(Re)export unreachable routes via BGP.
Is it possible to (re)export unreachable routes via BGP? I have established a pair of BGP neighbor sessions with Team Cymru Route Servers, both of which are receiving unreachable prefixes, namely bogons, like they should be. I would like to (re)export said prefixes to a different machine that is not able to form a BGP neighbor session with Team Cymru (for various reasons). All attempts thus far have resulted in the BGP neighbor session with the 3rd test machine not (re)exporting any unreachable routes. I can (re)export other routes without a problem. It looks to me like BGP is rejecting the the routes (I think) because they are unreachable. "show route table bogons" works as expected, and shows the routes received via both of the BGP neighbor sessions with the Team Cymru Route Servers. Similarly, I can see the unreachable routes in the proper table from Linux. Thank you in advance for any help / enlightenment that you can provide. --8<-- bird> show protocols all grant name proto table state since info grant BGP bogons up 21:12 Established Description: Feed to Grant at home Preference: 100 Input filter: REJECT Output filter: ACCEPT Routes: 0 imported, 0 exported, 0 preferred Route change stats: received rejected filtered ignored accepted Import updates: 0 0 0 0 0 Import withdraws: 0 0 --- 0 0 Export updates: 3031 3031 0 --- 0 Export withdraws: 0 --- --- --- 0 -->8-- --8<-- filter cymru_bogons_import { bgp_community.add((REDACTED,888)); #dest = RTD_BLACKHOLE; accept; } filter cymru_bogons_export { reject; } protocol bgp cymru1 { description "Team Cymru Bogons Route Server #1"; import filter cymru_bogons_import; #export filter cymru_bogons_export; #import all; export none; multihop 255; local as REDACTED; neighbor REDACTED as REDACTED; source address REDACTED; table bogons; } protocol bgp cymru2 { description "Team Cymru Bogons Route Server #2"; import filter cymru_bogons_import; #export filter cymru_bogons_export; #import all; export none; multihop 255; #password "FIXME"; local as REDACTED; neighbor REDACTED as REDACTED; source address REDACTED; table bogons; } protocol bgp grant { description "Feed to Grant at home"; import none; export all; multihop 255; local as REDACTED; neighbor REDACTED as REDACTED; source address REDACTED; table bogons; } -->8-- -- Grant. . . . unix || die
On Sat, Nov 03, 2018 at 08:31:09PM -0600, Grant Taylor wrote:
Is it possible to (re)export unreachable routes via BGP?
All attempts thus far have resulted in the BGP neighbor session with the 3rd test machine not (re)exporting any unreachable routes. I can (re)export other routes without a problem. It looks to me like BGP is rejecting the the routes (I think) because they are unreachable.
Hi I do not see a reason why unreachable routes would not be exported, works for me. It is likely something completely different. Aren't both incoming and outgoing (grant) sessions IBGP? In such case they would not be forwarded due to basic BGP behavior (not forwarding IBGP-IBGP). -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On 11/05/2018 04:55 AM, Ondrej Zajicek wrote:
Hi
Hi,
I do not see a reason why unreachable routes would not be exported, works for me.
Okay. Thank you for confirming that.
It is likely something completely different. Aren't both incoming and outgoing (grant) sessions IBGP? In such case they would not be forwarded due to basic BGP behavior (not forwarding IBGP-IBGP).
No, there are two eBGP sessions with Team Cymru and a separate eBGP session with my other device. Team Cymru = AS65532 Bird = REDACTED (≠ 65532 ≠ 12345) Grant = AS12345 I was 98% certain that such is the case, and I have just confirmed. I also changed the AS (from 65535, to 12345, for testing) between Bird and my equipment. I'm not seeing any difference. So I don't think my problem is that simple low hanging fruit. -- Grant. . . . unix || die
TL;DR: I got it working. On 11/05/2018 09:15 AM, Grant Taylor wrote:
So I don't think my problem is that simple low hanging fruit.
Well, you got me on the proper path. I did some more searching, found how to enable some more logging, and discovered "rejected by protocol". Which ultimately pointed me at another thread with someone doing the same thing as me: Link - BGP rejected by protocol - https://bird.network.cz/pipermail/bird-users/2015-July/009807.html I had to add "interpret communities off" my BGP neighbor session on the middle host. I am now receiving the prefixes like desired on my end system (grant). Thank you for your help getting me pointed to the correct path. -- Grant. . . . unix || die
participants (2)
-
Grant Taylor -
Ondrej Zajicek