On Mon, Oct 29, 2018 at 09:30:44AM +0100, Peter Hessler wrote:
> Hi Ashe
>
> Sorry about that, I forgot a part of the config file.
>
> You'll need to add "nexthop qualify via default" to the global part of
> the configuration. Since the routers sending you the information are
> not on your local link, there isn't a valid nexthop so the routes are
> not selected. Once the nexthops are accepted, the prefixes will be
> processed and will be used.
Also don't forget the default deny policy of 6.4. Looking at the config it
seems there is no 'allow from group "spam-bgp"' and so nothing is put into
the RIB.
> -peter
>
>
> On 2018 Oct 29 (Mon) at 03:37:23 +0000 (+0000), Ashe Connor wrote:
> :Hi all,
> :
> :I’ve set up bgpd for use with bgp-spamd.net’s servers. As far as I can
> tell, the BGP connection and transfer is working fine:
> :
> :------8<------
> :elisheva:~$ cat /etc/bgpd.conf
> :spam_rs1="64.142.121.62"
> :spam_rs2="217.31.80.170"
> :spam_asn="65066"
> :
> :AS 65500
> :fib-update no
> :
> :group "spam-bgp" {
> : remote-as $spam_asn
> : multihop 64
> : export none
> : neighbor $spam_rs1
> : neighbor $spam_rs2
> :}
> :
> :match from group "spam-bgp" community $spam_asn:42 set pftable
> "bgp_spamd_bypass"
> :match from group "spam-bgp" community $spam_asn:666 set pftable "bgp_spamd"
> :elisheva:~$ bgpctl show
> :Neighbor AS MsgRcvd MsgSent OutQ Up/Down
> State/PrfRcvd
> :217.31.80.170 65066 410 322 0 02:39:41 37096
> :64.142.121.62 65066 460 318 0 01:25:30 37096
> :elisheva:~$ bgpctl show rib memory
> :RDE memory statistics
> : 37096 IPv4 unicast network entries using 1.4M of memory
> : 37096 rib entries using 2.3M of memory
> : 74192 prefix entries using 6.8M of memory
> : 10 BGP path attribute entries using 1.1K of memory
> : 2 BGP AS-PATH attribute entries using 82B of memory,
> : and holding 10 references
> : 7 BGP attributes entries using 280B of memory
> : and holding 10 references
> : 7 BGP attributes using 48B of memory
> :RIB using 10.5M of memory
> :
> :RDE hash statistics
> : path hash: size 131072, 10 entires
> : min 0 max 2 avg/std-dev = 0.000/0.000
> : aspath hash: size 131072, 2 entires
> : min 0 max 1 avg/std-dev = 0.000/0.000
> : attr hash: size 16384, 7 entires
> : min 0 max 1 avg/std-dev = 0.000/0.000
> :------8<------
> :
> :However, despite the entry counts being shown by `bgpctl show rib memory`,
> no other command lists entries as one might expect, and the pf tables are
> empty:
> :
> :------8<------
> :elisheva:~$ bgpctl show rib
> :flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> : S = Stale, E = Error
> :origin validation state: N = not-found, V = valid, ! = invalid
> :origin: i = IGP, e = EGP, ? = Incomplete
> :
> :flags ovs destination gateway lpref med aspath origin
> :elisheva:~$ bgpctl show rib community 65066:42
> :flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> : S = Stale, E = Error
> :origin validation state: N = not-found, V = valid, ! = invalid
> :origin: i = IGP, e = EGP, ? = Incomplete
> :
> :flags ovs destination gateway lpref med aspath origin
> :elisheva:~$ doas pfctl -Ts -t bgp_spamd
> :elisheva:~$ doas pfctl -Ts -t bgp_spamd_bypass
> :elisheva:~$
> :------8<------
> :
> :Any hints as to how to further diagnose? I’ve tried most conceivable
> additional arguments to `bgpctl show rib` and I haven’t found a way to list
> entries yet. Log entries are benign ((re)configuration success messages).
> :
> :Thanks,
> :
> :Ashe
> :
>
> --
> For those who like this sort of thing, this is the sort of thing they like.
> -- Abraham Lincoln
>
--
:wq Claudio
