Discussion:
Another Netlink: File exists
micah
2014-10-04 16:16:20 UTC
Permalink
Hello,

I read the FAQ on the wiki, and every thread I could find on this list
to try and track down how to stop this message hitting my logs every 15
seconds (and filling them every few days), but I have had no luck.

I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn'
mode, so I set the preference to 100000, but that didn't change
anything. I tried 'debug all;' and 'debug {routes};' in the kernel
protocol, but ended up only really getting anything from doing:

echo all
debug all all
kernel1: Scanning routing table
kernel1: 0.0.0.0/0: [alien] seen
kernel1: 1.0.0.0/24: seen
kernel1: 1.0.4.0/24: seen
...
Netlink: File exists
Netlink: File exists
Netlink: File exists
bird> show route 0.0.0.0/0
0.0.0.0/0 via 208.99.192.141 on eth3 [kernel1 08:44:51] * (10000)

I am adding that in my system's startup script, not via bird. Also, that
route should be filtered out, as I have the following filters:

function martians()
{
return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+,
172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+,
224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ];

function rt_import_all(int asn)
{
if martians() || local_network() then return false;
if bgp_path.first != asn then return false;
if bgp_path.len > 64 then return false;
# not sure this works with multi-hop, so disabling
# if bgp_next_hop != from then return false;
return true;
}

filter bgp_in_cogent
{
if ! rt_import_all(174) then reject;
accept;
}

filter bgp_in_swiftco
{
if ! rt_import_all(25700) then reject;
accept;
}

I tried to run bird -d to get some debugging output, but it didn't
provide me with any (i'm using debian version 1.4.4-1~bpo70+1).

Finally, is there a way to use a more useful pager with birdc? If I do
'show routes' I cannot search with the existing pager, or do other
interesting things, like I can with 'less'.

Thanks for your help!
micah
micah
2014-10-06 14:15:51 UTC
Permalink
micah <***@riseup.net> writes:

Some additional information, I do have a handful of static routes
defined:

protocol static static_bgp {
import all;
route 204.13.164.0/24 reject;
route 198.252.153.0/24 reject;
route 199.254.238.0/24 reject;
}

and these appear in bird as follows:

# birdc show route |grep '!'
204.13.164.0/24 unreachable [static_bgp 2014-10-04] ! (200)
198.252.153.0/24 unreachable [static_bgp 2014-10-04] ! (200)
199.254.238.0/24 unreachable [static_bgp 2014-10-04] ! (200)

which I understand is bird trying to add a route to the kernel, but it
is already there.
Ondrej Zajicek
2014-10-06 21:06:30 UTC
Permalink
Post by micah
Some additional information, I do have a handful of static routes
protocol static static_bgp {
import all;
route 204.13.164.0/24 reject;
route 198.252.153.0/24 reject;
route 199.254.238.0/24 reject;
}
# birdc show route |grep '!'
204.13.164.0/24 unreachable [static_bgp 2014-10-04] ! (200)
198.252.153.0/24 unreachable [static_bgp 2014-10-04] ! (200)
199.254.238.0/24 unreachable [static_bgp 2014-10-04] ! (200)
which I understand is bird trying to add a route to the kernel, but it
is already there.
Yes, that is exactly the reason for having 'Netlink: File exists' error
message.

BIRD does not rewrite routes that are already in kernel table from other
sources.

If you need them in kernel regardless of BIRD, you can as a workaround
learn these routes from kernel proto and set them higher preference
(using 'preference') than ones from static proto. That would prevent
static routes to be exported to the kernel.
--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: ***@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
Alexander Demenshin
2014-10-06 15:24:16 UTC
Permalink
Post by micah
I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn'
mode, so I set the preference to 100000, but that didn't change
anything.
Could you please post your config completely (excluding sensitive
information)?
Post by micah
Finally, is there a way to use a more useful pager with birdc?
You can pipe output of birdc: "birdc show routes|less"

Best regards,
Alexander.
micah
2014-10-06 16:23:50 UTC
Permalink
Post by Alexander Demenshin
Post by micah
I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn'
mode, so I set the preference to 100000, but that didn't change
anything.
Could you please post your config completely (excluding sensitive
information)?
Sure, see below.
Post by Alexander Demenshin
Post by micah
Finally, is there a way to use a more useful pager with birdc?
You can pipe output of birdc: "birdc show routes|less"
I figured that out yesterday, thanks though!

