route server appears to be selecting preferred routes and not all routes

Stephen Fromm stephenf at nero.net
Mon Aug 20 23:59:55 CEST 2018


We are running bird as a route server to support a small IX.  The
challenge we are having is that it appears that bird is selecting a
preferred route from what is advertised to the route servers and then
advertising back out only the preferred route to all members, instead of
advertising all routes received for a given network.  Included below are
relevant configuration snippets, logs, and some show commands.

How do I configure bird to keep the routes learned from all peers and
advertise those back out to the members and not select a preferred
route?

In the following example, the following prefix is just one example.  It
is true for all prefixes learned from as11537.  At some point, bird
appears to select a preferred route and then only advertise that to
as3701.  The goal is to have bird advertise 128.164.0.0/16 via
198.32.165.125 and 198.32.165.126 to all IXP members.

>From bird:

,----
| # birdc
| BIRD 1.6.2 ready.
| bird> show route 128.164.0.0/16
| 128.164.0.0/16     via 198.32.165.126 on eth0 [11537:1:Internet2-RE-PORT 16:06:17] * (100) [AS11039i]
|                    via 198.32.165.125 on eth0 [11537:1:Internet2-RE-SUNN 15:31:43] (100) [AS11039i]
| bird> show route 128.164.0.0/16 export '3701:1:NERO'
| 128.164.0.0/16     via 198.32.165.126 on eth0 [11537:1:Internet2-RE-PORT 16:06:17] * (100) [AS11039i]
`----

On the other side of the peering with 3701, this is the only route it sees from the route server:

,----
| # show bgp ipv4 uni 128.164.0.0/16
|   Path #3: Received by speaker 0
|   Not advertised to any peer
|   11537 4901 11039
|     198.32.165.126 from 198.32.165.67 (198.32.165.67)
|       Origin IGP, metric 10, localpref 1090, valid, external
|       Received Path ID 0, Local Path ID 0, version 0
|       Community: 3701:391
|       Origin-AS validity: not-found
`----

The following are logs from when peering was reestablished with both as11537 peers.  It shows bird
choosing 198.32.165.125 as the best path to 128.164.0.0/16.  After the peering to 198.32.165.126 is
established, bird then chooses it as the preferred path to 128.164.0.0/16.

,----
| 2018-08-17 15:31:42 <TRACE> 11537:1:Internet2-RE-SUNN > added [best] 128.164.0.0/16 via 198.32.165.125 on eth0
| 2018-08-17 15:31:42 <TRACE> 11537:1:Internet2-RE-SUNN < rejected by protocol 128.164.0.0/16 via 198.32.165.125 on eth0
| 2018-08-17 15:31:45 <TRACE> 11537:1:Internet2-RE-PORT < added 128.164.0.0/16 via 198.32.165.125 on eth0
| 2018-08-17 15:31:49 <TRACE> 11537:1:Internet2-RE-PORT > added [best] 128.164.0.0/16 via 198.32.165.126 on eth0
| 2018-08-17 15:31:49 <TRACE> 11537:1:Internet2-RE-SUNN < added 128.164.0.0/16 via 198.32.165.126 on eth0
| 2018-08-17 15:31:49 <TRACE> 11537:1:Internet2-RE-PORT < rejected by protocol 128.164.0.0/16 via 198.32.165.126 on eth0
| 2018-08-17 15:32:05 <TRACE> 3701:1:NERO < added 128.164.0.0/16 via 198.32.165.126 on eth0
`----

Configuration is below.

#+BEGIN
log "/var/log/bird.log" all;
log syslog all;
debug protocols { states, routes, filters, interfaces, events };

router id 198.32.165.67;
define myasn = 4600;

protocol device {};

# This function excludes martians and other odd networks
function avoid_martians()
prefix set martians;
{
  martians = [
    169.254.0.0/16+,
    172.16.0.0/12+,
    192.168.0.0/16+,
    10.0.0.0/8+,
    0.0.0.0/32-
  ];
  if net ~ martians then return false;
  return true;
}

