From moshe.ortov at gmail.com Fri Oct 6 07:51:05 2006 From: moshe.ortov at gmail.com (Moshe Ortov) Date: Fri, 6 Oct 2006 15:51:05 +0100 Subject: [Xorp-users] PIM-SM Problems Message-ID: Hi, I'm having problems with PIM-SM. A few threads in the archive show others have had difficulties too, but none of those seemed directly relevant, although it did give me a few things to try but without success. I have a network with a number of locations and I need to configure my network with PIM-SM to allow some of the advanced features of my VOIP phone system. Basically, when, for example, I want to conference a call, the VOIP system sends a PIM-SM join and each of the extensions send a join too. Thereafter the conference is done using multicast. ('Normal' calls use unicast and they're fine.) My network has 4 main locations. The 'top' router has around 14 network interfaces to a variety of network segments (i.e. local, LANs) and to the other 3 locations (a sub-office, a nearby office and a remote office). The secondary location has a link to the top router, 2 local networks, and a remote office. This means the top router, the nearby office and the remote office is in a triangular configuration to give redundant routes. Both the links to the remote office are over a tunnel (openVPN). The sub-office is connected directly to the top router and has links to a couple of branch offices. The multicast traffic should be routeable to all locations and all the local networks but, for now, I'd be happy to just get it working between the top router and the local nearby office. What I'm getting, after much configuration testing and reconfiguration, is a uni-directional communication which is basically close, but no cigar. The output from an in-progress [attempted] conference is like this : [tlr is the top-level-router; nslr is the local sub-office router] root at tlr> show pim interface Interface State Mode V PIMstate Priority DRaddr Neighbors eth0 DISABLED Sparse 2 DR 1 192.168.255.254 0 eth1 UP Sparse 2 DR 1 192.168.254.254 1 eth10 DISABLED Sparse 2 DR 1 192.168.252.129 0 eth2 UP Sparse 2 NotDR 1 192.168.252.242 1 eth3 UP Sparse 2 DR 1 172.18.63.254 0 eth4 UP Sparse 2 DR 1 172.19.255.254 0 eth5 UP Sparse 2 DR 1 172.20.255.254 0 eth6 UP Sparse 2 DR 1 172.18.31.254 0 eth7 DISABLED Sparse 2 DR 1 192.168.32.254 0 eth8 DISABLED Sparse 2 DR 1 172.21.255.254 0 eth9 DISABLED Sparse 2 DR 1 172.22.255.254 0 tun0 UP Sparse 2 DR 1 192.168.250.254 0 register_vif UP Sparse 2 DR 1 192.168.254.254 0 root at tlr> show pim mfc Group Source RP 224.0.1.2 172.20.32.1 192.168.252.242 Incoming interface : eth5 Outgoing interfaces: ............O 224.0.1.2 172.20.32.3 192.168.252.242 Incoming interface : eth5 Outgoing interfaces: ............O 239.255.255.250 172.20.32.5 192.168.252.242 Incoming interface : eth5 Outgoing interfaces: ............O root at tlr> And for NSLR : root at nslr> show pim interface Interface State Mode V PIMstate Priority DRaddr Neighbors eth0 UP Sparse 2 DR 1 172.16.31.254 0 eth2 DISABLED Sparse 2 DR 1 192.168.252.46 0 eth3 DISABLED Sparse 2 DR 1 192.168.240.254 0 eth4 UP Sparse 2 DR 1 192.168.252.242 1 eth5 UP Sparse 2 DR 1 172.16.63.254 0 tun0 UP Sparse 2 DR 1 192.168.251.254 0 register_vif UP Sparse 2 DR 1 172.16.31.254 0 root at nslr> show pim mfc Group Source RP 224.0.1.2 172.16.2.245 192.168.252.242 Incoming interface : eth0 Outgoing interfaces: ....... 224.0.1.2 172.20.32.1 192.168.252.242 Incoming interface : register_vif Outgoing interfaces: O...... 224.0.1.2 172.20.32.3 192.168.252.242 Incoming interface : register_vif Outgoing interfaces: O...... 224.0.1.59 172.16.6.1 192.168.252.242 Incoming interface : eth0 Outgoing interfaces: ....O.. 239.255.255.250 172.16.32.62 192.168.252.242 Incoming interface : eth0 Outgoing interfaces: ....O.. 239.255.255.250 172.20.32.5 192.168.252.242 Incoming interface : register_vif Outgoing interfaces: ....O.. root at nslr> This is showing an in-progress conference call which has 2 x internal users on the 172.20/16 network and 2 x external users via the 172.16/19 network ( i.e. on the voip phone server). The external users can hear all parties and can hear each other ( i.e. 2 external callers and hear and speak to each other). The internal users can hear each other but not the external parties. The multicast for the conference is 224.0.1.2 which as you will see on nslr does not have any outgoing interface marked but on tlr, this does have an external interface marked. I think this is part of the problem - it's the fix that's the real pest right now. The absence of a route out for the multicast on nslr would also explain why the internal users do not hear the external users and the external users do hear the internal ones. Have I missed something entirely ? Perhaps someone can suggest where I should look next ? (Configs not attached due to the mailing list posting size limit). Moshe -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061006/5ac5b938/attachment.html From pavlin at icir.org Fri Oct 6 11:16:41 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 06 Oct 2006 11:16:41 -0700 Subject: [Xorp-users] PIM-SM Problems In-Reply-To: Message from "Moshe Ortov" of "Fri, 06 Oct 2006 15:51:05 BST." Message-ID: <200610061816.k96IGfPa020449@possum.icir.org> > I'm having problems with PIM-SM. A few threads in the archive show others > have had difficulties too, but none of those seemed directly relevant, > although it did give me a few things to try but without success. > > I have a network with a number of locations and I need to configure my > network with PIM-SM to allow some of the advanced features of my VOIP phone > system. Basically, when, for example, I want to conference a call, the VOIP > system sends a PIM-SM join and each of the extensions send a join too. > Thereafter the conference is done using multicast. ('Normal' calls use > unicast and they're fine.) > > My network has 4 main locations. The 'top' router has around 14 network > interfaces to a variety of network segments (i.e. local, LANs) and to the > other 3 locations (a sub-office, a nearby office and a remote office). > > The secondary location has a link to the top router, 2 local networks, and a > remote office. > > This means the top router, the nearby office and the remote office is in a > triangular configuration to give redundant routes. Both the links to the > remote office are over a tunnel (openVPN). > > The sub-office is connected directly to the top router and has links to a > couple of branch offices. > > The multicast traffic should be routeable to all locations and all the local > networks but, for now, I'd be happy to just get it working between the top > router and the local nearby office. > > What I'm getting, after much configuration testing and reconfiguration, is a > uni-directional communication which is basically close, but no cigar. > > The output from an in-progress [attempted] conference is like this : > > [tlr is the top-level-router; nslr is the local sub-office router] > > root at tlr> show pim interface > Interface State Mode V PIMstate Priority DRaddr Neighbors > eth0 DISABLED Sparse 2 DR 1 192.168.255.254 0 > eth1 UP Sparse 2 DR 1 192.168.254.254 1 > eth10 DISABLED Sparse 2 DR 1 192.168.252.129 0 > eth2 UP Sparse 2 NotDR 1 192.168.252.242 1 > eth3 UP Sparse 2 DR 1 172.18.63.254 0 > eth4 UP Sparse 2 DR 1 172.19.255.254 0 > eth5 UP Sparse 2 DR 1 172.20.255.254 0 > eth6 UP Sparse 2 DR 1 172.18.31.254 0 > eth7 DISABLED Sparse 2 DR 1 192.168.32.254 0 > eth8 DISABLED Sparse 2 DR 1 172.21.255.254 0 > eth9 DISABLED Sparse 2 DR 1 172.22.255.254 0 > tun0 UP Sparse 2 DR 1 192.168.250.254 0 > register_vif UP Sparse 2 DR 1 192.168.254.254 0 > root at tlr> show pim mfc > Group Source RP > 224.0.1.2 172.20.32.1 192.168.252.242 > Incoming interface : eth5 > Outgoing interfaces: ............O > 224.0.1.2 172.20.32.3 192.168.252.242 > Incoming interface : eth5 > Outgoing interfaces: ............O > 239.255.255.250 172.20.32.5 192.168.252.242 > Incoming interface : eth5 > Outgoing interfaces: ............O > root at tlr> > > > And for NSLR : > > root at nslr> show pim interface > Interface State Mode V PIMstate Priority DRaddr Neighbors > eth0 UP Sparse 2 DR 1 172.16.31.254 0 > eth2 DISABLED Sparse 2 DR 1 192.168.252.46 0 > eth3 DISABLED Sparse 2 DR 1 192.168.240.254 0 > eth4 UP Sparse 2 DR 1 192.168.252.242 1 > eth5 UP Sparse 2 DR 1 172.16.63.254 0 > tun0 UP Sparse 2 DR 1 192.168.251.254 0 > register_vif UP Sparse 2 DR 1 172.16.31.254 0 > root at nslr> show pim mfc > Group Source RP > 224.0.1.2 172.16.2.245 192.168.252.242 > Incoming interface : eth0 > Outgoing interfaces: ....... > 224.0.1.2 172.20.32.1 192.168.252.242 > Incoming interface : register_vif > Outgoing interfaces: O...... > 224.0.1.2 172.20.32.3 192.168.252.242 > Incoming interface : register_vif > Outgoing interfaces: O...... > 224.0.1.59 172.16.6.1 192.168.252.242 > Incoming interface : eth0 > Outgoing interfaces: ....O.. > 239.255.255.250 172.16.32.62 192.168.252.242 > Incoming interface : eth0 > Outgoing interfaces: ....O.. > 239.255.255.250 172.20.32.5 192.168.252.242 > Incoming interface : register_vif > Outgoing interfaces: ....O.. > root at nslr> > > > This is showing an in-progress conference call which has 2 x internal users > on the 172.20/16 network and 2 x external users via the 172.16/19 network ( > i.e. on the voip phone server). >From the "show pim mfc" output for NSLR I see only one external user for group 224.0.1.2: 172.16.2.245. If there is another external user for that group, and if it has been idle for few minutes then its state has probably timed out. Otherwise, double-check its setup (group to join, etc). Though, this is not related to the main problem you describe below. > The external users can hear all parties and can hear each other ( i.e. 2 > external callers and hear and speak to each other). > > The internal users can hear each other but not the external parties. > > The multicast for the conference is 224.0.1.2 which as you will see on nslr > does not have any outgoing interface marked but on tlr, this does have an > external interface marked. > > I think this is part of the problem - it's the fix that's the real pest > right now. The absence of a route out for the multicast on nslr would also > explain why the internal users do not hear the external users and the > external users do hear the internal ones. Yes, the missing outgoing interface in NSRL for 224.0.1.20 is the problem. The outgoing interface should be eth4, and the entry should look like: Group Source RP 224.0.1.2 172.16.2.245 192.168.252.242 Incoming interface : eth0 Outgoing interfaces: ...O... What should have happened is that initially TLR would send PIM-SM (*,G) Join message to the RP (NSLR) for group 224.0.1.2. Hence, could you check the PIM-SM Join state in both TLR and NSLR and send us the output. The xorpsh CLI command is "show pim join". Also, could you send the output for "show pim mrib" for both routers. BTW, in your current setup NSLR is the RP for the group, which is OK for this particular test. However, TLR seems a more natural choice to be the RP when you enable PIM-SM everywhere else (the Local Office and the Remote Office). > Have I missed something entirely ? Perhaps someone can suggest where I > should look next ? > > (Configs not attached due to the mailing list posting size limit). Could you send me your configuration (TLR and NSLR only) in a private email (to double-check the source of the problem is not in the configuration itself). Regards, Pavlin From rodrigo at bolsistas.pop-rn.rnp.br Fri Oct 6 11:53:53 2006 From: rodrigo at bolsistas.pop-rn.rnp.br (rodrigo at bolsistas.pop-rn.rnp.br) Date: Fri, 6 Oct 2006 15:53:53 -0300 (BRT) Subject: [Xorp-users] Problem with RP Message-ID: <1053.200.137.0.94.1160160833.squirrel@bolsistas.pop-rn.rnp.br> Hi, I'm trying to create a multicast ambient (Xorp/PIM-SM) with 3 routers, where one is the RP. The client PCs are running SDR software to make tests of communication. When a client creates a SDR session, the RP router takes the following error: "kernel trap 12 with interrupts disabled" and then reboots the FreeBSD. What's it mean? Thanks, Rodrigo M. de M. Santiago From pavlin at icir.org Fri Oct 6 12:02:32 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 06 Oct 2006 12:02:32 -0700 Subject: [Xorp-users] Problem with RP In-Reply-To: Message from rodrigo@bolsistas.pop-rn.rnp.br of "Fri, 06 Oct 2006 15:53:53 -0300." <1053.200.137.0.94.1160160833.squirrel@bolsistas.pop-rn.rnp.br> Message-ID: <200610061902.k96J2WNp020852@possum.icir.org> > I'm trying to create a multicast ambient (Xorp/PIM-SM) with 3 routers, > where one is the RP. > The client PCs are running SDR software to make tests of communication. > When a client creates a SDR session, the RP router takes the following > error: "kernel trap 12 with interrupts disabled" and then reboots the > FreeBSD. > What's it mean? It sounds like a bug in the FreeBSD kernel. What version are you using? Also, make sure you have the following options enabled in the kernel configuration: options MROUTING # Multicast routing options PIM # PIM multicast routing Though, even if you don't have them the kernel shouldn't