Hello dear mailing list, naain and I are trying to set up peering, but it's not working. We are doing the peering via a WireGuard tunnel. This is working. We can ping each other's endpoints without any problems. On my side, it shows me that I am exporting the routes. However, naain's bird does not show any imported routes (despite a filter that accepts everything). We enabled the debug function for testing purposes and he received "filtered out" log messages. Neither he nor I can explain this, since the import filter accepts everything.
I am using bird 2.17.2 on Debian 13 and he is using bird 2.15.1 on OpenWrt. Does anyone have any idea what the problem could be? Best regards, Marek Küthe -- Marek Küthe [email protected] er/ihm he/him
BIRD 2.17.2 ready.
Name Proto Table State Since Info
naain BGP --- up 14:47:30.978 Established
BGP state: Established
Neighbor address: fe80::adeb%naain
Neighbor AS: 4242423521
Local AS: 4242422923
Neighbor ID: 172.21.99.81
Local capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Extended next hop
IPv6 nexthop: ipv4
Extended message
Graceful restart
Restart time: 120
AF supported: ipv4 ipv6
AF preserved:
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
LL stale time: 3600
AF supported: ipv4 ipv6
AF preserved:
Neighbor capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Extended next hop
IPv6 nexthop: ipv4
Graceful restart
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Session: external AS4
Source address: fe80::2923
Hold timer: 169.131/240
Keepalive timer: 0.000/80
Send hold timer: 346.564/480
Channel ipv4
State: UP
Table: master4
Preference: 100
Input filter: (unnamed)
Output filter: (unnamed)
Import limit: 5000
Action: block
Routes: 1 imported, 934 exported, 1 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 1 0 0 0 1
Import withdraws: 0 0 --- 0 0
Export updates: 1065 1 43 --- 1021
Export withdraws: 1 --- --- --- 1
BGP Next hop: :: fe80::2923
Channel ipv6
State: UP
Table: master6
Preference: 100
Input filter: (unnamed)
Output filter: (unnamed)
Import limit: 5000
Action: block
Routes: 1 imported, 1039 exported, 1 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 1 0 0 0 1
Import withdraws: 0 0 --- 0 0
Export updates: 1166 1 64 --- 1101
Export withdraws: 1 --- --- --- 1
BGP Next hop: :: fe80::2923
my peer config:
protocol bgp naain from dnpeers {
neighbor fe80::adeb % naain as 4242423521;
ipv4 {
import where dn42_import_filter(4,22,34,DN42AS);
export where dn42_export_filter(4,22,34,DN42AS);
};
ipv6 {
import where dn42_import_filter(4,22,34,DN42AS);
export where dn42_export_filter(4,22,34,DN42AS);
};
}
my template:
template bgp dnpeers {
local as DN42AS;
enable extended messages;
graceful restart on;
long lived graceful restart on;
interpret communities on;
prefer older on;
enforce first as on;
ipv4 {
extended next hop;
import none;
export none;
import limit 5000 action block;
import table on;
};
ipv6 {
import none;
export none;
import limit 5000 action block;
import table on;
};
}
## /etc/bird.conf
################################################
# Variable header #
################################################
define OWNAS = 4242423521;
define OWNIP = 172.21.99.81;
define OWNIPv6 = fdd0:f8f8:a076::1;
define OWNNET = 172.21.99.80/29;
define OWNNETv6 = fdd0:f8f8:a076::/48;
define OWNNETSET = [172.21.99.80/29+];
define OWNNETSETv6 = [fdd0:f8f8:a076::/48+];
################################################
# Header end #
################################################
router id OWNIP;
protocol device {
scan time 10;
}
# log syslog { warning, error, fatal, remote, auth };
log syslog all;
/*
* Utility functions
*/
#filter only_my_v4 {
# if net = 172.21.99.80/29 then accept;
# reject;
#}
#filter only_my_v6 {
# if net = fdd0:f8f8:a076::/48 then accept;
# reject;
#}
function is_self_net() {
return net ~ OWNNETSET;
}
function is_self_net_v6() {
return net ~ OWNNETSETv6;
}
function is_valid_network() {
return net ~ [
172.20.0.0/14{21,29}, # dn42
172.20.0.0/24{28,32}, # dn42 Anycast
172.21.0.0/24{28,32}, # dn42 Anycast
172.22.0.0/24{28,32}, # dn42 Anycast
172.23.0.0/24{28,32}, # dn42 Anycast
172.31.0.0/16+, # ChaosVPN
10.100.0.0/14+, # ChaosVPN
10.127.0.0/16+, # neonetwork
10.0.0.0/8{15,24} # Freifunk.net
];
}
roa4 table dn42_roa;
roa6 table dn42_roa_v6;
protocol static {
roa4 { table dn42_roa; };
include "/tmp/roav4.conf";
};
protocol static {
roa6 { table dn42_roa_v6; };
include "/tmp/roav6.conf";
};
function is_valid_network_v6() {
return net ~ [
fd00::/8{44,64} # ULA address space as per RFC 4193
];
}
protocol kernel {
scan time 20;
ipv6 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIPv6;
accept;