# BGP peers configuration
table master sorted;

protocol bgp '3701:1:NERO' {
    description "NERO, peer 198.32.165.70";
    neighbor 198.32.165.70 as 3701;
    local as 4600;
    rs client;
    passive on;
    add paths tx;
    secondary;
    interpret communities off;
    export all;

    import keep filtered;
    import limit 500000  action restart;
    import filter {
        if ! ( avoid_martians() ) then reject "prefix is a bogon - REJECTING ", net;

        # route servers peering with route servers is bad.
        if ( bgp_path.first != 3701 ) then
            reject "invalid left-most ASN [", bgp_path.first, "] - REJECTING ", net;

        # skip if last asn in path not affiliated with peer
        if ! ( bgp_path.last ~ [ 3701, 4201, 3582, 46159, 10876, 6366, 6377, 62474, 394271, 394826 ] ) then
            reject "origin ASN [", bgp_path.last, "] not in allowed asnlist - REJECTING ", net;

        # skip if network not associated with peer asn
        if ! ( net ~ [
            64.112.160.0/20,
            128.193.0.0/16,
            128.223.0.0/16,
            131.252.0.0/16,
            140.211.0.0/16,
            157.246.0.0/16,
            158.165.0.0/16,
            163.41.0.0/16,
            163.41.128.0/17,
            184.171.0.0/17,
            192.68.202.0/24,
            192.135.183.0/24,
            198.98.8.0/22,
            198.98.12.0/24,
            198.237.0.0/20,
            198.237.32.0/20,
            198.237.64.0/19,
            198.237.96.0/20,
            198.237.120.0/21,
            198.237.128.0/20,
            199.79.32.0/20,
            199.165.177.0/24,
            199.201.139.0/24,
            204.27.190.0/24,
            204.87.204.0/24,
            205.167.76.0/23,
            207.98.0.0/18,
            207.98.64.0/18,
            207.98.72.0/21
        ] ) then reject "prefix not in configured client prefix list - REJECTING ", net;

        # add the following communities
        bgp_community.add((4600,537));
        bgp_community.add((4600,4600));

        # accept what is left
        accept;
    };
}

protocol bgp '11537:1:Internet2-RE-PORT' {
    description "Internet2-RE-PORT, peer 198.32.165.126";
    neighbor 198.32.165.126 as 11537;
    local as 4600;
    rs client;
    passive on;
    add paths tx;
    secondary;
    interpret communities off;
    export filter {
        if ( bgp_community ~ [ (4600,54101) ] ) then bgp_community.add((11537,140));
        accept;

    };

    import keep filtered;
    import limit 500000  action restart;
    import filter {
        if ! ( avoid_martians() ) then reject "prefix is a bogon - REJECTING ", net;

        # route servers peering with route servers is bad.
        if ( bgp_path.first != 11537 ) then
            reject "invalid left-most ASN [", bgp_path.first, "] - REJECTING ", net;

        # accept all asn from peer

        # accept all networks from peer

        # add the following communities
        bgp_community.add((4600,537));
        bgp_community.add((4600,503));

        # accept what is left
        accept;
    };
}

protocol bgp '11537:1:Internet2-RE-SUNN' {
    description "Internet2-RE-SUNN, peer 198.32.165.125";
    neighbor 198.32.165.125 as 11537;
    local as 4600;
    rs client;
    passive on;
    add paths tx;
    secondary;
    interpret communities off;
    export filter {
        if ( bgp_community ~ [ (4600,50301) ] ) then bgp_community.add((11537,140));
        accept;

    };

    import keep filtered;
    import limit 500000  action restart;
    import filter {
        if ! ( avoid_martians() ) then reject "prefix is a bogon - REJECTING ", net;

        # route servers peering with route servers is bad.
        if ( bgp_path.first != 11537 ) then
            reject "invalid left-most ASN [", bgp_path.first, "] - REJECTING ", net;

        # accept all asn from peer

        # accept all networks from peer

        # add the following communities
        bgp_community.add((4600,537));
        bgp_community.add((4600,541));

        # accept what is left
        accept;
    };
}
#+END

Thanks,

--
Stephen Fromm
Network for Education and Research in Oregon


More information about the Bird-users mailing list