panic. Pavlin From ywuus at yahoo.com Fri Oct 6 17:04:33 2006 From: ywuus at yahoo.com (y wu) Date: Fri, 6 Oct 2006 17:04:33 -0700 (PDT) Subject: [Xorp-users] XORP BGP supports ECMP? Message-ID: <20061007000433.5028.qmail@web50907.mail.yahoo.com> Hi, Does XORP's BGP support multipath ECMP? I briefly looked at the code and didn't see any hint. Nor did other protocols. Regards, __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From pavlin at icir.org Fri Oct 6 17:23:32 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 06 Oct 2006 17:23:32 -0700 Subject: [Xorp-users] XORP BGP supports ECMP? In-Reply-To: Message from y wu of "Fri, 06 Oct 2006 17:04:33 PDT." <20061007000433.5028.qmail@web50907.mail.yahoo.com> Message-ID: <200610070023.k970NWBX055964@possum.icir.org> > Does XORP's BGP support multipath ECMP? > I briefly looked at the code and didn't > see any hint. Nor did other protocols. No, currently XORP doesn't support ECMP. It is on our TODO list: http://www.xorp.org/bugzilla/show_bug.cgi?id=223 Regards, Pavlin From vjardin at free.fr Sat Oct 7 01:13:29 2006 From: vjardin at free.fr (Vincent Jardin) Date: Sat, 07 Oct 2006 10:13:29 +0200 Subject: [Xorp-users] XORP BGP supports ECMP? In-Reply-To: <200610070023.k970NWBX055964@possum.icir.org> References: <200610070023.k970NWBX055964@possum.icir.org> Message-ID: <452761A9.3060207@free.fr> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But, in any cases, ECMP cannot apply to BGP due to its policy of selection process of the next hop. Only, static routes, OSPF, RIP and ISIS can support it. But, if there are any papers or recommandations that show that BGP can support ECMP as-is, I'd apprecieate to review it :) FYI, it is currently a working draft: ~ http://bgp.potaroo.net/ietf/idref/draft-bhatia-ecmp-routes-in-bgp/ but right now, no implementation supports it. Vincent Pavlin Radoslavov wrote: |>Does XORP's BGP support multipath ECMP? |>I briefly looked at the code and didn't |>see any hint. Nor did other protocols. | | | No, currently XORP doesn't support ECMP. | It is on our TODO list: | | http://www.xorp.org/bugzilla/show_bug.cgi?id=223 | | Regards, | Pavlin | | _______________________________________________ | Xorp-users mailing list | Xorp-users at xorp.org | http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFFJ2Gpj1uHAMmANdgRAsT9AJwICvWVt8/+g78Rvj4qNeplTcbepwCg934q 1masJOUheGkB7Re8EGhbjgA= =BWbt -----END PGP SIGNATURE----- From rodrigo at bolsistas.pop-rn.rnp.br Sun Oct 8 04:59:47 2006 From: rodrigo at bolsistas.pop-rn.rnp.br (rodrigo at bolsistas.pop-rn.rnp.br) Date: Sun, 8 Oct 2006 08:59:47 -0300 (BRT) Subject: [Xorp-users] Problem with RP In-Reply-To: <200610061902.k96J2WNp020852@possum.icir.org> References: Message from rodrigo@bolsistas.pop-rn.rnp.br of "Fri, 06 Oct 2006 15:53:53 -0300." <1053.200.137.0.94.1160160833.squirrel@bolsistas.pop-rn.rnp.br> <200610061902.k96J2WNp020852@possum.icir.org> Message-ID: <1219.200.157.218.40.1160308787.squirrel@bolsistas.pop-rn.rnp.br> >> I'm trying to create a multicast ambient (Xorp/PIM-SM) with 3 routers, >> where one is the RP. >> The client PCs are running SDR software to make tests of communication. >> When a client creates a SDR session, the RP router takes the following >> error: "kernel trap 12 with interrupts disabled" and then reboots the >> FreeBSD. >> What's it mean? > > It sounds like a bug in the FreeBSD kernel. What version are you > using? > > Also, make sure you have the following options enabled in the kernel > configuration: > > options MROUTING # Multicast routing > options PIM # PIM multicast routing > > Though, even if you don't have them the kernel shouldn't panic. > > Pavlin > Yes, I have those options enabled in the kernel configuration. I'm using the FreeBSD version 6. The others routers are running Xorp with the same OS. So I will reinstall it at the RP and test again. Is there a best idea? Thanks, Rodrigo From ywuus at yahoo.com Sun Oct 8 21:41:12 2006 From: ywuus at yahoo.com (y wu) Date: Sun, 8 Oct 2006 21:41:12 -0700 (PDT) Subject: [Xorp-users] XORP BGP supports ECMP? In-Reply-To: <452761A9.3060207@free.fr> Message-ID: <20061009044113.18209.qmail@web50908.mail.yahoo.com> Hi Vincent, Thanks for your reply. It seems that Cisco does support (some fashion) of ECMP in BGP, indicated by following quotes from their BGP configuration instruction manual, regarding E-BGP routes (see http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d97fc.html#wp1000898 ) and I-BGP (see http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087b00.html ); so does Juniper (see http://www.juniper.net/techpubs/software/junos/junos80/swconfig80-routing/html/bgp-config37.html for details). Regards, BGP Multipath Support When a BGP speaker learns two identical EBGP paths for a prefix from a neighboring AS, it will choose the path with the lowest route-id as the best path. This best path is installed in the IP routing table. If BGP multipath support is enabled and the EBGP paths are learned from the same neighboring AS, instead of picking one best path, multiple paths are installed in the IP routing table. During packet switching, depending on the switching mode, either per-packet or per-destination load balancing is performed among the multiple paths. A maximum of six paths is supported. The maximum-paths router configuration command controls the number of paths allowed. By default, BGP will install only one path to the IP routing table. --- Vincent Jardin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > But, in any cases, ECMP cannot apply to BGP due to > its policy of > selection process of the next hop. Only, static > routes, OSPF, RIP and > ISIS can support it. > > But, if there are any papers or recommandations that > show that BGP can > support ECMP as-is, I'd apprecieate to review it :) > FYI, it is currently a working draft: > ~ > http://bgp.potaroo.net/ietf/idref/draft-bhatia-ecmp-routes-in-bgp/ > but right now, no implementation supports it. > > Vincent > > Pavlin Radoslavov wrote: > |>Does XORP's BGP support multipath ECMP? > |>I briefly looked at the code and didn't > |>see any hint. Nor did other protocols. > | > | > | No, currently XORP doesn't support ECMP. > | It is on our TODO list: > | > | http://www.xorp.org/bugzilla/show_bug.cgi?id=223 > | > | Regards, > | Pavlin > | > | _______________________________________________ > | Xorp-users mailing list > | Xorp-users at xorp.org > | > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (MingW32) > Comment: Using GnuPG with Thunderbird - > http://enigmail.mozdev.org > > iD8DBQFFJ2Gpj1uHAMmANdgRAsT9AJwICvWVt8/+g78Rvj4qNeplTcbepwCg934q > 1masJOUheGkB7Re8EGhbjgA= > =BWbt > -----END PGP SIGNATURE----- > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From pavlin at icir.org Mon Oct 9 01:16:43 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Mon, 09 Oct 2006 01:16:43 -0700 Subject: [Xorp-users] Problem with RP In-Reply-To: Message from rodrigo@bolsistas.pop-rn.rnp.br of "Sun, 08 Oct 2006 08:59:47 -0300." <1219.200.157.218.40.1160308787.squirrel@bolsistas.pop-rn.rnp.br> Message-ID: <200610090816.k998GhZ8080357@possum.icir.org> > >> I'm trying to create a multicast ambient (Xorp/PIM-SM) with 3 routers, > >> where one is the RP. > >> The client PCs are running SDR software to make tests of communication. > >> When a client creates a SDR session, the RP router takes the following > >> error: "kernel trap 12 with interrupts disabled" and then reboots the > >> FreeBSD. > >> What's it mean? > > > > It sounds like a bug in the FreeBSD kernel. What version are you > > using? > > > > Also, make sure you have the following options enabled in the kernel > > configuration: > > > > options MROUTING # Multicast routing > > options PIM # PIM multicast routing > > > > Though, even if you don't have them the kernel shouldn't panic. > > > > Pavlin > > > > Yes, I have those options enabled in the kernel configuration. I'm using > the FreeBSD version 6. The others routers are running Xorp with the same > OS. So I will reinstall it at the RP and test again. Is there a best idea? Unless something has been corrupted in your original OS installation, I don't see how reinstalling the OS might fix the problem. Though, if you are going to reinstall anyway, make sure you will be installing the latest release (6.1). In any case, this seems like indeed a FreeBSD kernel bug so you might want to contact the FreeBSD folks about the issue. Regards, Pavlin From kristian at spritelink.se Mon Oct 9 02:57:14 2006 From: kristian at spritelink.se (Kristian Larsson) Date: Mon, 9 Oct 2006 11:57:14 +0200 Subject: [Xorp-users] XORP BGP supports ECMP? In-Reply-To: <452761A9.3060207@free.fr> References: <200610070023.k970NWBX055964@possum.icir.org> <452761A9.3060207@free.fr> Message-ID: <20061009095714.GA12103@spritelink.se> On Sat, Oct 07, 2006 at 10:13:29AM +0200, Vincent Jardin wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > But, in any cases, ECMP cannot apply to BGP due to its policy of > selection process of the next hop. Only, static routes, OSPF, RIP and > ISIS can support it. > > But, if there are any papers or recommandations that show that BGP can > support ECMP as-is, I'd apprecieate to review it :) > FYI, it is currently a working draft: > ~ http://bgp.potaroo.net/ietf/idref/draft-bhatia-ecmp-routes-in-bgp/ > but right now, no implementation supports it. I'm running a network powered mostly by Cisco 6500s and we're doing multipath For example: c6500.k.klm.se# sh ip bgp 216.221.5.0 BGP routing table entry for 216.221.5.0/24, version 6966311 Paths: (2 available, best #2, table Default-IP-Routing-Table) Multipath: eBGP iBGP Not advertised to any peer 1299 3549 13609 213.248.78.29 (metric 20) from 85.195.63.14 (85.195.63.14) Origin IGP, localpref 120, valid, internal, multipath Community: 35706:8 35706:10002 1299 3549 13609 213.248.101.53 (metric 20) from 85.195.63.4 (85.195.63.4) Origin IGP, metric 0, localpref 120, valid, internal, multipath, best Community: 35706:8 35706:10003 As you can see it has chosen a best path, which BGP always does as it is that path that it tells it peers about, but it has installed two routes in the FIB as shown by the "multipath". c6500.k.klm.se# sh ip route 216.221.5.0 Routing entry for 216.221.5.0/24 Known via "bgp 35706", distance 200, metric 0 Tag 1299, type internal Last update from 213.248.101.53 6d16h ago Routing Descriptor Blocks: * 213.248.78.29, from 85.195.63.14, 6d21h ago Route metric is 0, traffic share count is 1 AS Hops 3 Route tag 1299 213.248.101.53, from 85.195.63.4, 6d16h ago Route metric is 0, traffic share count is 1 AS Hops 3 Route tag 1299 So yes, it's possible with BGP but not with XORPs implementation (just yet, at least :). Regards, Kristian. > Vincent > > Pavlin Radoslavov wrote: > |>Does XORP's BGP support multipath ECMP? > |>I briefly looked at the code and didn't > |>see any hint. Nor did other protocols. > | > | > | No, currently XORP doesn't support ECMP. > | It is on our TODO list: > | > | http://www.xorp.org/bugzilla/show_bug.cgi?id=223 > | > | Regards, > | Pavlin > | > | _______________________________________________ > | Xorp-users mailing list > | Xorp-users at xorp.org > | http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.5 (MingW32) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > iD8DBQFFJ2Gpj1uHAMmANdgRAsT9AJwICvWVt8/+g78Rvj4qNeplTcbepwCg934q > 1masJOUheGkB7Re8EGhbjgA= > =BWbt > -----END PGP SIGNATURE----- > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users -- Kristian Larsson KLL-RIPE Network Engineer Net at Once [AS35706] +46 704 910401 kristian at spritelink.se From marcel-lists at virtua.ch Fri Oct 13 02:52:31 2006 From: marcel-lists at virtua.ch (Marcel Prisi) Date: Fri, 13 Oct 2006 11:52:31 +0200 Subject: [Xorp-users] BGP preference & as-path length Message-ID: <1160733151.5088.32.camel@LegumanDuo.aubonne.virtua.ch> Hi all, We are currently using openbgpd/openbsd as a core router for a small AS. It works well but lacks an important feature we need. We have two upstreams with different bandwidth, the one with the smallest bandwidth has better routes, so close to all traffic goes through it, which is not optimal. We already kind of solved inbound traffic using prepending & communities. We modified "local pref" for the outgoing traffic, but now all traffic goes through the other upstream, and nothing more through the smallest one, which is still not optimal. What I need is to force some kind of discrimination so that smaller AS-paths go through one, and bigger through the other, so that I have an arbitrary way to balance between the two upstreams. Something like (pseudo config) ip as-path access-list 1 permit ^[0-9]+$ (one AS) ip as-path access-list 1 permit ^[0-9]+_[0-9]+$ (two AS's) ip as-path access-list 1 permit ^[0-9]+_[0-9]+_[0-9]+$ (three AS's) ! route-map CC-IN permit 10 match as-path 1 set local pref better (101?) ! route-map CC-IN permit 20 match bogon set local pref normal (100?) ! Is there a way to do something similar using xorp ??? Thanks for helping. From elcinturapartida at yahoo.es Mon Oct 16 04:45:04 2006 From: elcinturapartida at yahoo.es (David H. Guerrero) Date: Mon, 16 Oct 2006 13:45:04 +0200 (CEST) Subject: [Xorp-users] Install without CD-R or CD-RW Message-ID: <20061016114504.51514.qmail@web26012.mail.ukl.yahoo.com> Hello, how do I install CD Live XORP 1.3 if I don't have a CD-R or CD-RW drive (or "I have no way to burn this image that I just downloaded.")