};
};
};
protocol kernel {
scan time 20;
ipv4 {
import none;
export filter {
if source = RTS_STATIC then reject;
krt_prefsrc = OWNIP;
accept;
};
};
}
protocol static {
route OWNNET reject;
ipv4 {
import all;
export none;
};
}
protocol static {
route OWNNETv6 reject;
ipv6 {
import all;
export none;
};
}
template bgp dnpeers {
local as OWNAS;
path metric 1;
ipv4 {
import filter {
if is_valid_network() && !is_self_net() then {
if (roa_check(dn42_roa, net, bgp_path.last) != ROA_VALID) then {
# Reject when unknown or invalid according to ROA
print "[dn42] ROA check failed for ", net, " ASN ",
bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter {
if net ~ OWNNET then accept;
reject;
};
import limit 9000 action block;
};
ipv6 {
import filter {
if is_valid_network_v6() && !is_self_net_v6() then {
if (roa_check(dn42_roa_v6, net, bgp_path.last) != ROA_VALID)
then {
# Reject when unknown or invalid according to ROA
print "[dn42] ROA check failed for ", net, " ASN ",
bgp_path.last;
reject;
} else accept;
} else reject;
};
export filter {
if net ~ OWNNETv6 then accept;
reject;
};
import limit 9000 action block;
};
}
include "/etc/bird/peers/*";
## /etc/bird/peers/peer.comf
## <..>
protocol bgp marek_v6 from dnpeers {
neighbor fe80::42:815%dn42_marek as 4242422924;
direct;
#multihop;
ipv4 { import all; extended next hop yes; };
}
## <..>
Tue Sep 16 15:00:29 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdec:a476:db6e::/48 0L 10G unicast Tue Sep 16 15:00:29 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdb5:32:ad4a::/48 0L 10G unicast Tue Sep 16 15:00:29 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdcb:dded:cbcc::/48 0L 10G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdb5:32:ad4a::/48 0L 12G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdb5:32:ad4a::/48 0L 11G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdcb:dded:cbcc::/48 0L 12G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdec:a476:db6e::/48 0L 12G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv4 < filtered out 172.23.126.128/27 0L 12G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdcb:dded:cbcc::/48 0L 11G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdec:a476:db6e::/48 0L 11G unicast Tue Sep 16 15:00:30 2025 daemon.debug bird: marek_v6.ipv4 < filtered out 172.23.126.128/27 0L 11G unicast Tue Sep 16 15:01:01 2025 daemon.debug bird: marek_v6.ipv4 < filtered out 172.21.100.24/29 0L 11G unicast Tue Sep 16 15:01:01 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fd40:e3b7:1d77:1234::/64 0L 11G unicast Tue Sep 16 15:01:01 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fd40:e3b7:1d77:1234::/64 0L 10G unicast Tue Sep 16 15:01:11 2025 daemon.debug bird: marek_v6.ipv4 < filtered out 172.20.212.0/26 0L 10G unicast Tue Sep 16 15:01:11 2025 daemon.debug bird: marek_v6.ipv6 < filtered out fdcc:abcd:cafe::/48 0L 13G unicast Tue Sep 16 15:01:16 2025 daemon.debug bird: marek_v6: Sending KEEPALIVE
root@cheburnet:~# birdcl s p a marek_v6
BIRD 2.15.1 ready.
Name Proto Table State Since Info
marek_v6 BGP --- up 15:47:30.996 Established
BGP state: Established
Neighbor address: fe80::2923%dn42_marek
Neighbor AS: 4242422923
Local AS: 4242423521
Neighbor ID: 172.22.149.225
Local capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Extended next hop
IPv6 nexthop: ipv4
Graceful restart
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
Neighbor capabilities
Multiprotocol
AF announced: ipv4 ipv6
Route refresh
Extended next hop
IPv6 nexthop: ipv4
Extended message
Graceful restart
Restart time: 120
AF supported: ipv4 ipv6
AF preserved:
4-octet AS numbers
Enhanced refresh
Long-lived graceful restart
LL stale time: 3600
AF supported: ipv4 ipv6
AF preserved:
Session: external AS4
Source address: fe80::adeb
Hold timer: 37.198/240
Keepalive timer: 40.288/80
Send hold timer: 434.977/480
Channel ipv4
State: UP
Table: master4
Preference: 100
Input filter: (unnamed)
Output filter: (unnamed)
Import limit: 9000
Action: block
Routes: 0 imported, 1 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 9549 0 9540 --- 9
Export withdraws: 0 --- --- --- 0
BGP Next hop: :: fe80::adeb
Channel ipv6
State: UP
Table: master6
Preference: 100
Input filter: ACCEPT
Output filter: (unnamed)
Import limit: 9000
Action: block
Routes: 0 imported, 1 exported, 0 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 0 0 0 0 0
Import withdraws: 0 0 --- 0 0
Export updates: 10733 0 10724 --- 9
Export withdraws: 5 --- --- --- 0
BGP Next hop: :: fe80::adeb
root@cheburnet:~# birdcl show route protocol marek_v6
BIRD 2.15.1 ready.
root@cheburnet:~#
pgpsBxAa7fLzP.pgp
Description: OpenPGP digital signature
