I have a really strange problem with (I)BGP and asymmetric routing and maybe you can help me. # My setup is as follows: #

Router A (running with bird on Linux) ← Internet / eBGP → upstream A / upstream B
↑
|
| VPN / IBGP
|
↓
Router B (running with bird on Linux) ← Internet / eBGP → upstream C / upstream D

The routers are connected over VPN. The routes are shared with IBGP between the two nodes and are chosen by the shorted AS path in general. Firewalls between the nodes are still off. So, connection tracking should not be an issue. Forwarding (

.ipv6.conf.all.forwarding=1

) is also activated. --- # And now to my problem: # The outgoing traffic (ICMP ping, traceroute ...) works without problems on both routers. **for example a traceroute, from Router A**

traceroute to 31173.se (2a03:1b20:1:f104::1:109), 30 hops max, 80 byte packets
 1  RouterB (*************)  4.464 ms  4.408 ms  4.384 ms
 2  * * upstreamC (*************)  5.522 ms
 3  * * *
 4  fra-eq5-cr1.ipv6.31173.se (2001:7f8::99b7:0:1)  13.002 ms  12.983 ms  12.928 ms
 5  cph-ix1-cr2-et-0-0-2-v2043.ipv6.31173.se (2a03:1b20:8:fe06::1)  21.167 ms  21.107 ms  21.083 ms
 6  mlm-vg4-cr2-et-0-0-3-v2029.ipv6.31173.se (2a03:1b20:8:fe00::2)  21.484 ms  21.229 ms  21.230 ms
 7  mlm-sp-cr1-ae0.ipv6.31173.se (2a03:1b20:1:fe36::1)  22.516 ms  22.520 ms  22.492 ms
 8  mlm-sg-dr1-ae2.ipv6.31173.se (2a03:1b20:1:fe12::2)  56.773 ms  56.750 ms  41.987 ms
 9  31173.se (2a03:1b20:1:f104::1:109)  21.872 ms  21.801 ms  21.775 ms

**But the incoming traffic (from 2a03:1b20:1:f104::1:109) fails partially in case the route back goes asymmetrical over the other router (here, the traceroute should arrive on Router A first, because it comes from upstreamA):**

traceroute to RouterA (*************), 30 hops max, 80 byte packets
 1  mlm-sg-dr1-v104.ipv6.31173.se (2a03:1b20:1:f104::1)  4.306 ms  4.185 ms  4.072 ms
 2  mlm-sp-cr1-ae1.ipv6.31173.se (2a03:1b20:1:fe12::1)  22.329 ms  22.232 ms  22.080 ms
 3  ams-eq6-cr1-et-0-0-2-v2037.ipv6.31173.se (2a03:1b20:3:fe02::1)  11.838 ms  12.009 ms  11.909 ms
 4  upstreamA (*************)  12.860 ms  12.732 ms  12.672 ms
 5  upstreamA (*************)  20.225 ms  20.345 ms  20.289 ms
 6  * * *
 7  * * *
-- Traceroute timed out --

Doing a tcpdump it actually shows the incoming packet on Router A and the outgoing reply packet on Router B, but it seems the reply never reaches the originating destination (2a03:1b20:1:f104::1:109). Do you have any ideas how I can solve the problem?

I am setting up CI environment where I have two subnets connected by two peered bird routers. My current ipv4 config on one of the routers is as follows:

protocol device {
}

protocol direct {
  interface "eth0";
  interface "eth1";
}

protocol kernel {
  import none;
  export all;
}

protocol bgp {
  import all;
  export all;

  local    10.100.0.9 as 9;
  neighbor 10.100.0.7 as 7;
}

This and the other router are connected over 10.100.0.0/24. LAN instances connect to this router over 10.9.0.0/24. Currently, when I send LAN ethernet packets from e.g. 10.9.0.71 to 10.9.0.72, and the ethernet dst is router's MAC then the packet is delivered to LAN server. What I would like to achieve for LAN packets is: * when dst MAC is router's MAC then the packet does not reach the destination, * when dst MAC is destination server's MAC then the packet reaches that destination, just as it does now. I don't know very much about routing and bird documentation is rather targeted to experienced users. So far I tried using filters and blackholed static routes, but it was more of a guesswork and none of it worked.