? I wonder if it?s possible. Thanks in advance. David. ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m?viles desde 1 c?ntimo por minuto. http://es.voice.yahoo.com From kristian at spritelink.se Mon Oct 16 05:27:04 2006 From: kristian at spritelink.se (Kristian Larsson) Date: Mon, 16 Oct 2006 14:27:04 +0200 Subject: [Xorp-users] Install without CD-R or CD-RW In-Reply-To: <20061016114504.51514.qmail@web26012.mail.ukl.yahoo.com> References: <20061016114504.51514.qmail@web26012.mail.ukl.yahoo.com> Message-ID: <20061016122703.GK12103@spritelink.se> On Mon, Oct 16, 2006 at 01:45:04PM +0200, David H. Guerrero wrote: > Hello, how do I install CD Live XORP 1.3 if I don't have a CD-R or CD-RW drive > (or "I have no way to burn this image that I just downloaded.")? You could install FreeBSD or Linux or some other system first by PXE booting or whatever and then just download XORP and install on top of that. XORP is merely a routing application suite and can be run on top of several different operating systems. Perhaps you already have a computer installed and ready to go. Another option would be to try out Vyatta which is Linux tightly coupled with XORP and a bunch of other programs to provide more of a uniform router feeling. You can take a look at www.vyatta.com, though I don't think there is an installation option other that CD for Vyatta either. Regards, Kristian. -- Kristian Larsson KLL-RIPE Network Engineer Net at Once [AS35706] +46 704 910401 kristian at spritelink.se From pavlin at icir.org Mon Oct 16 10:21:51 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Mon, 16 Oct 2006 10:21:51 -0700 Subject: [Xorp-users] Install without CD-R or CD-RW In-Reply-To: Message from Kristian Larsson of "Mon, 16 Oct 2006 14:27:04 +0200." <20061016122703.GK12103@spritelink.se> Message-ID: <200610161721.k9GHLptX040192@possum.icir.org> [Note: CC to xorp-hackers because the original question was posted to that list as well] Kristian Larsson wrote: > On Mon, Oct 16, 2006 at 01:45:04PM +0200, David H. Guerrero wrote: > > Hello, how do I install CD Live XORP 1.3 if I don't have a CD-R or CD-RW drive > > (or "I have no way to burn this image that I just downloaded.")? > You could install FreeBSD or Linux or some other > system first by PXE booting or whatever and then > just download XORP and install on top of that. > > XORP is merely a routing application suite and can > be run on top of several different operating > systems. Perhaps you already have a computer > installed and ready to go. To clarify few points: * The XORP LiveCD doesn't have the option to install the software on the hard disk. I.e., you can use the LiveCD to try the software or just to run a XORP router on a PC that doesn't have a hard disk. In both cases you need a CD drive. * If you have a floppy on your PC you could use it to install first FreeBSD. * If you have already an OS on your hard disk, you could download the source code, compile it, and then run "gmake install" as a root. This will install the software in the "/usr/local/xorp" directory. Though, first you should check file "xorp/BUILD_NOTES" that your OS is supported. * One possible solution to try the LiveCD without a CD drive is to create a VMware instance for FreeBSD or Linux, but don't install the OS itself. Then edit that instance and point the VMware drive for that instance to the LiveCD ISO image. When you boot the VMware instance you will actually boot the LiveCD ISO image. Regards, Pavlin > Another option would be to try out Vyatta which is > Linux tightly coupled with XORP and a bunch of > other programs to provide more of a uniform router > feeling. You can take a look at www.vyatta.com, > though I don't think there is an installation > option other that CD for Vyatta either. > > Regards, > Kristian. > > -- > Kristian Larsson KLL-RIPE > Network Engineer Net at Once [AS35706] > +46 704 910401 kristian at spritelink.se > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users From elcinturapartida at yahoo.es Mon Oct 16 13:20:45 2006 From: elcinturapartida at yahoo.es (David H. Guerrero) Date: Mon, 16 Oct 2006 22:20:45 +0200 (CEST) Subject: [Xorp-users] Install without CD-R or CD-RW In-Reply-To: <200610161721.k9GHLptX040192@possum.icir.org> Message-ID: <20061016202045.43892.qmail@web26003.mail.ukl.yahoo.com> --- Pavlin Radoslavov escribi?: Kristian, Pavlin thanks you for your responses. > [Note: CC to xorp-hackers because the original question was posted > to that list as well] > > Kristian Larsson wrote: > > > On Mon, Oct 16, 2006 at 01:45:04PM +0200, David H. Guerrero wrote: > > > Hello, how do I install CD Live XORP 1.3 if I don't have a CD-R or CD-RW > drive > > > (or "I have no way to burn this image that I just downloaded.")? > > You could install FreeBSD or Linux or some other > > system first by PXE booting or whatever and then > > just download XORP and install on top of that. I didn?t know that option. I had been explore with grub and itn't possible. > > > > XORP is merely a routing application suite and can > > be run on top of several different operating > > systems. Perhaps you already have a computer > > installed and ready to go. > > To clarify few points: > > * The XORP LiveCD doesn't have the option to install the software > on the hard disk. I.e., you can use the LiveCD to try the > software or just to run a XORP router on a PC that doesn't have a > hard disk. In both cases you need a CD drive. > > * If you have a floppy on your PC you could use it to install first > FreeBSD. > > * If you have already an OS on your hard disk, you could download > the source code, compile it, and then run "gmake install" as a > root. This will install the software in the "/usr/local/xorp" > directory. > Though, first you should check file "xorp/BUILD_NOTES" that your > OS is supported. > I have an old laptop (AMD 475 Mhz, 64Mb and 4Gb) with FreeBSD. I can build from source but it would be very slow =). There isn?t binary distribution of XORP in FreeBSD. > * One possible solution to try the LiveCD without a CD drive is to > create a VMware instance for FreeBSD or Linux, but don't install > the OS itself. Then edit that instance and point the VMware > drive for that instance to the LiveCD ISO image. > When you boot the VMware instance you will actually boot the > LiveCD ISO image. I didn?t know that option. > > Regards, > Pavlin > > > > Another option would be to try out Vyatta which is > > Linux tightly coupled with XORP and a bunch of > > other programs to provide more of a uniform router > > feeling. You can take a look at www.vyatta.com, > > though I don't think there is an installation > > option other that CD for Vyatta either. > > I had installed Vyatta on the hard disk =). > > Regards, > > Kristian. > > > > -- > > Kristian Larsson KLL-RIPE > > Network Engineer Net at Once [AS35706] > > +46 704 910401 kristian at spritelink.se > > > > _______________________________________________ > > Xorp-users mailing list > > Xorp-users at xorp.org > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > Regards, David ______________________________________________ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y m?viles desde 1 c?ntimo por minuto. http://es.voice.yahoo.com From becoxta at gmail.com Mon Oct 16 14:15:00 2006 From: becoxta at gmail.com (Bruno Alexandre D. da Costa / Grad. DSC) Date: Mon, 16 Oct 2006 18:15:00 -0300 Subject: [Xorp-users] problems with openssl Message-ID: Hi all I'm trying to install XORP in a slackware but I get the follow message when run ./configure script ... checking for inttypes.h... no checking for stdint.h... no checking for unistd.h... no checking openssl/md5.h usability... no checking openssl/md5.h presence... yes configure: WARNING: openssl/md5.h: present but cannot be compiled configure: WARNING: openssl/md5.h: check for missing prerequisite headers? configure: WARNING: openssl/md5.h: proceeding with the preprocessor's result checking for openssl/md5.h... yes checking for MD5_Init in -lcrypto... no Could not find part of OpenSSL or one it's components in /usr Use --with-openssl=DIR to specify OpenSSL installation root. I guess openssl is installed because md5.h and libcrypto exists... Thanks Bruno Costa -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061016/c8f2266b/attachment.html From lorenooliveira at gmail.com Mon Oct 16 14:45:33 2006 From: lorenooliveira at gmail.com (Loreno Oliveira) Date: Mon, 16 Oct 2006 18:45:33 -0300 Subject: [Xorp-users] problems with openssl In-Reply-To: References: Message-ID: Hi there Bruno! I had this same problem attempting to install XORP on an Ubuntu box. Well, not so much to say about the cause of the problem, but I solve it by downloading and compiling an up-to-date version of OpenSSL. Say you did the same and OpenSSL was compiled into /usr/lib/OpenSSL. In this case it's enough to try ./configure again, but now with the --with-openssl parameter. The command line should be: $ ./configure --with-openssl=/usr/lib/OpenSSL Regards, Loreno On 10/16/06, Bruno Alexandre D. da Costa / Grad. DSC wrote: > > Hi all > > I'm trying to install XORP in a slackware but I get the follow message > when run ./configure script > > ... > checking for inttypes.h... no > checking for stdint.h... no > checking for unistd.h... no > checking openssl/md5.h usability... no > checking openssl/md5.h presence... yes > configure: WARNING: openssl/md5.h: present but cannot be compiled > configure: WARNING: openssl/md5.h: check for missing prerequisite headers? > > configure: WARNING: openssl/md5.h: proceeding with the preprocessor's > result > checking for openssl/md5.h... yes > checking for MD5_Init in -lcrypto... no > Could not find part of OpenSSL or one it's components in /usr > Use --with-openssl=DIR to specify OpenSSL installation root. > > I guess openssl is installed because md5.h and libcrypto exists... > > Thanks > > Bruno Costa > > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061016/48a4acf1/attachment.html From pavlin at icir.org Mon Oct 16 15:14:27 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Mon, 16 Oct 2006 15:14:27 -0700 Subject: [Xorp-users] problems with openssl In-Reply-To: Message from "Bruno Alexandre D. da Costa / Grad. DSC" of "Mon, 16 Oct 2006 18:15:00 -0300." Message-ID: <200610162214.k9GMERnw043657@possum.icir.org> > I'm trying to install XORP in a slackware but I get the follow message when > run ./configure script > > ... > checking for inttypes.h... no > checking for stdint.h... no > checking for unistd.h... no > checking openssl/md5.h usability... no > checking openssl/md5.h presence... yes > configure: WARNING: openssl/md5.h: present but cannot be compiled > configure: WARNING: openssl/md5.h: check for missing prerequisite headers? > configure: WARNING: openssl/md5.h: proceeding with the preprocessor's result > checking for openssl/md5.h... yes > checking for MD5_Init in -lcrypto... no > Could not find part of OpenSSL or one it's components in /usr > Use --with-openssl=DIR to specify OpenSSL installation root. > > I guess openssl is installed because md5.h and libcrypto exists... What is the location of md5.h and libcrypto? The configure script makes certain assumptions for the location of the md5.h header file and the libcrypto library, so those assumptions are probably wrong for your system. The advice from Loreno should help you fix the problem, but eventually we should fix the configure script to take into account the (default?) openssl installation in Slackware. Regards, Pavlin From atanu at ICSI.Berkeley.EDU Tue Oct 17 16:01:03 2006 From: atanu at ICSI.Berkeley.EDU (Atanu Ghosh) Date: Tue, 17 Oct 2006 16:01:03 -0700 Subject: [Xorp-users] XORP_SA_06:01.ospf: An LSA with invalid length will crash OSPFv2 Message-ID: <45609.1161126063@tigger.icir.org> ============================================================================= XORP_SA_06:01.ospf Security Advisory The XORP Project Topic: An LSA with invalid length will crash OSPFv2 Module: OSPF Announced: 2006-10-17 Credits: http://www.musecurity.com/ Affects: XORP 1.2 and XORP 1.3 Releases Corrected: 2006-10-16 06:50:04 UTC (Release 1.4-WIP) I. Background OSPFv2 is a link-state routing protocol defined in RFC 2328, implemented by the XORP project. II. Problem Description The OSPF protocol carries link state information in Link State Advertisements (LSAs). One or more LSAs can be carried in a Link State Update Packet. Each LSA has its own length field and checksum amongst other fields. One of the first checks made when processing an LSA is to verify the checksum. The checksum verification routine takes into account the LSA length field. If the length field has certain invalid values, then OSPF might crash. III. Impact An attacker sending specially crafted packets with certain invalid LSA length value will be able to terminate the XORP OSPF process. It should be noted that the attacker does not need to be on the same network segment as the XORP router. IV. Workaround One possible workaround is to filter all external IP packets with protocol number 89 (OSPF) at the border router. V. Solution Apply the relevant patch to your XORP system and restart OSPF. 1) To patch your present system: [XORP 1.2] # wget http://www.xorp.org/patches/SA-06:01/xorp_sa_06:01.ospf_1.2.patch [XORP 1.3] # wget http://www.xorp.org/patches/SA-06:01/xorp_sa_06:01.ospf_1.3.patch 2) Execute the following commands (only the last one has to be as root): # cd xorp # patch -p0 < /path/to/patch # gmake # cd ospf # gmake install 3) Restart OSPFv2 a) Save the current configuration to a file. # xorpsh Xorp> configure XORP# save /tmp/xorp.boot b) Delete ospf4 from the configuration and commit. OSPFv2 should no longer be running. XORP# delete protocols ospf4 XORP# commit c) Reload the saved configuration, which will restart OSPFv2 XORP# load /tmp/xorp.boot VI. Correction details The following list contains the revision numbers of each file that was corrected in XORP. Branch Revision Path ------------------------------------------------------------------------- HEAD xorp/ospf/lsa.cc 1.72 ------------------------------------------------------------------------- VII. References The latest revision of this advisory is available at: http://www.xorp.org/advisories/XORP_SA_06:01.ospf.txt ============================================================================= From hilalchouman at gmail.com Wed Oct 18 08:11:10 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Wed, 18 Oct 2006 17:11:10 +0200 Subject: [Xorp-users] underlying vif is not UP Message-ID: <9579816a0610180811r21c13dbdn597ae0991c6ff7b6@mail.gmail.com> Hi! I am a new xorp user. I am trying to enable multicast routing (PIM_SM) and Whenever I reach the mfea4 configuration and try to commit the changes I already did, I receive this message: *102 Command failed Cannot start vif fxp0. underlying vif is not UP.