Hi Misc@,
While working/experimenting with bgpd + carp and storing the prefix learn
by bgpd to a pftable, the carp peer hang when the other peer is rebooted.
Works ok before storing this prefixes to pftable. Both router are
identical.
So here is the config file on each router, dmesg and of course, the ddb
and trace,
Core1----
| |
| -------------- GWprefix feeder
| |
Core2----
Core1
pf.conf
-------
in_if="em0"
ext_if="em1"
pfsync_if="em2"
set skip on lo
set limit {states 30000, frags 15000}
scrub in all
table <bgpd> persist
table <bgp_blocked> persist
table <bogon> const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8,
5.0.0.
0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7,
39.0.0.0/8, 42.0
.0.0/8, 49.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7, 100.0.0.0/6, 104.0.0.0/5,
112.0.0.0/
6, 169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/5, 184.0.0.0/6}
#allow all loopback interface to communicate
pass quick on lo0 all
#allow pfsync traffic in real interface not virtual interface
pass quick on $pfsync_if proto pfsync keep state
#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state
#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state
#allow icmp traffic
pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to
any k
eep state
#pass in quick on $ext_if inet proto icmp from any to any keep state
#allow ssh access
pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any
port 22
keep state
pass in quick on {$in_if, $ext_if, $pfsync_if} from <bgpd> to any keep
state tag
ALLOW
pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW
block in quick on {$in_if, $ext_if, $pfsync_if} from <bgp_blocked> to any
tag BL
OK
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK
block in quick on {$in_if, $ext_if, $pfsync_if} from <bogon> to any tag
BLOCKED
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED
bgpd.conf
---------
#macros
peer1="202.149.93.241"
peer2="10.10.10.5"
# global configuration
AS 65022
router-id 10.10.10.3
holdtime 180
holdtime min 3
listen on 127.0.0.1
listen on 10.10.10.3
fib-update yes
nexthop qualify via bgp
log updates
network 202.149.93.176/28
neighbor $peer1 {
remote-as 65021
descr office-gtw
announce all
announce capabilities yes
demote carp
softreconfig in yes
softreconfig out yes
}
neighbor $peer2 {
remote-as 65022
descr core2-exp
announce all
announce capabilities yes
softreconfig in yes
softreconfig out yes
tcp md5sig password lalerijo
set pftable "bgpd"
}
deny from any
allow from any inet prefixlen 8 - 24
allow from {$peer1 $peer2} inet prefixlen 8 - 30
allow to {$peer1 $peer2} prefix 202.149.93.176/28 prefixlen 8 - 30
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
Core2
pf.conf
--------
in_if="em0"
ext_if="em1"
pfsync_if="vlan111"
set skip on lo
set limit {states 30000, frags 15000}
scrub in all
table <bgpd> persist
table <bgp_blocked> persist
table <bogon> const {192.168.0.0/16, 172.16.0.0/12, 0.0.0.0/7, 2.0.0.0/8,
5.0.0.
0/8, 7.0.0.0/8, 23.0.0.0/8, 27.0.0.0/8, 31.0.0.0/8, 36.0.0.0/7,
39.0.0.0/8, 42.0
.0.0/8, 9.0.0.0/8, 50.0.0.0/8, 94.0.0.0/7,100.0.0.0/6,104.0.0.0/5,
112.0.0.0/6,
169.254.0.0/16, 173.0.0.0/8, 174.0.0.0/7,176.0.0.0/5,184.0.0.0/6}
#allow all loopback interface to communicate
pass quick on lo0 all
pass all
#allow pfsync traffic in real interface not virtual interface
pass quick on $pfsync_if proto pfsync keep state
#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state
#allow CARP traffic
pass quick on {$in_if, $ext_if} proto carp keep state
#allow icmp traffic
pass in quick on {$in_if, $ext_if, $pfsync_if} inet proto icmp from any to
any k
eep state
#pass in quick on $ext_if inet proto icmp from any to any keep state
#allow ssh access
pass in quick on {$in_if, $ext_if, $pfsync_if} proto tcp from any to any
port 22
keep state
pass in quick on {$in_if, $ext_if, $pfsync_if} from <bgpd> to any keep
state tag
ALLOW
pass out quick on {$in_if, $ext_if, $pfsync_if} tagged ALLOW
block in quick on {$in_if, $ext_if, $pfsync_if} from <bgp_blocked> to any
tag BL
OK
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOK
block in quick on {$in_if, $ext_if, $pfsync_if} from <bogon> to any tag
BLOCKED
block out quick on {$in_if, $ext_if, $pfsync_if} tagged BLOCKED
bgpd.conf
---------
#macros
peer1="202.149.93.241"
peer2="10.10.10.3"
# global configuration
AS 65022
router-id 10.10.10.5
holdtime 180
holdtime min 3
listen on 127.0.0.1
listen on 10.10.10.5
fib-update yes
nexthop qualify via bgp
log updates
network 202.149.93.176/28
neighbor $peer1 {
remote-as 65021
descr office-gtw
announce all
announce capabilities yes
demote carp
softreconfig in yes
softreconfig out yes
}
neighbor $peer2 {
remote-as 65022
descr core1-exp
announce all
announce capabilities yes
softreconfig in yes
softreconfig out yes
tcp md5sig password lalerijo
set pftable "bgpd"
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24
allow from {$peer1 $peer2} inet prefixlen 8 - 30
allow to {$peer1 $peer2} prefix 202.149.93.176/28 prefixlen 8 - 30
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
descr core1-exp
announce all
announce capabilities yes
softreconfig in yes
softreconfig out yes
tcp md5sig password lalerijo
set pftable "bgpd"
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24
allow from {$peer1 $peer2} inet prefixlen 8 - 30
allow to {$peer1 $peer2} prefix 202.149.93.176/28 prefixlen 8 - 30
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
and finally, ddb trace and dmesg
rn_delete: Orphaned Mask 0xd1d469d0 at 0x0
rn_delete: couldn't find our annotation
pfr_unroute_kentry: delete failed.
