Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

I did that, but it did not change anything.
Still not binding.

> On 3. Sep 2020, at 18.34, Bernd Naumann  wrote:
> 
> I think its useless to fight over top- or bottom-posting here. Anyway:
> 
> Could it be that
> ```
>   local fe80:10::2 as OWNAS;
> ```
> should rather be
> ```
>   local fe80:10::2%wg1 as OWNAS;
> ```
> ?
> 
> Maybe Maria or one of the other bird maintainer can give an insight if this 
> is even valid or needed when using IPv6 LLA.
> 
> Did you try to specify `interface`?
> 
> The documentation says:
> """
> interface string
> 
>Define interface we should use for link-local BGP IPv6 sessions. Interface 
> can also be specified as a part of neighbor address (e.g., neighbor 
> fe80::1234%eth0 as 65000;). The option may also be used for non link-local 
> sessions when it is necessary to explicitly specify an interface, but only 
> for direct (not multihop) sessions.
> """
> 
> from which I assume, that the user needs either `%ifname` on `neighbor` _or_ 
> `interface `?
> 
> 
> 
> Off-topic, unrelated, and just my2cents: If wireguard would just support the 
> auto-generation of LLA _and_ support Multicast we could all together just run 
> OSPF (or any other IGP) on the tunnel-interface, handling the propagation of 
> the router-ids and just use these for the `local` and `neighbor` stanza... 
> (or do I miss something here?)
> 
> 
> On 03.09.20 16:48, Skyler Mäntysaari wrote:
>> The allowedIps shouldn't be the issue.  I can ping fine and even nmap.
>> Having the "direct" statement in the protocol defition does not change the 
>> behavior in any way.
>> P. S Please reply by writing up here and not below.
>> On Thu, Sep 3, 2020, at 14:49, Bernd Naumann wrote:
>>> On 03.09.20 00:57, Skyler Mäntysaari wrote:
 Hi there,
 
 I’m fairly certain that my issue is something rather small, or stupid but 
 I’m unable to get Bird to listen on the 179 port.
 
 The other side has direct in the protocol definition which is correct, and 
 I tried this side with that as well but it only says “as213021_hel_node: 
 Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have 
 more clues.
 
 I did try to do strace and look for bind events, but couldn’t find any 
 except for the control socket.
 
 My config can be seen here: https://dpaste.com/6P6NAUPNX 
  & peer config: https://dpaste.com/HJ3SNL8RH 
 
 
 
>>> 
>>> Hi Skyler,
>>> 
>>> Do you have assigned "fe80:10::2" to `wg1`? (Just to make sure...) I
>>> think otherwise bird would not be able to bind to the address.
>>> And you have configured `AllowedIPs = 0.0.0.0/0, ::/0`?
>>> 
>>> Obvious question #2: You can ping6 the peer on fe80:10::1%wg1 ?
>>> 
>>> I would also enable "direct" for the peer, as you are directly connected
>>>   via the tunnel.
>>> 

Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

You probably missed the fact that I’m using Link-Local Addresses.

"Multihop BGP cannot be used with link-local addresses"

> On 3. Sep 2020, at 17.52, Valery Lutoshkin  wrote:
> 
> Try it.
> It is not about real multihop session, it is about how bird choose interfaces 
> to listen. 
> 
> From: Skyler Mäntysaari  
> Reply: Skyler Mäntysaari  
> Date: 3 September 2020 at 21:51:41
> To: Valery Lutoshkin  
> Subject:  Re: Unable to get Bird 2 to listen on the BGP socket 
> 
>> They're directly connected,  so it's not a multihop session so no. 
>> 
>> On Thu, Sep 3, 2020, at 17:49, Valery Lutoshkin wrote:
>>> Hi!
>>> 
>>> Have you tried to add option “multihop” in the BGP peer configuration? 
>>> Usually it helps. 
>>> 
>>> Best regards.
>>> Valery
>>> 
>>> 
>>> 
>>> From: Skyler Mäntysaari  
>>> Reply: Skyler Mäntysaari  
>>> Date: 3 September 2020 at 21:48:13
>>> To: bird-users@network.cz  
>>>  
>>> Subject:  Re: Unable to get Bird 2 to listen on the BGP socket 
>>> 
 
 Yes,  absolutely nothing appears to be binded according to netstat and 
 nmap.
 
