infinite adding of ipv6 routes to kernel table which were recieved from ebgp peer and piped into kernel protocol
Hi we have problems on one of our router with bird6 and ebgp neighbors when we recieve ipv6 full view from ebgp neighbor and put it into separate table everything is OK when we pipe it into master table everything is OK when we enable export all ipv6 routes into kernel protocol strange things happens while trying to find out how many ipv6 routes were added trying to run command like ip -6 ro sh | wc -l we may sit and wait for a long time without any success if we looking for route count from bird6 console everything is ok but if we enable debug off route protocol we see messages like 26-06-2013 12:58:03 <TRACE> kernel: Scanning routing table 26-06-2013 12:58:03 <TRACE> kernel: 2001::/32: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:900::/40: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:c00::/40: seen ...... 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:11::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:15::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:16::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:17::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:19::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:20::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:21::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:22::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:25::/48: already seen ..... and then again and again and again same lines of data with "already seen" even if we define scan time 600 and restarting kernel protocol nothing changes with routes recieved from ibgp there are no such problems here is sample configuration router id xx.xx.xx.xx; define myas = ZZZZZ; protocol device device { scan time 10; } protocol kernel kernel { export all; import none; scan time 15; } protocol direct direct { export none; import none; } table T_ebgp; filter pipe_ebgp_in { preference = 500; accept; } filter pipe_ebgp_out { if (myas,client) ~ bgp_community then accept; reject; } protocol pipe P_ebgp_peer { description "EBGP peer Pipe to master table"; table master; mode transparent; peer table T_ebgp; import filter pipe_ebgp_in; export filter pipe_ebgp_out; } protocol bgp R_ebgp_peer { description "ebgp IPv6"; local as myas; neighbor 2001:xxx:x:xx::1 as XXX; import all; export all; next hop self; table T_ebgp; gateway direct; #disabled; } -- --- Арнаутов Артем ISP NetAssist +380 44 2398989
Forgot to mention some needed information BIRD: 1.3.9 OS: Gentoo linux # uname -a Linux router 3.9.6-gentoo #1 SMP Thu Jun 20 05:46:54 EEST 2013 x86_64 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux On 06/26/2013 01:24 PM, Arnautov Artem wrote:
Hi we have problems on one of our router with bird6 and ebgp neighbors when we recieve ipv6 full view from ebgp neighbor and put it into separate table everything is OK when we pipe it into master table everything is OK when we enable export all ipv6 routes into kernel protocol strange things happens
while trying to find out how many ipv6 routes were added trying to run command like ip -6 ro sh | wc -l we may sit and wait for a long time without any success
if we looking for route count from bird6 console everything is ok but if we enable debug off route protocol we see messages like
26-06-2013 12:58:03 <TRACE> kernel: Scanning routing table 26-06-2013 12:58:03 <TRACE> kernel: 2001::/32: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:900::/40: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:c00::/40: seen ......
26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:11::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:15::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:16::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:17::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:19::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:20::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:21::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:22::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:25::/48: already seen
.....
