BIRD exporting to kernel although disabled
Bernhard Hahn
bernhard.hahn at de-cix.net
Tue Jun 14 12:40:20 CEST 2011
Dear Bird Mailinglist,
We are running Bird 1.2.5 under Debian Etch AMD64 as a routeserver. Last
Friday we changed a filter to allow the import of prefixes from a peer
with the same AS as the routeserver. The broken design of the
configuration, allowed the import of prefixes with empty AS-path to the
master table and their export to the EBGP peers.
Unfortunately this caused nearly all Cisco (&RFC compliant) machines to
close their sessions.
At this time, one of our two routeservers started exporting the Master
table to the kernel table. There is currently no impact, but we are
wondering how this could happen and how to resolve this situation,
without affecting the running sessions.
The kernel part of the configuration never changed and looks like:
protocol kernel {
disabled;
import all; # Default is import all
export all; # Default is export none
scan time 10; # Scan kernel tables every 10 seconds
}
When we remove one of the kernel prefixes like:
route del -net X.Y.Z.A netmask 255.255.255.0 gw X.X.X.X eth1
It reappears after around 10 seconds. Guess the scan time is taking
effect here.
"configure soft" was already triggered several times without effect to
the kernel protocol.
Regards
Bernhard
--
Bernhard Hahn
DE-CIX Management GmbH e-mail: bernhard.hahn at de-cix.net
Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34
Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643
Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
More information about the Bird-users
mailing list