 I only saw bird bind the control socket when debugging with strace.
 
 The logs only has the "Waiting for fe80:10::1%wg1 to bocame my neighbor". 
 
 The user is root,  and I can ping/nmap fine over the tunnel. 
 
 On Thu, Sep 3, 2020, at 10:04, Alexander Zubkov wrote:
> Hi,
> 
> So nothing in netstat? And what have you seen in strace? Maybe
> something in logs?
> 
> On Thu, Sep 3, 2020 at 1:05 AM Skyler Mäntysaari  > wrote:
> >
> > Hi there,
> >
> > I’m fairly certain that my issue is something rather small, or stupid 
> > but I’m unable to get Bird to listen on the 179 port.
> >
> > The other side has direct in the protocol definition which is correct, 
> > and I tried this side with that as well but it only says 
> > “as213021_hel_node: Waiting for fe80:10::1%wg1 to become my neighbor” 
> > so I don’t really have more clues.
> >
> > I did try to do strace and look for bind events, but couldn’t find any 
> > except for the control socket.
> >
> > My config can be seen here: https://dpaste.com/6P6NAUPNX 
> >  & peer config: 
> > https://dpaste.com/HJ3SNL8RH 
> >
> 

Re: Unable to get Bird 2 to listen on the BGP socket

[Bernd Naumann]

I think its useless to fight over top- or bottom-posting here. Anyway:

Could it be that
```
local fe80:10::2 as OWNAS;
```
should rather be
```
local fe80:10::2%wg1 as OWNAS;
```
?

Maybe Maria or one of the other bird maintainer can give an insight if 
this is even valid or needed when using IPv6 LLA.


Did you try to specify `interface`?

The documentation says:
"""
interface string

Define interface we should use for link-local BGP IPv6 sessions. 
Interface can also be specified as a part of neighbor address (e.g., 
neighbor fe80::1234%eth0 as 65000;). The option may also be used for non 
link-local sessions when it is necessary to explicitly specify an 
interface, but only for direct (not multihop) sessions.

"""

from which I assume, that the user needs either `%ifname` on `neighbor` 
_or_ `interface `?




Off-topic, unrelated, and just my2cents: If wireguard would just support 
the auto-generation of LLA _and_ support Multicast we could all together 
just run OSPF (or any other IGP) on the tunnel-interface, handling the 
propagation of the router-ids and just use these for the `local` and 
`neighbor` stanza... (or do I miss something here?)



On 03.09.20 16:48, Skyler Mäntysaari wrote:

The allowedIps shouldn't be the issue.  I can ping fine and even nmap.

Having the "direct" statement in the protocol defition does not change the 
behavior in any way.

P. S Please reply by writing up here and not below.

On Thu, Sep 3, 2020, at 14:49, Bernd Naumann wrote:

On 03.09.20 00:57, Skyler Mäntysaari wrote:

Hi there,

I’m fairly certain that my issue is something rather small, or stupid but I’m 
unable to get Bird to listen on the 179 port.

The other side has direct in the protocol definition which is correct, and I 
tried this side with that as well but it only says “as213021_hel_node: Waiting 
for fe80:10::1%wg1 to become my neighbor” so I don’t really have more clues.

I did try to do strace and look for bind events, but couldn’t find any except 
for the control socket.

My config can be seen here: https://dpaste.com/6P6NAUPNX  
& peer config: https://dpaste.com/HJ3SNL8RH 




Hi Skyler,

Do you have assigned "fe80:10::2" to `wg1`? (Just to make sure...) I
think otherwise bird would not be able to bind to the address.
And you have configured `AllowedIPs = 0.0.0.0/0, ::/0`?

Obvious question #2: You can ping6 the peer on fe80:10::1%wg1 ?

I would also enable "direct" for the peer, as you are directly connected
   via the tunnel.

Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

I'm sorry if that message can be taken like that,  as that was not my intention.

On Thu, Sep 3, 2020, at 18:20, Neil Jerram wrote:
> I did look at https://dpaste.com/6P6NAUPNX, and saw that it had a template 
> but no actual peers.  I misinterpreted "& peer config: 
> https://dpaste.com/HJ3SNL8RH"; as being the config for the BIRD at the other 
> end of the peering, and so didn't check that, as you say.
> 
> Anyway, your response is rather unkind, to someone who was trying to help you.
> 
> On Thu, Sep 3, 2020 at 3:43 PM Skyler Mäntysaari  wrote:
>> __
>> If you had taken the time to read the posted links,  you would see that it 
>> has peers,  using Link-Local addresses. 
>> 
>> On Thu, Sep 3, 2020, at 11:17, Neil Jerram wrote:
>>> Does your configuration have any BGP peers?  I've noticed that BIRD doesn't 
>>> start listening until there is at least one BGP peer.
>>> 
>>> On Thu, Sep 3, 2020 at 12:12 AM Skyler Mäntysaari  wrote:
 Hi there,
 
 I’m fairly certain that my issue is something rather small, or stupid but 
 I’m unable to get Bird to listen on the 179 port.
 
 The other side has direct in the protocol definition which is correct, and 
 I tried this side with that as well but it only says “as213021_hel_node: 
 Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have 
 more clues.
 
 I did try to do strace and look for bind events, but couldn’t find any 
 except for the control socket.
 
 My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config: 
 https://dpaste.com/HJ3SNL8RH
 

Re: Unable to get Bird 2 to listen on the BGP socket

[Neil Jerram]

I did look at https://dpaste.com/6P6NAUPNX, and saw that it had a template
but no actual peers.  I misinterpreted "& peer config:
https://dpaste.com/HJ3SNL8RH"; as being the config for the BIRD at the other
end of the peering, and so didn't check that, as you say.

Anyway, your response is rather unkind, to someone who was trying to help
you.

On Thu, Sep 3, 2020 at 3:43 PM Skyler Mäntysaari  wrote:

> If you had taken the time to read the posted links,  you would see that it
> has peers,  using Link-Local addresses.
>
> On Thu, Sep 3, 2020, at 11:17, Neil Jerram wrote:
>
> Does your configuration have any BGP peers?  I've noticed that BIRD
> doesn't start listening until there is at least one BGP peer.
>
> On Thu, Sep 3, 2020 at 12:12 AM Skyler Mäntysaari  wrote:
>
> Hi there,
>
> I’m fairly certain that my issue is something rather small, or stupid but
> I’m unable to get Bird to listen on the 179 port.
>
> The other side has direct in the protocol definition which is correct, and
> I tried this side with that as well but it only says “as213021_hel_node:
> Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have
> more clues.
>
> I did try to do strace and look for bind events, but couldn’t find any
> except for the control socket.
>
> My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config:
> https://dpaste.com/HJ3SNL8RH
>
>

Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

The allowedIps shouldn't be the issue.  I can ping fine and even nmap. 

Having the "direct" statement in the protocol defition does not change the 
behavior in any way.

P. S Please reply by writing up here and not below. 

On Thu, Sep 3, 2020, at 14:49, Bernd Naumann wrote:
> On 03.09.20 00:57, Skyler Mäntysaari wrote:
> > Hi there,
> > 
> > I’m fairly certain that my issue is something rather small, or stupid but 
> > I’m unable to get Bird to listen on the 179 port.
> > 
> > The other side has direct in the protocol definition which is correct, and 
> > I tried this side with that as well but it only says “as213021_hel_node: 
> > Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have 
> > more clues.
> > 
> > I did try to do strace and look for bind events, but couldn’t find any 
> > except for the control socket.
> > 
> > My config can be seen here: https://dpaste.com/6P6NAUPNX 
> >  & peer config: https://dpaste.com/HJ3SNL8RH 
> > 
> > 
> > 
> 
> Hi Skyler,
> 
> Do you have assigned "fe80:10::2" to `wg1`? (Just to make sure...) I 
> think otherwise bird would not be able to bind to the address.
> And you have configured `AllowedIPs = 0.0.0.0/0, ::/0`?
> 
> Obvious question #2: You can ping6 the peer on fe80:10::1%wg1 ?
> 
> I would also enable "direct" for the peer, as you are directly connected 
>   via the tunnel.
> 
> Good luck and have fun with dn42!
> 
> Bernd
> 

Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

If you had taken the time to read the posted links,  you would see that it has 
peers,  using Link-Local addresses. 