* I am stuck at this point and can't commit the changes and thus I am obliged to discard them If I wanna go out of the configuration mode to the operational mode. If anyone can help with to fix this error, I would be grateful. -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061018/fbd2babc/attachment.html From pavlin at icir.org Wed Oct 18 09:37:07 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Wed, 18 Oct 2006 09:37:07 -0700 Subject: [Xorp-users] underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Wed, 18 Oct 2006 17:11:10 +0200." <9579816a0610180811r21c13dbdn597ae0991c6ff7b6@mail.gmail.com> Message-ID: <200610181637.k9IGb7Z5038310@possum.icir.org> > I am a new xorp user. I am trying to enable multicast routing (PIM_SM) and > Whenever I reach the mfea4 configuration and try to commit the changes I > already did, I receive this message: > > *102 Command failed Cannot start vif fxp0. underlying vif is not UP.* > > I am stuck at this point and can't commit the changes and thus I am obliged > to discard them If I wanna go out of the configuration mode to the > operational mode. > If anyone can help with to fix this error, I would be grateful. Can you double-check that you have "interfaces" configuration section and that it contains an entry for fxp0. E.g., if fxp0 already has an IP address before starting XORP, then you could use the simpler configuration: interfaces { interface fxp0 { default-system-config } } Otherwise, you need to explicitly configure its IP address, etc: interfaces { interface fxp0 { vif fxp0 { address 10.0.0.1 { prefix-length: 24 } } } } After that double-check that the underlying interface is really UP by using the following xorpsh command: show interfaces Regards, Pavlin From hilalchouman at gmail.com Wed Oct 18 09:57:43 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Wed, 18 Oct 2006 18:57:43 +0200 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: <9579816a0610180956q6faaed99je326cb7ab24e578d@mail.gmail.com> References: <9579816a0610180811r21c13dbdn597ae0991c6ff7b6@mail.gmail.com> <200610181637.k9IGb7Z5038310@possum.icir.org> <9579816a0610180956q6faaed99je326cb7ab24e578d@mail.gmail.com> Message-ID: <9579816a0610180957l15503470ja1f9f2401efb1f4c@mail.gmail.com> ---------- Forwarded message ---------- From: hilal chouman Date: Oct 18, 2006 6:56 PM Subject: Re: [Xorp-users] underlying vif is not UP To: Pavlin Radoslavov I'll check that Pavlin and tell you the feed back I have a question about what you mentioned about "underlying interface is really UP". Do you mean being ENABLED? If so, It is enabled. But I can't find the UP remark anywhere?? I'll check if the interface has a previous configured IP and tell you back. Regards, Hilal On 10/18/06, Pavlin Radoslavov wrote: > > > I am a new xorp user. I am trying to enable multicast routing (PIM_SM) > and > > Whenever I reach the mfea4 configuration and try to commit the changes I > > > already did, I receive this message: > > > > *102 Command failed Cannot start vif fxp0. underlying vif is not UP.* > > > > I am stuck at this point and can't commit the changes and thus I am > obliged > > to discard them If I wanna go out of the configuration mode to the > > operational mode. > > If anyone can help with to fix this error, I would be grateful. > > Can you double-check that you have "interfaces" configuration > section and that it contains an entry for fxp0. E.g., if fxp0 > already has an IP address before starting XORP, then you could use > the simpler configuration: > > interfaces { > interface fxp0 { > default-system-config > } > } > > Otherwise, you need to explicitly configure its IP address, etc: > > interfaces { > interface fxp0 { > vif fxp0 { > address 10.0.0.1 { > prefix-length: 24 > } > } > } > } > > After that double-check that the underlying interface is really UP > by using the following xorpsh command: > > show interfaces > > Regards, > Pavlin > -- Hilal Chouman ???? ????? -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061018/01594a56/attachment.html From pavlin at icir.org Wed Oct 18 10:06:15 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Wed, 18 Oct 2006 10:06:15 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Wed, 18 Oct 2006 18:57:43 +0200." <9579816a0610180957l15503470ja1f9f2401efb1f4c@mail.gmail.com> Message-ID: <200610181706.k9IH6FMO038850@possum.icir.org> > I'll check that Pavlin and tell you the feed back > I have a question about what you mentioned about "underlying interface is > really UP". Do you mean being ENABLED? If so, It is enabled. But I can't > find the UP remark anywhere?? > I'll check if the interface has a previous configured IP and tell you back. Yes, I meant "ENABLED" within the "show interface" output. You should see something like: user at hostname> show interfaces rl0/rl0: Flags: mtu 1500 inet6 xxxx::xxxx:xxxx:xxxx:xxxx prefixlen 64 inet xxx.xxx.xxx.xxx subnet xxx.xxx.xxx.0/xx broadcast xxx.xxx.xxx.xxx physical index 1 ether xx:xx:xx:xx:xx:xx Regards, Pavlin From venkthi1 at iit.edu Wed Oct 18 11:34:09 2006 From: venkthi1 at iit.edu (Venketesan) Date: Wed, 18 Oct 2006 11:34:09 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP Message-ID: I had the problem (in 1.2), basically the NIC needs to be connected to a switch i.e. it shud have some connection. Thanks, Venkat -------------- next part -------------- ---------- Forwarded message ---------- From: hilal chouman Date: Oct 18, 2006 6:56 PM Subject: Re: [Xorp-users] underlying vif is not UP To: Pavlin Radoslavov I'll check that Pavlin and tell you the feed back I have a question about what you mentioned about "underlying interface is really UP". Do you mean being ENABLED? If so, It is enabled. But I can't find the UP remark anywhere?? I'll check if the interface has a previous configured IP and tell you back. Regards, Hilal On 10/18/06, Pavlin Radoslavov wrote: > > > I am a new xorp user. I am trying to enable multicast routing (PIM_SM) > and > > Whenever I reach the mfea4 configuration and try to commit the changes I > > > already did, I receive this message: > > > > *102 Command failed Cannot start vif fxp0. underlying vif is not UP.* > > > > I am stuck at this point and can't commit the changes and thus I am > obliged > > to discard them If I wanna go out of the configuration mode to the > > operational mode. > > If anyone can help with to fix this error, I would be grateful. > > Can you double-check that you have "interfaces" configuration > section and that it contains an entry for fxp0. E.g., if fxp0 > already has an IP address before starting XORP, then you could use > the simpler configuration: > > interfaces { > interface fxp0 { > default-system-config > } > } > > Otherwise, you need to explicitly configure its IP address, etc: > > interfaces { > interface fxp0 { > vif fxp0 { > address 10.0.0.1 { > prefix-length: 24 > } > } > } > } > > After that double-check that the underlying interface is really UP > by using the following xorpsh command: > > show interfaces > > Regards, > Pavlin > -- Hilal Chouman ???? ????? -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061018/fa437c2c/attachment-0001.html -------------- next part -------------- _______________________________________________ Xorp-users mailing list Xorp-users at xorp.org http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users From hilalchouman at gmail.com Thu Oct 19 17:53:59 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Fri, 20 Oct 2006 02:53:59 +0200 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: References: Message-ID: <9579816a0610191753v1c7d18jb9f3ea57cc17f712@mail.gmail.com> hi guys! Thanks for help. Everything went allright and I am now able to commit the cahnges without errors and save them and go out to the operational mode without loosing my configuration. The problem was based on 2 things: 1- the conflict between the preconfigured IPs on the linux system and that of the free BSD. 2- one of the interfaces was inactive in the linux operating system 3- the interfaces must be connected to a switch as (Venketesan said previously). Now, I am able to have unicast forwarding correctly. For the multicast forwarding, I still have a slight problem, my network looks like this: Content server <-------->multicast enabled router (xorp) <--------> destination I have network analyzers on both the server and the destination, I was able to see PIM-SM hello messages on the destination machine but there is no reply. Basically I was configuring the rp statically, but ten changed it to candidate BSR/candidate RP option, nothing changed. I thought that it is because I ahve one router only, the routing is not successful, I am trying to configure another router and add it between the content server and the destination so that I have 2 enabled routers in between. Now, honestly the idea of the candidate BSR/candidate RP is not obvious for me. Any body has informaton on that? and where might be the problem?? Regards. On 10/18/06, Venketesan wrote: > > I had the problem (in 1.2), basically the NIC needs to be connected to > a switch i.e. it shud have some connection. > Thanks, > Venkat > > > > > > ---------- Forwarded message ---------- > From: hilal chouman > Date: Oct 18, 2006 6:56 PM > Subject: Re: [Xorp-users] underlying vif is not UP > To: Pavlin Radoslavov > > I'll check that Pavlin and tell you the feed back > I have a question about what you mentioned about "underlying interface is > really UP". Do you mean being ENABLED? If so, It is enabled. But I can't > find the UP remark anywhere?? > I'll check if the interface has a previous configured IP and tell you > back. > > Regards, > Hilal > > > > On 10/18/06, Pavlin Radoslavov wrote: > > > > > I am a new xorp user. I am trying to enable multicast routing > > (PIM_SM) and > > > Whenever I reach the mfea4 configuration and try to commit the changes > > I > > > already did, I receive this message: > > > > > > *102 Command failed Cannot start vif fxp0. underlying vif is not UP.