Hi all,
I'm using openbgpd on a pair of carped firewall (openbsd 5.5-stable) to
announce
IPv4 routes to a cisco 7600. I set the nexthop to the carped IP and run
two sessions
(one from each firewall) on the non-carp IP. This is working fine on
IPv4 but when
trying to do the same for IPv6, the set nexthop statement in the
bgpd.conf has no
effect. The cisco receives the prefixes with the non-carp IP of each
firewall as nexthop.
When doing a bgpctl show the configured nexthop is printed:
# bgpctl show rib nei ip6_cr1-of1ams out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
AI*> 2a02:d48:2f:1c::1:0/125 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:1c::1:8/125 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:910::/64 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:911::/64 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:912::/64 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:913::/64 2a02:d48:2f:1c::1:4 100 0 i
AI*> 2a02:d48:2f:914::/64 2a02:d48:2f:1c::1:4 100 0 i
#
# ifconfig carp18 inet6
carp18: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: BACKUP carpdev vlan18 vhid 1 advbase 1 advskew 10
groups: carp
status: backup
inet6 fe80::200:5eff:fe00:101%carp18 prefixlen 64 scopeid 0xe
inet6 2a02:d48:2f:1c::1:4 prefixlen 125
#
But on the cisco, I get the non-carp IP:
#sh bgp ipv6 unicast neighbors 2A02:D48:2F:1C::1:6 received-routes
BGP table version is 76, local router ID is X.X.X.X
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
r RIB-failure, S Stale, m multipath, b backup-path, x
best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 2A02:D48:2F:1C::1:0/125
2A02:D48:2F:1C::1:6
0 65171 i
*> 2A02:D48:2F:1C::1:8/125
2A02:D48:2F:1C::1:6
0 65171 i
*> 2A02:D48:2F:910::/64
2A02:D48:2F:1C::1:6
0 65171 i
*> 2A02:D48:2F:911::/64
2A02:D48:2F:1C::1:6
0 65171 i
*> 2A02:D48:2F:912::/64
2A02:D48:2F:1C::1:6
0 65171 i
Network Next Hop Metric LocPrf Weight Path
*> 2A02:D48:2F:913::/64
2A02:D48:2F:1C::1:6
0 65171 i
*> 2A02:D48:2F:914::/64
2A02:D48:2F:1C::1:6
0 65171 i
Total number of prefixes 7
A network capture shows that the UPDATE from openbgpd to the cisco
contains the
non-carp IP instead of the configured one. The same thing happens on the
MASTER firewall.
Does anyone have any idea why is this happening ?
/etc/bgpd.conf:
cr1_of1ams="X.X.X.X"
ip6_cr1_of1ams="2A02:D48:2F:1C::1:1"
AS 65171
router-id X.X.X.X
network X.X.X.X/32
network X.X.X.X/29 set nexthop X.X.X.X
network X.X.X.X/29 set nexthop X.X.X.X
network inet static set nexthop X.X.X.X
network inet connected set nexthop X.X.X.X
network 2a02:d48:2f:910::/64 set nexthop 2A02:D48:2F:1C::1:4
network 2a02:d48:2f:911::/64 set nexthop 2A02:D48:2F:1C::1:4
network 2a02:d48:2f:912::/64 set nexthop 2A02:D48:2F:1C::1:4
network 2a02:d48:2f:913::/64 set nexthop 2A02:D48:2F:1C::1:4
network 2a02:d48:2f:914::/64 set nexthop 2A02:D48:2F:1C::1:4
network inet6 static set nexthop 2A02:D48:2F:1C::1:4
network inet6 connected set nexthop 2A02:D48:2F:1C::1:4
neighbor $cr1_of1ams {
announce all
announce IPv6 none
remote-as 65071
descr cr1-of1ams
local-address X.X.X.X
holdtime 180
holdtime min 3
}
neighbor $ip6_cr1_of1ams {
announce all
announce IPv4 none
remote-as 65071
descr ip6_cr1-of1ams
local-address 2A02:D48:2F:1C::1:6
holdtime 180
holdtime min 3
}
deny to any
allow to $cr1_of1ams
allow to $ip6_cr1_of1ams
deny to any prefix 0/0 prefixlen = 0
deny to any prefix 10/8 prefixlen >= 8
deny to any prefix 172.16/12 prefixlen >= 12
deny to any prefix 192.168/16 prefixlen >= 16
deny to any prefix 127/8 prefixlen >= 8
deny from any
allow from $cr1_of1ams prefix 0/0 prefixlen = 0
allow from $ip6_cr1_of1ams prefix ::/0 prefixlen = 0
# filter bogus networks according to RFC5735
deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network
[RFC1122]
deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space
[RFC1918]
deny from any prefix 100.64.0.0/10 prefixlen >= 10 # CGN Shared
[RFC6598]
deny from any prefix 127.0.0.0/8 prefixlen >= 8 # localhost
[RFC1122]
deny from any prefix 169.254.0.0/16 prefixlen >= 16 # link local
[RFC3927]
deny from any prefix 172.16.0.0/12 prefixlen >= 12 # private space
[RFC1918]
deny from any prefix 192.0.2.0/24 prefixlen >= 24 # TEST-NET-1
[RFC5737]
deny from any prefix 192.168.0.0/16 prefixlen >= 16 # private space
[RFC1918]
deny from any prefix 198.18.0.0/15 prefixlen >= 15 # benchmarking
[RFC2544]
deny from any prefix 198.51.100.0/24 prefixlen >= 24 # TEST-NET-2
