Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Aug 23 17:56
    pettai opened #912
  • Aug 22 12:08
    thomas-mangin labeled #911
  • Aug 22 12:03
    thomas-mangin closed #910
  • Aug 22 12:03
    thomas-mangin commented #910
  • Aug 22 09:31
    thomas-mangin commented #911
  • Aug 22 09:29
    thomas-mangin labeled #911
  • Aug 22 09:28
    thomas-mangin assigned #911
  • Aug 22 03:58
    andy19910403 edited #911
  • Aug 22 03:58
    andy19910403 opened #911
  • Aug 15 14:15
    vincentbernat commented #910
  • Aug 15 07:46
    sincerywaing edited #910
  • Aug 15 05:19
    sincerywaing opened #910
  • Aug 14 21:40
    Vascko commented #909
  • Aug 13 10:04
    thomas-mangin labeled #909
  • Aug 13 10:04
    thomas-mangin assigned #909
  • Aug 13 10:02
    thomas-mangin commented #909
  • Aug 12 07:32
    wavezhang commented #908
  • Aug 12 07:32
    wavezhang commented #908
  • Aug 11 23:04
    Vascko opened #909
  • Aug 09 21:44
    thomas-mangin commented #908
nickryce
@nickryce
fingers crossed. Then beer and whisky for the rest of the day!
Bryan Benson
@bmbenson
Have y'all seen issues announcing v6 routes over to v4 neighbor? I see: "Command from process controller : announce route 3409:::1c47/128 next-hop 1::1" in the logs, but don't see any outbound packet changes for the announcement (& the router isn't showing it).
Thomas Mangin
@thomas-mangin
Make sure you have an family IPv6 unicast section with the Neighbor
Bryan Benson
@bmbenson
Found that - thank you. Exa gives no indication in the logs that it eats the announcement/withdrawal. (3.4)
Thomas Mangin
@thomas-mangin
It should .. or it will on master
Bryan Benson
@bmbenson
Sweet - That's a good add; I was looking at what It'd take to add NLRI info to 3.4 yesterday to give the indication on older versions as well.
add NLRI per peer change validation*
Bryan Benson
@bmbenson
@thomas-mangin That makes sense to reject if it isn't configured on the Exa side -- Will it also reject incompatible updates if the router doesn't support that family? IE: Exa Open: AFI v4 + AFI 46; Router Open: AFI v4.
Thomas Mangin
@thomas-mangin
@bmbenson I thought about this too and looked at the code at the time. No it does not. It assumes the capabilities defined were negotiated.
In that case sending the update may cause the session to bounce - not sure what newer routers folllowing more recent draft will do
ie: the ones implementing https://tools.ietf.org/html/rfc7606
This message was deleted
not read it correctly but it seems they did not change that behaviour and it will bounce
Nick Moore
@holynakamoto
is there a way to run exabgp in the background outside of opening up a new session?
Looks like you can use screen
Thomas Mangin
@thomas-mangin
exabgp —help ; look for deamon
Nick Moore
@holynakamoto
exabgp.daemon.daemonize
got it thx
jaredeller
@jaredeller_twitter
I suspect I'm going to feel like a fool here, but here goes. I'm trying to use ExaBGP to peer with my internal route-reflectors for a private corporate MPLS network. I'm feeding probably 300k routes, all VPNV4. I'm trying to decipher the extended communities from decimal to the "new-style" colon delimited. I'm really n00bish code wise, but have a solid understanding of networking. I haven't found a good explanation of the transition from decimal to new style, or vice versa to attempt to reverse engineer the process.
Thomas Mangin
@thomas-mangin
Sorry can you please open an issue on GitHub. It is 21:53 here and I need some beauty sleep :smile:
jaredeller
@jaredeller_twitter
sure, ty
Thomas Mangin
@thomas-mangin
@jaredeller_twitter extended community decoding is a pain .. All I do is present the value within the BGP packet
The encoding is defined here: https://tools.ietf.org/html/rfc4360
jaredeller
@jaredeller_twitter
ok, I fully agree with you, decoding EXTCOMM sucks :-) but it's working now, at least for all of the types of extcomm that we use internally. Thanks!
Thomas Mangin
@thomas-mangin
rewrote the testing code of master .. 5 test failing to fix ..
Leonardo Amaral
@leleobhz
Hello. Its possible to include a file in exabgp.conf?
Thomas Mangin
@thomas-mangin
@leleobhz no but you can use anything you want (including m4) to generate the file
JustinAzoff @JustinAzoff uses mako templates
Thomas Mangin
@thomas-mangin
@JustinAzoff :+1:
rodrigocsousa
@rodrigocsousa
Hey guys, I am quite new on exabgp, so I am sorry if I am asking somthing stuped but I made some research and did not find anything that can help me. I am using exabgp + Wanguard (a tool that detect simple attacks and "mitigate" them). Everything is working almost perfectly. However, when I reach 1446 advertisements, wanguard is not able anymore to push more updates to exabgp and open hundred of procss trying to push updates. Wanguard invokes its own script to push any new BGP advertisement on exabgp. I asked their support and they informed me that there is no limitation on wanguard side and I am sure that exabgp also does not have any limitation. I am running exabgp 3.4.16 on debian 8. Can you give me some help guys?
Thomas Mangin
@thomas-mangin
I will happily work with the wanguard team but as you pointed, there is no limit to the number of routes ExaBGP can process.
rodrigocsousa
@rodrigocsousa
Hey @thomas-mangin, thanks for the response! My concern is just if someone reported this problem with routes before?
Thomas Mangin
@thomas-mangin
Never and there is no reason for this magic 1446 number … does the problem happens after a full restart of both applications ?
Could you please share with me off-line the script that wanguard uses (if they are ok with it) so I can try to figure out what is not right ?
It is 19:06 local time and I have some things planned this evening but I should be able to have a look this week-end
rodrigocsousa
@rodrigocsousa
Sure, I can share it, but it is too big, because it connects on the Wanguard database to get/push information, but I think I can share it with you.
Thomas Mangin
@thomas-mangin
Sorry - I do not understand the relation between code size and the connection with a DB ..
You can email me at first @ last dot com
JustinAzoff @JustinAzoff is currently injecting 30429 /32 routes to 3 peers
Justin
@JustinAzoff
sounds like their app may have an issue with a pipe buffer filling up or something and locking up
rodrigocsousa
@rodrigocsousa
Hey @thomas-mangin , I made a change on Wanguard side (aparently the problem was there).
I stopped the test with more than 3000 routes.
show route table inetflow.0 | match term | count
Count: 3048 lines
They have a value on their database called "max_flowspec"
I changed to 300,000 and it apparently solved the problem.
Sorry for ask you guys :)
Justin
@JustinAzoff
ah, if you are using flowspec, you may want to double check with your router specs on what the max number of rules it supports
A maximum of 3000 flowspec rules are supported per system.