On 06/17/2010 10:02 PM, Adam Thompson wrote:
So I've got OpenBGPd up and running fine on my pfSense 1.2.3-REL router (the
GUI makes setting things up so ridiculously simple it's amazing! Thanks, guys!)
but am now running into a secondary problem of some sort:
arplookup 192.139.69.161 failed: host is not on local network
arpresolve: can't allocate route for 192.139.69.161
where 192.139.69.161 is my BGP peer. These messages appear several dozen times in a ~15-minute period. This
started shortly after I imported BGP routes into the kernel FIB. BGPd had received ~11000 routes from my
peer, I had the FIB import flag set to "no" in the GUI, and used "bgpctl fib couple" to
manually import them. Everything seemed to work OK, so I switched the flag to "yes", killed and
restarted bgpd. (Didn't want to reboot router in the middle of the day.)
Shortly (<2 minutes, I think) thereafter I noticed my routing table shrinking
from 11k+ to ~270 to ~200 to ... etc. Noticed these messages in system log. Ran
tcpdump on that vlan, noticed traffic inbound FROM that host but absolutely
nothing going out from the pfSense host.
Any idea a) what I did wrong, and b) what I do to fix it? I probably won't be
able to reboot until several hours from now.
This is something I have noticed as well using the openbgpd package on
pfsense 1.2.2 and 1.2.3.
I'm seeing this on about 6 pfsense boxes, acting as gateways on our
wireless network. (www.wirelessantwerpen.be)
Background info: the network spans about 200km, consists of long range
point to point links, currently about 150 nodes, using mikrotik
routerboards, about 500 subnets (/30,/29,/28,/24,/23), using bgp to
configure the routing tables. The pfsense boxes are the border routers
acting as firewalls between the network and its internet uplinks.
What I noticed on pfsense openbgpd package is the following:
As long as I have "connected" or the connected subnets in the bgp
"network" list, everything works perfect.
But if I tell the openbgpd on pfsense not to distribute its own subnets
to the bgp peers (eg by putting "none" in the bgp "networks"), after a
few minutes the bgp daemon somehow deletes the pfsense's own attached
subnets from the kernel routing table.
This is very annoying, since pfsense then doesn't communicate anymore
with any machines directly connected to the affected interface.
You can check this by going to the "Diagnostics - Routes" page. The
routes to the subnets of the attached interfaces will be gone.
If you can still reach the pfsense through another interface,
temporarily fixing this problem is easy. All I had to do was go to eg
the WAN or LAN interface tab, not changing anything and click "Save".
The kernel routing table would then be updated with the directly
connected subnet again, and everything would work perfectly untill the
next bgp update comes in.
After that, same story.
I always thought it had something to do with the way I had configured
bgp, but maybe it is not my fault after all.
Don't know if it is related to your problem, but maybe it helps someone
with more in depth knowledge of bgp to figure out what is going wrong.
Regards,
H.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
