Dear Bird Mailinglist, We are running Bird 1.2.5 under Debian Etch AMD64 as a routeserver. Last Friday we changed a filter to allow the import of prefixes from a peer with the same AS as the routeserver. The broken design of the configuration, allowed the import of prefixes with empty AS-path to the master table and their export to the EBGP peers. Unfortunately this caused nearly all Cisco (&RFC compliant) machines to close their sessions. At this time, one of our two routeservers started exporting the Master table to the kernel table. There is currently no impact, but we are wondering how this could happen and how to resolve this situation, without affecting the running sessions. The kernel part of the configuration never changed and looks like: protocol kernel { disabled; import all; # Default is import all export all; # Default is export none scan time 10; # Scan kernel tables every 10 seconds } When we remove one of the kernel prefixes like: route del -net X.Y.Z.A netmask 255.255.255.0 gw X.X.X.X eth1 It reappears after around 10 seconds. Guess the scan time is taking effect here. "configure soft" was already triggered several times without effect to the kernel protocol. Regards Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
On 14.6.2011 12:40, Bernhard Hahn wrote:
Dear Bird Mailinglist,
Hi Bernhard, can you please send me output of: bird> show protocols all kernel1 Ondrej
We are running Bird 1.2.5 under Debian Etch AMD64 as a routeserver. Last Friday we changed a filter to allow the import of prefixes from a peer with the same AS as the routeserver. The broken design of the configuration, allowed the import of prefixes with empty AS-path to the master table and their export to the EBGP peers. Unfortunately this caused nearly all Cisco (&RFC compliant) machines to close their sessions.
At this time, one of our two routeservers started exporting the Master table to the kernel table. There is currently no impact, but we are wondering how this could happen and how to resolve this situation, without affecting the running sessions.
The kernel part of the configuration never changed and looks like:
protocol kernel { disabled; import all; # Default is import all export all; # Default is export none scan time 10; # Scan kernel tables every 10 seconds }
When we remove one of the kernel prefixes like:
route del -net X.Y.Z.A netmask 255.255.255.0 gw X.X.X.X eth1
It reappears after around 10 seconds. Guess the scan time is taking effect here.
"configure soft" was already triggered several times without effect to the kernel protocol.
Regards Bernhard
On Tue, 14 Jun 2011 14:35:58 +0200 Ondrej Filip <feela@network.cz> wrote:
On 14.6.2011 12:40, Bernhard Hahn wrote:
Dear Bird Mailinglist,
Hi Bernhard, can you please send me output of:
bird> show protocols all kernel1
Here you are: BIRD 1.2.5 ready. bird> sh proto all kernel1 name proto table state since info kernel1 Kernel master up 2011-06-10 13:36:14 Preference: 10 Input filter: ACCEPT Output filter: ACCEPT Routes: 0 imported, 89529 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 223767 2 0 --- 223765 Export withdraws: 78435 --- --- --- 78435 Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
On 14.6.2011 14:51, Bernhard Hahn wrote:
On Tue, 14 Jun 2011 14:35:58 +0200 Ondrej Filip <feela@network.cz> wrote:
On 14.6.2011 12:40, Bernhard Hahn wrote:
Dear Bird Mailinglist,
Hi Bernhard, can you please send me output of:
bird> show protocols all kernel1
Hmm, strange. Can you try: bird> disable kernel1 which should delete the routes a then bird> configure ?
Here you are: BIRD 1.2.5 ready. bird> sh proto all kernel1 name proto table state since info kernel1 Kernel master up 2011-06-10 13:36:14 Preference: 10 Input filter: ACCEPT Output filter: ACCEPT Routes: 0 imported, 89529 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 223767 2 0 --- 223765 Export withdraws: 78435 --- --- --- 78435
Bernhard
Hi, On Tue, 14 Jun 2011 14:57:15 +0200 Ondrej Filip <feela@network.cz> wrote:
bird> disable kernel1
which should delete the routes a then
bird> configure
what is the expected impact to running BGP sessions? I think at least the "configure" will restart all protocols that have changes in their filters since startup of the daemon even though being reconfigured by a "configure soft" meanwhile, or? Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
On 14.6.2011 15:14, Bernhard Hahn wrote:
Hi,
On Tue, 14 Jun 2011 14:57:15 +0200 Ondrej Filip <feela@network.cz> wrote:
bird> disable kernel1
which should delete the routes a then
bird> configure
what is the expected impact to running BGP sessions? I think at least the "configure" will restart all protocols that have changes in their filters since startup of the daemon even though being reconfigured by a "configure soft" meanwhile, or?
