[FROG] No IPv6 prefix sent to neighbor

Willy Manga mangawilly at gmail.com
Sat Nov 6 17:48:07 UTC 2021 

Hi,

maybe I'm missing something (obvious) but I do not understand why I'm 
not sending my IPv6 prefix, 2001:43fe:c000::/48, to my upstream 
(Hurricane Electric)


I'm using FRR 8.0.1 on debian 11.1 .

I have a 'v4tunnel' set in /etc/network/interfaces.d/local.interfaces . 
Details in attachment.


No advertised-routes to my neighbor :(

Excerpt of the BGP session

Message statistics:
     Inq depth is 0
     Outq depth is 0
                          Sent       Rcvd
     Opens:                  4          4
     Notifications:          4          0
     Updates:                0     268961
     Keepalives:          1216          4
     Route Refresh:          0          0
     Capability:             0          0
     Total:               1224     268969
   Minimum time between advertisement runs is 0 seconds
   Update source is 2001:470:xxxx::2

  For address family: IPv6 Unicast
   upstream-IPv6 peer-group member
   Update group 8, subgroup 8
   Packet Queue length 0
   Community attribute sent to this neighbor(all)
   Inbound path policy configured
   Outbound path policy configured
   Incoming update prefix filter list is *pl-IPv6-IMPORT
   Outgoing update prefix filter list is *pl-IPv6-EXPORT
   Route map for incoming advertisements is *rm-rpki
   133184 accepted prefixes
   Maximum allowed prefixes sent 0

   Connections established 4; dropped 3


When I look the detail of pl-IPv6-EXPORT, I see 'hit count:2' with BGP 
but nothing sent to my neighbor.

bdr2(config)# do sh ipv6 prefix-list detail pl-IPv6-EXPORT
ZEBRA: ipv6 prefix-list pl-IPv6-EXPORT:
    count: 2, range entries: 0, sequences: 5 - 10
    seq 5 permit 2001:43fe:c000::/48 le 48 (hit count: 0, refcount: 0)
    seq 10 deny any (hit count: 0, refcount: 0)
OSPF6: ipv6 prefix-list pl-IPv6-EXPORT:
    count: 2, range entries: 0, sequences: 5 - 10
    seq 5 permit 2001:43fe:c000::/48 le 48 (hit count: 0, refcount: 0)
    seq 10 deny any (hit count: 0, refcount: 0)
BGP: ipv6 prefix-list pl-IPv6-EXPORT:
    count: 2, range entries: 0, sequences: 5 - 10
    seq 5 permit 2001:43fe:c000::/48 le 48 (hit count: 2, refcount: 0)
    seq 10 deny any (hit count: 7335, refcount: 0)


my pl-IPv6-EXPORT contains only two rules:

ipv6 prefix-list pl-IPv6-EXPORT seq 5 permit 2001:43fe:c000::/48 le 48
ipv6 prefix-list pl-IPv6-EXPORT seq 10 deny any


Any clue ? :)


-- 
Willy Manga
@ongolaboy
https://ongola.blogspot.com/
-------------- next part --------------
Current configuration:
!
frr version 8.0.1
frr defaults traditional
hostname bdr2
log syslog informational
rpki
 rpki polling_period 3600
 rpki cache 2001:43fe:c000:xxxx::18 3323 preference 1
 exit
service integrated-vtysh-config
!
!
ip route 196.49.84.0/24 Null0
ipv6 route 2001:43fe:c000::/48 Null0
!
interface enp8s0
 description VLAN 54
 ip address 196.49.xx.xx/xx
 ip ospf area 0.0.0.0
 ipv6 address 2001:43fe:c000:xxxx::1/127
 ipv6 address 2001:43fe:c000:xxxx::1/127
 ipv6 address 2001:43fe:c000:xxxx::e/64
 ipv6 ospf6 area 0.0.0.0
!
interface lo
 ip address 196.49.xx.x/xx
 ip ospf passive
 ipv6 address 2001:43fe:c000:xxxx::1/128
 ipv6 ospf6 area 0.0.0.0
 ipv6 ospf6 passive
!
router bgp 328913
 bgp router-id 196.49.xx.x
 no bgp default ipv4-unicast
 <snip>
 neighbor upstream-IPv6 peer-group
 neighbor upstream-IPv6 remote-as 6939
 neighbor upstream-IPv6 update-source 2001:470:xxx::2
 neighbor upstream-IPv6 capability dynamic
 neighbor 2001:470:xxx::1 peer-group upstream-IPv6
 neighbor 2001:470:xxx::1 description HE tunnel Endpoint
 !
 address-family ipv4 unicast
 <snip>
 exit-address-family
 !
 address-family ipv6 unicast
  network 2001:43fe:c000::/48
  <snip>
  neighbor upstream-IPv6 activate
  neighbor upstream-IPv6 maximum-prefix-out 1
  neighbor upstream-IPv6 prefix-list pl-IPv6-IMPORT in
  neighbor upstream-IPv6 prefix-list pl-IPv6-EXPORT out
  neighbor upstream-IPv6 route-map rm-rpki in
 exit-address-family
!
<snip>
!
ipv6 prefix-list pl-IPv6-IMPORT seq 5 deny ::1/128
ipv6 prefix-list pl-IPv6-IMPORT seq 10 deny ::/128
ipv6 prefix-list pl-IPv6-IMPORT seq 15 deny ::ffff:0:0/96
ipv6 prefix-list pl-IPv6-IMPORT seq 20 deny 2001::/23
ipv6 prefix-list pl-IPv6-IMPORT seq 25 deny 64:ff9b:1::/48
ipv6 prefix-list pl-IPv6-IMPORT seq 30 deny 100::/64
ipv6 prefix-list pl-IPv6-IMPORT seq 35 deny 2001:2::/48
ipv6 prefix-list pl-IPv6-IMPORT seq 40 deny 2001:db8::/32
ipv6 prefix-list pl-IPv6-IMPORT seq 45 deny fc00::/7
ipv6 prefix-list pl-IPv6-IMPORT seq 50 deny fe80::/10
ipv6 prefix-list pl-IPv6-IMPORT seq 55 deny 2001:43fe:c000::/48
ipv6 prefix-list pl-IPv6-IMPORT seq 60 deny 2001:43fd:c000::/48
ipv6 prefix-list pl-IPv6-IMPORT seq 65 permit ::/0 le 48
ipv6 prefix-list pl-IPv6-EXPORT seq 5 permit 2001:43fe:c000::/48 le 48
ipv6 prefix-list pl-IPv6-EXPORT seq 10 deny any
!
route-map rm-rpki deny 10
 match rpki invalid
!
route-map rm-rpki permit 20
 match rpki notfound
 set local-preference 90
!
route-map rm-rpki permit 30
 match rpki valid
 set local-preference 110
!
ip nht resolve-via-default
!
line vty
!
end
-------------- next part --------------
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:xxx::2
        netmask 64
        endpoint 216.66.xx.xx
        local 196.49.xx.xx
        ttl 255
        gateway 2001:470:xxx::1
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20211106/fdf71442/attachment.sig>

More information about the frog mailing list