Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenBGPD: next-hop rewriting for IPv6 blackhole filtering requests #3

Closed
pierky opened this issue Mar 16, 2017 · 2 comments

Comments

Projects
None yet
1 participant
@pierky
Copy link
Owner

commented Mar 16, 2017

When using blackhole_filtering.policy_ipv6 = rewrite-next-hop, the IPv6 address configured in rewrite_next_hop_ipv6 seems to be set correctly in the route that leaves the route server but actually it is not included into the BGP UPDATE and instead it is replaced with the route server's address.

After REUSE_INSTANCES=1 nosetests -vs tests/live_tests/scenarios/global/test_openbgpd6.py -m test_071_blackholed_prefixes_as_seen_by_enabled_clients_BLACKHOLE:

bgpctl -n show rib detail out neighbor 2001:db8:1:1::11 2a02:0:3::1/128

BGP routing table entry for 2a02:0:3::1/128
    2
    Nexthop 2001:db8:1:1::66 (via 2001:db8:1:1::66) from
2001:db8:1:1::21 (192.0.2.21)
    Origin IGP, metric 0, localpref 100, weight 0, external, valid, best
    Last update: 00:00:27 ago
    Communities: NO_EXPORT BLACKHOLE

From the output of tcpdump on AS1_1:

 Multi-Protocol Reach NLRI (14), length: 55, Flags [O]:
     AFI: IPv6 (2), SAFI: Unicast (1)
     nexthop: 2001:db8:1:1::2, nh-length: 16, no SNPA
     2a02:0:3::2/128
     2a02:0:3::1/128

bgpd.conf.txt
bgpd-vdn.txt

@pierky pierky added the bug label Mar 16, 2017

@pierky

This comment has been minimized.

Copy link
Owner Author

commented Mar 28, 2017

It seems that this issue is due to a bug in OpenBGPD: https://marc.info/?l=openbsd-bugs&m=149065338712338&w=2
I'll update this as soon as I have tested the patch.

@pierky pierky removed the bug label Apr 18, 2017

@pierky

This comment has been minimized.

Copy link
Owner Author

commented Apr 18, 2017

The problem herein reported was due to a bug in OpenBGP < OpenBSD 6.1, fixed with openbsd/src@f1385c8
OpenBSD 6.1 works fine.
ARouteServer handles this case by producing a compatibility error when the target version is 6.0.

@pierky pierky closed this in 864b018 Apr 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.