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected. Ondrej
Bernhard
Hi Ondrej, On Tue, 14 Jun 2011 15:31:07 +0200 Ondrej Filip <feela@network.cz> wrote:
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected.
as expected "disable kernel1" and "configure soft" did the trick without affecting the running sessions. If there is anything we can provide you for debugging (except a coredump by shooting bird), please let me know. Regards Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
On Tue, Jun 14, 2011 at 04:16:00PM +0200, Bernhard Hahn wrote:
Hi Ondrej,
On Tue, 14 Jun 2011 15:31:07 +0200 Ondrej Filip <feela@network.cz> wrote:
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected.
as expected "disable kernel1" and "configure soft" did the trick without affecting the running sessions.
You mean that after the "configure soft" kernel1 stays down (as expected) or became up (as perhaps was the earlier problem)? If the problem was repeated (kernel1 became up) what is in your logfile between lines 'Reconfiguring' and 'Reconfigured' ? -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
on 15.06.2011 00:54 Ondrej Zajicek wrote:
On Tue, Jun 14, 2011 at 04:16:00PM +0200, Bernhard Hahn wrote:
Hi Ondrej,
On Tue, 14 Jun 2011 15:31:07 +0200 Ondrej Filip <feela@network.cz> wrote:
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected.
as expected "disable kernel1" and "configure soft" did the trick without affecting the running sessions.
You mean that after the "configure soft" kernel1 stays down
yepp :-)
(as expected) or became up (as perhaps was the earlier problem)?
If the problem was repeated (kernel1 became up) what is in your logfile between lines 'Reconfiguring' and 'Reconfigured' ?
-- Arnold Nipper / nIPper consulting, Sandhausen, Germany email: arnold@nipper.de phone: +49 6224 9259 299 mobile: +49 152 53717690 fax: +49 6224 9259 333
On Wed, Jun 15, 2011 at 12:41:12AM +0200, Arnold Nipper wrote:
on 15.06.2011 00:54 Ondrej Zajicek wrote:
On Tue, Jun 14, 2011 at 04:16:00PM +0200, Bernhard Hahn wrote:
Hi Ondrej,
On Tue, 14 Jun 2011 15:31:07 +0200 Ondrej Filip <feela@network.cz> wrote:
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected.
as expected "disable kernel1" and "configure soft" did the trick without affecting the running sessions.
You mean that after the "configure soft" kernel1 stays down
yepp :-)
And if you enable it using 'enable kernel1' and then use 'configure soft', would that disable it? -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
on 15.06.2011 01:10 Ondrej Zajicek wrote:
On Wed, Jun 15, 2011 at 12:41:12AM +0200, Arnold Nipper wrote:
on 15.06.2011 00:54 Ondrej Zajicek wrote:
On Tue, Jun 14, 2011 at 04:16:00PM +0200, Bernhard Hahn wrote:
Hi Ondrej,
On Tue, 14 Jun 2011 15:31:07 +0200 Ondrej Filip <feela@network.cz> wrote:
You can use "configure soft" if you wish. Otherwise, the BGP sessions shouldn't be affected.
as expected "disable kernel1" and "configure soft" did the trick without affecting the running sessions.
You mean that after the "configure soft" kernel1 stays down
yepp :-)
And if you enable it using 'enable kernel1' and then use 'configure soft', would that disable it?
no BIRD 1.2.5 ready. bird> show protocols kernel1 name proto table state since info kernel1 Kernel master down 2011-06-15 00:30:05 bird> enable kernel1 kernel1: enabled bird> show protocols kernel1 name proto table state since info kernel1 Kernel master up 2011-06-15 01:03:31 bird> configure soft Reading configuration from /etc/bird.conf Reconfigured. bird> show protocols kernel1 name proto table state since info kernel1 Kernel master up 2011-06-15 01:03:32 bird> disable kernel1 kernel1: disabled bird> show protocols kernel1 name proto table state since info kernel1 Kernel master down 2011-06-15 01:04:20 -- Arnold Nipper / nIPper consulting, Sandhausen, Germany email: arnold@nipper.de phone: +49 6224 9259 299 mobile: +49 152 53717690 fax: +49 6224 9259 333
Hi, On Wed, 15 Jun 2011 00:54:08 +0200 Ondrej Zajicek <santiago@crfreenet.org> wrote:
mean that after the "configure soft" kernel1 stays down (as expected) or became up (as perhaps was the earlier problem)?
after the "configure soft" it still showed down. Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
On Wed, Jun 15, 2011 at 04:05:02AM +0200, Bernhard Hahn wrote:
Hi,
On Wed, 15 Jun 2011 00:54:08 +0200 Ondrej Zajicek <santiago@crfreenet.org> wrote:
mean that after the "configure soft" kernel1 stays down (as expected) or became up (as perhaps was the earlier problem)?
after the "configure soft" it still showed down.
It seems that generally configure does not enable/disable protocols with manually changed state to make them consistent with the config file. Not sure if this is a bug or a feature, but probably a bug :-) . But i don't have a clue why the kernel1 protocol becomes enabled at the beginning. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (4)
-
Arnold Nipper -
Bernhard Hahn -
Ondrej Filip -
Ondrej Zajicek