and then again and again and again same lines of data with "already seen"
even if we define scan time 600 and restarting kernel protocol nothing changes
with routes recieved from ibgp there are no such problems
here is sample configuration
router id xx.xx.xx.xx; define myas = ZZZZZ;
protocol device device { scan time 10; }
protocol kernel kernel { export all; import none; scan time 15; }
protocol direct direct { export none; import none; }
table T_ebgp;
filter pipe_ebgp_in { preference = 500; accept; }
filter pipe_ebgp_out { if (myas,client) ~ bgp_community then accept; reject; }
protocol pipe P_ebgp_peer { description "EBGP peer Pipe to master table"; table master; mode transparent; peer table T_ebgp; import filter pipe_ebgp_in; export filter pipe_ebgp_out; }
protocol bgp R_ebgp_peer { description "ebgp IPv6"; local as myas; neighbor 2001:xxx:x:xx::1 as XXX; import all; export all; next hop self; table T_ebgp; gateway direct; #disabled; }
-- --- Арнаутов Артем ISP NetAssist +380 44 2398989
On 26.6.2013 12:27, Arnautov Artem wrote:
Forgot to mention some needed information
This looks like Linux issue. I don't anything wrong on BIRD. Plase check this value using this command: sysctl net.ipv6.route.max_size
BIRD: 1.3.9 OS: Gentoo linux
# uname -a Linux router 3.9.6-gentoo #1 SMP Thu Jun 20 05:46:54 EEST 2013 x86_64 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux
On 06/26/2013 01:24 PM, Arnautov Artem wrote:
Hi we have problems on one of our router with bird6 and ebgp neighbors when we recieve ipv6 full view from ebgp neighbor and put it into separate table everything is OK when we pipe it into master table everything is OK when we enable export all ipv6 routes into kernel protocol strange things happens
while trying to find out how many ipv6 routes were added trying to run command like ip -6 ro sh | wc -l we may sit and wait for a long time without any success
if we looking for route count from bird6 console everything is ok but if we enable debug off route protocol we see messages like
26-06-2013 12:58:03 <TRACE> kernel: Scanning routing table 26-06-2013 12:58:03 <TRACE> kernel: 2001::/32: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:900::/40: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:c00::/40: seen ......
26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:11::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:15::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:16::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:17::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:19::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:20::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:21::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:22::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:25::/48: already seen
.....
and then again and again and again same lines of data with "already seen"
even if we define scan time 600 and restarting kernel protocol nothing changes
with routes recieved from ibgp there are no such problems
here is sample configuration
router id xx.xx.xx.xx; define myas = ZZZZZ;
protocol device device { scan time 10; }
protocol kernel kernel { export all; import none; scan time 15; }
protocol direct direct { export none; import none; }
table T_ebgp;
filter pipe_ebgp_in { preference = 500; accept; }
filter pipe_ebgp_out { if (myas,client) ~ bgp_community then accept; reject; }
protocol pipe P_ebgp_peer { description "EBGP peer Pipe to master table"; table master; mode transparent; peer table T_ebgp; import filter pipe_ebgp_in; export filter pipe_ebgp_out; }
protocol bgp R_ebgp_peer { description "ebgp IPv6"; local as myas; neighbor 2001:xxx:x:xx::1 as XXX; import all; export all; next hop self; table T_ebgp; gateway direct; #disabled; }
On 06/26/2013 01:47 PM, Ondrej Filip wrote:
On 26.6.2013 12:27, Arnautov Artem wrote:
Forgot to mention some needed information
This looks like Linux issue. I don't anything wrong on BIRD.
Plase check this value using this command:
sysctl net.ipv6.route.max_size
that value is set during boot process each time to 100000 # sysctl net.ipv6.route.max_size net.ipv6.route.max_size = 100000
BIRD: 1.3.9 OS: Gentoo linux
# uname -a Linux router 3.9.6-gentoo #1 SMP Thu Jun 20 05:46:54 EEST 2013 x86_64 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux
On 06/26/2013 01:24 PM, Arnautov Artem wrote:
Hi we have problems on one of our router with bird6 and ebgp neighbors when we recieve ipv6 full view from ebgp neighbor and put it into separate table everything is OK when we pipe it into master table everything is OK when we enable export all ipv6 routes into kernel protocol strange things happens
while trying to find out how many ipv6 routes were added trying to run command like ip -6 ro sh | wc -l we may sit and wait for a long time without any success
if we looking for route count from bird6 console everything is ok but if we enable debug off route protocol we see messages like
26-06-2013 12:58:03 <TRACE> kernel: Scanning routing table 26-06-2013 12:58:03 <TRACE> kernel: 2001::/32: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:900::/40: seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:200:c00::/40: seen ......