On Thu, Sep 3, 2020, at 11:17, Neil Jerram wrote:
> Does your configuration have any BGP peers?  I've noticed that BIRD doesn't 
> start listening until there is at least one BGP peer.
> 
> On Thu, Sep 3, 2020 at 12:12 AM Skyler Mäntysaari  wrote:
>> Hi there,
>> 
>> I’m fairly certain that my issue is something rather small, or stupid but 
>> I’m unable to get Bird to listen on the 179 port.
>> 
>> The other side has direct in the protocol definition which is correct, and I 
>> tried this side with that as well but it only says “as213021_hel_node: 
>> Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have 
>> more clues.
>> 
>> I did try to do strace and look for bind events, but couldn’t find any 
>> except for the control socket.
>> 
>> My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config: 
>> https://dpaste.com/HJ3SNL8RH
>> 

Re: Unable to get Bird 2 to listen on the BGP socket

[Skyler Mäntysaari]

Yes,  absolutely nothing appears to be binded according to netstat and nmap.

I only saw bird bind the control socket when debugging with strace.

The logs only has the "Waiting for fe80:10::1%wg1 to bocame my neighbor". 

The user is root,  and I can ping/nmap fine over the tunnel. 

On Thu, Sep 3, 2020, at 10:04, Alexander Zubkov wrote:
> Hi,
> 
> So nothing in netstat? And what have you seen in strace? Maybe
> something in logs?
> 
> On Thu, Sep 3, 2020 at 1:05 AM Skyler Mäntysaari  wrote:
> >
> > Hi there,
> >
> > I’m fairly certain that my issue is something rather small, or stupid but 
> > I’m unable to get Bird to listen on the 179 port.
> >
> > The other side has direct in the protocol definition which is correct, and 
> > I tried this side with that as well but it only says “as213021_hel_node: 
> > Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have 
> > more clues.
> >
> > I did try to do strace and look for bind events, but couldn’t find any 
> > except for the control socket.
> >
> > My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config: 
> > https://dpaste.com/HJ3SNL8RH
> >
> 

Re: Unable to get Bird 2 to listen on the BGP socket

[Bernd Naumann]

On 03.09.20 00:57, Skyler Mäntysaari wrote:

Hi there,

I’m fairly certain that my issue is something rather small, or stupid but I’m 
unable to get Bird to listen on the 179 port.

The other side has direct in the protocol definition which is correct, and I 
tried this side with that as well but it only says “as213021_hel_node: Waiting 
for fe80:10::1%wg1 to become my neighbor” so I don’t really have more clues.

I did try to do strace and look for bind events, but couldn’t find any except 
for the control socket.

My config can be seen here: https://dpaste.com/6P6NAUPNX  
& peer config: https://dpaste.com/HJ3SNL8RH 




Hi Skyler,

Do you have assigned "fe80:10::2" to `wg1`? (Just to make sure...) I 
think otherwise bird would not be able to bind to the address.

And you have configured `AllowedIPs = 0.0.0.0/0, ::/0`?

Obvious question #2: You can ping6 the peer on fe80:10::1%wg1 ?

I would also enable "direct" for the peer, as you are directly connected 
 via the tunnel.


Good luck and have fun with dn42!

Bernd

Re: Unable to get Bird 2 to listen on the BGP socket

[bauen1]

Hi,

On 9/3/20 10:43 AM, Maria Matejka wrote:
> What user runs BIRD? 179 is lesser than 1024 so only root can bind to it. 
> BIRD doesn't even attempt if it is not root. On linux, BIRD can drop all 
> privileges except for privileged port binding almost immediately after 
> startup; see bird -h for more info.

