OpenBGPd iBGP and IPv6

Tue, 06 Nov 2012 03:54:19 -0800 

Hi,

I'm running what I would call a fairly basic setup composed of:
- 4 routers (OpenBGPd) / R{1..4}
- 2 transits AS{8218,13193}
- my AS: 49463
- BGP session over loopback interfaces (2a02:27d0:0:112::1 /
  2a02:27d0:100:114::4)
- Several peering sessions (HE, ...)

R1 - bgpd.conf:

AS 49463
network 2a02:27d0::/48
socket "/var/www/logs/bgpd.rsock" restricted

group "eBGP_Transit" {
    announce                self
    holdtime                30
    holdtime min            3
    set med                 100

    neighbor 2001:7a8:1:9FF2::1 {
        remote-as               13193
        descr                   ev6_gw-001_to_NERIM
        local-address           2001:7a8:1:9FF2::2
        announce IPv6           unicast
        announce IPv4           none
    }
}

group "iBGP_VTY_TMM" {
        remote-as               49463
        announce                all
        set nexthop             self

    neighbor 2a02:27d0:100:114::4 {
        descr                   iv6_gw-001_to_004
        local-address           2a02:27d0:0:112::1
        announce IPv6           unicast
        announce IPv4           none
        set prepend-neighbor    4
        set prepend-self        1
    }
}

deny from any
allow from any inet6 prefixlen 16 - 48
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 2001:2::/48 prefixlen >= 48    # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28   # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32  # docu range [RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16      # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7        # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10      # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10      # old site local unicast
deny from any prefix ff00::/8 prefixlen >= 8        # multicast

R4 - bgpd.conf:

AS 49463
network 2a02:27d0:100::/48
socket "/var/www/logs/bgpd.rsock" restricted

group "eBGP_Transit_NEO" {

        remote-as               8218
        holdtime                30
        holdtime min            3
        announce                self
        set med                 100

    neighbor    2001:1b48:2:103::175    {
        descr                   ev6_gw-004_to_NEO
        local-address           2001:1b48:2:103::176
        announce IPv4           none
        announce IPv6           unicast
    }
}

group "iBGP_VTY_TMM" {
        remote-as               49463
        announce                all


    neighbor    2a02:27d0:0:112::1  {
        descr                   iv6_gw-004_to_001
        local-address           2a02:27d0:100:114::4
        announce IPv6           unicast
        announce IPv4           none
        set prepend-neighbor    1
        set prepend-self        1
        set nexthop             self
    }
}

deny from any
allow from any inet6 prefixlen 16 - 48
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 2001:2::/48 prefixlen >= 48    # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28   # ORCHID [RFC4843]
deny from any prefix 2001:db8::/32 prefixlen >= 32  # docu range [RFC3849]
deny from any prefix 3ffe::/16 prefixlen >= 16      # old 6bone
deny from any prefix fc00::/7 prefixlen >= 7        # unique local unicast
deny from any prefix fe80::/10 prefixlen >= 10      # link local unicast
deny from any prefix fec0::/10 prefixlen >= 10      # old site local unicast
deny from any prefix ff00::/8 prefixlen >= 8        # multicast


On R1:
# bgpctl show | egrep '(iv6_gw-001_to_004|ev6_gw-001_to_NERIM)'
ev6_gw-001_to_NERIM     13193     302495      94094     0 01w3d21h  10543
iv6_gw-001_to_004       49463     317993     154496     0 00:53:17      2

I receive 10543 IPv6 prefixes from my transit, but only 2 over the iBGP
session.
# bgpctl show rib nei iv6_gw-001_to_004 in
I*    2001:7f8:4::/48      2a02:27d0:100:114::4    100   200 49463 49463 49463 
49463 49463 49463 49463 49463 8218 8218 5459 i
I*    2a02:27d0:100::/48   2a02:27d0:100:114::4    100     0 49463 49463 49463 
49463 49463 49463 49463 49463 i

# bgpctl show rib nei iv6_gw-001_to_004 out
*>    2001:559:8008::/48   2001:7a8:1:9ff2::1    100   100 49463 13193 3356 
7015 7015 7015 7015 ?
*>    2001:7f8:4::/48      2001:7a8:1:9ff2::1    100   100 49463 13193 5459 i
AI*>  2a02:27d0::/48       ::                 100     0 49463 i


On R4:
# bgpctl show | egrep '(iv6_gw-004_to_001|ev6_gw-004_to_NEO)'
ev6_gw-004_to_NEO        8218       8451        331     0 00:54:35  10849
iv6_gw-004_to_001       49463        263        562     0 00:54:35      3

I receive 10849 IPv6 prefixes from my transit, but only 3 over the iBGP
session.

# bgpctl show rib nei iv6_gw-004_to_001 in
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
I*>   2001:559:8008::/48   2a02:27d0:0:112::1    100   100 49463 49463 13193 
3356 7015 7015 7015 7015 ?
I*    2001:7f8:4::/48      2a02:27d0:0:112::1    100   100 49463 49463 13193 
5459 i
I*>   2a02:27d0::/48       2a02:27d0:0:112::1    100     0 49463 49463 i

# bgpctl show rib nei iv6_gw-004_to_001 out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
*>    2001:7f8:4::/48      2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 5459 i
*>    2402:da00::/32       2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00::/35       2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:2000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:4000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:6000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:8000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:a000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:c000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
*>    2402:da00:e000::/35  2001:1b48:2:103::175    100   200 49463 49463 49463 
49463 8218 8218 1299 6453 7713 6939 55818 24526 i
AI*>  2a02:27d0:100::/48   ::                 100     0 49463 49463 49463 49463 
i

Is is really strange since the very same setup is working fine over IPv4
(all routes are seen over iBGP).

Note: When shutting sessions to my peerings (I mean all peerings), I see
the PrfRcvd increasing, which means I then begin to receive prefixes and
my sessions seem to be well configured.

Hint: on my R3 router (basically the same config as R4 with different
IPs) I have:
match from group Peering_France-IX set { localpref 450 }
On R4:
match from group Peering_France-IX set { localpref 250 }

Please note Peering_France-IX group contains both IPv4 *and* IPv6
sessions (IPv4 sessions don't exhibit this behavior).

Did I miss something obvious or...? :$

Thanks

Laurent

PS: tests conducted with *and* without pf.

Reply via email to