Re: BIRD 1.3.11 (ports) on FreeBSD 9.1-p7

2013-10-09 Thread Alexander V. Chernikov 

On 09.10.2013 14:45, Markus Grundmann wrote:

Now I have the problem again. I have start remotly the BIRD (config
modified / quagga was stopped). After 20 minutes that the switch was
done the server is now unreachable. The virtual machine with the IP .195
works but can't login into the host. All other servers can't connect to
IP .210 and the system is isolated (offline) :-(

You can try link-local IPv6 address to access host.


Regards,
Markus

Re: BIRD 1.3.11 (ports) on FreeBSD 9.1-p7

2013-10-09 Thread Alexander V. Chernikov 

On 09.10.2013 14:10, Markus Grundmann wrote:

Alexander thank you for your reply.

On 10/09/2013 09:54 AM, Alexander V. Chernikov wrote:

It is significant. Did you have this uncommented initially?

OK. I have probed some configuration options to find out where my
problem possibly exist

protocol ospf activezone { rfc1583compat yes;

Do you really need this?

No!


route get 8X.2X.32.211 route to: hostname destination:
8X.2X.32.192

^^^
Should it be directly reachable or?

Yes Alexander! .211 is in same broadcast domain.


There are 2 FreeBSD cases which probably can play here:

1) Due to absence of Direct routes (or Direct protocol route
reannounce) bird can change direct interface route to OSPF-one (this
is probably what we see here). This is fixed (for IPv4 case) in 9.2 -
there are special RTM_PINNED flag for non-interface routes. I hope to
fix the rest (IPv6 and tunnels stuff) soon.

OK. Yesterday I have downloaded Release 9.2 but I'm a bit cautious to do
an upgrade on this maschine.
I hope in the next Patchlevel for R 9.1 this problem was also solved.

Usually patchlevel incorporates security fixes only.

However, you can try to write specific filter in kernel protocol which 
explicitly forbids

to install routes which reside on your vlan2 interface: like

if net ~ [8X.2X.32.216/28, ...] then reject;
accept;



2) Given that you have several addresses on interface Direct route
reannounce can happen on primary (first) address change.

So, probably the best way is to update to 9.2 (or at least r248895).
If your interface addresses are stable, adding Direct protocol back
should mitigate the problem


Thank you Alexander! This post is very helpful for me.

-Markus

Re: BIRD 1.3.11 (ports) on FreeBSD 9.1-p7

2013-10-09 Thread Markus Grundmann 
Soo! I have modified the BIRD configuration.This seems better than before.
In my last post you can see that 8X.2X.32.211 was routed via
8X.2X.32.192 (= error; Network address) and now ...

# route -n get 8X.2X.32.211
   route to: 8X.2X.32.211
destination: 8X.2X.32.211
gateway: 8X.2x.32.211
  interface: vlan2
  flags: UP,GATEWAY,HOST,DONE,PROTO1
 recvpipe  sendpipe  ssthresh  rtt,msecmtuweightexpire
   0 0 0 0  1500 1 0

The new configuration see below.
[OK! OK! The label of the filter is bull..it but it works ;-)]

A little bit coriuos is that all services are available from outside but
I can't login from host in the broadcast doamin.

--SNIP--
filter nodirect_kernel {
  if net ~ [8X.2X.32.192/27] then reject;
  accept;
}

protocol direct {
interface vlan*;
}

protocol kernel {
learn;
persist;
scan time 20;
import filter nodirect_kernel;
export all;
}
--SNAP--

On 10/09/2013 12:54 PM, Alexander V. Chernikov wrote:
 if net ~ [8X.2X.32.216/28, ...] then reject;
 accept; 


Thank you very much Alexander!!!

-- 

Best regards,
Markus