Hello, I read the FAQ on the wiki, and every thread I could find on this list to try and track down how to stop this message hitting my logs every 15 seconds (and filling them every few days), but I have had no luck. I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn' mode, so I set the preference to 100000, but that didn't change anything. I tried 'debug all;' and 'debug {routes};' in the kernel protocol, but ended up only really getting anything from doing: echo all debug all all which then showed me:
kernel1: Scanning routing table kernel1: 0.0.0.0/0: [alien] seen kernel1: 1.0.0.0/24: seen kernel1: 1.0.4.0/24: seen ... Netlink: File exists Netlink: File exists Netlink: File exists
bird> show route 0.0.0.0/0 0.0.0.0/0 via 208.99.192.141 on eth3 [kernel1 08:44:51] * (10000) I am adding that in my system's startup script, not via bird. Also, that route should be filtered out, as I have the following filters: function martians() { return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+, 172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ]; function rt_import_all(int asn) { if martians() || local_network() then return false; if bgp_path.first != asn then return false; if bgp_path.len > 64 then return false; # not sure this works with multi-hop, so disabling # if bgp_next_hop != from then return false; return true; } filter bgp_in_cogent { if ! rt_import_all(174) then reject; accept; } filter bgp_in_swiftco { if ! rt_import_all(25700) then reject; accept; } I tried to run bird -d to get some debugging output, but it didn't provide me with any (i'm using debian version 1.4.4-1~bpo70+1). Finally, is there a way to use a more useful pager with birdc? If I do 'show routes' I cannot search with the existing pager, or do other interesting things, like I can with 'less'. Thanks for your help! micah
micah <micah@riseup.net> writes: Some additional information, I do have a handful of static routes defined: protocol static static_bgp { import all; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; } and these appear in bird as follows: # birdc show route |grep '!' 204.13.164.0/24 unreachable [static_bgp 2014-10-04] ! (200) 198.252.153.0/24 unreachable [static_bgp 2014-10-04] ! (200) 199.254.238.0/24 unreachable [static_bgp 2014-10-04] ! (200) which I understand is bird trying to add a route to the kernel, but it is already there.
On Mon, Oct 06, 2014 at 10:15:51AM -0400, micah wrote:
micah <micah@riseup.net> writes:
Some additional information, I do have a handful of static routes defined:
protocol static static_bgp { import all; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; }
and these appear in bird as follows:
# birdc show route |grep '!' 204.13.164.0/24 unreachable [static_bgp 2014-10-04] ! (200) 198.252.153.0/24 unreachable [static_bgp 2014-10-04] ! (200) 199.254.238.0/24 unreachable [static_bgp 2014-10-04] ! (200)
which I understand is bird trying to add a route to the kernel, but it is already there.
Yes, that is exactly the reason for having 'Netlink: File exists' error message. BIRD does not rewrite routes that are already in kernel table from other sources. If you need them in kernel regardless of BIRD, you can as a workaround learn these routes from kernel proto and set them higher preference (using 'preference') than ones from static proto. That would prevent static routes to be exported to the kernel. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Ondrej Zajicek <santiago@crfreenet.org> writes:
On Mon, Oct 06, 2014 at 10:15:51AM -0400, micah wrote:
micah <micah@riseup.net> writes:
Some additional information, I do have a handful of static routes defined:
protocol static static_bgp { import all; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; }
and these appear in bird as follows:
# birdc show route |grep '!' 204.13.164.0/24 unreachable [static_bgp 2014-10-04] ! (200) 198.252.153.0/24 unreachable [static_bgp 2014-10-04] ! (200) 199.254.238.0/24 unreachable [static_bgp 2014-10-04] ! (200)
which I understand is bird trying to add a route to the kernel, but it is already there.
Yes, that is exactly the reason for having 'Netlink: File exists' error message.
BIRD does not rewrite routes that are already in kernel table from other sources.
If you need them in kernel regardless of BIRD, you can as a workaround learn these routes from kernel proto and set them higher preference (using 'preference') than ones from static proto. That would prevent static routes to be exported to the kernel.
How do I learn these from kernel proto? I've got the following, should I move those route lines I have in protocol static up into protocol kernel and change the preference in protocol kernel to be higher? Or do I leave them also in protocol static, but also have them in protocol kernel, with the preference in protocol kernel higher? protocol kernel { learn; # Learn all alien routes from the kernel preference 10000; scan time 15; # Scan kernel routing table every 20 seconds import all; # Default is import all export all; # Default is export none } ########################################################################## ## static routes ########################################################################## protocol static static_bgp { # prefixes that are propagated to upstream. These prefixes are represented as # unreachable routes, which seems strange but it does not matter for BGP and has # a secondary advantage that packets for AS-local but unreachable destinations are # rejected and not sent to the upstream. import all; preference 10000; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; } Also - will the better rate filtering of log messages changes in 1.4.5 make this less of a problem? thanks! micah
On 2014-10-04 18:16, micah wrote:
I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn' mode, so I set the preference to 100000, but that didn't change anything.
