Re: OpenBGPD via (WG?) Tunnel Not Learning Routes

Heho,

When doing what i described in my message, I get the below messages.

When I set static routes, packet forwarding works fine, i.e.:

gw02.dus01.as59645.net ~ # route add -inet6 2a06:d1c2::/48 2a06:d1c0::dead:beef:c02
add net 2a06:d1c2::/48: gateway 2a06:d1c0::dead:beef:c02

bgp-test.test /etc # route add -inet6 default 2a06:d1c0::dead:beef:c01
add net default: gateway 2a06:d1c0::dead:beef:c01

Removing those routes and restarting the BGPD then also leads to a successful import of routes, see bgpctl sh nex at the bottom of this mail.

It somehow feels like bgpd does not register that wg0 came up. Let me try if this behavior is the same for other tunnels (eoip).

With best regards,
Tobias


### Setting up wireguard interface after bgpd had been started

bgp-test.test rem # bgpctl sh nex
Flags: * = nexthop valid

Nexthop Route Prio Gateway Iface
2a06:d1c0::dead:beef:c01 2a06:d1c0::dead:beef:c01/128 3 connected wg0 (DOWN, unknown)
2a06:d1c0::dead:beef:c02 2a06:d1c0::dead:beef:c02/128 1 connected wg0 (DOWN, unknown)

bgp-test.test rem # ifconfig wg0
wg0: flags=80c3<UP,BROADCAST,RUNNING,NOARP,MULTICAST> mtu 1420
index 6 priority 0 llprio 3
wgport 13720
wgrtable 23
wgpubkey
wgpeer
wgpka 25 (sec)
wgendpoint 2001:4ba0:92f4:3::235 2342
tx: 641944, rx: 7763244
last handshake: 33 seconds ago
wgaip 0.0.0.0/0
wgaip ::/0
groups: wg
inet6 2a06:d1c0::dead:beef:c02 prefixlen 120

bgp-test.test rem # bgpctl show
Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd
2a06:d1c0::dead:beef:c0 59645 48128 12 0 00:04:06 133825

### bgpctl sh nex after restarting bgpd

bgp-test.test /etc # bgpctl sh nex
Flags: * = nexthop valid

Nexthop Route Prio Gateway Iface
* 2a06:d1c0::dead:beef:c01 2a06:d1c0::dead:beef:c01/128 3 connected wg0 (UP, unknown)
* 2a06:d1c0::dead:beef:c02 2a06:d1c0::dead:beef:c02/128 1 connected wg0 (UP, unknown)

-----Original Message-----
From: owner-misc@openbsd.org <owner-misc@openbsd.org> On Behalf Of Stuart Henderson
Sent: Wednesday, 13 July 2022 08:14
To: misc@openbsd.org
Subject: Re: OpenBGPD via (WG?) Tunnel Not Learning Routes

On 2022-07-13, Tobias Fiebig <tobias@reads-this-mailinglist.com> wrote:
> Heho,
> I am running OpenBGPd (on 7.1+binpatches), and have some tunnel links between hosts and up/downstreams over wg tunnels.
>
> I am basically wondering whether the behavior is known/normal and/or happened to others, or if it is worth it to setup a test-setup to properly debug the issue/document how it can be reproduced.
>
> Specifically, I noticed that bgpd will consider routes invalid which it learns over a (wg?) interface that was not there when bgpd was started; So, essentially:
>
> Start bgpd
> Create wireguard interface, configure IPs Adjust bgpd config to add
> new peer on that if.
> bgpctl reload
>
> -> Session with the peer comes up, bgpd sees the routes, but it lacks the 'valid' * flag.
>
> Restarting bgpd resolves this (but also lets all sessions flap).
>
> I did not see (or missed) something about this in the man page; The same issue seems to not occur with other Interfaces added later, e.g., vlan.

How does "bgpctl sh nex" look, both in the failed situation and the situation where wg was already created?



--
Please keep replies on the mailing list.