On Wed, Dec 11, 2019 at 3:19 AM Ondrej Zajicek <santiago@crfreenet.org> wrote:
On Tue, Dec 10, 2019 at 10:09:06PM +0100, wax xitau wrote:
Hi,
Prefixes sent over a eBGP session are getting rejected "by protocol" as can be seen in the logs below.
The prefixes are "added" and then get "rejected" by protocol.
Hi
This 'rejected by protocol' is completely harmless. That just means pe1 reject it back - no need to send the route back to the peer.
Thanks for the explanation, and I actually did see the "rejected by protocol" line in the logs (below) when I reconfigured using a different address family (vpn4 mpls). 2019-12-11 08:26:06.951 <TRACE> *pe1 > added [best] 65001:101 10.1.12.0/24 <http://10.1.12.0/24> unicast* 2019-12-11 08:26:06.951 <TRACE> *pe1 < rejected by protocol 65001:101 10.1.12.0/24 <http://10.1.12.0/24> unicast* 2019-12-11 08:26:06.951 <TRACE> pe1 < rejected by protocol 65001:101 10.1.12.0/24 unicast 2019-12-11 08:26:06.951 <TRACE> pe1: Sending END-OF-RIB Probably minor but "show route" seems to display both tables, master4 & t_pe1 (below) when i used vpn4 mpls address family but not when ipv4 unicast AF is used. *bird> show route* *Table master4:* 0.0.0.0/0 unicast [kernel1 07:43:41.186] (10) via 192.168.255.1 on ens4 172.16.0.11/32 unicast [rt_nh 07:43:41.178] * (200) via 192.168.254.1 on ens5 unicast [kernel1 08:23:59.916] (10) via 192.168.254.1 on ens5 172.16.0.33/32 unicast [rt_nh 07:43:41.178] * (200) via 192.168.254.3 on ens6 *Table t_pe1:* 65001:101 10.1.12.0/24 unicast [pe1 08:26:06.951 from 172.16.0.11] * (100/?) [AS65500i] via 192.168.254.1 on ens5 mpls 21 *bird>*
This means that they are visible using the "show route protocol <protocol>" but not "show route all" (and therefore impossible to push them to the kernel routing table).
No, the reason why the route is shown in 'show route protocol' but not regular 'show route' is that BGP is connected to table t_pe1, while Kernel is connected to (default) table master4. The first command shows by default routes in table attached to the specified protocol, while the second one shows routes in default table. But you do not have connection between these tables (using pipe protocol), so BGP routes stay in t_pe1 and are not in master4, so that is another reason why they are not exported to the kernel.
Explains a lot! I had missed the part about being in master4 to be exported to the kernel and another use case for peer tables. A (most likely dump) question that's unrelated to the current topic: - is it possible to discard the route distinguisher from vpn4 mpls prefix (essentially changing the AF to labelled unicast) while retaining the labelled next hop ? maybe during export to kernel ? Thanks,
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-- Eric Gitau 0631234053 *Wifirst* 26 rue de Berri, 75008 Paris