tico wrote:
Graeme Lee wrote:
tico wrote:
Graeme Lee wrote:
<<snip>>
Network layout is somewhat complicated. 1 x ebgp and 1 x ibgp
session receive ipv4 world tables. Gif tunnel to a hurricane
router in Hong Kong. I'm receiving ipv6 world bgp tables from this
peer. Connectivity to the peer is fine. Just can't get past it.
I can see that my prefix is announced via looking glasses. I'm
receiving about 1.6k prefixes from hurricane.
I'm speaking BGP over v6 with HE.net as well (albeit in Fremont, not
HK), and I can see you just fine, and apparently you can see me
(AS30708) as well, since I can ping you from both my Hurricane /64
as well as from an IP within my own /32.
$ ping6 -c1 -S 2607:f618:1::1 2001:470:17:7f::2
PING6(56=40+8+8 bytes) 2607:f618:1::1 --> 2001:470:17:7f::2
16 bytes from 2001:470:17:7f::2, icmp_seq=0 hlim=59 time=442.275 ms
--- 2001:470:17:7f::2 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 442.275/442.275/442.275/0.000 ms
$ ping6 -c1 2001:470:17:7f::2 PING6(56=40+8+8
bytes) 2001:470:1:53::2 --> 2001:470:17:7f::2
16 bytes from 2001:470:17:7f::2, icmp_seq=0 hlim=59 time=441.775 ms
--- 2001:470:17:7f::2 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 441.775/441.775/441.775/0.000 ms
$ bgpctl sho ip bgp 2400:6800::/32 flags: * = Valid, > =
Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
*> 2400:6800::/32 2001:470:1:53::1 100 0 6939 10105 i
$ uname -mr
4.4 i386
What does your "bgpctl sho nex" give you?
-tico
Hi Tico.
# bgpctl show next
Nexthop State
2001:470:17:7f::1 valid gif0 UP
203.143.64.133 valid em1 UP, Ethernet, active, 100 MBit/s
121.200.227.93 valid em0 UP, Ethernet, active, 100 MBit/s
However, the only reason you can see me is because i've manually
stuck in a default route just to get things working
# netstat -rnf inet6
Routing tables
Internet6:
Destination Gateway
Flags Refs Use Mtu Prio Iface
::/104 ::1
UGRS 0 0 - 8 lo0
::/96 ::1
UGRS 0 0 - 8 lo0
default 2001:470:17:7f::1
UGS 0 19 - 8 gif0
::1 ::1
UH 14 0 33160 4 lo0
::127.0.0.0/104 ::1
UGRS 0 0 - 8 lo0
::224.0.0.0/100 ::1
UGRS 0 0 - 8 lo0
::255.0.0.0/104 ::1
UGRS 0 0 - 8 lo0
::ffff:0.0.0.0/96 ::1
UGRS 0 0 - 8 lo0
2001:470:17:7f::/64 link#6
UC 1 0 - 4 gif0
2001:470:17:7f::1 link#6
UHLc 2 3397 - 4 gif0
2001:470:17:7f::2 link#6
UHL 1 0 - 4 lo0
I see. And what do your filters (bgpd, not PF) look like?
What changes from a default bgpd.conf have you made?
Is there anything peculiar about your gif0 interface?
-tico
There's only one line difference (plus a coment)
allow from any inet6 prefixlen 12 - 64
neighbor "2001:470:17:7f::1" {
remote-as 6939
descr "HurricaneHK"
local-address 2001:470:17:7f::2
announce IPv4 none
announce IPv6 unicast
set nexthop self
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any inet prefixlen 8 - 24
# IPv6 Routing
allow from any inet6 prefixlen 12 - 64
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif egress
physical address inet 121.200.227.94 --> 216.218.221.2
inet6 fe80::21f:d0ff:fe32:3d58%gif0 -> prefixlen 64 scopeid 0x6
inet6 2001:470:17:7f::2 -> prefixlen 64
