Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Help with BGP tunnel on OpenBSD 5.7  (Read 3750 times)

landerholm

  • Newbie
  • *
  • Posts: 7
Help with BGP tunnel on OpenBSD 5.7
« on: May 03, 2015, 01:24:48 AM »

Hi,

I have been trying to setup a BGP IPv6 tunnel to my network using tunnelbroker.net.
But I haven't been able to get it to work yet.
I have been running a regular tunnel for quite some time, but now, I have been allocated a PI /48 network from my RIR and I would like to learn more about BGP at the same time. So I am trying to switch to a BGP tunnel instead.
This is my config:
bgpd.conf:

Code: [Select]
AS 200704
network 2001:67c:11f0::/48
router-id 10.0.0.254

neighbor 2001:470:12:e0::1 {
        remote-as 6939
        descr "Tunnelbroker-net"
}

The configuration from he.net says:
BGP Details Status: Available
Prefixes: 2001:67c:11f0::/48 (LoA on file)
Your ASN:200704
Our ASN:6939
Peer Address:2001:470:12:e0::1/64


So, I have configured a tunnel using the ifconfig commands:
Code: [Select]
ifconfig gif0 tunnel 81.230.146.66 216.66.84.54
ifconfig gif0 inet6 alias 2001:470:12:e0::2 2001:470:12:e0::1 prefixlen 128
route -n add -inet6 default 2001:470:12:e0::1

When I start my bgpd, I get the following results:
Code: [Select]
# bgpctl show summary
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Tunnelbroker-net         6939          0          0     0 Never    Connect

Any suggestions to what I'm missing here?
Thanks for any help!

/Johan
« Last Edit: July 18, 2015, 05:39:07 AM by landerholm »
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1735
Re: Help with BGP tunnel on OpenBSD 4.7
« Reply #1 on: May 03, 2015, 08:10:18 AM »

Any firewall rules in place filtering TCP 179?
Do you see any bi-directional BGP activity (ie. packets FROM HE's side?)
It could also be that they haven't enabled the session yet on their side.
« Last Edit: May 03, 2015, 08:25:13 AM by broquea »
Logged

landerholm

  • Newbie
  • *
  • Posts: 7
Re: Help with BGP tunnel on OpenBSD 4.7
« Reply #2 on: May 03, 2015, 02:52:50 PM »

I think I got it working. My bgpd was listening on the IPv6 interface only. I changed it to all interfaces (both IPv4 and IPv6), now I have lots of routes in my routing table:

Code: [Select]
# bgpctl show rib |wc -l
   21585

Thanks!
Logged

landerholm

  • Newbie
  • *
  • Posts: 7
Re: Help with BGP tunnel on OpenBSD 4.7
« Reply #3 on: May 04, 2015, 12:51:38 PM »

But,

I'm trying to announce my IPv6 network using BGP, but the tunnelbroker.net site still says no network has been announced.
Shouldn't tunnelbroker.net pickup my announced network?

Thanks!
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1735
Re: Help with BGP tunnel on OpenBSD 4.7
« Reply #4 on: May 04, 2015, 01:18:19 PM »

Only if you've configured your announcement correctly, and they have it correct in their filters.
Does your side show it is advertising the prefix to them, with whatever your equiv. of "sh ip bgp nei x:x:x:x::x advertised" is?
Do you have an anchor route in place? To null, loop or even configured somewhere on the machine?

Also, according to the HE route-server, they are learning your route:

Code: [Select]
route-server> sh ipv6 bgp 2001:67c:11f0::
BGP routing table entry for 2001:67c:11f0::/48
Paths: (33 available, best #24, table Default-IP-Routing-Table)
« Last Edit: May 04, 2015, 01:34:21 PM by broquea »
Logged

landerholm

  • Newbie
  • *
  • Posts: 7
Re: Help with BGP tunnel on OpenBSD 4.7
« Reply #5 on: July 18, 2015, 05:38:50 AM »

Thanks for your help.

I have rebooted my gateway/firewall/bgp router and the BGP stuff failes to start again.
My bgp log is full of the following logs:

Code: [Select]
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change Idle -> Active, reason: Start
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change Active -> OpenSent, reason: Connection opened
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change OpenSent -> OpenConfirm, reason: OPEN message received
Jul 18 14:35:15 fw bgpd[23323]: neighbor 2001:470:12:e0::1 (Tunnelbroker-net): state change OpenConfirm -> Idle, reason: Connection closed

And the statistics tells me:

Code: [Select]
# bgpctl show
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
Tunnelbroker-net         6939         93        186     0 Never    Idle

I didn't change any configuration, so I don't know where to start debugging?
Logged

landerholm

  • Newbie
  • *
  • Posts: 7
Re: Help with BGP tunnel on OpenBSD 5.7
« Reply #6 on: July 18, 2015, 06:01:46 AM »

Sorry for the last post, I think I was dropping traffic from the BGP peer without any logs, so I wasn't aware of this problem.
Now, it works again.

/J
Logged