26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:11::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:15::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:16::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:17::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:19::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:20::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:21::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:22::/48: already seen 26-06-2013 12:58:03 <TRACE> kernel: 2001:2b8:25::/48: already seen
.....
and then again and again and again same lines of data with "already seen"
even if we define scan time 600 and restarting kernel protocol nothing changes
with routes recieved from ibgp there are no such problems
here is sample configuration
router id xx.xx.xx.xx; define myas = ZZZZZ;
protocol device device { scan time 10; }
protocol kernel kernel { export all; import none; scan time 15; }
protocol direct direct { export none; import none; }
table T_ebgp;
filter pipe_ebgp_in { preference = 500; accept; }
filter pipe_ebgp_out { if (myas,client) ~ bgp_community then accept; reject; }
protocol pipe P_ebgp_peer { description "EBGP peer Pipe to master table"; table master; mode transparent; peer table T_ebgp; import filter pipe_ebgp_in; export filter pipe_ebgp_out; }
protocol bgp R_ebgp_peer { description "ebgp IPv6"; local as myas; neighbor 2001:xxx:x:xx::1 as XXX; import all; export all; next hop self; table T_ebgp; gateway direct; #disabled; }
-- --- Арнаутов Артем ISP NetAssist +380 44 2398989
On Wed, Jun 26, 2013 at 01:27:48PM +0300, Arnautov Artem wrote:
Forgot to mention some needed information
BIRD: 1.3.9 OS: Gentoo linux
# uname -a Linux router 3.9.6-gentoo #1 SMP Thu Jun 20 05:46:54 EEST 2013 x86_64 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux
Hello 'already seen' means that BIRD sees the route several times during the scan, which shouldn't happen. If would be useful if you could triggert the problem with smaller number of routes (perhaps some subset of EBGP using 'net ~ prefix' filter) and if you could send me the whole log, or at least all log messages related to one route. It would alsoe be a good idea to try some older Linux kernel. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello On 07/01/2013 01:52 PM, Ondrej Zajicek wrote:
On Wed, Jun 26, 2013 at 01:27:48PM +0300, Arnautov Artem wrote:
Forgot to mention some needed information
BIRD: 1.3.9 OS: Gentoo linux
# uname -a Linux router 3.9.6-gentoo #1 SMP Thu Jun 20 05:46:54 EEST 2013 x86_64 Intel(R) Xeon(R) CPU L5420 @ 2.50GHz GenuineIntel GNU/Linux
Hello
'already seen' means that BIRD sees the route several times during the scan, which shouldn't happen.
If would be useful if you could triggert the problem with smaller number of routes (perhaps some subset of EBGP using 'net ~ prefix' filter) and if you could send me the whole log, or at least all log messages related to one route. I'll try to test this today
It would alsoe be a good idea to try some older Linux kernel.
I'm going to perform such test with another router which is running under Gentoo linux too but has older kernel 3.5.2 - -- - --- ???????? ????? ISP NetAssist +380 44 2398989 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJR0VrjAAoJEGj9FDZFr3kF8mEH/392xg+aUVyJW6Ha2Q9yEwWv ltZRoTUFw9temciHHyE1ItWxA39BXK2I43uH1rjd6MVevG2Rp7UMN+dM/4fUAnhK JqMqHi8eeQotA9vcc+zyW2JHNiAWuv1A1b7+jhCSbOQraN+D3i6g5INcHx8crIAy w4mvrCVsvcX79cQ2bPG48dAwm8nrdHTYVLlPFA2cWc1idcaHH/hvGjQeHHp7GnY4 HnRXpYy+Xwb9wUWOV3J45UgmPWEr4n3eGvmWkh8U1+GiNzB6IVzNYXz8Ow5XULBR pYzKxF70UnVol+BtgCWwahpJscxswuP+KCnlXl64BJXjf6KfLxz7lERK/XYxycM= =uTRv -----END PGP SIGNATURE-----
participants (3)
-
Arnautov Artem -
Ondrej Filip -
Ondrej Zajicek