I am trying to set up bird for routing networks between my sites witch are connected with 2 L2 links. Right now all my OSPF_INTRA are redistributed to others routers with automatic cost calculation. I would like to specify extra cost for some network in order to "force" traffic to pass on the other link. (eg. Real-Time traffic on the first link and Bandwitdh consuming traffic on the other by tweaking cost). Regards, Nicolas

I have an anycast setup for DNS using BIRD https://unix.stackexchange.com/questions/381962/ospf-migrating-quagga-to-bird However, using "show routes" in the birdc command I see lots of OSPF learned routes from our internal network. As it is, in this anycast setup (and normally), there is only a need to announce routes, and not to receive them. How to create a filter in BIRD to ignore the OSPF routes? My OSPF setup is this one: protocol ospf { tick 2; rfc1583compat yes; area 0.0.0.0 { networks { 1.1.1.0/22; }; stubnet 2.2.2.2/32 { cost 100; }; stubnet 3.3.3.3/32 { cost 500; }; stubnet 4.4.4.4/32 { cost 1000; }; stubnet 5.5.5.5/32 { cost 900; }; interface "eth0" { cost 1000; password "MySecretPassword" { id 5; }; authentication cryptographic; }; interface "dummy0" { stub; }; interface "dummy1" { stub; }; interface "dummy2" { stub; }; interface "dummy3" { stub; }; }; }

I need/want to migrate from Quagga to BIRD after several Quagga hiccups, namely https://unix.stackexchange.com/questions/331664/quagga-stopped-working-after-updates-in-stretch/331665 . BIRD is also more flexible and modern. I have my OSPF BIND anycast configuration in Quagga and would like to setup the OSPF service in a way similar on BIRD. What to do? My /etc/quagga/ospfd.conf is: ! ! Zebra configuration saved from vty ! 2011/03/22 21:17:11 ! hostname dns password 8 xxxxxxx enable password 8 xxxxxxx log stdout service password-encryption ! ! ! interface dummy0 ip ospf cost 100 ! interface dummy1 ip ospf cost 500 ! interface dummy2 ip ospf cost 1000 ! interface dummy3 ip ospf cost 900 ! interface eth0 ip ospf authentication message-digest ip ospf message-digest-key 5 md5 MySecretPassword ip ospf cost 1000 ! interface eth1 ip ospf cost 1000 ! interface lo ! router ospf ospf router-id 1.1.1.1 auto-cost reference-bandwidth 10000 network 1.1.1.0/22 area 0.0.0.0 network 2.2.2.2/32 area 0.0.0.0 network 3.3.3.3/32 area 0.0.0.0 network 4.4.4.4/32 area 0.0.0.0 network 5.5.5.5/32 area 0.0.0.0 area 0 filter-list prefix AREA_1_OUT out ! ip prefix-list AREA_1_OUT seq 5 permit 2.2.2.2/32 ip prefix-list AREA_1_OUT seq 10 permit 3.3.3.3/32 ip prefix-list AREA_1_OUT seq 15 permit 4.4.4.4/32 ip prefix-list AREA_1_OUT seq 20 permit 5.5.5.5/32 ip prefix-list AREA_1_OUT seq 25 deny any ! line vty !

I am migrating from Quagga to BIRD; however after setting things up, the other OSPF "routers" do not see me. I think I have not setup properly the MD5 directive. My similar setup in Quagga is: ip ospf authentication message-digest ip ospf message-digest-key 5 md5 SecreTPassword In BIRD I have done: area 0.0.0.0 { ... interface "eth0" { cost 1000; password "SecreTPassword"; authentication cryptographic; }; ... }; What is wrong?

I am migrating an anycast OSPF routing BIND redundant setup from Quagga to BIRD. One of my difficulties is getting several routes with different costs with BIRD, in the same way as I am doing it in quagga. As in Quagga I am doing in /etc/quagga/ospfd.conf: interface dummy0 ip ospf cost 100 ! interface dummy1 ip ospf cost 500 ! interface dummy2 ip ospf cost 1000 ! interface dummy3 ip ospf cost 900 ! I can see in birdc using the command show ospf state that my configuration is not giving weights, despite having defined the cost in the interfaces in /etc/bird.conf. What to do? protocol ospf { tick 2; rfc1583compat yes; area 0.0.0.0 { networks { 1.1.1.0/22; 2.2.2.2/32; 3.3.3.3/32; 4.4.4.4/32; 5.5.5.5/32; }; interface "eth0" { cost 1000; password "xxxxxxxxxx" { id 5; }; authentication cryptographic; }; interface "dummy0" { stub; cost 100; }; interface "dummy1" { stub; cost 500; }; interface "dummy2" { stub; cost 1000; }; interface "dummy3" { stub; cost 900; }; }; }