rn_delete: Orphaned Mask 0xd1d46520 at 0x0
uvm_fault(0xd7b3e814, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at rn_walktree+0x3f: cmpw $0,0x8(%eax)
rn_delete: Orphaned Mask 0xd1d48c60 at 0x0
rn_delete: couldn't find our annotation
pfr_unroute_kentry: delete failed.
rn_delete: Orphaned Mask 0xd1d48780 at 0x0
uvm_fault(0xd7b3e814, 0x0, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at rn_walktree+0x3f: cmpw $0,0x8(%eax)
ddb> rn_walktree(d1b50480,d030fde0,de864b08,d0311f1b) at rn_walktree+0x3f
pfr_mark_addrs(de848000,ffffffff,10000000,d1d9a000) at pfr_mark_addrs+0x33
pfr_del_addrs(d1d9a000,84ec4000,400,d1d9a43c,10000000,d0352da4,50,ffffffff)
at pfr_del_addrs+0x364
pfioctl(4900,c44c4444,d1d9a000,3,d7836818) at pfioctl+0x3a6b
spec_ioctl(de864d68,d777f354,de864d60,d036f7db,40) at spec_ioctl+0x3f
spec_vnoperate(de864d68,d777f354,de864d90,d0371d17,d0796cd0) at
spec_vnoperate+0x16
VOP_IOCTL(d7acbccc,c44c4444,d1d9a000,3,d7b49000,d7836818,de864e38,d1cfa800)
at VOP_IOCTL+0x40
vn_ioctl(d7b2bdc0,c44c4444,d1d9a000,d7836818,d07aede0) at vn_ioctl+0xa7
sys_ioctl(d7836818,de864f68,de864f58,5,d7836818) at sys_ioctl+0x125
syscall() at syscall+0x24e
--- syscall (number 54) ---
0xe36eabd:
OpenBSD 4.3-current (GENERIC) #3: Thu May 8 03:46:09 WIT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error f<fixed_disk,invalid_time>
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,S
SE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR
real mem = 1069670400 (1020MB)
avail mem = 1026215936 (978MB)
RTC BIOS diagnostic error f<fixed_disk,invalid_time>
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 07/11/06, SMBIOS rev. 2.4 @
0x3fbf4000 (42 entries)
bios0: vendor Intel Corporation version
"S3000.86B.02.00.0044.071120071047" date 07/11/2007
bios0: Intel S3000AH
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC WDDT MCFG ASF! SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(
S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus 3 (PEX5)
acpicpu0 at acpi0: FVS, 3000, 2400 MHz
acpibtn0 at acpi0: SLPB
bios0: ROM list: 0xc0000/0x9000 0xc9000/0x1000 0xca000/0x1800
0xcb800/0x1800 0xcd000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0x00
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: irq 9
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: irq 9
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: irq 11
pci3 at ppb2 bus 3
em0 at pci3 dev 0 function 0 "Intel PRO/1000MT (82573E)" rev 0x03: irq 9,
address 00:15:17:49:03:b3
"Intel 82573E Serial" rev 0x03 at pci3 dev 0 function 3 not configured
"Intel 82573E KCS" rev 0x03 at pci3 dev 0 function 4 not configured
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 10
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 11
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 11
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci4 at ppb3 bus 4
em1 at pci4 dev 0 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq
11, address 00:07:e9:0f:44:ac
em2 at pci4 dev 1 function 0 "Intel PRO/1000MT (82540EM)" rev 0x02: irq
11, address 00:07:e9:0f:44:e3
vga1 at pci4 dev 4 function 0 "ATI ES1000" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em3 at pci4 dev 5 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 9,
address 00:15:17:49:03:b4
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configur
ed to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured
to native-PCI
pciide1: using irq 10 for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: <ST3160211AS>
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 10
iic0 at ichiic0
adt0 at iic0 addr 0x2e: sch5027 rev 0x69
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: <PC speaker>
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask fded netmask ffed ttymask ffef
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
--
insandotpraja(at)gmaildotcom