* > > > > > > I am stuck at this point and can't commit the changes and thus I am > > obliged > > > to discard them If I wanna go out of the configuration mode to the > > > operational mode. > > > If anyone can help with to fix this error, I would be grateful. > > > > Can you double-check that you have "interfaces" configuration > > section and that it contains an entry for fxp0. E.g., if fxp0 > > already has an IP address before starting XORP, then you could use > > the simpler configuration: > > > > interfaces { > > interface fxp0 { > > default-system-config > > } > > } > > > > Otherwise, you need to explicitly configure its IP address, etc: > > > > interfaces { > > interface fxp0 { > > vif fxp0 { > > address 10.0.0.1 { > > prefix-length: 24 > > } > > } > > } > > } > > > > After that double-check that the underlying interface is really UP > > by using the following xorpsh command: > > > > show interfaces > > > > Regards, > > Pavlin > > > > > > -- > Hilal Chouman > ???? ????? > > -- > Hilal Chouman > ???? ????? > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > > > -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061020/2b297ed5/attachment.html From pavlin at icir.org Fri Oct 20 13:13:02 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 20 Oct 2006 13:13:02 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Fri, 20 Oct 2006 02:53:59 +0200." <9579816a0610191753v1c7d18jb9f3ea57cc17f712@mail.gmail.com> Message-ID: <200610202013.k9KKD2M2019782@possum.icir.org> > For the multicast forwarding, I still have a slight problem, my network > looks like this: > > Content server <-------->multicast enabled router (xorp) <--------> > destination > > I have network analyzers on both the server and the destination, I was able > to see PIM-SM hello messages on the destination machine but there is no > reply. What do you mean by "there is no reply". The PIM Hello messages are just send periodically on each interface, and in PIM-SM there are no reply messages or anything like this. > Basically I was configuring the rp statically, but ten changed it to > candidate BSR/candidate RP option, nothing changed. > I thought that it is because I ahve one router only, the routing is not > successful, I am trying to configure another router and add it between the > content server and the destination so that I have 2 enabled routers in > between. If you have a single PIM-SM router, then the simplest setup is to configure it as a static RP (as you probably have tried already). In addition to PIM-SM you need to have mfea, igmp, and fib2mrib configured as well. Also, make sure that your kernel has multicast forwarding enabled. The XORP User Manual has information about this for eash supported OS (Section 13.3.1). If everything is configed correctly, you should see the static RP by using the "show pim rps" xorpsh command. The "show igmp group" command should show the multicast group membership on each interface. The "show pim join" command should show you the PIM-SM multicast routing entries. The "show pim mfc" command should show the multicast forwarding entries. If the IGMP and PIM-SM state is correct, but you still don't see multicast traffic being forwarded, make sure that the sender's TTL of the multicast packets is > 1. > Now, honestly the idea of the candidate BSR/candidate RP is not obvious for > me. Any body has informaton on that? and where might be the problem?? The CandBSR/CandRP mechanism is used for dynamically distributing the RP Set information across a PIM-SM domain. In your setup it will be simpler to use a static RP. Regards, Pavlin From hilalchouman at gmail.com Fri Oct 20 16:59:17 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Sat, 21 Oct 2006 01:59:17 +0200 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: <200610202013.k9KKD2M2019782@possum.icir.org> References: <9579816a0610191753v1c7d18jb9f3ea57cc17f712@mail.gmail.com> <200610202013.k9KKD2M2019782@possum.icir.org> Message-ID: <9579816a0610201659y135d000geb0e8272b71ffdef@mail.gmail.com> I was not aware of the "fib2mrib". I'll enable it and see what happens. Now i am doing the same configuration steps for a second router R2 (so that I can include 2 routes instead of 1 in between the source and the destination node.) *CS--R1--R2--Destination* but I got another error related to vif which is th following: *10 command failed cannot enable vif rl0 no such vif* I checked that the interfaces are enabled, everything is ok, and the ip addresses are configured correctly with no conflict with the pre-configured ips on windows. Moreover there is connection . I can ping (using a network analyzer in the destination node) from the destination to both interfaces of R2. Note that rl0 is the interface of R2 to the left, that is the interface of R2 that connects to R1. A last note, this error occurs when I try to commit the changes only after the configuration of mfea4. Any ideas what might be the reason for that? Now when I go to such setup (2 routers in between), is itbetter to use the CandBSR/CandRP mechanismor the static RP is ok? As for your other remarks, I'll check them and tell you back what happened. Thanks again Pavlin!! regards, Hilal On 10/20/06, Pavlin Radoslavov wrote: > > > For the multicast forwarding, I still have a slight problem, my network > > looks like this: > > > > Content server <-------->multicast enabled router (xorp) <--------> > > destination > > > > I have network analyzers on both the server and the destination, I was > able > > to see PIM-SM hello messages on the destination machine but there is no > > reply. > > What do you mean by "there is no reply". The PIM Hello messages are > just send periodically on each interface, and in PIM-SM there are no > reply messages or anything like this. > > > Basically I was configuring the rp statically, but ten changed it to > > candidate BSR/candidate RP option, nothing changed. > > I thought that it is because I ahve one router only, the routing is not > > successful, I am trying to configure another router and add it between > the > > content server and the destination so that I have 2 enabled routers in > > between. > > If you have a single PIM-SM router, then the simplest setup is to > configure it as a static RP (as you probably have tried already). > In addition to PIM-SM you need to have mfea, igmp, and fib2mrib > configured as well. Also, make sure that your kernel has multicast > forwarding enabled. The XORP User Manual has information about this > for eash supported OS (Section 13.3.1). > > If everything is configed correctly, you should see the static RP by > using the "show pim rps" xorpsh command. > The "show igmp group" command should show the multicast group > membership on each interface. > The "show pim join" command should show you the PIM-SM multicast > routing entries. > The "show pim mfc" command should show the multicast forwarding > entries. > > If the IGMP and PIM-SM state is correct, but you still don't see > multicast traffic being forwarded, make sure that the sender's TTL > of the multicast packets is > 1. > > > Now, honestly the idea of the candidate BSR/candidate RP is not obvious > for > > me. Any body has informaton on that? and where might be the problem?? > > The CandBSR/CandRP mechanism is used for dynamically distributing > the RP Set information across a PIM-SM domain. In your setup it will > be simpler to use a static RP. > > Regards, > Pavlin > -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061021/3ec77593/attachment.html From pavlin at icir.org Fri Oct 20 17:08:44 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 20 Oct 2006 17:08:44 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Sat, 21 Oct 2006 01:59:17 +0200." <9579816a0610201659y135d000geb0e8272b71ffdef@mail.gmail.com> Message-ID: <200610210008.k9L08iXR022233@possum.icir.org> > *CS--R1--R2--Destination* > > but I got another error related to vif which is th following: > *10 command failed cannot enable vif rl0 no such vif* What is the exact error message as printed by XORP? The missing information I am looking for is which particular module prints this message. One thing to double-check is whether rl0 is indeed configured inside the following sections: interfaces, mfea, igmp, pimsm4. In addition, check the interface status with the following xorpsh commands: show interfaces show mfea interface show igmp interface show pim interface > I checked that the interfaces are enabled, everything is ok, and the ip > addresses are configured correctly with no conflict with the pre-configured > ips on windows. Moreover there is connection . I can ping (using a network > analyzer in the destination node) from the destination to both interfaces of > R2. Note that rl0 is the interface of R2 to the left, that is the interface > of R2 that connects to R1. > A last note, this error occurs when I try to commit the changes only after > the configuration of mfea4. > Any ideas what might be the reason for that? > > Now when I go to such setup (2 routers in between), is itbetter to use the > CandBSR/CandRP mechanismor the static RP is ok? I'd say stick with static RP, because it is easier to debug. Once you get things working, you can switch to the dynamic Bootstrap mechanism. Regards, Pavlin From hilalchouman at gmail.com Fri Oct 20 17:32:11 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Sat, 21 Oct 2006 02:32:11 +0200 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: <200610210008.k9L08iXR022233@possum.icir.org> References: <9579816a0610201659y135d000geb0e8272b71ffdef@mail.gmail.com> <200610210008.k9L08iXR022233@possum.icir.org> Message-ID: <9579816a0610201732w3f088b27m7791e4214bba9816@mail.gmail.com> Thanks Pavlin for fast reply ! The exact error message is as I stated: "101 command failed Cannot enable vif rl0 no such vif" I configured the interfaces and the fea (for unicasting), and I was able to commit the changes without errors, When I reached the mfea4 and I configured it and tried to commit the changes, the previously stated error occured. I didn't proceed to configure the igmp or the pim-sm or fib2mrib since I got this error. Note here that both interfaces are enabled in mfea4 in addition to traceoptions and vif register_vif. I read that vif register_vif must be enabled in case PIM-SM is used, so since I did not configure PIM-SM yet, does that lead to such an erro when I enable it?? Here is the plumbing configuration: plumbing { mfea4 { disable: false interface rl0 { vif rl0 { disable: false } } interface rl1 { vif rl1 { disable: false } } interface register_vif { vif register_vif { disable: false } } traceoptions { flag all { disable: false } } } } ------- Regards, Hilal On 10/21/06, Pavlin Radoslavov wrote: > > > *CS--R1--R2--Destination* > > > > but I got another error related to vif which is th following: > > *10 command failed cannot enable vif rl0 no such vif* > > What is the exact error message as printed by XORP? > The missing information I am looking for is which particular module > prints this message. > > One thing to double-check is whether rl0 is indeed configured inside > the following sections: interfaces, mfea, igmp, pimsm4. > In addition, check the interface status with the following xorpsh > commands: > > show interfaces > show mfea interface > show igmp interface > show pim interface > > > I checked that the interfaces are enabled, everything is ok, and the ip > > addresses are configured correctly with no conflict with the > pre-configured > > ips on windows. Moreover there is connection . I can ping (using a > network > > analyzer in the destination node) from the destination to both > interfaces of > > R2. Note that rl0 is the interface of R2 to the left, that is the > interface > > of R2 that connects to R1. > > A last note, this error occurs when I try to commit the changes only > after > > the configuration of mfea4. > > Any ideas what might be the reason for that? > > > > Now when I go to such setup (2 routers in between), is itbetter to use > the > > CandBSR/CandRP mechanismor the static RP is ok? > > I'd say stick with static RP, because it is easier to debug. > Once you get things working, you can switch to the dynamic Bootstrap > mechanism. > > Regards, > Pavlin > -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061021/3326ccfc/attachment-0001.html From pavlin at icir.org Fri Oct 20 17:45:14 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 20 Oct 2006 17:45:14 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Sat, 21 Oct 2006 02:32:11 +0200." <9579816a0610201732w3f088b27m7791e4214bba9816@mail.gmail.com> Message-ID: <200610210045.k9L0jEXq022622@possum.icir.org> > The exact error message is as I stated: > "101 command failed Cannot enable vif rl0 no such vif" > I configured the interfaces and the fea (for unicasting), and I was able to > commit the changes without errors, When I reached the mfea4 and I configured > it and tried to commit the changes, the previously stated error occured. > I didn't proceed to configure the igmp or the pim-sm or fib2mrib since I got > this error. > Note here that both interfaces are enabled in mfea4 in addition to > traceoptions and vif register_vif. > I read that vif register_vif must be enabled in case PIM-SM is used, so > since I did not configure PIM-SM yet, does that lead to such an erro when I > enable it?? > > Here is the plumbing configuration: Your MFEA configuration looks fine. What your "interfaces" section looks like. Regards, Pavlin > plumbing { > > mfea4 { > > disable: false > > interface rl0 { > > vif rl0 { > > disable: false > > } > > } > > interface rl1 { > > vif rl1 { > > disable: false > > } > > } > > interface register_vif { > > vif register_vif { > > disable: false > > } > > } > > traceoptions { > > flag all { > > disable: false > > } > > } > > } > > } From hilalchouman at gmail.com Fri Oct 20 18:00:42 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Sat, 21 Oct 2006 03:00:42 +0200 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: <200610210045.k9L0jEXq022622@possum.icir.org> References: <9579816a0610201732w3f088b27m7791e4214bba9816@mail.gmail.com> <200610210045.k9L0jEXq022622@possum.icir.org> Message-ID: <9579816a0610201800v309ceffdr4025b13ea2b2bd7f@mail.gmail.com> Almost like this: vif rl0 { address 10.0.82.1 { prefix-length 25 multicast-capable true } } vif rl1 { address 10.0.83.10 { prefix-length 25 multicast-capable true } } Note here that both interfaces are enabled and multicast capable, and when I show the interfaces in the operational