I've separated my bird configuration into a main config, a peers config,
and a filters config, any feedback would be very welcome. I'm also
getting these regularly, which would be nice to track down:

2014-10-06 09:20:01 <ERR> Filter <NULL> did not return accept nor reject. Make up your mind


Here is the main config:

# logging
log "/var/log/bird.log" { info, remote, warning, error, auth, fatal, bug };

# Turn on global debugging of all protocols
debug protocols all;

# router ID
router id 38.104.127.2;

# ASN
define ASN = 16652;

##########################################################################
## All filters
##########################################################################

# include the filters
include "filters.conf";

##########################################################################
## All our peers
##########################################################################

include "peers.conf";

protocol kernel {
learn; # Learn all alien routes from the kernel
preference 100000;
scan time 15; # Scan kernel routing table every 20 seconds
import all; # Default is import all
export all; # Default is export none
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
scan time 15; # Scan interfaces every 10 seconds
}

##########################################################################
## static routes
##########################################################################

protocol static static_bgp {
# prefixes that are propagated to upstream. These prefixes are represented as
# unreachable routes, which seems strange but it does not matter for BGP and has
# a secondary advantage that packets for AS-local but unreachable destinations are
# rejected and not sent to the upstream.
import all;
route 204.13.164.0/24 reject;
route 198.252.153.0/24 reject;
route 199.254.238.0/24 reject;
}

Here is the peers config:

##########################################################################
## Bgp templates
##########################################################################

template bgp PEERS {
local as ASN;
debug { states, events };
export filter bgp_out;
}

##########################################################################
## uplink peers
##########################################################################

### ASN 174 - COGENT


protocol bgp cogent from PEERS {
description "Cogent";
source address 38.104.127.2;
neighbor 38.104.127.1 as 174;
password "xxx";
import filter bgp_in_cogent;
# prefer cogent more than others, due to higher preference
preference 500;
default bgp_local_pref 500;
}

protocol bgp cogent_blackhole {
description "Cogent blackhole server";
local as ASN;
source address 199.254.238.1;
neighbor 66.28.8.1 as 174;
multihop 255;
password "xxx";
import filter bgp_in_cogent;
export filter bgp_allow_nothing_out;
}

protocol bgp swiftco from PEERS {
description "Swiftco";
source address 208.99.192.142;
neighbor 208.99.192.121 as 25700;
multihop 255;
password "xxx";
import filter bgp_in_swiftco;
default bgp_local_pref 80;
export none;
}

table t_spamd;

protocol bgp bgp_spamd {
description "http://bgp-spamd.net spam feed";
source address 38.104.127.2;
local as ASN;
neighbor 64.142.121.62 as 65066;
multihop 64;
table t_spamd;
export none; # default, so not really needed
}


Here is filters.conf:

define OURNETS = [ 198.252.153.0/24, 199.254.238.0/24, 204.13.164.0/24 ];
define PEER_ASNS = [ 174, 25700 ];

##########################################################################
## print information about the route being filtered
##########################################################################

# This function excludes weird networks

# 169.254.0.0/16+ - IANA reserved "link local" block - hosts obtain these addresses through auto-configuration
# 0.0.0.0/0 - default route
# 192.168.0.0/16+, 10.0.0.0/8+, 172.16.0.0/12+ - RFC1918
# 224.0.0.0/3+ - class D multicast
# 240.0.0.0/4+ - class E multicast

function martians()
{
return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+,
172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+,
224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ];

# this is a function, we should filter in a filter
# # Avoid RFC1918 and similar networks
# if net ~ martians then return false;
#
# return true;
}

function local_network()
{
return net ~ OURNETS;
}

function rt_import_all(int asn)
{
if martians() || local_network() then return false;
if bgp_path.first != asn then return false;
if bgp_path.len > 64 then return false;
# not sure this works with multi-hop, so disabling
# if bgp_next_hop != from then return false;
return true;
}

function rt_export()
{
if proto = "static_bgp" then return true;
if source != RTS_BGP then return false;
if martians() then return false;
if bgp_path.len > 64 then return false;
return bgp_path.first ~ PEER_ASNS;
}


function rt_export_all()
{
if proto = "static_bgp" then return true;
if source != RTS_BGP then return false;
if martians() then return false;
if bgp_path.len > 64 then return false;
return true;
}


filter bgp_in_cogent
{
if ! rt_import_all(174) then reject;
accept;
}

filter bgp_in_swiftco
{
if ! rt_import_all(25700) then reject;
accept;
}

# for outgoing BGP we do not want to announce anything but our own nets
filter bgp_out
{
if proto = "swiftco" then
{
bgp_path.prepend(ASN);
bgp_path.prepend(ASN);
bgp_path.prepend(ASN);
}
# only allow our networks that are statically configured to be announced
if ! rt_export() then
{
reject;
}
accept;
}

filter bgp_allow_nothing_out
{
reject;
}
Loading...