"
I'm working on a lab to setup a BGP multihome configuration and running into an issue with the failover while testing ssh and killing one of the routers.
Router A (AS10) -------- Router B (AS1000) -------- Router D (AS20)
\ /
-------- Router C (AS2000) --------
Router A is able to see the network advertised by D via B and C correctly. The routes are additionally set to ECMP. If I do a traceroute from a client in AS10 to a client in AS20, I'll see whichever interfaces are currently set as the preferred route in the BGP routing table (for this we'll say it is currently going over B). If I disable router B and run traceroute again, I can see the route has automatically shifted to C correctly.
Now lets assume everything is reset and the preferred route is on B again. I can open an SSH connection to the client in AS20 and verify the traffic is going through B. If I disable B, the connection hangs and I can see it is still attempting to send traffic over the A -- B link. If I kill the SSH session and restart it, the traffic goes over C correctly.
Should the failover work while the SSH session is active so that my traffic is automatically rerouted through C, is this expected behavior, or is there a configuration I'm missing?
Router A BGP configuration:
-------------
Note: 1.1.1.1 = Router B; 3.3.3.1 Router C; prefix-lists/route-maps are set to 'any'
-------------
frr version 8.5.4
frr defaults traditional
hostname OPNsense.localdomain
log syslog notifications
!
router bgp 10
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp bestpath as-path multipath-relax
neighbor 1.1.1.1 remote-as 1000
neighbor 1.1.1.1 update-source em0
neighbor 3.3.3.1 remote-as 2000
neighbor 3.3.3.1 update-source em2
!
address-family ipv4 unicast
network 172.16.100.0/24
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 prefix-list Allow in
neighbor 1.1.1.1 prefix-list Allow out
neighbor 1.1.1.1 route-map Allow in
neighbor 1.1.1.1 route-map Allow out
neighbor 3.3.3.1 activate
neighbor 3.3.3.1 prefix-list Allow in
neighbor 3.3.3.1 prefix-list Allow out
neighbor 3.3.3.1 route-map Allow in
neighbor 3.3.3.1 route-map Allow out
exit-address-family
exit
!
ip prefix-list Allow seq 10 permit any
!
route-map Allow permit 10
exit
-------------
Router A (AS10) -------- Router B (AS1000) -------- Router D (AS20)
\ /
-------- Router C (AS2000) --------
Router A is able to see the network advertised by D via B and C correctly. The routes are additionally set to ECMP. If I do a traceroute from a client in AS10 to a client in AS20, I'll see whichever interfaces are currently set as the preferred route in the BGP routing table (for this we'll say it is currently going over B). If I disable router B and run traceroute again, I can see the route has automatically shifted to C correctly.
Now lets assume everything is reset and the preferred route is on B again. I can open an SSH connection to the client in AS20 and verify the traffic is going through B. If I disable B, the connection hangs and I can see it is still attempting to send traffic over the A -- B link. If I kill the SSH session and restart it, the traffic goes over C correctly.
Should the failover work while the SSH session is active so that my traffic is automatically rerouted through C, is this expected behavior, or is there a configuration I'm missing?
Router A BGP configuration:
-------------
Note: 1.1.1.1 = Router B; 3.3.3.1 Router C; prefix-lists/route-maps are set to 'any'
-------------
frr version 8.5.4
frr defaults traditional
hostname OPNsense.localdomain
log syslog notifications
!
router bgp 10
bgp log-neighbor-changes
no bgp ebgp-requires-policy
no bgp default ipv4-unicast
bgp bestpath as-path multipath-relax
neighbor 1.1.1.1 remote-as 1000
neighbor 1.1.1.1 update-source em0
neighbor 3.3.3.1 remote-as 2000
neighbor 3.3.3.1 update-source em2
!
address-family ipv4 unicast
network 172.16.100.0/24
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 prefix-list Allow in
neighbor 1.1.1.1 prefix-list Allow out
neighbor 1.1.1.1 route-map Allow in
neighbor 1.1.1.1 route-map Allow out
neighbor 3.3.3.1 activate
neighbor 3.3.3.1 prefix-list Allow in
neighbor 3.3.3.1 prefix-list Allow out
neighbor 3.3.3.1 route-map Allow in
neighbor 3.3.3.1 route-map Allow out
exit-address-family
exit
!
ip prefix-list Allow seq 10 permit any
!
route-map Allow permit 10
exit
-------------
