SV: BGP with wrong netmask on wan interface
Magnus Löfqvist
ml at vmi.se
Wed Nov 8 15:48:58 CET 2017
Hi again,
If I use multihop (ie removing direct and gateway direct from config), it will connect, but I get the imported routes with my internet gateway as router.
XX.XX.XX.0/27 via 10.6.24.82 dev wwan0 proto bird
It should be
XX.XX.XX.0/27 via 10.9.140.1 dev tap0 proto bird
It doesn’t matter if I specified the source address and local address, it seems always to try to send the traffic over wwan0 (external wan connection)
Med vänlig hälsning / Best regards
Magnus Löfqvist
VMI IT Services AB
Head office:
Hantverksvägen 15
764 93 VÄDDÖ, SWEDEN
Visiting address:
Lilla Torget 1A
761 30 NORRTÄLJE, SWEDEN
Tel +46 176 20 89 00 (02)
Fax +46 176 20 89 19
E-mail: ml at vmi.se<mailto:ml at vmi.se>
*** VMI E-mail disclaimer ***
The information in this e-mail is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or
advice contained in this e-mail are subject to the terms and conditions expressed in the
VMI General terms and conditions.
Från: green at highloadlab.com [mailto:green at highloadlab.com] För Alexander Zubkov
Skickat: den 8 november 2017 11:52
Till: Magnus Löfqvist <ml at vmi.se>
Kopia: bird-users at network.cz
Ämne: Re: BGP with wrong netmask on wan interface
In that case it probably because you are using direct (not multihop) bgp session and bird binds to the interface which have this address in its direct network - wwan0. In that case only routes with dev wwan0 will be applied. I think you want to use multihop bgp session. If you want to use direct session and this address is accepted directly via tap0, than I think specifying source address from tap0 in bgp session should work.
On Wed, Nov 8, 2017 at 10:47 AM, Magnus Löfqvist <ml at vmi.se<mailto:ml at vmi.se>> wrote:
Hi,
Yes, you are correct.
But we have routes for 10.9.140.0/22<http://10.9.140.0/22> (OpenVPN transport network)
ip ro sh:
default via 10.6.52.59 dev wwan0
10.0.0.0/8<http://10.0.0.0/8> dev wwan0 proto kernel scope link src 10.6.52.58
10.9.140.0/22<http://10.9.140.0/22> dev tap0 proto kernel scope link src 10.9.140.33
Bird:
bird> show route
0.0.0.0/0<http://0.0.0.0/0> via 10.6.52.59 on wwan0 [kernel1 09:43:55] * (10)
10.9.140.0/22<http://10.9.140.0/22> dev tap0 [direct1 09:44:12] * (240)
So why are not BGP traffic to 10.9.140.1 going thru tap0 ?
Med vänlig hälsning / Best regards
Magnus Löfqvist
VMI IT Services AB
Head office:
Hantverksvägen 15
764 93 VÄDDÖ, SWEDEN
Visiting address:
Lilla Torget 1A
761 30 NORRTÄLJE, SWEDEN
Tel +46 176 20 89 00 (02)
Fax +46 176 20 89 19
E-mail: ml at vmi.se<mailto:ml at vmi.se>
*** VMI E-mail disclaimer ***
The information in this e-mail is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution or any action taken
or omitted to be taken in reliance on it, is prohibited and may be unlawful. Any opinions or
advice contained in this e-mail are subject to the terms and conditions expressed in the
VMI General terms and conditions.
Från: green at highloadlab.com<mailto:green at highloadlab.com> [mailto:green at highloadlab.com<mailto:green at highloadlab.com>] För Alexander Zubkov
Skickat: den 8 november 2017 10:16
Till: Magnus Löfqvist <ml at vmi.se<mailto:ml at vmi.se>>
Kopia: bird-users at network.cz<mailto:bird-users at network.cz>
Ämne: Re: BGP with wrong netmask on wan interface
Hi,
You have:
WAN (Mobile): 10.6.90.187 / 255.0.0.0
OpenVPN interface (tap0): 10.9.140.33 / 255.255.252.0
protocol bgp BGP1 from RR_LTE { neighbor 10.9.140.1 as 1; preference 140;};
So you are trying to reach 10.9.140.1. If you have no additional routes, than this address falls into
10.6.90.187 / 255.0.0.0 network, i.e. WAN interface and will be routed there.
On Wed, Nov 8, 2017 at 8:20 AM, Magnus Löfqvist <ml at vmi.se<mailto:ml at vmi.se>> wrote:
Hi,
I have some mobile routers (connected over LTE) and with openvpn.
Over the openvpn we are running a BGP to allow distribute some routes and export routes.
Some of the routers are having wrong netmask (255.0.0.0 instead of 255.255.255.252).
This seems to work (ie internet are working, and the openvpn connection is established).
But when we are trying to get the BGP connection up, it tries to send the BGP connection over the WAN istead of openvpn connection.
I guess that I have made some mistake in the config.
It should take smaller path before matching the larger..
WAN (Mobile): 10.6.90.187 / 255.0.0.0
OpenVPN interface (tap0): 10.9.140.33 / 255.255.252.0
Bird config:
template bgp RR_LTE {
debug all; # debug BGP
description "BIRD RR";
local as 1; # the AS used by the local BGP speaker
direct;
gateway direct;
import filter import_ATM; # just accept everything
export filter export_ATM; # and advertise it to all the neigbors
connect retry time 10; # reconnect try after 10s
hold time 240; # hold time send in BGP messages
}
protocol bgp BGP1 from RR_LTE { neighbor 10.9.140.1 as 1; preference 140;};
root at client1:/etc# tcpdump -ni wwan0 tcp port 179 and host 10.9.140.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wwan0, link-type EN10MB (Ethernet), capture size 65535 bytes
15:29:08.755188 IP 10.6.90.187.34974 > 10.9.140.1.179: Flags [S], seq 1482209106, win 14600, options [mss 1460,sackOK,TS val 88007 ecr 0,nop,wscale 8], length 0
15:29:11.762726 IP 10.6.90.187.45591 > 10.9.140.1.179: Flags [S], seq 1681977930, win 14600, options [mss 1460,sackOK,TS val 88307 ecr 0,nop,wscale 8], length 0
Med vänlig hälsning / Best regards
Magnus Löfqvist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20171108/7a51043e/attachment.html>
More information about the Bird-users
mailing list