rejected by protocol <prefix> unicast

Eric GITAU eric.gitau at wifirst.fr
Wed Dec 11 09:06:15 CET 2019 

On Wed, Dec 11, 2019 at 3:19 AM Ondrej Zajicek <santiago at crfreenet.org>
wrote:

> On Tue, Dec 10, 2019 at 10:09:06PM +0100, wax xitau wrote:
> > Hi,
> >
> > Prefixes sent over a eBGP session are getting rejected "by protocol" as
> can
> > be seen in the logs below.
>
> > The prefixes are "added" and then get "rejected" by protocol.
>
> Hi
>
> This 'rejected by protocol' is completely harmless. That just means pe1
> reject it back - no need to send the route back to the peer.


Thanks for the explanation, and I actually did see the "rejected by
protocol" line in the logs (below) when I reconfigured using a different
address family (vpn4 mpls).

2019-12-11 08:26:06.951 <TRACE> *pe1 > added [best] 65001:101 10.1.12.0/24
<http://10.1.12.0/24> unicast*
2019-12-11 08:26:06.951 <TRACE> *pe1 < rejected by protocol 65001:101
10.1.12.0/24 <http://10.1.12.0/24> unicast*
2019-12-11 08:26:06.951 <TRACE> pe1 < rejected by protocol 65001:101
10.1.12.0/24 unicast
2019-12-11 08:26:06.951 <TRACE> pe1: Sending END-OF-RIB

Probably minor but "show route" seems to display both tables, master4 &
t_pe1 (below) when i used vpn4 mpls address family but not when ipv4
unicast AF is used.

*bird> show route*
*Table master4:*
0.0.0.0/0            unicast [kernel1 07:43:41.186] (10)
via 192.168.255.1 on ens4
172.16.0.11/32       unicast [rt_nh 07:43:41.178] * (200)
via 192.168.254.1 on ens5
                     unicast [kernel1 08:23:59.916] (10)
via 192.168.254.1 on ens5
172.16.0.33/32       unicast [rt_nh 07:43:41.178] * (200)
via 192.168.254.3 on ens6

*Table t_pe1:*
65001:101 10.1.12.0/24 unicast [pe1 08:26:06.951 from 172.16.0.11] *
(100/?) [AS65500i]
via 192.168.254.1 on ens5 mpls 21
*bird>*




> > This means that they are visible using the "show route protocol
> > <protocol>"  but not
> > "show route all" (and therefore impossible to push them to the kernel
> > routing table).
>
> No, the reason why the route is shown in 'show route protocol' but not
> regular 'show route' is that BGP is connected to table t_pe1, while
> Kernel is connected to (default) table master4. The first command shows
> by default routes in table attached to the specified protocol, while the
> second one shows routes in default table. But you do not have connection
> between these tables (using pipe protocol), so BGP routes stay in t_pe1
> and are not in master4, so that is another reason why they are not
> exported to the kernel.
>

Explains a lot!  I had missed the part about being in master4 to be
exported to the kernel and another use case for peer tables.

A (most likely dump) question that's unrelated to the current topic:
- is it possible to discard the route distinguisher from vpn4 mpls prefix
(essentially changing the AF to labelled unicast) while retaining the
labelled next hop ? maybe during export to kernel ?

Thanks,


> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>


-- 
Eric Gitau
0631234053
*Wifirst*

26 rue de Berri, 75008 Paris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20191211/26e30ec0/attachment.htm>

More information about the Bird-users mailing list