

also, the bgp connection resets exactly every 15 minutes.

neighbor y.y.y.y (Verizon Tempe AZ): write error: Operation not permitted
neighbor y.y.y.y (Verizon Tempe AZ): write error: Operation not permitted
neighbor y.y.y.y (Verizon Tempe AZ): state change Established -> Idle, reason: Fatal error
neighbor x.x.x.x (Verizon Las Vegas NV): write error: Operation not permitted
neighbor x.x.x.x (Verizon Las Vegas NV): write error: Operation not permitted
neighbor x.x.x.x (Verizon Las Vegas NV): state change Established -> Idle, reason: Fatal error
route z.z.z.z/24 vanished before delete
check_reload_status: Reloading filter
neighbor y.y.y.y (Verizon Tempe AZ): state change Idle -> Connect, reason: Start
neighbor x.x.x.x (Verizon Las Vegas NV): state change Idle -> Connect, reason: Start
neighbor x.x.x.x (Verizon Las Vegas NV): state change Connect -> OpenSent, reason: Connection opened
neighbor y.y.y.y (Verizon Tempe AZ): state change Connect -> OpenSent, reason: Connection opened
neighbor x.x.x.x (Verizon Las Vegas NV): state change OpenSent -> OpenConfirm, reason: OPEN message received
neighbor x.x.x.x (Verizon Las Vegas NV): state change OpenConfirm -> Established, reason: KEEPALIVE message received
neighbor y.y.y.y (Verizon Tempe AZ): state change OpenSent -> OpenConfirm, reason: OPEN message received
neighbor y.y.y.y (Verizon Tempe AZ): state change OpenConfirm -> Established, reason: KEEPALIVE message received

parsalog · Oct 15, 2012, 9:56 PM

15 minute reset solved, not sure why, I added 2 items

local-address x.x.x.b
multihop 3

15 minute reset problem went away.

so one problem left. bgp route z.z.z.z not getting added …

HIGHFIVE MYSELF NO FRIENDS !

parsalog · Oct 17, 2012, 6:35 PM

Still no solution yet, but I do have a new symptom . If I manualy add the route, and BGP sends a route update, then the route I had manualy added disapears. But or coarse the new one does not appear.

Also, I tried launching bgpd as root from SSH, and the results are not different.

I added a Depends on GRE line (which is absent from the web interface), and again no differnce.

I am stating to wonder if this is a bug. I am running the 64 bit distro. Does anyone out there have a working 64bit install with BGP?

Also, I am starting to wonder if anyone on PFsense has a correctly working BGP, I have read a couple BGP tutorials, and each time the user manualy added the route, but that make no sense?

Also, due to the lack of responses I am wondering if I am in the right forum section, moderator thoughts?

2.0.1-RELEASE (amd64)
built on Mon Dec 12 18:16:13 EST 2011
FreeBSD 8.1-RELEASE-p6

acherman · Oct 17, 2012, 6:40 PM

I don't have a working BGP install yet - I am just waiting on the first ISP to get their config stuff ready (Shaw). Once that is done I will be multi-homed with Telus and Shaw (Alberta, Canada). I am running x86 versions. I have been watching all of the BGP threads though, and I'm not sure why no one has replied to yours, especially admins, although sometimes it can take a while, though your OP is 12 days old - I imagine it can take time to browse every thread and post started.

parsalog · Oct 19, 2012, 5:31 PM

Good to know someone is out there, thank you acherman.

For what it is worth looking back on this project BGP is fairly easy, as things go, once you understand all the terms used… Working with Verizon , translated Cisco network, not much of the language they used lined up... so once I figured out what they were saying it was not too difficult to get connected to their network. If you end up having to use GRE over Ipsec transport, like I did, be aware you will have to patch the interface, as pfSense is missing some cisco compatibility options.

Also, having been thru every turtorial I could find on bgp for pfSense, I am of the oppinion that many of the guys who write them don't know what they are doing .

Good Luck on your effort.

parsalog · Oct 19, 2012, 8:02 PM

Solved !

so fortunately I stumbled across this post http://forum.pfsense.org/index.php?topic=54243.0

I had enabled RIP when I was transitioning from Watchguard to pfSense. So I turned it off as it is needed no more, and BGP routes now appear , YAY ! ;D

acherman · Oct 20, 2012, 12:21 AM

Good job! Thanks for the update and the words of advice. Much appreciated.

Aaron