Could you please post your config completely (excluding sensitive information)?
Finally, is there a way to use a more useful pager with birdc?
You can pipe output of birdc: "birdc show routes|less" Best regards, Alexander.
Alexander Demenshin <aldem-bird.2014@nk7.net> writes:
On 2014-10-04 18:16, micah wrote:
I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn' mode, so I set the preference to 100000, but that didn't change anything.
Could you please post your config completely (excluding sensitive information)?
Sure, see below.
Finally, is there a way to use a more useful pager with birdc?
You can pipe output of birdc: "birdc show routes|less"
I figured that out yesterday, thanks though! I've separated my bird configuration into a main config, a peers config, and a filters config, any feedback would be very welcome. I'm also getting these regularly, which would be nice to track down: 2014-10-06 09:20:01 <ERR> Filter <NULL> did not return accept nor reject. Make up your mind Here is the main config: # logging log "/var/log/bird.log" { info, remote, warning, error, auth, fatal, bug }; # Turn on global debugging of all protocols debug protocols all; # router ID router id 38.104.127.2; # ASN define ASN = 16652; ########################################################################## ## All filters ########################################################################## # include the filters include "filters.conf"; ########################################################################## ## All our peers ########################################################################## include "peers.conf"; protocol kernel { learn; # Learn all alien routes from the kernel preference 100000; scan time 15; # Scan kernel routing table every 20 seconds import all; # Default is import all export all; # Default is export none } # This pseudo-protocol watches all interface up/down events. protocol device { scan time 15; # Scan interfaces every 10 seconds } ########################################################################## ## static routes ########################################################################## protocol static static_bgp { # prefixes that are propagated to upstream. These prefixes are represented as # unreachable routes, which seems strange but it does not matter for BGP and has # a secondary advantage that packets for AS-local but unreachable destinations are # rejected and not sent to the upstream. import all; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; } Here is the peers config: ########################################################################## ## Bgp templates ########################################################################## template bgp PEERS { local as ASN; debug { states, events }; export filter bgp_out; } ########################################################################## ## uplink peers ########################################################################## ### ASN 174 - COGENT protocol bgp cogent from PEERS { description "Cogent"; source address 38.104.127.2; neighbor 38.104.127.1 as 174; password "xxx"; import filter bgp_in_cogent; # prefer cogent more than others, due to higher preference preference 500; default bgp_local_pref 500; } protocol bgp cogent_blackhole { description "Cogent blackhole server"; local as ASN; source address 199.254.238.1; neighbor 66.28.8.1 as 174; multihop 255; password "xxx"; import filter bgp_in_cogent; export filter bgp_allow_nothing_out; } protocol bgp swiftco from PEERS { description "Swiftco"; source address 208.99.192.142; neighbor 208.99.192.121 as 25700; multihop 255; password "xxx"; import filter bgp_in_swiftco; default bgp_local_pref 80; export none; } table t_spamd; protocol bgp bgp_spamd { description "http://bgp-spamd.net spam feed"; source address 38.104.127.2; local as ASN; neighbor 64.142.121.62 as 65066; multihop 64; table t_spamd; export none; # default, so not really needed } Here is filters.conf: define OURNETS = [ 198.252.153.0/24, 199.254.238.0/24, 204.13.164.0/24 ]; define PEER_ASNS = [ 174, 25700 ]; ########################################################################## ## print information about the route being filtered ########################################################################## # This function excludes weird networks # 169.254.0.0/16+ - IANA reserved "link local" block - hosts obtain these addresses through auto-configuration # 0.0.0.0/0 - default route # 192.168.0.0/16+, 10.0.0.0/8+, 172.16.0.0/12+ - RFC1918 # 224.0.0.0/3+ - class D multicast # 240.0.0.0/4+ - class E multicast function martians() { return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+, 172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ]; # this is a function, we should filter in a filter # # Avoid RFC1918 and similar networks # if net ~ martians then return false; # # return true; } function local_network() { return net ~ OURNETS; } function rt_import_all(int asn) { if martians() || local_network() then return false; if bgp_path.first != asn then return false; if bgp_path.len > 64 then return false; # not sure this works with multi-hop, so disabling # if bgp_next_hop != from then return false; return true; } function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; if martians() then return false; if bgp_path.len > 64 then return false; return bgp_path.first ~ PEER_ASNS; } function rt_export_all() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; if martians() then return false; if bgp_path.len > 64 then return false; return true; } filter bgp_in_cogent { if ! rt_import_all(174) then reject; accept; } filter bgp_in_swiftco { if ! rt_import_all(25700) then reject; accept; } # for outgoing BGP we do not want to announce anything but our own nets filter bgp_out { if proto = "swiftco" then { bgp_path.prepend(ASN); bgp_path.prepend(ASN); bgp_path.prepend(ASN); } # only allow our networks that are statically configured to be announced if ! rt_export() then { reject; } accept; } filter bgp_allow_nothing_out { reject; }
participants (4)
-
Alexander Demenshin -
micah -
micah anderson
-
Ondrej Zajicek