After trying couple of things, we noticed that the bgp routes are missing from the kernel routing table as long as we have a route added toward the other end of the tunnel using the public ip of the tunnel as gateway ie:
root@vpn1:~ # netstat -rn | grep <public ip1>
<public ip1> <public ip2> UGHS 2 4389837 - 8 vlan10
172.29.1.3 <public ip1> UHS 1 5 - L 8 mgre0
If we remove that route toward 172.29.1.3 (mgre tunnel on the other side) then the routing table gets populated with all the bgp routes, but then we can reach that gateway 172.29.1.3
as soon as we readd that route, all the bgp routes disappear:
root@vpn1:~ # route -n show | grep mgre
172.29.1/24 172.29.1.2 UCn 0 0 - 4 mgre0
172.29.1.2 mgre0 UHl 0 18431 - 1 mgre0
172.29.1.3 <public ip1> UHS 1 5 - L 8 mgre0
root@vpn1:~ # route del 172.29.1.3
del host 172.29.1.3
root@vpn1:~ # route -n show | grep mgre
10.1.0/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.2/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.3/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.4/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.5/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.6/24 172.29.1.3 UG 0 0 - 48 mgre0
10.1.16/24 172.29.1.3 UG 0 0 - 48 mgre0
...
We also noticed that sometimes the iface is missing in the bgpctl show next command:
root@vpn1:~ # bgpctl show next
Flags: * = nexthop valid
Nexthop Route Prio Gateway Iface
* 172.29.1.3 172.29.1.3/32 8 <public ip1>
Thanks,
Ben
No comments:
Post a Comment