[quagga-users 9930] Re: iBGP problem

Peter van den Heuvel peter at txnt.net
Wed Sep 24 16:08:59 IST 2008


> My belief is that we learn much of what we know by making mistakes.
Amen! Seems to be the only way I am learning :)

> Hence, there is no such thing as a stupid mistake ;)
Yet I am known to have made mistakes every now and then that I've 
already learned from before :) Guess those actually are stupid. But 
allas, not in this case.

Although... I made _part_ of the problem go away by restarting zebra 
itself while trying to provide clean as possible data (and I've 
restarted zebra before to fix problems). Because I added no interfaces 
etc. since the last zebra start, that sounds like a zebra bug to me. But 
that is of little concern as I can work around it. The real problem has 
now shifted back to the periphery of our network. The details are as 
follows.

> Can you provide a topo diagram of the infrastructure (with IPs),

        10.5.0.32
        |       |
        |       |
10.5.0.1       10.5.0.2    \____ One machine
10.0.0.10------10.0.0.11   /
     |  |       |     |
     |  +-----+ |     |
     |        | |     |
     |  +-------+     |
     |  |     |       |
10.0.0.6     +-- 10.0.0.7
10.3.254.255 --- 10.3.252.255
10.3.254.0 ----- 10.3.252.0 ----- 10.3.17.16
     |    |       |   |
     |    |       |   |
     |    10.3.18.16  |
     |                |
     |                |
10.3.16.16 ----- 10.3.16.17
10.3.16.252 ---- 10.3.16.253

- The problem is now back to 10.5.0.32
- We had similar problems adding machines to 10.0.0.6 and 10.0.07
- Anything above 10.0.0.6 and 10.0.0.7 is Eu on Tinc
- Anything at and below 10.0.0.6 and 10.0.0.7 is Ca on Cipe
- This is work in progress and Cipe will be replaced by Tinc using a 
10.3.0.0/24 network of tunnels
- 10.3.16.16 and 10.3.16.17 and 10.3.17.16 will be tunneled to both Ca 
routers (like the 10.3.18.16)
- 10.3.25[24].255 is a tunnel over a different carrier, to be preferred
- 10.3.16.25[24] is a tunnel over a different carrier, to be preferred
- Route preference is not yet considered but should be in the future
- Connected nets are not shown
- 10.5.0.2 is "new" with 64 bits etc.
- We had similar results connecting a "new" periperal machine to the 
"old" 10.0.0.6 and 10.0.0.7



> and the BGP config and route table for both EU routers?
root at fw.nl.grid:/etc$ cat bgpd.conf
hostname          bgp-fw-nl
log               syslog

password          ...
enable password   ...

access-list       console permit 127.0.0.1/32
access-list       console deny   any
line              vty
         access-class   console

access-list       NetGrid   permit 10.0.0.0/8
access-list       NetGrid   deny   any
route-map         RouteGrid permit 10
    match ip address NetGrid

router                 bgp 64515
    bgp router-id       10.5.250.0
    bgp                 dampening
    redistribute        connected route-map RouteGrid

    neighbor 10.0.0.11  remote-as 64515
    neighbor 10.0.0.11  description gk.nl.grid
    neighbor 10.0.0.6   remote-as 64515
    neighbor 10.0.0.6   description fw.nb.grid
    neighbor 10.0.0.7   remote-as 64515
    neighbor 10.0.0.7   description gk.nb.grid

    neighbor Clnt peer-group
    neighbor Clnt remote-as 64515
    neighbor Clnt route-map RouteGrid in
    neighbor Clnt route-map RouteGrid out
    neighbor Clnt route-reflector-client

    neighbor 10.5.0.32  peer-group Clnt
    neighbor 10.5.0.32  description cpl.bbq.nl.grid
#  neighbor 10.5.0.34  peer-group Clnt
#  neighbor 10.5.0.34  description cpl.fox.nl.grid
#  neighbor 10.5.0.128 peer-group Clnt
#  neighbor 10.5.0.128 description cpl.test.nl.grid



root at gk.nl.grid:/etc/quagga # cat bgpd.conf
hostname          bgp-gk-nl
log               syslog
no banner         motd

password          ...
enable password   ...

