OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: Nico on December 30, 2018, 12:51:51 pm

Title: BGP routes are not installed in the system's routing table
Post by: Nico on December 30, 2018, 12:51:51 pm

Hi,

I have just setup an iBGP with a Juniper MX router in the lab. Local & Remote AS are identical and the Juniper MX announces quite some routes from the internal network (so direct & ospf routes are being redistributed). I can see those routes on the OPNsense in Diagnostics -> BGPv4 although it seems to be malformatted since the first digit of the route is printed in the forst column next to the "i" and the network column looks for example like this: "   .251.251.0/24 84" where the 84 actually belongs to the next column "next hop" again as the first digit. However, I assume this is just a cosmetic issue. The real issue is that all those routes are not being installed in the system's routing table. Going to system -> routes -> status I only see the standard few routes that were there before. I didn't find a know either to leak the bgp table into the local table and a 'netstat -r' on the console doesn't reveal any further routing tables either that hold the bgp learned routes. There are neither route-maps nor prefix-lists present which typically means, that everything can pass. But I also tested with 'permit any' rules with the same results.

Any hint from your side? Is this a bug or did I miss something?

Thanks!

Title: Re: BGP routes are not installed in the system's routing table
Post by: mimugmail on December 30, 2018, 01:32:00 pm

Can you post configuration and via CLI type vtysh .. then you are in a cisco shell when you can print routes

Title: Re: BGP routes are not installed in the system's routing table
Post by: Nico on December 30, 2018, 03:28:23 pm

Thanks for your reply. Here is the config:

Code: [Select]

Current configuration:
!
frr version 3.0.3
frr defaults traditional
!
log file /var/log/frr.log
!
router bgp 65000
 neighbor 192.168.230.246 remote-as 65000
 vnc defaults
  response-lifetime 3600
  exit-vnc
!
line vty
!
end
I have changed ASN + IP since I don't want to reveal this here. However, now being on the zebra shell (thanks, didn't know the vtysh command; always did a telnet to localhost in earlier days when working with zebra on linux systems) I can see, that the routes are in fact received but not installed:

Code: [Select]

natgw.vm.serv# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, P - PIM, N - NHRP, T - Table,
       v - VNC, V - VNC-Direct,
       > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.201.0.1, vtnet0
C>* 192.168.0.0/27 is directly connected, vtnet0
K>* 172.20.0.0/16 via 172.20.0.205, ovpnc2
C>* 172.20.0.205/32 is directly connected, ovpnc2
C>* 172.20.32.0/23 is directly connected, vtnet1
C>* 192.168.202.0/24 is directly connected, vtnet1
So it seems default behaviour is not to accept anything and I need to find out how to write a "permit any" policy on this "device" I guess?

Title: Re: BGP routes are not installed in the system's routing table
Post by: mimugmail on December 30, 2018, 04:12:48 pm

Your config doesnt seem to be complete for iBGP .. let me check when I'm on a computer

Title: Re: BGP routes are not installed in the system's routing table
Post by: Nico on December 30, 2018, 07:40:26 pm

Of course, you're right. Unfortunately OPNsense doesn't provide a flag for iBGP (kind of assumed that the matching ASN would be automatically translated into iBGP) and I don't know if a manual configuration in the CLI survives any changes. But I will test it now with private ASN instead.

Title: Re: BGP routes are not installed in the system's routing table
Post by: mimugmail on December 31, 2018, 08:09:07 am

Can you add next-hop-self to the iBGP neighbor? This should do it ...

Title: Re: BGP routes are not installed in the system's routing table
Post by: Nico on January 01, 2019, 01:08:00 pm

Indeed - works now. Thanks a lot!