Hello!
FRR follows multiple other vendors in regard of AFI activation. By default IPv4 unicast is enabled for every neighbour. Thus you need to deactivate it for every pure IPv6 peer like

address-family ipv4 unicast
no neighbor 2a02:db8::1 activate

On the other hand you can get rid of this default behavior with 'no bgp default ipv4-unicast'. In this case though you need to explicitly activate IPv4 unicast AFI for every IPv4 peer.


Yakov Sh.
telegram: @darkyman


Verzonden met Proton Mail mobiel



-------- Oorspronkelijk bericht --------
Op 14 mei 2023 3:10 p.m., schreef Soeren Malchow :

Dears,

we are struggeling with a setup, where we have a BGP setup with our carrier and IPv4 works just fine (two endpoints on our side, two on theirs) on the same two connections we are also trying to advertise IPv6 prefixes, however, in that case the carrier router spits out this error message. The FRR is running on a pfsense on our side, however, there is no need to use the ui to do the configuration, we did that already on the CLI.

BGP_NLRI_MISMATCH: bgp_process_caps: mismatch NLRI with 2001:xxxx:x:x:x:x:xx:xxxx (External AS 1xxxx): peer: <inet-unicast inet6-unicast>(17) us: <inet6-unicast>(16) (instance master)

Which tells me that we are offering IPv6 and IPv4 but they only want ipv6, correct ?

The configuration on our side is as follows

frr version 7.5.1
frr defaults traditional
hostname XXXXXX
service integrated-vtysh-config
!
password some_password
!
ip router-id 62.xx.xx.x
!
router bgp 1xxxx
 bgp router-id 62.xx.xx.xx
 bgp log-neighbor-changes
 no bgp network import-check
 neighbor 62.x.x.x remote-as 3xxx
 neighbor 62.x.x.x description Lumen peer
 neighbor 62.x.x.x bfd
 neighbor 62.x.x.x password PASSWORD
 neighbor 62.x.x.x update-source 62.xx.xx.xx
 neighbor 2001:xxxx:x:x:x:x:x:xxxx remote-as 3xxx
 neighbor 2001:xxxx:x:x:x:x:x:xxxx description Lumen Circuit 1 - IPv6
 neighbor 2001:xxxx:x:x:x:x:x:xxxx bfd
 neighbor 2001:xxxx:x:x:x:x:x:xxxx password PASSWORD
 neighbor 2001:xxxx:x:x:x:x:x:xxxx update-source 2001:xxxx:x:x:x:x:xx:xxxx
 !
 address-family ipv4 unicast
  network 62.x.x.xxx/25 route-map ALLOW-ALL
  network 212.x.x.x/29 route-map ALLOW-ALL
  neighbor 62.x.x.x route-map ALLOW-ALL in
  neighbor 62.x.x.x route-map ALLOW-ALL out
 exit-address-family
 !
 address-family ipv6 unicast
  network 2001:XXXX:XXXX:X::/64 route-map ALLOW-ALL
  network 2001:XXXX:XXXX::/48 route-map ALLOW-ALL
  neighbor 2001:1900:x:x:x:x:x:xxxx activate
  no neighbor 2001:1900:x:x:x:x:x:xxxx send-community
  neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL in
  neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL out
 exit-address-family
!
route-map ALLOW-ALL permit 100
 description Match any route
!
line vty
!
bfd
 peer 62.x.x.x local-address 62.xx.xx.xx interface vtnet0
  no shutdown
 !
!

any help on how to continue with this is very much appreciated. We have no idea what to do here

Cheers
Soeren