BGP config causing "Socket: Permission denied"

Nico Schottelius nico.schottelius at ungleich.ch
Fri Feb 17 13:39:46 CET 2023 

... disregard my previous mail: firewalld+nft was active. It's not only
one firewall system to check anymore...

Nico Schottelius <nico.schottelius at ungleich.ch> writes:

> Hello fellow bird users,
>
> with bird 2.0.12 I am currently getting an "Socket: Permission denied"
> error messages when trying to establish a specific IPv6 iBGP session.
>
> The funny thing is that another connection works perfectly.
>
> The BGP block that fails is:
>
> --------------------------------------------------------------------------------
> protocol bgp serverXX {
>   local     as xx;
>   neighbor 2a0a:...::44 as xx;
>   direct;
>
>   ipv6 {
>     import all;
>     export all;
>   };
>
>   ipv4 {
>     import all;
>     export all;
>   };
> }
> --------------------------------------------------------------------------------
>
> Resulting into:
>
> bird> show protocols all serverXX
> Name       Proto      Table      State  Since         Info
> serverXX BGP        ---        start  12:18:52.466  Active        Socket: Permission denied
>   BGP state:          Active
>     Neighbor address: 2a0a:..::44
>     Neighbor AS:      xx
>     Local AS:         xx
>     Connect delay:    2.961/5
>     Last error:       Socket: Permission denied
>   Channel ipv6
>     State:          DOWN
>     Table:          master6
>     Preference:     100
>     Input filter:   ACCEPT
>     Output filter:  ACCEPT
>   Channel ipv4
>     State:          DOWN
>     Table:          master4
>     Preference:     100
>     Input filter:   ACCEPT
>     Output filter:  ACCEPT
>
> --------------------------------------------------------------------------------
>
> An almost identical iBGP session is established without problems:
>
> --------------------------------------------------------------------------------
> protocol bgp routerZZ {
>   local     as xx;
>   neighbor 2a0a:..::6 as xx;
>   direct;
>
>   ipv6 {
>     import all;
>     export all;
>   };
>
>   ipv4 {
>     import all;
>     export all;
>   };
> }
> --------------------------------------------------------------------------------
>
> Obviously the IPs are different, but I am really puzzled at to what
> causes this. It's bird 2.0.12 running on Linux, iptables/ip6tables are
> not having any rules.
>
> Interestingly the peer on the other side has exactly the same error.
>
> Does anyone have a hint on what might be wrong here?
>
> Best regards,
>
> Nico


--
Sustainable and modern Infrastructures by ungleich.ch

More information about the Bird-users mailing list