access-list       console permit 127.0.0.1/32
access-list       console deny   any
line              vty
    access-class   console

access-list       NetGrid   permit 10.0.0.0/8
access-list       NetGrid   deny   any
route-map         RouteGrid permit 10
    match ip address NetGrid

router                bgp 64515
    bgp router-id      10.5.252.0
    bgp                dampening
    redistribute       connected route-map RouteGrid

    neighbor 10.0.0.10  remote-as 64515
    neighbor 10.0.0.10  description fw.nl.grid
    neighbor 10.0.0.6   remote-as 64515
    neighbor 10.0.0.6   description fw.nb.grid
    neighbor 10.0.0.7   remote-as 64515
    neighbor 10.0.0.7   description gk.nb.grid

    neighbor Clnt peer-group
    neighbor Clnt remote-as 64515
    neighbor Clnt route-map RouteGrid in
    neighbor Clnt route-map RouteGrid out
    neighbor Clnt route-reflector-client

    neighbor 10.5.0.32  peer-group Clnt
    neighbor 10.5.0.32  description cpl.bbq.nl.grid
#  neighbor 10.5.0.34  peer-group Clnt
#  neighbor 10.5.0.34  description cpl.fox.nl.grid
#  neighbor 10.5.0.128 peer-group Clnt
#  neighbor 10.5.0.128 description cpl.test.nl.grid



 > and route table for both EU routers?
Since the EU routes are no longer a problem (but the 10.5.0.32 is) I'll 
provide that machines details. Let me know if you require more. External 
IPs have been replaced by 10.2.1.100:
root at cpl.bbq.grid:~ # ip route show
10.5.252.1 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.5.250.1 via 10.2.1.100 dev eth0  proto zebra
10.3.16.145 via 10.2.1.100 dev eth0  proto zebra
10.3.18.144 via 10.2.1.100 dev eth0  proto zebra
10.3.16.144 via 10.2.1.100 dev eth0  proto zebra
10.3.252.255 via 10.2.1.100 dev eth0  proto zebra
10.3.254.255 via 10.2.1.100 dev eth0  proto zebra
10.3.16.17 via 10.2.1.100 dev eth0  proto zebra
10.3.16.16 via 10.2.1.100 dev eth0  proto zebra
10.3.18.16 via 10.2.1.100 dev eth0  proto zebra
10.3.16.252 via 10.2.1.100 dev eth0  proto zebra
10.3.254.1 via 10.2.1.100 dev eth0  proto zebra
10.3.252.1 via 10.2.1.100 dev eth0  proto zebra
10.3.16.253 via 10.2.1.100 dev eth0  proto zebra
10.3.254.0 via 10.2.1.100 dev eth0  proto zebra
10.3.252.0 via 10.2.1.100 dev eth0  proto zebra
10.3.16.254 via 10.2.1.100 dev eth0  proto zebra
10.3.16.255 via 10.2.1.100 dev eth0  proto zebra
10.3.17.16 via 10.2.1.100 dev eth0  proto zebra
10.3.16.128/29 via 10.2.1.100 dev eth0  proto zebra
10.3.16.136/29 via 10.2.1.100 dev eth0  proto zebra
10.3.16.8/29 via 10.2.1.100 dev eth0  proto zebra
10.3.18.128/29 via 10.2.1.100 dev eth0  proto zebra
10.3.18.0/29 via 10.2.1.100 dev eth0  proto zebra
10.3.16.96/28 via 10.2.1.100 dev eth0  proto zebra
10.3.16.64/28 via 10.2.1.100 dev eth0  proto zebra
10.3.251.0/24 via 10.2.1.100 dev eth0  proto zebra
10.5.251.0/24 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.5.249.0/24 via 10.2.1.100 dev eth0  proto zebra
10.5.9.0/24 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.0.0.0/24 via 10.5.0.1 dev tincclnt  proto zebra
10.5.8.0/24 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.2.1.0/24 dev eth0  proto kernel  scope link  src 10.2.1.5
10.3.253.0/24 via 10.2.1.100 dev eth0  proto zebra
10.3.4.0/24 via 10.2.1.100 dev eth0  proto zebra
10.5.4.0/24 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.5.7.0/24 via 10.2.1.100 dev eth0  proto zebra
10.5.6.0/24 via 10.2.1.100 dev eth0  proto zebra  metric 1
10.3.0.0/24 via 10.2.1.100 dev eth0  proto zebra
10.3.1.0/24 via 10.2.1.100 dev eth0  proto zebra
10.5.0.0/24 dev tincclnt  proto kernel  scope link  src 10.5.0.32
10.3.2.0/24 via 10.2.1.100 dev eth0  proto zebra
127.0.0.0/8 dev lo  scope link
default via 10.2.1.100 dev eth0