[RFC5737]
deny from any prefix 203.0.113.0/24 prefixlen >= 24 # TEST-NET-3
[RFC5737]
deny from any prefix 224.0.0.0/4 prefixlen >= 4 # multicast
deny from any prefix 240.0.0.0/4 prefixlen >= 4 # reserved
# filter bogus IPv6 networks according to IANA
deny from any prefix ::/8 prefixlen >= 8
deny from any prefix 0100::/64 prefixlen >= 64 # Discard-Only
[RFC6666]
deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180]
deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID
[RFC4843]
dmesg:
OpenBSD 5.5-stable (GENERIC) #1: Sun May 18 13:49:47 CEST 2014
r...@openbsd-build.int.rtblw.com:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 520028160 (495MB)
avail mem = 497676288 (474MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (364 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 06/22/2012
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3)
S11F(S3) S12F(S3) S13F(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz, 2665.82 MHz
cpu0:
,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 65MHz
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins
acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpibat0 at acpi0: BAT1 not present
acpibat1 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: LID_
vmt0 at mainbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
disabled
"VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured
vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1
int 17
scsibus1 at mpi0: 16 targets, initiator 7
sd0 at scsibus1 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct
fixed
sd0: 16384MB, 512 bytes/sector, 33554432 sectors
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02
pci2 at ppb1 bus 2
ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01
pci3 at ppb2 bus 3
vmx0 at pci3 dev 0 function 0 "VMware VMXNET3" rev 0x01: apic 1 int 18,
address 00:50:56:a8:3a:d4
ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01
pci4 at ppb3 bus 4
ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01
pci6 at ppb5 bus 6
ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01
pci7 at ppb6 bus 7
ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01
pci8 at ppb7 bus 8
ppb8 at pci0 dev 21 function 6 "VMware PCIE" rev 0x01
pci9 at ppb8 bus 9
ppb9 at pci0 dev 21 function 7 "VMware PCIE" rev 0x01
pci10 at ppb9 bus 10
ppb10 at pci0 dev 22 function 0 "VMware PCIE" rev 0x01
pci11 at ppb10 bus 11
vmx1 at pci11 dev 0 function 0 "VMware VMXNET3" rev 0x01: apic 1 int 19,
address 00:50:56:a8:27:c4
ppb11 at pci0 dev 22 function 1 "VMware PCIE" rev 0x01
pci12 at ppb11 bus 12
ppb12 at pci0 dev 22 function 2 "VMware PCIE" rev 0x01
pci13 at ppb12 bus 13
ppb13 at pci0 dev 22 function 3 "VMware PCIE" rev 0x01
pci14 at ppb13 bus 14
ppb14 at pci0 dev 22 function 4 "VMware PCIE" rev 0x01
pci15 at ppb14 bus 15
ppb15 at pci0 dev 22 function 5 "VMware PCIE" rev 0x01
pci16 at ppb15 bus 16
ppb16 at pci0 dev 22 function 6 "VMware PCIE" rev 0x01
pci17 at ppb16 bus 17
ppb17 at pci0 dev 22 function 7 "VMware PCIE" rev 0x01
pci18 at ppb17 bus 18
ppb18 at pci0 dev 23 function 0 "VMware PCIE" rev 0x01
pci19 at ppb18 bus 19
ppb19 at pci0 dev 23 function 1 "VMware PCIE" rev 0x01
pci20 at ppb19 bus 20
ppb20 at pci0 dev 23 function 2 "VMware PCIE" rev 0x01
pci21 at ppb20 bus 21
ppb21 at pci0 dev 23 function 3 "VMware PCIE" rev 0x01
pci22 at ppb21 bus 22
ppb22 at pci0 dev 23 function 4 "VMware PCIE" rev 0x01
pci23 at ppb22 bus 23
ppb23 at pci0 dev 23 function 5 "VMware PCIE" rev 0x01
pci24 at ppb23 bus 24
ppb24 at pci0 dev 23 function 6 "VMware PCIE" rev 0x01
pci25 at ppb24 bus 25
ppb25 at pci0 dev 23 function 7 "VMware PCIE" rev 0x01
pci26 at ppb25 bus 26
ppb26 at pci0 dev 24 function 0 "VMware PCIE" rev 0x01
pci27 at ppb26 bus 27
ppb27 at pci0 dev 24 function 1 "VMware PCIE" rev 0x01
pci28 at ppb27 bus 28
ppb28 at pci0 dev 24 function 2 "VMware PCIE" rev 0x01
pci29 at ppb28 bus 29
ppb29 at pci0 dev 24 function 3 "VMware PCIE" rev 0x01
pci30 at ppb29 bus 30
ppb30 at pci0 dev 24 function 4 "VMware PCIE" rev 0x01
pci31 at ppb30 bus 31
ppb31 at pci0 dev 24 function 5 "VMware PCIE" rev 0x01
pci32 at ppb31 bus 32
ppb32 at pci0 dev 24 function 6 "VMware PCIE" rev 0x01
pci33 at ppb32 bus 33
ppb33 at pci0 dev 24 function 7 "VMware PCIE" rev 0x01
pci34 at ppb33 bus 34
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (64638f612eb2923e.a) swap on sd0b dump on sd0b
Best regards,
Mickael