At least on debian, perhaps it was patched, bird will still try to open the 
port, even if not running as root.
This way I can start bird under the bird user and bird group and give it the 
capability CAP_NET_BIND_SERVICE to allow it to bind to port 179.

-- 
bauen1
https://dn42.bauen1.xyz/

Re: Unable to get Bird 2 to listen on the BGP socket

[Maria Matejka]

What user runs BIRD? 179 is lesser than 1024 so only root can bind to 
it. BIRD doesn't even attempt if it is not root. On linux, BIRD can drop 
all privileges except for privileged port binding almost immediately 
after startup; see bird -h for more info.


Maria

On 9/3/20 12:57 AM, Skyler Mäntysaari wrote:

Hi there,

I’m fairly certain that my issue is something rather small, or stupid 
but I’m unable to get Bird to listen on the 179 port.


The other side has direct in the protocol definition which is correct, 
and I tried this side with that as well but it only says 
“as213021_hel_node: Waiting for fe80:10::1%wg1 to become my neighbor” so 
I don’t really have more clues.


I did try to do strace and look for bind events, but couldn’t find any 
except for the control socket.


My config can be seen here: https://dpaste.com/6P6NAUPNX &; peer config: 
https://dpaste.com/HJ3SNL8RH

Re: Unable to get Bird 2 to listen on the BGP socket

[Neil Jerram]

Does your configuration have any BGP peers?  I've noticed that BIRD doesn't
start listening until there is at least one BGP peer.

On Thu, Sep 3, 2020 at 12:12 AM Skyler Mäntysaari  wrote:

> Hi there,
>
> I’m fairly certain that my issue is something rather small, or stupid but
> I’m unable to get Bird to listen on the 179 port.
>
> The other side has direct in the protocol definition which is correct, and
> I tried this side with that as well but it only says “as213021_hel_node:
> Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have
> more clues.
>
> I did try to do strace and look for bind events, but couldn’t find any
> except for the control socket.
>
> My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config:
> https://dpaste.com/HJ3SNL8RH
>
>

Re: Unable to get Bird 2 to listen on the BGP socket

[Валерий Н. Лутошкин]

Hi!

Try to activate “multihop" option in bgp config, sometmes it helps. 

WBR,
Valery


From: Skyler Mäntysaari 
Reply: Skyler Mäntysaari 
Date: 3 September 2020 at 06:08:07
To: bird-users@network.cz 
Subject:  Unable to get Bird 2 to listen on the BGP socket  

Hi there,

I’m fairly certain that my issue is something rather small, or stupid but I’m 
unable to get Bird to listen on the 179 port.

The other side has direct in the protocol definition which is correct, and I 
tried this side with that as well but it only says “as213021_hel_node: Waiting 
for fe80:10::1%wg1 to become my neighbor” so I don’t really have more clues.

I did try to do strace and look for bind events, but couldn’t find any except 
for the control socket.

My config can be seen here: https://dpaste.com/6P6NAUPNX &; peer config: 
https://dpaste.com/HJ3SNL8RH

Re: Unable to get Bird 2 to listen on the BGP socket

[Alexander Zubkov]

Hi,

So nothing in netstat? And what have you seen in strace? Maybe
something in logs?

On Thu, Sep 3, 2020 at 1:05 AM Skyler Mäntysaari  wrote:
>
> Hi there,
>
> I’m fairly certain that my issue is something rather small, or stupid but I’m 
> unable to get Bird to listen on the 179 port.
>
> The other side has direct in the protocol definition which is correct, and I 
> tried this side with that as well but it only says “as213021_hel_node: 
> Waiting for fe80:10::1%wg1 to become my neighbor” so I don’t really have more 
> clues.
>
> I did try to do strace and look for bind events, but couldn’t find any except 
> for the control socket.
>
> My config can be seen here: https://dpaste.com/6P6NAUPNX & peer config: 
> https://dpaste.com/HJ3SNL8RH
>