The bgp.conf of that machine:
hostname          bgp-cpl-bbq-nl
log               syslog
no banner         motd

password          ...
enable password   ...

access-list       console permit 127.0.0.1/32
access-list       console deny   any
line              vty
    access-class   console

access-list       NetGrid   permit 10.0.0.0/8
access-list       NetGrid   deny   any
route-map         RouteGrid permit 10
    match ip address NetGrid

router                bgp 64515
    bgp router-id      10.5.16.0
    bgp                dampening
    redistribute       connected route-map RouteGrid

    neighbor 10.5.0.1  remote-as 64515
    neighbor 10.5.0.1  description fw.nl.grid
    neighbor 10.5.0.2  remote-as 64515
    neighbor 10.5.0.2  description gk.nl.grid



And for your entertainment, while we're at it, the "show ip bgp" from 
the cpl.bbq.nl; the one behaving funny:
    Network          Next Hop            Metric LocPrf Weight Path
* i10.0.0.0/24      10.5.0.2                 1    100      0  ?
*>i                 10.5.0.1                 0    100      0  ?
*> 10.2.1.0/24      0.0.0.0                  1         32768  ?
* i10.3.0.0/24      10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.1.0/24      10.0.0.6                 0    100      0  ?
*>i                 10.0.0.6                 0    100      0  ?
* i10.3.2.0/24      10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.4.0/24      10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.16.8/29     10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.16/32    10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.17/32    10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.16.64/28    10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.16.96/28    10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.128/29   10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.16.136/29   10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.144/32   10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.16.145/32   10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.252/32   10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.253/32   10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.16.254/32   10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.16.255/32   10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.17.16/32    10.0.0.6                 0    100      0  ?
*>i                 10.0.0.6                 0    100      0  ?
* i10.3.18.0/29     10.3.18.16               0    100      0  ?
*>i                 10.3.18.16               0    100      0  ?
* i10.3.18.16/32    10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.18.128/29   10.3.18.16               0    100      0  ?
*>i                 10.3.18.16               0    100      0  ?
* i10.3.18.144/32   10.3.18.16               0    100      0  ?
*>i                 10.3.18.16               0    100      0  ?
* i10.3.251.0/24    10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.252.0/32    10.3.16.17               0    100      0  ?
*>i                 10.3.16.17               0    100      0  ?
* i10.3.252.1/32    10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.3.252.255/32  10.0.0.6                 0    100      0  ?
*>i                 10.0.0.6                 0    100      0  ?
* i10.3.253.0/24    10.0.0.6                 0    100      0  ?
*>i                 10.0.0.6                 0    100      0  ?
* i10.3.254.0/32    10.3.16.16               0    100      0  ?
*>i                 10.3.16.16               0    100      0  ?
* i10.3.254.1/32    10.0.0.6                 0    100      0  ?
*>i                 10.0.0.6                 0    100      0  ?
* i10.3.254.255/32  10.0.0.7                 0    100      0  ?
*>i                 10.0.0.7                 0    100      0  ?
* i10.5.0.0/24      10.5.0.2                 1    100      0  ?
* i                 10.5.0.1                 0    100      0  ?
*>                  0.0.0.0                  1         32768  ?
* i10.5.4.0/24      10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
* i10.5.6.0/24      10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
*>i10.5.7.0/24      10.0.0.10                0    100      0  ?
* i                 10.5.0.1                 0    100      0  ?
* i10.5.8.0/24      10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
* i10.5.9.0/24      10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
*>i10.5.249.0/24    10.0.0.10                0    100      0  ?
* i                 10.5.0.1                 0    100      0  ?
*>i10.5.250.1/32    10.0.0.10                0    100      0  ?
* i                 10.5.0.1                 0    100      0  ?
* i10.5.251.0/24    10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
* i10.5.252.1/32    10.5.0.2                 1    100      0  ?
*>i                 10.0.0.11                1    100      0  ?
Total number of prefixes 42



OK, so I hope you can make heads and tails from this jumble. Error 
behavior is too complex to reproduce it in a simple test-setup. And this 
net is doing some real-world stuff, so I must be a little careful with 
experimentation.

-- 
Thanks, Peter



More information about the Quagga-users mailing list