<div id="__MailbirdStyleContent" style="font-size: 10pt;font-family: Arial;color: #000000">The subject basically says it all..... I have two sites connected over an IPSEC tunnel. Each site has its own internal routes managed by OSPF, and I am trying to exchange them by BGP.<div class="mb_sig"></div><div><br></div><div><ul><li>We know the traffic is being passed over the IPSEC tunnel, and we can see that each side does get the other's BGP routes. We did have to install directives to allow multihop and disable-connection-checks....</li><li>We do not see the routes being installed into the local kernel routing tables but for the life us, we can't understand why. We see the routes come across in the BGP debug info, but it never makes it into the FIB.</li></ul><div><br></div></div><div>Here's our BGPD.conf albeit for one side -- the other just has the AS numbers changed.</div><div><br></div><div><span style="font-size: 8pt"># BGP Config<br>router bgp 3000000<br> bgp router-id 10.0.0.5<br> redistribute connected<br> redistribute static<br> redistribute kernel<br> redistribute ospf<br><br> # BGP Neighbors<br> neighbor 192.168.101.39 remote-as 2510000<br> neighbor 192.168.101.39 description Aaron Martin<br> neighbor 192.168.101.39 update-source 10.0.0.5<br> address-family ipv4 unicast<br> neighbor 192.168.101.39 activate<br> neighbor 192.168.101.39 disable-connected-checks<br> no neighbor 192.168.101.39 send-community<br> neighbor 192.168.101.39 addpath-tx-bestpath-per-AS<br> neighbor 192.168.101.39 allowas-in<br> exit-address-family</span></div><div><span style="font-size: 10pt"><br></span></div><div><span style="font-size: 10pt">And here's what we see </span></div><div><span style="font-size: 10pt"><br></span></div><div><pre id="bgp_routes" style="box-sizing: border-box; overflow: auto; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; padding: 9.5px; margin-top: 0px; margin-bottom: 10px; line-height: 1.42857; color: rgb(51, 51, 51); word-break: break-all; overflow-wrap: break-word; border: 1px solid rgb(204, 204, 204); border-radius: 4px; font-variant-ligatures: normal; orphans: 2; widows: 2; background-color: rgb(245, 245, 245);"><span style="font-size: 8pt">BGP table version is 208559, local router ID is 10.0.0.5, vrf id 0
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
0.0.0.0 192.168.101.39 0 2510000 3000000 ?
192.168.101.39 0 0 2510000 ?
*> 50.247.114.30 0 32768 ?
10.0.0.0 192.168.101.39 0 2510000 ?
10.0.0.0/16 192.168.101.39 0 2510000 3000000 ?
*> 0.0.0.0 1 32768 ?
10.1.6.0/24 192.168.101.39 0 2510000 3000000 ?
*> 0.0.0.0 1 32768 ?
10.10.10.1/32 192.168.101.39 1 0 2510000 ?
10.147.20.0/24 192.168.101.39 0 2510000 3000000 ?
*> 10.0.1.5 110 32768 ?
50.247.114.16/28 192.168.101.39 0 2510000 3000000 ?
*> 0.0.0.0 1 32768 ?
50.247.114.18/32 192.168.101.39 0 0 2510000 ?
64.62.134.130/32 192.168.101.39 0 2510000 3000000 ?
*> 50.247.114.30 0 32768 ?
68.115.209.232/29
192.168.101.39 1 0 2510000 ?
68.115.209.237/32
192.168.101.39 0 2510000 3000000 ?
*> 50.247.114.30 0 32768 ?
72.52.104.74/32 192.168.101.39 0 2510000 3000000 ?
*> 50.247.114.30 0 32768 ?
172.16.0.0 192.168.101.39 0 2510000 ?
172.16.184.0/24 192.168.101.39 0 0 2510000 ?
172.16.231.0/24 192.168.101.39 1 0 2510000 ?
172.16.232.0/24 192.168.101.39 0 0 2510000 ?
172.16.238.0/24 192.168.101.39 1 0 2510000 ?
172.17.0.0 192.168.101.39 0 2510000 3000000 ?
*> 10.0.1.5 110 32768 ?
172.21.0.0 192.168.101.39 0 2510000 ?
192.168.1.0 192.168.101.39 0 2510000 ?
192.168.101.39 0 0 2510000 ?
192.168.101.0 192.168.101.39 1 0 2510000 ?
192.168.101.39 0 2510000 ?
192.168.106.0 192.168.101.39 1 0 2510000 ?
192.168.101.39 0 2510000 ?
192.168.108.0 192.168.101.39 0 2510000 ?
192.168.121.0 192.168.101.39 0 2510000 ?
192.168.128.0 192.168.101.39 1 0 2510000 ?
192.168.101.39 0 2510000 ?
192.168.131.0 192.168.101.39 0 2510000 ?
192.168.132.0 192.168.101.39 0 2510000 ?
192.168.101.39 0 0 2510000 ?
192.168.148.0 192.168.101.39 1 0 2510000 ?
192.168.150.0 192.168.101.39 0 2510000 ?
192.168.228.0 192.168.101.39 0 2510000 3000000 ?
*> 0.0.0.0 1 32768 ?
192.168.229.0 192.168.101.39 0 2510000 3000000 ?
*> 0.0.0.0 1 32768 ?
196.101.2.0 192.168.101.39 0 2510000 ?
209.51.161.14/32 192.168.101.39 0 0 2510000 ?
Displayed 33 routes and 50 total paths</span></pre><pre id="bgp_routes" style="box-sizing: border-box;overflow: auto;font-family: Menlo, Monaco, Consolas, "Courier New", monospace;font-size: 13px;padding: 9.5px;margin-top: 0px;margin-bottom: 10px;line-height: 1.42857;color: rgb(51, 51, 51);word-break: break-all;overflow-wrap: break-word;border: 1px solid rgb(204, 204, 204);border-radius: 4px;font-variant-ligatures: normal;orphans: 2;widows: 2;background-color: rgb(245, 245, 245)">Everything's there, but it never makes it into the kernel. I'm sure we've done something wrong, because I tried a different BGP-based router at the other end, and I see the connection, but again, the routes don't seem to make it into the kernel -- clearly I've broken something basic :-)</pre><pre id="bgp_routes" style="box-sizing: border-box;overflow: auto;font-family: Menlo, Monaco, Consolas, "Courier New", monospace;font-size: 13px;padding: 9.5px;margin-top: 0px;margin-bottom: 10px;line-height: 1.42857;color: rgb(51, 51, 51);word-break: break-all;overflow-wrap: break-word;border: 1px solid rgb(204, 204, 204);border-radius: 4px;font-variant-ligatures: normal;orphans: 2;widows: 2;background-color: rgb(245, 245, 245)"><br></pre></div></div>