Hello! FRR follows multiple other vendors in regard of AFI activation. By default IPv4 unicast is enabled for every neighbour. Thus you need to deactivate it for every pure IPv6 peer like address-family ipv4 unicast no neighbor 2a02:db8::1 activate On the other hand you can get rid of this default behavior with 'no bgp default ipv4-unicast'. In this case though you need to explicitly activate IPv4 unicast AFI for every IPv4 peer. Yakov Sh. telegram: @darkyman Verzonden met Proton Mail mobiel -------- Oorspronkelijk bericht -------- Op 14 mei 2023 3:10 p.m., schreef Soeren Malchow :
Dears,
we are struggeling with a setup, where we have a BGP setup with our carrier and IPv4 works just fine (two endpoints on our side, two on theirs) on the same two connections we are also trying to advertise IPv6 prefixes, however, in that case the carrier router spits out this error message. The FRR is running on a pfsense on our side, however, there is no need to use the ui to do the configuration, we did that already on the CLI.
BGP_NLRI_MISMATCH: bgp_process_caps: mismatch NLRI with 2001:xxxx:x:x:x:x:xx:xxxx (External AS 1xxxx): peer: <inet-unicast inet6-unicast>(17) us: <inet6-unicast>(16) (instance master) Which tells me that we are offering IPv6 and IPv4 but they only want ipv6, correct ?
The configuration on our side is as follows
frr version 7.5.1 frr defaults traditional hostname XXXXXX service integrated-vtysh-config ! password some_password ! ip router-id 62.xx.xx.x ! router bgp 1xxxx bgp router-id 62.xx.xx.xx bgp log-neighbor-changes no bgp network import-check neighbor 62.x.x.x remote-as 3xxx neighbor 62.x.x.x description Lumen peer neighbor 62.x.x.x bfd neighbor 62.x.x.x password PASSWORD neighbor 62.x.x.x update-source 62.xx.xx.xx neighbor 2001:xxxx:x:x:x:x:x:xxxx remote-as 3xxx neighbor 2001:xxxx:x:x:x:x:x:xxxx description Lumen Circuit 1 - IPv6 neighbor 2001:xxxx:x:x:x:x:x:xxxx bfd neighbor 2001:xxxx:x:x:x:x:x:xxxx password PASSWORD neighbor 2001:xxxx:x:x:x:x:x:xxxx update-source 2001:xxxx:x:x:x:x:xx:xxxx ! address-family ipv4 unicast network 62.x.x.xxx/25 route-map ALLOW-ALL network 212.x.x.x/29 route-map ALLOW-ALL neighbor 62.x.x.x route-map ALLOW-ALL in neighbor 62.x.x.x route-map ALLOW-ALL out exit-address-family ! address-family ipv6 unicast network 2001:XXXX:XXXX:X::/64 route-map ALLOW-ALL network 2001:XXXX:XXXX::/48 route-map ALLOW-ALL neighbor 2001:1900:x:x:x:x:x:xxxx activate no neighbor 2001:1900:x:x:x:x:x:xxxx send-community neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL in neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL out exit-address-family ! route-map ALLOW-ALL permit 100 description Match any route ! line vty ! bfd peer 62.x.x.x local-address 62.xx.xx.xx interface vtnet0 no shutdown ! ! any help on how to continue with this is very much appreciated. We have no idea what to do here
Cheers Soeren