mode, the broadcast addresses are detected and shown as well. Regards, On 10/21/06, Pavlin Radoslavov wrote: > > > The exact error message is as I stated: > > "101 command failed Cannot enable vif rl0 no such vif" > > I configured the interfaces and the fea (for unicasting), and I was able > to > > commit the changes without errors, When I reached the mfea4 and I > configured > > it and tried to commit the changes, the previously stated error occured. > > I didn't proceed to configure the igmp or the pim-sm or fib2mrib since I > got > > this error. > > Note here that both interfaces are enabled in mfea4 in addition to > > traceoptions and vif register_vif. > > I read that vif register_vif must be enabled in case PIM-SM is used, so > > since I did not configure PIM-SM yet, does that lead to such an erro > when I > > enable it?? > > > > Here is the plumbing configuration: > > > Your MFEA configuration looks fine. What your "interfaces" section > looks like. > > Regards, > Pavlin > > > plumbing { > > > > mfea4 { > > > > disable: false > > > > interface rl0 { > > > > vif rl0 { > > > > disable: false > > > > } > > > > } > > > > interface rl1 { > > > > vif rl1 { > > > > disable: false > > > > } > > > > } > > > > interface register_vif { > > > > vif register_vif { > > > > disable: false > > > > } > > > > } > > > > traceoptions { > > > > flag all { > > > > disable: false > > > > } > > > > } > > > > } > > > > } > -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061021/6b76844c/attachment.html From pavlin at icir.org Fri Oct 20 18:20:32 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 20 Oct 2006 18:20:32 -0700 Subject: [Xorp-users] Fwd: underlying vif is not UP In-Reply-To: Message from "hilal chouman" of "Sat, 21 Oct 2006 03:00:42 +0200." <9579816a0610201800v309ceffdr4025b13ea2b2bd7f@mail.gmail.com> Message-ID: <200610210120.k9L1KWKW025697@possum.icir.org> > Almost like this: OK, nothing unusual in your configuration. I just tried similar to what you did, but I couldn't reproduce the problem, so we need to go back and look at this from the beginning. 1. Send me information about the XORP version and OS you are using 2. Send me your "ifconfig -a" output before starting XORP. 3. Start XORP with an empty configuration file: ./xorp_rtrmgr -b empty.boot 4. In a separate window start a xorpsh session but save all terminal output to a file by using script(1): script ./xorpsh 5. Type/commit all commands which are triggering the error. 6. After you trigger the error exit xorpsh and the "script" shell. The terminal output and everything you typed should be in the "typescript" file in the local directory. Please send me that file as well. Thanks, Pavlin From hilalchouman at gmail.com Wed Oct 25 17:18:39 2006 From: hilalchouman at gmail.com (hilal chouman) Date: Thu, 26 Oct 2006 02:18:39 +0200 Subject: [Xorp-users] RP selection and multicast data flow Message-ID: <9579816a0610251718i60e570c7o80bac8f74d61d2eb@mail.gmail.com> Hi Pavlin again.. I managed to configure the router that was causing problems. Now both of the two routers are configured: *source----(R1)----(R2)------destination* but the multicast traffic is *not *sent yet from the source to the destination (multicast is enabled in the kernel) I have used vlc on both source (to send a video by multicast) and destination (to receive the multicasted video stream) . - "show pim rps" shows that the static rps are configured. - "show igmp group" shows information about IGMP group membership. - "show mfea dataflow" *does not* show any ebtries in the sources/groups tables. - On the network analyzers on the sender and on the destination, there exist IGMP reportson in a noticabla ammount and there appear pim-sm hello messages from time to time, but nothing is received on the destination.. *Something is wrong somewhere or something is not done yet. I made sure of the configuraion and everything is ok.* Now, 1- Is there any other things to configure else than interfaces, mfea4, fea, protocols (pimsm4 (rp is configured statically), igmp) and fib2mrib in order to succedd in receiving multicast? 2- What If I have a sender that sends to two different receivers in different groups, that is I am dealing with 2 different channels (S1,G1) nad (S1, G2). The RP must be aware in a away about the address of the group, right??. Correct for me plz if I am wrong: How come that the RP in the xorp configuration is not linked to the group addresses? and what is the group-prefix in the pimsm4 for? 3- I have noticed that when xorp is running on both router R1 and R2 and I try to modify the rp on one of them and when trying to commit the changes, everything freezes and I can't know if the commit failed or succeeded and I am obliged to stop the command (ctrl+c). In that case what I do is that: I exit from xorp from one router to the underlying operating system and let xorp only running on 1 router, and then modify the rp. The same procedure is done on the other router before both routers are connected to each others in xorp.. Is there a specific reason for that? Do you have any further suggestions why the pim is not succeeding in building the tree and thus multicast is not working? (TTL on source is for sure bigger than 1, I checked that) Sorry for this long email.. Regards.. Hilal -- Hilal Chouman ???? ????? -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.ICSI.Berkeley.EDU/pipermail/xorp-users/attachments/20061026/47bb4ab9/attachment.html From santhosh at ku.edu Thu Oct 26 00:29:04 2006 From: santhosh at ku.edu (Santhosh Sundararaman) Date: Thu, 26 Oct 2006 02:29:04 -0500 Subject: [Xorp-users] Route Redistribution issue in BGP - Kindly help asap. Message-ID: <454063C0.8030003@ku.edu> Hi, I have a BGP router that is peered to one E-BGP peer and one I-BGP peer. There are several routers in the local AS and OSPF is the IGP. I am trying to redistribute the OSPF routes into BGP such that the OSPF routes are advertised to the EBGP peer but not the IBGP peer. The following is the configuration I am using. protocols { bgp { bgp-id: 172.16.10.3 local-as: 65001 export: "routes_as1_to_as2" peer 172.16.10.1 { /* EBGP Peer*/ local-ip: 172.16.10.3 as: 65002 next-hop: 172.16.10.3 holdtime: 120 ipv4-unicast: true } peer 10.5.11.1 { /*IBGP Peer*/ local-ip: 10.10.11.2 as: 65001 next-hop: 10.10.11.2 holdtime: 120 ipv4-unicast: true } } } policy { policy-statement "routes_as1_to_as2" { term "ospf_routes" { from { protocol: "ospf4" } to { neighbor: 172.16.10.1 } then { accept /*adv ospf routes to EBGP Peer*/ } } term "reject_ospf4_to_ibgp_peer" { from { protocol: "ospf4" } to { neighbor: 10.5.11.1 } then { reject /*Rej ospf routes to IBGP Peer*/ } } } } On using this policy the routes get advertised to both EBGP and IBGP peers and "reject_ospf_to_ibgp_peer" term appears to be ignored. I have tried specifying "reject_ospf_to_ibgp_peer" without any to{neighbor:10.5.11.1} rule, in which case the routes were not advertised to any of the peers. Am I missing something?? The address matched against the neighbor variable in the to {} rules, is the address of the interface of the peer to which peering is establish and not the bgp-id of the peer, is that correct or should it have been the peers bgp-id instead. Also inside the bgp protocol construct when specifying the peers, should the peer address be the bgp-id of the peer, or can it be any one of the several interface addresses of the peer which may not be the bgp-id. Any help would be greatly appreciated. Thanks Santhosh From pavlin at icir.org Thu Oct 26 12:21:17 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Thu, 26 Oct 2006 12:21:17 -0700 Subject: [Xorp-users] RP selection and multicast data flow In-Reply-To: Message from "hilal chouman" of "Thu, 26 Oct 2006 02:18:39 +0200." <9579816a0610251718i60e570c7o80bac8f74d61d2eb@mail.gmail.com> Message-ID: <200610261921.k9QJLHRK092976@possum.icir.org> > I managed to configure the router that was causing problems. Now both of the > two routers are configured: > > *source----(R1)----(R2)------destination* > > but the multicast traffic is *not *sent yet from the source to the > destination (multicast is enabled in the kernel) > I have used vlc on both source (to send a video by multicast) and > destination (to receive the multicasted video stream) > . > - "show pim rps" shows that the static rps are configured. > > - "show igmp group" shows information about IGMP group membership. > - "show mfea dataflow" *does not* show any ebtries in the sources/groups > tables. What about "show pim mfc" xorpsh command and the UNIX "cat /proc/net/ip_mr_cache" command? Those will give you information about any installed multicast forwarding entries (as seen by XORP and UNIX respectively). Also, the "show pim join" command will show you the multicast routing state as seen by PIM-SM. The "show pim join" command should capture all of the state related to multicast routing: RP address for an entry, incoming interface, outgoing interface set, etc. If you have difficulities decoding the information and verifying it is correct, then please send it to me. > - On the network analyzers on the sender and on the destination, there exist > IGMP reportson in a noticabla ammount and there appear pim-sm hello messages > from time to time, but nothing is received on the destination.. *Something > is wrong somewhere or something is not done yet. I made sure of the > configuraion and everything is ok.* While running the sender and the receiver, try running tcpdump on each link. This will help you find how far the sender's traffic is forwarded. > Now, > > 1- Is there any other things to configure else than interfaces, mfea4, fea, > protocols (pimsm4 (rp is configured statically), igmp) and fib2mrib in order > to succedd in receiving multicast? No. > 2- What If I have a sender that sends to two different receivers in > different groups, that is I am dealing with 2 different channels (S1,G1) nad > (S1, G2). The RP must be aware in a away about the address of the group, > right??. Correct for me plz if I am wrong: How come that the RP in the xorp > configuration is not linked to the group addresses? and what is the > group-prefix in the pimsm4 for? All multicast routing state is kept per group, i.e., (*,G) or per source and group, i.e. (S,G). Each group address matches to the address of a single RP that is responsible for that group. Hence it is important that all PIM-SM routers have exactly same set of Cand-RPs. Thus, whenever a PIM-SM router receives a Join message for a particular group, it automatically knows the address of the RP for that group so it can send the Join message toward that RP. The group-prefix in the pimsm4 configuration is used to configure a range of multicast addresses that match to a specific RP. If 2+ RPs are configured with the same (or overlapping) group prefixes, then each PIM-SM router uses exactly same hashing mechanism to choose exactly same RP for a given group. > 3- I have noticed that when xorp is running on both router R1 and R2 and I > try to modify the rp on one of them and when trying to commit the changes, > everything freezes and I can't know if the commit failed or succeeded and I > am obliged to stop the command (ctrl+c). In that case what I do is that: I > exit from xorp from one router to the underlying operating system and let > xorp only running on 1 router, and then modify the rp. The same procedure is > done on the other router before both routers are connected to each others in > xorp.. Is there a specific reason for that? During the RP modification, eventually you create a window of time when the RP set in both PIM-SM routers are different. Depend on the particular setup, there is a potential of creating a multicast loop just because during this window of time the RPs are different. In general, multicast loops can have catastrophic impact on networks if the looped traffic is amplified exponentially. If you end-up with such exponential traffic increase, this probably locks your routers. However, given that you have a very simple topology this might not be the case. A simple way of testing this is to run tcpdump on each link and see if there is huge traffic increase during the reconfiguration (just in case, snoop for all traffic). If the traffic increase is not the source of the problem, then please send me exact instructions how to reproduce the problem: your starting configuration on each router before the reconfiguration, and the exact commands you execute on both routers (and their order). > Do you have any further suggestions why the pim is not succeeding in > building the tree and thus multicast is not working? (TTL on source is for > sure bigger than 1, I checked that) If you have 2 routers, then the TTL must be at least 3. Also, make sure there are no firewall rules that stop the PIM control traffic (or the multicast data traffic itself). Regards, Pavlin From atanu at ICSI.Berkeley.EDU Thu Oct 26 18:36:08 2006 From: atanu at ICSI.Berkeley.EDU (Atanu Ghosh) Date: Thu, 26 Oct 2006 18:36:08 -0700 Subject: [Xorp-users] Route Redistribution issue in BGP - Kindly help asap. In-Reply-To: Message from Santhosh Sundararaman of "Thu, 26 Oct 2006 02:29:04 