Wednesday, July 13, 2022

Re: OpenBGPD via (WG?) Tunnel Not Learning Routes

Heho,

route -n monitor is silent; Routes are seen over the session:

bgp-test.test ~ # bgpctl show
Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd
2a06:d1c0::dead:beef:c0 59645 36560 4 0 00:00:06 129933

But nothing gets installed, most like due to the link-state of the wg not coming up. Also nothing special in bgpd -vvvd:

RDE soft reconfiguration done
neighbor 2a06:d1c0::dead:beef:c01: state change Connect -> OpenSent, reason: Connection opened
neighbor 2a06:d1c0::dead:beef:c01: state change OpenSent -> OpenConfirm, reason: OPEN message received
neighbor 2a06:d1c0::dead:beef:c01: state change OpenConfirm -> Established, reason: KEEPALIVE message received
neighbor 2a06:d1c0::dead:beef:c01: sending IPv6 unicast EOR marker
nexthop 2a06:d1c0::dead:beef:c02 now invalid: directly connected
nexthop 2a06:d1c0::dead:beef:c01 now invalid: directly connected
nexthop 2a06:d1c0::dead:beef:c01 update starting
nexthop 2a06:d1c0::dead:beef:c01 update finished
neighbor 2a06:d1c0::dead:beef:c01: received IPv6 unicast EOR marker

With best regards,
Tobias


-----Original Message-----
From: owner-misc@openbsd.org <owner-misc@openbsd.org> On Behalf Of Stuart Henderson
Sent: Wednesday, 13 July 2022 13:01
To: misc@openbsd.org
Subject: Re: OpenBGPD via (WG?) Tunnel Not Learning Routes

On 2022-07-13, Tobias Fiebig <tobias@reads-this-mailinglist.com> wrote:
> Heho,
>
> When doing what i described in my message, I get the below messages.
>
> When I set static routes, packet forwarding works fine, i.e.:
>
> gw02.dus01.as59645.net ~ # route add -inet6 2a06:d1c2::/48
> 2a06:d1c0::dead:beef:c02 add net 2a06:d1c2::/48: gateway
> 2a06:d1c0::dead:beef:c02
>
> bgp-test.test /etc # route add -inet6 default 2a06:d1c0::dead:beef:c01
> add net default: gateway 2a06:d1c0::dead:beef:c01
>
> Removing those routes and restarting the BGPD then also leads to a successful import of routes, see bgpctl sh nex at the bottom of this mail.
>
> It somehow feels like bgpd does not register that wg0 came up.

Yes.

You can check with "route -n monitor" that the route messages are correctly sent when the interface is brought up, also try running bgpd in the foreground with debug logging (bgpd -vvvd or so) and see if any errors/warnings are logged when wg comes up.

> Let me try if this behavior is the same for other tunnels (eoip).

Worth a try. Also maybe different between v4 and v6, WireGuard doesn't really do v6 properly.

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)