rejected by protocol <prefix> unicast
wax xitau
waxitau at gmail.com
Tue Dec 10 22:09:06 CET 2019
Hi,
Prefixes sent over a eBGP session are getting rejected "by protocol" as can
be seen in the logs below.
The prefixes are "added" and then get "rejected" by protocol. This means
that they are visible using the "show route protocol <protocol>" but not
"show route all" (and therefore impossible to push them to the kernel
routing table).
// logs
2019-12-10 21:15:00.774 <TRACE> pe1: BGP session established
2019-12-10 21:15:00.774 <TRACE> pe1: State changed to up
2019-12-10 21:15:00.774 <TRACE> pe1: Sending END-OF-RIB
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1 > *added [best] 10.2.34.0/24
<http://10.2.34.0/24> unicast*
2019-12-10 21:15:00.984 <TRACE> pe1 < *rejected by protocol 10.2.34.0/24
<http://10.2.34.0/24> unicast*
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1 > *added [best] 10.1.12.0/24
<http://10.1.12.0/24> unicast*
2019-12-10 21:15:00.984 <TRACE> pe1 < *rejected by protocol 10.1.12.0/24
<http://10.1.12.0/24> unicast*
2019-12-10 21:15:00.984 <TRACE> pe1: Got UPDATE
2019-12-10 21:15:00.984 <TRACE> pe1: Got END-OF-RIB
Tcp dump of the corresponding update message(s):
// tcpdump
21:18:59.652705 IP (tos 0xc0, ttl 1, id 7035, offset 0, flags [none], proto
TCP (6), length 177)
*192.168.254.1*.bgp > 192.168.254.0.41073: Flags [P.], cksum 0x4356
(correct), seq 83:208, ack 73, win 16384, options [nop,nop,TS val
2249949122 ecr 1355158152], length 125: BGP
Update Message (2), length: 51
Origin (1), length: 1, Flags [T]: IGP
0x0000: 00
AS Path (2), length: 10, Flags [T]: 65001 65500
0x0000: 0202 0000 fde9 0000 ffdc
Next Hop (3), length: 4, Flags [T]: 192.168.254.1
0x0000: c0a8 fe01
Updated routes:
10.1.12.0/24
Update Message (2), length: 51
Origin (1), length: 1, Flags [T]: Incomplete
0x0000: 02
AS Path (2), length: 10, Flags [T]: 65001 65500
0x0000: 0202 0000 fde9 0000 ffdc
Next Hop (3), length: 4, Flags [T]: *192.168.254.1*
0x0000: c0a8 fe01
Updated routes:
10.2.34.0/24
Update Message (2), length: 23
End-of-Rib Marker (empty NLRI)
The bgp session is over directly connected interfaces and the NLRI prefix
next hops are therefore directly connected.
// Configuration:
protocol bgp pe1 {
debug all;
description "ebgp";
hold time 90;
local 192.168.254.0 as my_asn;
neighbor 192.168.254.1 as peer_asn;
direct;
interpret communities off;
ipv4 {
table t_pe1;
import all;
export none;
gateway direct;
};
}
protocol device {
scan time 10;
};
protocol direct {
ipv4;
};
protocol kernel {
scan time 10;
learn;
persist;
ipv4 {
import filter {
if net ~ [0.0.0.0/0, 192.168.255.0/24] then reject;
};
};
}
// relevant show results
bird> *show route protocol pe1*
Table t_pe1:
*10.2.34.0/24 <http://10.2.34.0/24>* unicast [pe1 21:46:13.530] *
(100) [AS65500?]
via 192.168.254.1 on ens5
*10.1.12.0/24 <http://10.1.12.0/24>* unicast [pe1 21:46:13.530] *
(100) [AS65500i]
via 192.168.254.1 on ens5
bird>
bird> *show route all*
Table master4:
172.16.0.11/32 unicast [rt_nh 20:25:25.379] * (200)
via 192.168.254.1 on ens5
Type: static univ
192.168.254.2/31 unicast [direct1 20:56:03.498] * (240)
dev ens6
Type: device univ
192.168.254.0/31 unicast [direct1 20:56:03.498] * (240)
dev ens5
Type: device univ
192.168.255.0/24 unicast [direct1 20:56:03.498] * (240)
dev ens4
Type: device univ
172.16.0.33/32 unicast [rt_nh 20:25:25.379] * (200)
via 192.168.254.3 on ens6
Type: static univ
Thanks,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20191210/b8e1f71e/attachment.htm>
More information about the Bird-users
mailing list