CDT." <454063C0.8030003@ku.edu> Message-ID: <96541.1161912968@tigger.icir.org> Hi, It should be possible to do what you want in a single term: policy { policy-statement "routes_as1_to_as2" { term "reject_ospf4_to_ibgp_peer" { from { protocol: "ospf4" } to { neighbor: 10.5.11.1 } then { reject /*Rej ospf routes to IBGP Peer*/ } } } } However it looks as if you have hit a bug with the neighbor statement: http://www.xorp.org/bugzilla/show_bug.cgi?id=610 We will look into this and get back to you. Atanu. >>>>> "Santhosh" == Santhosh Sundararaman writes: Santhosh> Hi, Santhosh> I have a BGP router that is peered to one E-BGP peer and one I-BGP Santhosh> peer. There are several routers in the local AS and OSPF is the IGP. I Santhosh> am trying to redistribute the OSPF routes into BGP such that the OSPF Santhosh> routes are advertised to the EBGP peer but not the IBGP peer. The Santhosh> following is the configuration I am using. Santhosh> protocols { Santhosh> bgp { Santhosh> bgp-id: 172.16.10.3 Santhosh> local-as: 65001 Santhosh> export: "routes_as1_to_as2" Santhosh> peer 172.16.10.1 { /* EBGP Peer*/ Santhosh> local-ip: 172.16.10.3 Santhosh> as: 65002 Santhosh> next-hop: 172.16.10.3 Santhosh> holdtime: 120 Santhosh> ipv4-unicast: true Santhosh> } Santhosh> peer 10.5.11.1 { /*IBGP Peer*/ Santhosh> local-ip: 10.10.11.2 Santhosh> as: 65001 Santhosh> next-hop: 10.10.11.2 Santhosh> holdtime: 120 Santhosh> ipv4-unicast: true Santhosh> } Santhosh> } Santhosh> } Santhosh> policy { Santhosh> policy-statement "routes_as1_to_as2" { Santhosh> term "ospf_routes" { Santhosh> from { Santhosh> protocol: "ospf4" Santhosh> } Santhosh> to { Santhosh> neighbor: 172.16.10.1 Santhosh> } Santhosh> then { Santhosh> accept /*adv ospf routes to EBGP Peer*/ Santhosh> } Santhosh> } Santhosh> term "reject_ospf4_to_ibgp_peer" { Santhosh> from { Santhosh> protocol: "ospf4" Santhosh> } Santhosh> to { Santhosh> neighbor: 10.5.11.1 Santhosh> } Santhosh> then { Santhosh> reject /*Rej ospf routes to IBGP Peer*/ Santhosh> } Santhosh> } Santhosh> } Santhosh> } Santhosh> On using this policy the routes get advertised to both EBGP and IBGP Santhosh> peers and "reject_ospf_to_ibgp_peer" term appears to be ignored. I have Santhosh> tried specifying "reject_ospf_to_ibgp_peer" without any Santhosh> to{neighbor:10.5.11.1} rule, in which case the routes were not Santhosh> advertised to any of the peers. Am I missing something?? Santhosh> The address matched against the neighbor variable in the to {} rules, is Santhosh> the address of the interface of the peer to which peering is establish Santhosh> and not the bgp-id of the peer, is that correct or should it have been Santhosh> the peers bgp-id instead. Santhosh> Also inside the bgp protocol construct when specifying the peers, should Santhosh> the peer address be the bgp-id of the peer, or can it be any one of the Santhosh> several interface addresses of the peer which may not be the bgp-id. Santhosh> Any help would be greatly appreciated. Santhosh> Thanks Santhosh> Santhosh Santhosh> _______________________________________________ Santhosh> Xorp-users mailing list Santhosh> Xorp-users at xorp.org Santhosh> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users From kristian at spritelink.se Thu Oct 26 19:18:11 2006 From: kristian at spritelink.se (Kristian Larsson) Date: Fri, 27 Oct 2006 04:18:11 +0200 Subject: [Xorp-users] Route Redistribution issue in BGP - Kindly help asap. In-Reply-To: <96541.1161912968@tigger.icir.org> References: <454063C0.8030003@ku.edu> <96541.1161912968@tigger.icir.org> Message-ID: <20061027021811.GP12103@spritelink.se> On Thu, Oct 26, 2006 at 06:36:08PM -0700, Atanu Ghosh wrote: > Hi, > > It should be possible to do what you want in a single term: > policy { > policy-statement "routes_as1_to_as2" { > term "reject_ospf4_to_ibgp_peer" { > from { > protocol: "ospf4" > } > to { > neighbor: 10.5.11.1 > } > then { > reject /*Rej ospf routes to IBGP Peer*/ > } > } > } > } > > However it looks as if you have hit a bug with the neighbor statement: > http://www.xorp.org/bugzilla/show_bug.cgi?id=610 > > We will look into this and get back to you. It would be quite beneficial in cases such as this if you could do per-peer import/export policies. Becomes much easier to read and maintain. Kristian. > >>>>> "Santhosh" == Santhosh Sundararaman writes: > > Santhosh> Hi, > Santhosh> I have a BGP router that is peered to one E-BGP peer and one I-BGP > Santhosh> peer. There are several routers in the local AS and OSPF is the IGP. I > Santhosh> am trying to redistribute the OSPF routes into BGP such that the OSPF > Santhosh> routes are advertised to the EBGP peer but not the IBGP peer. The > Santhosh> following is the configuration I am using. > > Santhosh> protocols { > Santhosh> bgp { > Santhosh> bgp-id: 172.16.10.3 > Santhosh> local-as: 65001 > > Santhosh> export: "routes_as1_to_as2" > > Santhosh> peer 172.16.10.1 { /* EBGP Peer*/ > Santhosh> local-ip: 172.16.10.3 > Santhosh> as: 65002 > Santhosh> next-hop: 172.16.10.3 > Santhosh> holdtime: 120 > Santhosh> ipv4-unicast: true > Santhosh> } > > Santhosh> peer 10.5.11.1 { /*IBGP Peer*/ > Santhosh> local-ip: 10.10.11.2 > Santhosh> as: 65001 > Santhosh> next-hop: 10.10.11.2 > Santhosh> holdtime: 120 > Santhosh> ipv4-unicast: true > Santhosh> } > Santhosh> } > Santhosh> } > > Santhosh> policy { > Santhosh> policy-statement "routes_as1_to_as2" { > Santhosh> term "ospf_routes" { > Santhosh> from { > Santhosh> protocol: "ospf4" > Santhosh> } > Santhosh> to { > Santhosh> neighbor: 172.16.10.1 > Santhosh> } > Santhosh> then { > Santhosh> accept /*adv ospf routes to EBGP Peer*/ > Santhosh> } > Santhosh> } > > Santhosh> term "reject_ospf4_to_ibgp_peer" { > Santhosh> from { > Santhosh> protocol: "ospf4" > Santhosh> } > Santhosh> to { > Santhosh> neighbor: 10.5.11.1 > Santhosh> } > Santhosh> then { > Santhosh> reject /*Rej ospf routes to IBGP Peer*/ > Santhosh> } > Santhosh> } > Santhosh> } > Santhosh> } > > Santhosh> On using this policy the routes get advertised to both EBGP and IBGP > Santhosh> peers and "reject_ospf_to_ibgp_peer" term appears to be ignored. I have > Santhosh> tried specifying "reject_ospf_to_ibgp_peer" without any > Santhosh> to{neighbor:10.5.11.1} rule, in which case the routes were not > Santhosh> advertised to any of the peers. Am I missing something?? > > Santhosh> The address matched against the neighbor variable in the to {} rules, is > Santhosh> the address of the interface of the peer to which peering is establish > Santhosh> and not the bgp-id of the peer, is that correct or should it have been > Santhosh> the peers bgp-id instead. > > Santhosh> Also inside the bgp protocol construct when specifying the peers, should > Santhosh> the peer address be the bgp-id of the peer, or can it be any one of the > Santhosh> several interface addresses of the peer which may not be the bgp-id. > > Santhosh> Any help would be greatly appreciated. > > Santhosh> Thanks > Santhosh> Santhosh > > Santhosh> _______________________________________________ > Santhosh> Xorp-users mailing list > Santhosh> Xorp-users at xorp.org > Santhosh> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users -- Kristian Larsson KLL-RIPE Network Engineer Net at Once [AS35706] +46 704 910401 kristian at spritelink.se From santhosh at ku.edu Thu Oct 26 20:22:17 2006 From: santhosh at ku.edu (Santhosh Sundararaman) Date: Thu, 26 Oct 2006 22:22:17 -0500 Subject: [Xorp-users] Route Redistribution issue in BGP : Traces In-Reply-To: <20061027021811.GP12103@spritelink.se> References: <454063C0.8030003@ku.edu> <96541.1161912968@tigger.icir.org> <20061027021811.GP12103@spritelink.se> Message-ID: <45417B69.3090208@ku.edu> Hi Thanks Atanu and Kristian for your suggestions. I did some trace and tried to find what was happening. Initially I changed the to {} rule to use the nexthop4 rule instead of neighbor rule as shown below. term "ospf_routes" { from { protocol: "ospf4" } to { nexthop4: 172.16.10.3 /*the interface on this router that is used as the next hop for the peer*/ } then { trace: 2 accept /*adv ospf routes to EBGP Peer*/ } } A snippet of the trace is below. [ 2006/10/26 17:37:46 TRACE xorp_bgp POLICY ] Policy filter result: BGP Export route: 10.11.15.0/24 Full route: GenID is 1 CHANGED flag is set SubnetRoute: Net: 10.11.15.0/24 PAList: Next Hop Attribute 172.16.10.3 Origin Path Attribute - IGP AS Path Attribute AsPath: [AS/65001] Multiple Exit Descriminator Attribute: MED=0: accepted Basic VarRW trace: Read 1: 0,1 Read 11: 172.16.10.3 Write 0: 2 Read 1: 0,1 Read 11: 172.16.10.3 Write 0: 2 Read 1: 0,1 Read 11: 172.16.10.3 Write 0: 2 I interpreted the Read 11: value (which was the same for every route's trace) as the nexthop value that i specified in the config.boot file (part of which ive listed above). I repeated the same, but this time i changed the rule in to{} neighbor as shown below. term "ospf_routes" { from { protocol: "ospf4" } to { neighbor: 172.16.10.1 } then { accept /*adv ospf routes to EBGP Peer*/ } } I noticed that the trace for this config had 0.0.0.0 for the Read: values as shown below. I believe this should have been the neighbor value specified in the policy in config.boot (172.16.10.1) and that the value is not being set in the policy varrw. And I guess this is why the policy was not working correctly when the neighbor rule was being used. I have attached a piece of the trace below. [ 2006/10/26 17:26:07 TRACE xorp_bgp POLICY ] Policy filter result: BGP Export route: 10.11.15.0/24 Full route: GenID is 1 CHANGED flag is set PUSH flag is set SubnetRoute: Net: 10.11.15.0/24 PAList: Next Hop Attribute 10.10.11.1 Origin Path Attribute - IGP AS Path Attribute AsPath: Local Preference Attribute - 100: rejected Basic VarRW trace: Read 1: 0,1 Read 16: 0.0.0.0 Read 1: 0,1 Write 0: 2 Read 1: 0,1 Read 16: 0.0.0.0 Read 1: 0,1 Write 0: 2 Read 1: 0,1 Read 16: 0.0.0.0 Read 1: 0,1 Write 0: 2 Kindly let me know if what im interpreting is right. Thanks Santhosh From pavlin at icir.org Thu Oct 26 21:43:51 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Thu, 26 Oct 2006 21:43:51 -0700 Subject: [Xorp-users] Route Redistribution issue in BGP - Kindly help asap. In-Reply-To: Message from Kristian Larsson of "Fri, 27 Oct 2006 04:18:11 +0200." <20061027021811.GP12103@spritelink.se> Message-ID: <200610270443.k9R4hpt6098055@possum.icir.org> > > It should be possible to do what you want in a single term: > > policy { > > policy-statement "routes_as1_to_as2" { > > term "reject_ospf4_to_ibgp_peer" { > > from { > > protocol: "ospf4" > > } > > to { > > neighbor: 10.5.11.1 > > } > > then { > > reject /*Rej ospf routes to IBGP Peer*/ > > } > > } > > } > > } > > > > However it looks as if you have hit a bug with the neighbor statement: > > http://www.xorp.org/bugzilla/show_bug.cgi?id=610 > > > > We will look into this and get back to you. > It would be quite beneficial in cases such as this > if you could do per-peer import/export policies. > Becomes much easier to read and maintain. Agree, but it might not be trivial to implement. Anyway, I added it as an enhancement Bugzilla entry: http://www.xorp.org/bugzilla/show_bug.cgi?id=667 Thanks, Pavlin From atanu at ICSI.Berkeley.EDU Fri Oct 27 11:41:35 2006 From: atanu at ICSI.Berkeley.EDU (Atanu Ghosh) Date: Fri, 27 Oct 2006 11:41:35 -0700 Subject: [Xorp-users] Route Redistribution issue in BGP - Kindly help asap. In-Reply-To: Message from Pavlin Radoslavov of "Thu, 26 Oct 2006 21:43:51 PDT." <200610270443.k9R4hpt6098055@possum.icir.org> Message-ID: <37135.1161974495@tigger.icir.org> >>>>> "Pavlin" == Pavlin Radoslavov writes: >> > It should be possible to do what you want in a single term: > >> policy { > policy-statement "routes_as1_to_as2" { > term >> "reject_ospf4_to_ibgp_peer" { > from { > protocol: "ospf4" > } > >> to { > neighbor: 10.5.11.1 > } > then { > reject /*Rej ospf >> routes to IBGP Peer*/ > } > } > } > } >> > >> > However it looks as if you have hit a bug with the neighbor >> statement: > http://www.xorp.org/bugzilla/show_bug.cgi?id=610 >> > >> > We will look into this and get back to you. It would be quite >> beneficial in cases such as this if you could do per-peer >> import/export policies. Becomes much easier to read and >> maintain. Pavlin> Agree, but it might not be trivial to implement. Anyway, I Pavlin> added it as an enhancement Bugzilla entry: Pavlin> http://www.xorp.org/bugzilla/show_bug.cgi?id=667 I have updated the entry with some thoughts on how to implement this feature. Atanu. From yiwang at cs.princeton.edu Fri Oct 27 12:15:33 2006 From: yiwang at cs.princeton.edu (Yi Wang) Date: Fri, 27 Oct 2006 15:15:33 -0400 Subject: [Xorp-users] XORP talking to a remote Click Message-ID: <45425AD5.80206@cs.princeton.edu> Hello, I have been trying to let a XORP instance running on my local PC talk (send its forwarding table) to a Click instance on another machine. I only tried to set a static route in XORP so far. A new route did show up in the Click (IP lookup element named _xorp_rt4). However, it was the default route of the local interface (eth0 of my local PC) in the XORP interfaces configure (e.g., 128.112.95.0/24), not the static route I configured (111.222.0.0/16). A piece of additional