BIRD BGP and VRF - Cannot assign requested address

Ondrej Zajicek santiago at crfreenet.org
Sat Aug 5 23:55:44 CEST 2017


On Sat, Aug 05, 2017 at 01:02:08PM +0200, Ondrej Zajicek wrote:
> On Sat, Aug 05, 2017 at 01:53:11AM +0200, Clément Guivy wrote:
> > On 04/08/2017 23:00, Ondrej Zajicek wrote:
> > > 
> > > You could try to use 'direct' option for IBGP to run it in IBGP mode.
> > 
> > Thanks, I missed this difference between IBGP and EBGP. Now with this
> > "direct" setting it's getting better, no more complaining from the service.
> > However BGP session is now stuck in "Connect" state. Netstat shows SYN_SENT
> > status for the TCP session, and a tcpdump trace shows that conversation
> > between the two BIRD routers is limited to SYN packet => immediate SYN+ACK
> > response => immediate RST response, this 3-step process being repeated every
> > few seconds. Not sure what to conclude from there.
> > 
> > I tried to enable debug with "debug ibgp_internet all" command and check the
> > syslog, but it just keeps repeating the following :
> > 
> > bird: ibgp_internet: Connecting to 10.206.81.82 from local address
> > 10.206.81.81
> 
> It seems like receiving sides do not accept incoming connections, hence
> RST response and no receiving event in log. AFAIK, socket listening on
> 0.0.0.0 should receive connections regardless of VRFs, so it should not
> be a problem.

Hi

I replicated the problem and noticed that RST is from the sender, so it is
not related to the listening socket but to the connecting socket.

I found that it is probably a bug/behavior of Linux VRF implementation.
Socket can be bound to an iface, which is also used to choose related
VRF. For UDP sockets, it works for both VRF ifaces and underlying (real)
ifaces. But for TCP (and perhaps ICMP) sockets it seems to work only for
VRF ifaces, while BIRD tries to bind the socket with the real iface.

Similarly, i cannot ping in VRF using 'ping -I eth0 A.B.C.D', while
i can ping with 'ping -I vrf0 A.B.C.D' when eth0 is interface under
vrf0.

A very ugly workaround for BIRD BGP is to add appropriate IP addresses
also to vrf iface (with 'noprefixroute' option to not mess routing
table) and then use 'interface' BGP protocol option with vrf interface.
In your case:

ip addr add 10.206.81.81/29 dev internet noprefixroute

protocol bgp ibgp_internet from template_base_bgp {
        table internet;

        local 10.206.81.81 as my_as;
        neighbor 10.206.81.82 as my_as;
        interface "internet";
        direct;
        ...
}


-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170805/e1e9f690/attachment.asc>


More information about the Bird-users mailing list