Hi, I have this configuration: asbr02 ~ # cat /etc/bird.conf.d/protocol_rpki/* protocol rpki rpki_alarig { roa4 { table r4; }; roa6 { table r6; }; #remote "msi.no.swordarmor.fr"; remote 2a0e:f42::1; } protocol rpki rpki_conan { roa4 { table r4; }; roa6 { table r6; }; remote "conan.grifon.fr"; } The first protocol establish with the second fails bird> show protocols all rpki_alarig Name Proto Table State Since Info rpki_alarig RPKI --- up 15:54:25.902 Established Cache server: 2a0e:f42::1:323 Status: Established Transport: Unprotected over TCP Protocol version: 1 Session ID: 28569 Serial number: 285 Last update: before 84.055 s Refresh timer : 323.944/408 Retry timer : --- Expire timer : 7115.944/7200 Channel roa4 State: UP Table: r4 Preference: 100 Input filter: ACCEPT Output filter: REJECT Routes: 100516 imported, 0 exported, 100516 preferred Route change stats: received rejected filtered ignored accepted Import updates: 100816 0 0 0 100816 Import withdraws: 300 0 --- 0 300 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0 Channel roa6 State: UP Table: r6 Preference: 100 Input filter: ACCEPT Output filter: REJECT Routes: 16578 imported, 0 exported, 16578 preferred Route change stats: received rejected filtered ignored accepted Import updates: 16641 0 0 0 16641 Import withdraws: 63 0 --- 0 63 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0 bird> show protocols all rpki_conan Name Proto Table State Since Info rpki_conan RPKI --- start 15:54:25.847 Transport-Error Cache server: conan.grifon.fr:323 Status: Transport-Error Transport: Unprotected over TCP Protocol version: 1 Session ID: --- Serial number: --- Last update: --- Refresh timer : --- Retry timer : 451.669/600 Expire timer : --- Channel roa4 State: DOWN Table: r4 Preference: 100 Input filter: ACCEPT Output filter: REJECT Channel roa6 State: DOWN Table: r6 Preference: 100 Input filter: ACCEPT Output filter: REJECT I see the DNS request (and the answer): 15:54:25.851095 IP6 asbr02.cogent-rns.grifon.fr.35411 > drogon.grifon.fr.domain: 167+ A? conan.grifon.fr. (33) 15:54:25.851105 IP6 asbr02.cogent-rns.grifon.fr.35411 > drogon.grifon.fr.domain: 14516+ AAAA? conan.grifon.fr. (33) 15:54:25.851495 IP6 drogon.grifon.fr.domain > asbr02.cogent-rns.grifon.fr.35411: 167 1/0/0 A 89.234.186.8 (49) 15:54:25.851515 IP6 drogon.grifon.fr.domain > asbr02.cogent-rns.grifon.fr.35411: 14516 1/0/0 AAAA 2a00:5884::8 (61) But no SYN over 323. However, I can telnet to it: asbr02 ~ # mtr -bzwe msi.no.swordarmor.fr Start: Sat Jan 11 15:55:59 2020 HOST: asbr02.cogent-rns.grifon.fr Loss% Snt Last Avg Best Wrst StDev 1. AS204092 regis.swordarmor.fr (2a00:5884::1f) 0.0% 10 0.2 0.2 0.1 0.3 0.0 2. AS208627 tinc0.core02-arendal.no.swordarmor.fr (2a0e:f42:fffe::6) 0.0% 10 51.5 51.7 51.2 52.2 0.0 3. AS208627 msi.no.swordarmor.fr (2a0e:f42::1) 0.0% 10 52.0 52.3 51.4 52.8 0.0 asbr02 ~ # mtr -bzwe conan.grifon.fr Start: Sat Jan 11 15:57:47 2020 HOST: asbr02.cogent-rns.grifon.fr Loss% Snt Last Avg Best Wrst StDev 1. AS204092 conan.grifon.fr (2a00:5884::8) 0.0% 10 0.3 0.3 0.2 0.5 0.0 asbr02 ~ # telnet msi.no.swordarmor.fr 323 Trying 2a0e:f42::1... Connected to msi.no.swordarmor.fr. Escape character is '^]'. ^] telnet> quit Connection closed. asbr02 ~ # telnet conan.grifon.fr 323 Trying 2a00:5884::8... Connected to conan.grifon.fr. Escape character is '^]'. ^] telnet> quit Connection closed. And then I see the SYN: 16:01:28.787297 IP6 asbr02.cogent-rns.grifon.fr.60330 > conan.grifon.fr.323: Flags [S], seq 1340260165, win 28800, options [mss 1440,sackOK,TS val 4034128416 ecr 0,nop,wscale 7], le ngth 0 16:01:28.787677 IP6 conan.grifon.fr.323 > asbr02.cogent-rns.grifon.fr.60330: Flags [S.], seq 287295091, ack 1340260166, win 64260, options [mss 1440,sackOK,TS val 4292064010 ecr 403 4128416,nop,wscale 7], length 0 16:01:28.787713 IP6 asbr02.cogent-rns.grifon.fr.60330 > conan.grifon.fr.323: Flags [.], ack 1, win 225, options [nop,nop,TS val 4034128416 ecr 4292064010], length 0 16:01:31.114241 IP6 asbr02.cogent-rns.grifon.fr.60330 > conan.grifon.fr.323: Flags [F.], seq 1, ack 1, win 225, options [nop,nop,TS val 4034130743 ecr 4292064010], length 0 16:01:31.114709 IP6 conan.grifon.fr.323 > asbr02.cogent-rns.grifon.fr.60330: Flags [F.], seq 1, ack 2, win 503, options [nop,nop,TS val 4292066337 ecr 4034130743], length 0 16:01:31.114725 IP6 asbr02.cogent-rns.grifon.fr.60330 > conan.grifon.fr.323: Flags [.], ack 2, win 225, options [nop,nop,TS val 4034130743 ecr 4292066337], length 0 The first protocol only established when I put the IP address directly. Plus, not having the brackets over the literal IPv6 address is a bit confusing. The IP isn’t 2a0e:f42::1:323. Regards, -- Alarig
On Sat, Jan 11, 2020 at 04:04:09PM +0100, Alarig Le Lay wrote:
Hi,
I have this configuration: asbr02 ~ # cat /etc/bird.conf.d/protocol_rpki/* protocol rpki rpki_alarig { roa4 { table r4; }; roa6 { table r6; };
#remote "msi.no.swordarmor.fr"; remote 2a0e:f42::1; } protocol rpki rpki_conan { roa4 { table r4; }; roa6 { table r6; };
remote "conan.grifon.fr"; }
The first protocol establish with the second fails
Hi Yes, DNS resolving for IPv6 is broken in released versions, see this patch: https://gitlab.labs.nic.cz/labs/bird/commit/4e23b499696da81acf0ed5ad181573b9...
Plus, not having the brackets over the literal IPv6 address is a bit confusing. The IP isn’t 2a0e:f42::1:323.
You are right, we should move port to a separate line and perhaps print it only if non-default value is used. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On sam. 11 janv. 18:08:37 2020, Ondrej Zajicek wrote:
Hi
Yes, DNS resolving for IPv6 is broken in released versions, see this patch:
https://gitlab.labs.nic.cz/labs/bird/commit/4e23b499696da81acf0ed5ad181573b9...
Thanks a lot, I’ve generated a diff for 2.0.7 from git and integrated it into my ebuild and it now works perfectly: bird> show protocols all rpki_conan Name Proto Table State Since Info rpki_conan RPKI --- up 19:03:49.766 Established Cache server: conan.grifon.fr:323 Status: Established Transport: Unprotected over TCP Protocol version: 1 Session ID: 57293 Serial number: 5 Last update: before 198.664 s Refresh timer : 142.335/341 Retry timer : --- Expire timer : 7001.335/7200 Channel roa4 State: UP Table: r4 Preference: 100 Input filter: ACCEPT Output filter: REJECT Routes: 107607 imported, 0 exported, 93137 preferred Route change stats: received rejected filtered ignored accepted Import updates: 107607 0 0 0 107607 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0 Channel roa6 State: UP Table: r6 Preference: 100 Input filter: ACCEPT Output filter: REJECT Routes: 17884 imported, 0 exported, 15551 preferred Route change stats: received rejected filtered ignored accepted Import updates: 17884 0 0 0 17884 Import withdraws: 0 0 --- 0 0 Export updates: 0 0 0 --- 0 Export withdraws: 0 --- --- --- 0 -- Alarig
participants (2)
-
Alarig Le Lay -
Ondrej Zajicek