information: when I started xorp_rtrmgr with this configuration (pasted below), there was such an error message: [ 2006/10/27 14:21:48 ERROR xorp_fea:20687 FEA +331 fticonfig_entry_set_click.cc add_entry ] User-level Click command error: 520-Write handler '_xorp_rt4.add' error: 520 conflict with existing route '128.112.95.0/24 - 0' My guess is that XORP does not know how to reach 192.168.1.2 from eth0. Any suggestions on how to get around this? Another more general question I have is: say a XORP instance is runnning only BGP (without any IGPs), is there a way to configure this XORP instance such that it passes all the best routes to a remote Click without trying to resolve the immediate next-hops or outgoing interfaces? Thanks, Yi -------------- The toy XORP configue file I used: interfaces { interface eth0 { disable: false default-system-config } } fea { unicast-forwarding4 { disable: true } click { disable: false duplicate-routes-to-kernel: true user-click { disable: false command-file: "/usr/local/bin/click" command-extra-arguments: "-R" command-execute-on-startup: false control-address: 198.32.154.235 /* the address of the remote box where Click is running */ control-socket-port: 13750 } } } protocols { static { route 111.222.0.0/16 { next-hop: 192.168.1.2 metric: 1 } } } From pavlin at icir.org Fri Oct 27 17:10:26 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 27 Oct 2006 17:10:26 -0700 Subject: [Xorp-users] Route Redistribution issue in BGP : Traces In-Reply-To: Message from Santhosh Sundararaman of "Thu, 26 Oct 2006 22:22:17 CDT." <45417B69.3090208@ku.edu> Message-ID: <200610280010.k9S0AQQ6032088@possum.icir.org> Santhosh, I just committed a fix to BGP, so hopefully this will fix the issue you have (and Bugzilla 610): Revision Changes Path 1.22 +3 -2; commitid: dbd8454294757ea6; xorp/bgp/route_table_policy.cc 1.4 +10 -2; commitid: dbd8454294757ea6; xorp/bgp/route_table_policy_ex.cc Now you can use a statement like the following to stop the routes being propagated to peer XX.XX.XX.XX policy { policy-statement "redist_static" { term "static_routes" { from { protocol: "static" } } } policy-statement "drop_to_peer" { term "deny" { to { neighbor: XX.XX.XX.XX } then { reject } } } } protocols { bgp { export: "redist_static,drop_to_peer" ... } } Regards, Pavlin From yiwang at cs.princeton.edu Fri Oct 27 18:17:02 2006 From: yiwang at cs.princeton.edu (Yi Wang) Date: Fri, 27 Oct 2006 21:17:02 -0400 Subject: [Xorp-users] running multiple instances of XORP on the same host Message-ID: <4542AF8E.3010300@cs.princeton.edu> Hello, Is there a way to run multiple instances of XORP on the same host? I tried to run the second XORP instance using the -p option, but failed: ./xorp_rtrmgr -p 20000 -b some_config.xorp error messages: [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +240 master_conf_tree.cc execute ] Changed modules: interfaces, fea, rib, policy, static_routes [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +99 module_manager.cc execute ] Executing module: interfaces (fea/xorp_fea) [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] MFEA enabled [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI enabled [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI started [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] MFEA enabled [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI enabled [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI started [ 2006/10/27 16:29:45 FATAL xorp_fea:14772 MFEA +1493 xrl_mfea_node.cc cli_manager_client_send_add_cli_command_cb ] Cannot add a command to CLI manager: 102 Command failed Cannot install command 'show mfea' [ 2006/10/27 16:29:45 ERROR xorp_rtrmgr:14771 RTRMGR +750 module_manager.cc done_cb ] Command "/home/yiwang/source/xorp-1.3/fea/xorp_fea": terminated with signal 6. [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +297 module_manager.cc module_exited ] Module abnormally killed: interfaces [ 2006/10/27 16:29:47 WARNING xorp_rtrmgr:14771 XrlFinderTarget +406 ../xrl/targets/finder_base.cc handle_finder_0_2_resolve_xrl ] Handling method for finder/0.2/resolve_xrl failed: XrlCmdError 102 Command failed Target "fea" does not exist or is not enabled. [ 2006/10/27 16:29:48 WARNING xorp_rtrmgr:14771 XrlFinderTarget +406 ../xrl/targets/finder_base.cc handle_finder_0_2_resolve_xrl ] Handling method for finder/0.2/resolve_xrl failed: XrlCmdError 102 Command failed Target "fea" does not exist or is not enabled. ... Any help is greatly appreciated! Yi PS, I found some correspondence about this issue in the mailing list in Aug. 2005, but couldn't figure out the way to do it. From pavlin at icir.org Fri Oct 27 18:29:25 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Fri, 27 Oct 2006 18:29:25 -0700 Subject: [Xorp-users] running multiple instances of XORP on the same host In-Reply-To: Message from Yi Wang of "Fri, 27 Oct 2006 21:17:02 EDT." <4542AF8E.3010300@cs.princeton.edu> Message-ID: <200610280129.k9S1TPgQ033130@possum.icir.org> > Is there a way to run multiple instances of XORP on the same host? I > tried to run the second XORP instance using the -p option, but failed: > > ./xorp_rtrmgr -p 20000 -b some_config.xorp For the time being you should set the XORP_FINDER_SERVER_PORT environmental variable before starting XORP to match that port. E.g.: setenv XORP_FINDER_SERVER_PORT 20000 I believe that if you set this variable, then you don't need to use the "-p" flag. This is not (yet) in the documentation, because we haven't finalized the solution for running multiple XORP instances. BTW, have in mind that you won't be able to run multiple instances if 2+ instances try to do multicast routing. The UNIX kernel allows only one multicast routing socket. Regards, Pavlin > error messages: > > [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +240 > master_conf_tree.cc execute ] Changed modules: interfaces, fea, rib, > policy, static_routes > [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +99 > module_manager.cc execute ] Executing module: interfaces (fea/xorp_fea) > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] MFEA enabled > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI enabled > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI started > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] MFEA enabled > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI enabled > [ 2006/10/27 16:29:45 INFO xorp_fea MFEA ] CLI started > [ 2006/10/27 16:29:45 FATAL xorp_fea:14772 MFEA +1493 xrl_mfea_node.cc > cli_manager_client_send_add_cli_command_cb ] Cannot add a command to CLI > manager: 102 Command failed Cannot install command 'show mfea' > [ 2006/10/27 16:29:45 ERROR xorp_rtrmgr:14771 RTRMGR +750 > module_manager.cc done_cb ] Command > "/home/yiwang/source/xorp-1.3/fea/xorp_fea": terminated with signal 6. > [ 2006/10/27 16:29:45 INFO xorp_rtrmgr:14771 RTRMGR +297 > module_manager.cc module_exited ] Module abnormally killed: interfaces > [ 2006/10/27 16:29:47 WARNING xorp_rtrmgr:14771 XrlFinderTarget +406 > ../xrl/targets/finder_base.cc handle_finder_0_2_resolve_xrl ] Handling > method for finder/0.2/resolve_xrl failed: XrlCmdError 102 Command failed > Target "fea" does not exist or is not enabled. > [ 2006/10/27 16:29:48 WARNING xorp_rtrmgr:14771 XrlFinderTarget +406 > ../xrl/targets/finder_base.cc handle_finder_0_2_resolve_xrl ] Handling > method for finder/0.2/resolve_xrl failed: XrlCmdError 102 Command failed > Target "fea" does not exist or is not enabled. > ... > > Any help is greatly appreciated! > > Yi > > PS, I found some correspondence about this issue in the mailing list in > Aug. 2005, but couldn't figure out the way to do it. > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users From pavlin at icir.org Sat Oct 28 15:07:56 2006 From: pavlin at icir.org (Pavlin Radoslavov) Date: Sat, 28 Oct 2006 15:07:56 -0700 Subject: [Xorp-users] XORP talking to a remote Click In-Reply-To: Message from Yi Wang of "Fri, 27 Oct 2006 15:15:33 EDT." <45425AD5.80206@cs.princeton.edu> Message-ID: <200610282207.k9SM7uNB043148@possum.icir.org> > I have been trying to let a XORP instance running on my local PC talk > (send its forwarding table) to a Click instance on another machine. I > only tried to set a static route in XORP so far. A new route did show up > in the Click (IP lookup element named _xorp_rt4). However, it was the > default route of the local interface (eth0 of my local PC) in the XORP > interfaces configure (e.g., 128.112.95.0/24), not the static route I > configured (111.222.0.0/16). > > A piece of additional information: when I started xorp_rtrmgr with this > configuration (pasted below), there was such an error message: > [ 2006/10/27 14:21:48 ERROR xorp_fea:20687 FEA +331 > fticonfig_entry_set_click.cc add_entry ] User-level Click command error: > 520-Write handler '_xorp_rt4.add' error: > 520 conflict with existing route '128.112.95.0/24 - 0' > > My guess is that XORP does not know how to reach 192.168.1.2 from eth0. > Any suggestions on how to get around this? First, I should mention that the FEA-Click interaction hasn't been designed to run them on different machines. The purpose of the user-click control-address is to specify a different local IP address (instead of the default 127.0.0.1). One of the issues with running remote Click is that the FEA performs various interface-related checks, and the FEA obtains this information from the kernel itself (i.e., the local machine). Obviously, this interface information doesn't apply for the remote machine with Click. You should try to run both the FEA and Click on the remote machine. For that purpose you need to do few tricks in XORP. Off the top of my head, below is one possible manual procedure for doing this. 1. Replace the fea/xorp_fea binary with an executable (it could be a shell script) that sleeps forever. 2. Set the XORP_FINDER_SERVER_ADDRESS environmental variable before starting XORP to one of the IP addresses of the machine running xorp_rtrmgr. E.g., in csh/tcsh setenv XORP_FINDER_SERVER_ADDRESS 1.2.3.4 3. Start XORP like: ./xorp_rtrmgr -i 1.2.3.4 -a 5.6.7.8 where 5.6.7.8 is the IP address of the machine that will be running the FEA. 4. As soon as you start xorp_rtrmgr, start the original xorp_fea binary on the remote machine (probably within 30 seconds if not less), but make sure you have set the XORP_FINDER_SERVER_ADDRESS environmental variable. E.g., env XORP_FINDER_SERVER_ADDRESS=1.2.3.4 fea/xorp_fea If this doesn't work, try changing the order of (3) and (4). Other folks on the list probably have played with similar procedure for running remote FEA, so they might have a better (automated?) mechanism for starting everything. > Another more general question I have is: say a XORP instance is runnning > only BGP (without any IGPs), is there a way to configure this XORP > instance such that it passes all the best routes to a remote Click > without trying to resolve the immediate next-hops or outgoing interfaces? All routes need to be resolvable before going to the FEA. If you run both Click and FEA on the same machine, then eventually this shouldn't be an issue. Regards, Pavlin > Thanks, > Yi > > -------------- > > The toy XORP configue file I used: > > interfaces { > interface eth0 { > disable: false > default-system-config > } > } > > fea { > unicast-forwarding4 { > disable: true > } > > click { > disable: false > > duplicate-routes-to-kernel: true > > user-click { > disable: false > command-file: "/usr/local/bin/click" > command-extra-arguments: "-R" > command-execute-on-startup: false > control-address: 198.32.154.235 /* the address of the > remote box where Click is running */ > control-socket-port: 13750 > } > } > } > > protocols { > static { > route 111.222.0.0/16 { > next-hop: 192.168.1.2 > metric: 1 > } > } > } > > _______________________________________________ > Xorp-users mailing list > Xorp-users at xorp.org > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-users From santhosh at ku.edu Sun Oct 29 15:20:31 2006 From: santhosh at ku.edu (Santhosh Sundararaman) Date: Sun, 29 Oct 2006 17:20:31 -0600 Subject: [Xorp-users] Route Redistribution issue in BGP : Traces In-Reply-To: <200610280010.k9S0AQQ6032088@possum.icir.org> References: <200610280010.k9S0AQQ6032088@possum.icir.org> Message-ID: <4545373F.8020806@ku.edu> Pavlin, Thanks for the bug fix, I tried the revised files and things are working fine now. Thanks for your timely response. Santhosh Pavlin Radoslavov wrote: > Santhosh, > > I just committed a fix to BGP, so hopefully this will fix the issue > you have (and Bugzilla 610): > > Revision Changes Path > 1.22 +3 -2; commitid: dbd8454294757ea6; xorp/bgp/route_table_policy.cc > 1.4 +10 -2; commitid: dbd8454294757ea6; xorp/bgp/route_table_policy_ex.cc > > Now you can use a statement like the following to stop the routes > being propagated to peer XX.XX.XX.XX > > policy { > policy-statement "redist_static" { > term "static_routes" { > from { > protocol: "static" > } > } > } > policy-statement "drop_to_peer" { > term "deny" { > to { > neighbor: XX.XX.XX.XX > } > then { > reject > } > } > } > } > > protocols { > bgp { > export: "redist_static,drop_to_peer" > ... > } > } > > Regards, > Pavlin >