Page MenuHomeVyOS Platform
Create Task
Maniphest T3533

BGP IPv4 does not initiateate a session
Closed, InvalidPublic
Actions

Description

I'm setting up a session with an external BGP peer over IPv4. The peer is in passive mode and We should initiate BGP session from our side. It appears that VyOS does not send OPEN messages even though we are not in passive mode. The session is never gets established. During a troubleshooting session, our peer temporarily removed passive mode on their end and session came up instantly.

The identical setup for IPv6 session works fine.

This is absolutely critical issue!!!

Version:          VyOS 1.3-rolling-202104280642
Release Train:    equuleus

Built by:         [email protected]
Built on:         Thu 29 Apr 2021 03:42 UTC
Build UUID:       ae16ca93-defa-4a35-8a20-f48a77d41752
Build Commit ID:  470b2d00790a82

Architecture:     x86_64
Boot via:         installed image
System type:      KVM guest

Hardware vendor:  QEMU
Hardware model:   Standard PC (Q35 + ICH9, 2009)
Hardware S/N:     
Hardware UUID:    4e4038df-97f2-4dea-8a4b-c44a3f0ff46a

Copyright:        VyOS maintainers and contributors

relevant config

r6# show protocols bgp | strip-private 
 bgp XXXXXX {
     address-family {
         ipv4-unicast {
             network xxx.xxx.128.0/24 {
             }
         }
         ipv6-unicast {
             network xxxx:xxxx:6000::/48 {
             }
         }
     }
     neighbor xxx.xxx.195.1 {
         address-family {
             ipv4-unicast {
                 route-map {
                     import NO-EXPORT
                 }
                 soft-reconfiguration {
                     inbound
                 }
             }
         }
         ebgp-multihop 3
         remote-as XXXXXX
         update-source eth0
     }
     neighbor xxxx:xxxx:2700:3::1 {
         address-family {
             ipv6-unicast {
                 route-map {
                     import NO-EXPORT
                 }
                 soft-reconfiguration {
                     inbound
                 }
             }
         }
         ebgp-multihop 3
         remote-as XXXXXX
         update-source eth0
     }
     parameters {
         default {
             no-ipv4-unicast
         }
         router-id xxx.xxx.128.100
     }
 }

This is output of show ip bgp neighbors... command:

BGP neighbor is xxx.xxx.195.1, remote AS 40676, local AS 396142, external link
  BGP version 4, remote router ID xxx.xxx.0.0, local router ID xxx.xxx.128.100
  BGP state = Connect
  Last read xxxx:xxxx:46, Last write never
  Hold time is 180, keepalive interval is 60 seconds
  Message statistics:
    Inq depth is 0
    Outq depth is 0
                         Sent       Rcvd
    Opens:                  0          0
    Notifications:          0          0
    Updates:                0          0
    Keepalives:             0          0
    Route Refresh:          0          0
    Capability:             0          0
    Total:                  0          0
  Minimum time between advertisement runs is 0 seconds
  Update source is xxx.xxx.193.59

 For address family: IPv4 Unicast
  Not part of any update group
  Inbound soft reconfiguration allowed
  Community attribute sent to this neighbor(all)
  Inbound path policy configured
  Route map for incoming advertisements is *NO-EXPORT
  0 accepted prefixes

  Connections established 0; dropped 0
  Last reset xxxx:xxxx:46,  Waiting for peer OPEN
  External BGP neighbor may be up to 3 hops away.
BGP Connect Retry Timer in Seconds: 120
Next connect timer due in 15 seconds
Read thread: off  Write thread: off  FD used: 27

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)

Event Timeline

dtoux renamed this task from BGP IPv4 does not initiate ate session to BGP IPv4 does not initiateate a session.May 10 2021, 5:58 PM
dtoux created this task.
dtoux created this object in space S1 VyOS Public.
dtoux added a comment.May 10 2021, 6:17 PM
This comment was removed by dtoux.
dtoux updated the task description. (Show Details)May 10 2021, 7:03 PM
pasik added a subscriber: pasik.May 10 2021, 7:06 PM
Viacheslav added a subscriber: Viacheslav.EditedMay 10 2021, 7:13 PM

it not directly connected neighbours It can’t determine route to the next hop.
Try to set /32 route to ipv4 next hop and check again.

dtoux added a comment.May 10 2021, 7:15 PM

The route is set and validated with traceroute and it has 2 hops.

Viacheslav added a comment.May 10 2021, 7:21 PM

I think there is no routes to neighbor
So you get it via default-route
You need to declare /32 route
Or use option
“ set protocols bgp neighbor <address|interface> disable-connected-check”

dtoux added a comment.EditedMay 10 2021, 7:23 PM

This is the current setup:

r6# show protocols static route 172.107.195.1/32 
 next-hop 38.39.193.57 {
     next-hop-interface eth0
 }

and

root@chi1-pve01:~# traceroute -I -n 172.107.195.1
traceroute to 172.107.195.1 (172.107.195.1), 30 hops max, 60 byte packets
 1  38.39.193.57  1.092 ms  1.183 ms  1.182 ms
 2  172.107.195.1  0.716 ms  0.854 ms  0.853 ms
root@chi1-pve01:~#
dtoux added a comment.May 10 2021, 7:26 PM

I've also tried with disable-connected-check option with no effect

dtoux added a comment.May 10 2021, 7:28 PM

Also:

r6:~$ show ip route 172.107.195.1
Routing entry for 172.107.195.1/32
  Known via "static", distance 1, metric 0, best
  Last update 00:32:33 ago
  * 38.39.193.57, via eth0, weight 1
Viacheslav added a comment.May 10 2021, 7:33 PM

Can you change update source from eth0 to x.x.x.x?

dtoux added a comment.May 10 2021, 7:33 PM

This issue is consistently reproducible and I'm experiencing it with two peers. I convinced one of them to disable passive mode on their end but the other one is not that flexible.

dtoux added a comment.May 10 2021, 7:35 PM

Yes, I've changed the source since i posted the configuration and now it is the specific IP address that the peer expects.

dtoux added a comment.May 11 2021, 7:13 PM

I ran a packet capture on this BGP session and it appears that VyOS actually sends some packets out and they appear to go through the right gateway... I'm investigating with the provider and will post an update here shortly.

dtoux closed this task as Invalid.May 17 2021, 12:29 AM

I ran a packet capture on the session and It appears had been an issue with firewall settings on the provider site. It just happened that we hit a similar issue with two providers and VyOS was the common denominator but It appears to be red herring. Feel free to close.

c-po moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus board.May 23 2021, 10:23 AM
syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus.Aug 29 2022, 12:17 PM
syncer moved this task from Need Triage to Finished on the VyOS 1.3 Equuleus (1.3.0) board.