• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Help with BGP tunnel on OpenBSD 5.7

Started by landerholm, May 03, 2015, 01:24:48 AM

Previous topic - Next topic

landerholm

Hi,

I have been trying to setup a BGP IPv6 tunnel to my network using tunnelbroker.net.
But I haven't been able to get it to work yet.
I have been running a regular tunnel for quite some time, but now, I have been allocated a PI /48 network from my RIR and I would like to learn more about BGP at the same time. So I am trying to switch to a BGP tunnel instead.
This is my config:
bgpd.conf:

AS 200704
network 2001:67c:11f0::/48
router-id 10.0.0.254

neighbor 2001:470:12:e0::1 {
        remote-as 6939
        descr "Tunnelbroker-net"
}


The configuration from he.net says:
BGP Details Status: Available
Prefixes: 2001:67c:11f0::/48 (LoA on file)
Your ASN:200704
Our ASN:6939
Peer Address:2001:470:12:e0::1/64


So, I have configured a tunnel using the ifconfig commands:
ifconfig gif0 tunnel 81.230.146.66 216.66.84.54
ifconfig gif0 inet6 alias 2001:470:12:e0::2 2001:470:12:e0::1 prefixlen 128
route -n add -inet6 default 2001:470:12:e0::1


When I start my bgpd, I get the following results:
# bgpctl show summary
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Tunnelbroker-net         6939          0          0     0 Never    Connect


Any suggestions to what I'm missing here?
Thanks for any help!

/Johan

broquea

#1
Any firewall rules in place filtering TCP 179?
Do you see any bi-directional BGP activity (ie. packets FROM HE's side?)
It could also be that they haven't enabled the session yet on their side.

landerholm

I think I got it working. My bgpd was listening on the IPv6 interface only. I changed it to all interfaces (both IPv4 and IPv6), now I have lots of routes in my routing table:

# bgpctl show rib |wc -l
   21585


Thanks!

landerholm

But,

I'm trying to announce my IPv6 network using BGP, but the tunnelbroker.net site still says no network has been announced.
Shouldn't tunnelbroker.net pickup my announced network?

Thanks!

broquea

#4
Only if you've configured your announcement correctly, and they have it correct in their filters.
Does your side show it is advertising the prefix to them, with whatever your equiv. of "sh ip bgp nei x:x:x:x::x advertised" is?
Do you have an anchor route in place? To null, loop or even configured somewhere on the machine?

Also, according to the HE route-server, they are learning your route:

route-server> sh ipv6 bgp 2001:67c:11f0::
BGP routing table entry for 2001:67c:11f0::/48
Paths: (33 available, best #24, table Default-IP-Routing-Table)

landerholm

Thanks for your help.

I have rebooted my gateway/firewall/bgp router and the BGP stuff failes to start again.
My bgp log is full of the following logs:

Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change Idle -> Active, reason: Start
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change Active -> OpenSent, reason: Connection opened
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change OpenSent -> OpenConfirm, reason: OPEN message received
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change OpenConfirm -> Idle, reason: Connection closed


And the statistics tells me:

# bgpctl show
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Tunnelbroker-net         6939         93        186     0 Never    Idle


I didn't change any configuration, so I don't know where to start debugging?

landerholm

Sorry for the last post, I think I was dropping traffic from the BGP peer without any logs, so I wasn't aware of this problem.
Now, it works again.

/J