Updating BGP ASN List?

Started by NateroniPizza, December 08, 2023, 04:20:08 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
December 08, 2023, 04:20:08 PM Last Edit: December 08, 2023, 04:23:18 PM by NateroniPizza
Hello, all,

I had a situation where my BGP ASN aliases would not update. I'd replaced a failing SSD, reinstalled (got 23.7.9 on there now), and imported the configuration. Unfortunately, my ISP had decided that would be a good time to bring our internet connection down for maintenance, so OPNSense was unable to download the asn.gz file (the logs showed a DNS resolution error when trying to do so).

When the internet came back up, I couldn't get my BGP-based aliases to update. I tried rebooting, I tried deleting and manually re-creating the aliases, I tried setting up a Cron job to update aliases, and I tried flushing the aliases under Diagnostics>Aliases. Nothing would get it to update. Finally, since I knew that it would re-download the asn.gz file after a configuration restore, I just restored to the configuration again - and success.

My question now is how does one manually trigger the update for this file? (re-downloading https://rulesets.opnsense.org/alias/asn.gz) And does it do it automatically periodically download an updated version? I suspect that the alias updates don't actually tie into the mechanism for downloading the asn.gz file, so they're just looking at the old (or in my case, non-existent) asn.gz file. Given I couldn't manually trigger an update, I'm concerned that it may not be automatically updating either.

Thank you
December 08, 2023, 04:42:35 PM #1
The time-to-live for the ASN file is 1 day, but that depends on how often the update is called.

I use the cron job for that called "Update and reload firewall aliases". The timestamp for /usr/local/share/bgp/asn.csv shows Dec 8, 10:32 am, so this seems to work.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
December 09, 2023, 04:57:56 AM #2
Quote from: meyergru on December 08, 2023, 04:42:35 PM
The time-to-live for the ASN file is 1 day, but that depends on how often the update is called.

I use the cron job for that called "Update and reload firewall aliases". The timestamp for /usr/local/share/bgp/asn.csv shows Dec 8, 10:32 am, so this seems to work.

Thanks for the response. That was the cron job I was using to try and force it to re-download, but it did not seem to work. Note that I didn't know where that file was located, so it may have been something further down the line failing (I was just checking the logs, which weren't showing anything related to the BGP/ASN stuff, and the contents of the aliases). I'll keep an eye on that file and make sure it's updating successfully at this point.
November 09, 2024, 11:21:05 AM #3
Hi,
I know that this is an old topic but this info might help someone.
Simply changing and appying the alias to ASN 0 (non-existent) will trigger the update. Changing it back to the right ASN number the update will be triggered again with the correct result.
All aliases are in separate files under
Code Select
ls -al /var/db/aliastables




Print
Go Up Pages1
User actions