Hi, I have a FreeBSD VM for an AS112 node, the BGP is done with OpenBGPD. root@as112:~ # uname -a FreeBSD as112.grifon.fr 12.0-RELEASE-p12 FreeBSD 12.0-RELEASE-p12 GENERIC amd64 root@as112:~ # pkg info openbgpd6 openbgpd6-6.6p0 Name : openbgpd6 Version : 6.6p0 Installed on : Mon Dec 16 20:13:44 2019 CET Origin : net/openbgpd6 Architecture : FreeBSD:12:amd64 Prefix : /usr/local Categories : net Licenses : ISCL Maintainer : pi@FreeBSD.org WWW : http://www.openbgpd.org/ Comment : Free implementation of the Border Gateway Protocol, Version 4 Options : IPV6LLPEER : on Annotations : FreeBSD_version: 1200086 repo_type : binary repository : poudriere Flat size : 435KiB Description : OpenBGPD is a FREE implementation of the Border Gateway Protocol, Version 4. It allows ordinary machines to be used as routers exchanging routes with other systems speaking the BGP protocol. This is the portable version and it does not have the means to influence kernel routing tables. It is only suitable for route servers/collectors. WWW: http://www.openbgpd.org/ Here is my configuration: router-id 89.234.186.134 AS 112 fib-update yes network 192.175.48.0/24 network 192.31.196.0/24 network 2620:4f:8000::/48 network 2001:4:112::/48 group "peering" { announce IPv4 unicast announce IPv6 unicast neighbor 89.234.186.129 { remote-as 204092 descr "Grifon nominoe IPv4" } neighbor 2a00:5884:0:100::1:1 { remote-as 204092 descr "Grifon nominoe IPv6" } neighbor 89.234.186.130 { remote-as 204092 descr "Grifon budic IPv4" } neighbor 2a00:5884:0:100::1:2 { remote-as 204092 descr "Grifon budic IPv6" } neighbor 185.1.89.1 { remote-as 206165 descr "Breizh-IX RS1 IPv4" enforce neighbor-as no set localpref 150 } neighbor 2001:7f8:b1::1 { remote-as 206165 descr "Breizh-IX RS1 IPv6" enforce neighbor-as no set localpref 150 } neighbor 185.1.89.2 { remote-as 206165 descr "Breizh-IX RS2 IPv4" enforce neighbor-as no set localpref 150 } neighbor 2001:7f8:b1::2 { remote-as 206165 descr "Breizh-IX RS2 IPv6" enforce neighbor-as no set localpref 150 } } # do not send or use routes from neighbors without further explicit # configuration deny from any deny to any # filter out prefixes longer than 24 or shorter than 8 bits for IPv4 # and longer than 48 or shorter than 16 bits for IPv6. allow from any inet prefixlen 8 - 24 allow from any inet6 prefixlen 16 - 48 # filter bogus networks according to RFC5735 deny from any prefix 0.0.0.0/8 prefixlen >= 8 # 'this' network [RFC1122] deny from any prefix 10.0.0.0/8 prefixlen >= 8 # private space [RFC1918] deny from any prefix 100.64.0.0/10 prefixlen >= 10 # CGN Shared [RFC6598] deny from any prefix 127.0.0.0/8 prefixlen >= 8 # localhost [RFC1122] deny from any prefix 169.254.0.0/16 prefixlen >= 16 # link local [RFC3927] deny from any prefix 172.16.0.0/12 prefixlen >= 12 # private space [RFC1918] deny from any prefix 192.0.2.0/24 prefixlen >= 24 # TEST-NET-1 [RFC5737] deny from any prefix 192.168.0.0/16 prefixlen >= 16 # private space [RFC1918] deny from any prefix 198.18.0.0/15 prefixlen >= 15 # benchmarking [RFC2544] deny from any prefix 198.51.100.0/24 prefixlen >= 24 # TEST-NET-2 [RFC5737] deny from any prefix 203.0.113.0/24 prefixlen >= 24 # TEST-NET-3 [RFC5737] deny from any prefix 224.0.0.0/4 prefixlen >= 4 # multicast deny from any prefix 240.0.0.0/4 prefixlen >= 4 # reserved # filter bogus IPv6 networks according to IANA deny from any prefix ::/8 prefixlen >= 8 deny from any prefix 0100::/64 prefixlen >= 64 # Discard-Only [RFC6666] deny from any prefix 2001:2::/48 prefixlen >= 48 # BMWG [RFC5180] deny from any prefix 2001:10::/28 prefixlen >= 28 # ORCHID [RFC4843] deny from any prefix 2001:db8::/32 prefixlen >= 32 # docu range [RFC3849] deny from any prefix 3ffe::/16 prefixlen >= 16 # old 6bone deny from any prefix fc00::/7 prefixlen >= 7 # unique local unicast deny from any prefix fe80::/10 prefixlen >= 10 # link local unicast deny from any prefix fec0::/10 prefixlen >= 10 # old site local unicast deny from any prefix ff00::/8 prefixlen >= 8 # multicast ## filter bogon AS numbers ## http://www.iana.org/assignments/as-numbers/as-numbers.xhtml deny from any AS 23456 # AS_TRANS deny from any AS 64496 - 64511 # Reserved for use in docs and code RFC5398 deny from any AS 64512 - 65534 # Reserved for Private Use RFC6996 deny from any AS 65535 # Reserved RFC7300 deny from any AS 65536 - 65551 # Reserved for use in docs and code RFC5398 deny from any AS 65552 - 131071 # Reserved deny from any AS 4200000000 - 4294967294 # Reserved for Private Use RFC6996 deny from any AS 4294967295 # Reserved RFC7300 allow to any prefix 2620:4f:8000::/48 allow to any prefix 2001:4:112::/48 allow to any prefix 192.175.48.0/24 allow to any prefix 192.31.196.0/24 The BGP sessions are up, but the FIB is empty (and I have a permission denied when I try to print it from bgpd): root@as112:~ # bgpctl show summary Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd Grifon nominoe IPv4 204092 136105 152 0 01:14:56 799528 Grifon nominoe IPv6 204092 29247 152 0 01:14:56 78083 Grifon budic IPv4 204092 174092 153 0 01:14:56 799529 Grifon budic IPv6 204092 34591 153 0 01:14:56 78085 Breizh-IX RS1 IPv4 206165 200 153 0 01:14:56 83 Breizh-IX RS1 IPv6 206165 193 153 0 01:14:56 32 Breizh-IX RS2 IPv4 206165 212 155 0 01:14:56 69 Breizh-IX RS2 IPv6 206165 213 155 0 01:14:56 71 root@as112:~ # bgpctl show rib | head flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale, E = Error origin validation state: N = not-found, V = valid, ! = invalid origin: i = IGP, e = EGP, ? = Incomplete flags ovs destination gateway lpref med aspath origin *> N 1.0.0.0/24 89.234.186.129 100 50 204092 34019 13335 i * N 1.0.0.0/24 89.234.186.130 100 50 204092 198507 13335 i *> N 1.0.4.0/22 89.234.186.129 100 50 204092 34019 6939 4826 38803 56203 i * N 1.0.4.0/22 89.234.186.130 100 50 204092 198507 6939 4826 38803 56203 i root@as112:~ # bgpctl show fib flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway permission denied root@as112:~ # route get 1.0.0.0/24 route: route has not been found root@as112:~ # netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 89.234.186.129 UGS vtnet2 89.234.186.128/29 link#3 U vtnet2 89.234.186.134 link#3 UHS lo0 127.0.0.1 link#4 UH lo0 172.17.0.0/24 link#1 U vtnet0 172.17.0.27 link#1 UHS lo0 185.1.89.0/24 link#2 U vtnet1 185.1.89.16 link#2 UHS lo0 192.31.196.1 link#5 UH lo1 192.175.48.1 link#5 UH lo1 192.175.48.6 link#5 UH lo1 192.175.48.42 link#5 UH lo1 Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 default 2a00:5884:0:100::1:1 UGS vtnet2 ::1 link#4 UH lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:4:112::/64 link#5 U lo1 2001:4:112::1 link#5 UHS lo0 2001:7f8:b1::/64 link#2 U vtnet1 2001:7f8:b1::12 link#2 UHS lo0 2620:4f:8000::/64 link#5 U lo1 2620:4f:8000::1 link#5 UHS lo0 2620:4f:8000::6 link#5 UHS lo0 2620:4f:8000::42 link#5 UHS lo0 2a00:5884:0:100::1:0/112 link#3 U vtnet2 2a00:5884:0:100::1:10 link#3 UHS lo0 fe80::/10 ::1 UGRS lo0 fe80::%vtnet1/64 link#2 U vtnet1 fe80::fc7a:e9ff:fea9:1ba2%vtnet1 link#2 UHS lo0 fe80::%vtnet2/64 link#3 U vtnet2 fe80::c54:abff:fef6:f9ec%vtnet2 link#3 UHS lo0 fe80::%lo0/64 link#4 U lo0 fe80::1%lo0 link#4 UHS lo0 fe80::%lo1/64 link#5 U lo1 fe80::1%lo1 link#5 UHS lo0 ff02::/16 ::1 UGRS lo0 root@as112:~ # Regards, -- Alarig
It looks like hrs@ knows more about this FIB-update stuff.