[FROG] BGP_NLRI_MISMATCH Problem
Yakov Sh.
yman at protonmail.ch
Sun May 14 16:36:13 UTC 2023
Hello!
FRR follows multiple other vendors in regard of AFI activation. By default IPv4 unicast is enabled for every neighbour. Thus you need to deactivate it for every pure IPv6 peer like
address-family ipv4 unicast
no neighbor 2a02:db8::1 activate
On the other hand you can get rid of this default behavior with 'no bgp default ipv4-unicast'. In this case though you need to explicitly activate IPv4 unicast AFI for every IPv4 peer.
Yakov Sh.
telegram: @darkyman
Verzonden met Proton Mail mobiel
-------- Oorspronkelijk bericht --------
Op 14 mei 2023 3:10 p.m., schreef Soeren Malchow :
> Dears,
>
> we are struggeling with a setup, where we have a BGP setup with our carrier and IPv4 works just fine (two endpoints on our side, two on theirs) on the same two connections we are also trying to advertise IPv6 prefixes, however, in that case the carrier router spits out this error message. The FRR is running on a pfsense on our side, however, there is no need to use the ui to do the configuration, we did that already on the CLI.
>
> BGP_NLRI_MISMATCH: bgp_process_caps: mismatch NLRI with 2001:xxxx:x:x:x:x:xx:xxxx (External AS 1xxxx): peer: <inet-unicast inet6-unicast>(17) us: <inet6-unicast>(16) (instance master)
> Which tells me that we are offering IPv6 and IPv4 but they only want ipv6, correct ?
>
> The configuration on our side is as follows
>
> frr version 7.5.1
> frr defaults traditional
> hostname XXXXXX
> service integrated-vtysh-config
> !
> password some_password
> !
> ip router-id 62.xx.xx.x
> !
> router bgp 1xxxx
> bgp router-id 62.xx.xx.xx
> bgp log-neighbor-changes
> no bgp network import-check
> neighbor 62.x.x.x remote-as 3xxx
> neighbor 62.x.x.x description Lumen peer
> neighbor 62.x.x.x bfd
> neighbor 62.x.x.x password PASSWORD
> neighbor 62.x.x.x update-source 62.xx.xx.xx
> neighbor 2001:xxxx:x:x:x:x:x:xxxx remote-as 3xxx
> neighbor 2001:xxxx:x:x:x:x:x:xxxx description Lumen Circuit 1 - IPv6
> neighbor 2001:xxxx:x:x:x:x:x:xxxx bfd
> neighbor 2001:xxxx:x:x:x:x:x:xxxx password PASSWORD
> neighbor 2001:xxxx:x:x:x:x:x:xxxx update-source 2001:xxxx:x:x:x:x:xx:xxxx
> !
> address-family ipv4 unicast
> network 62.x.x.xxx/25 route-map ALLOW-ALL
> network 212.x.x.x/29 route-map ALLOW-ALL
> neighbor 62.x.x.x route-map ALLOW-ALL in
> neighbor 62.x.x.x route-map ALLOW-ALL out
> exit-address-family
> !
> address-family ipv6 unicast
> network 2001:XXXX:XXXX:X::/64 route-map ALLOW-ALL
> network 2001:XXXX:XXXX::/48 route-map ALLOW-ALL
> neighbor 2001:1900:x:x:x:x:x:xxxx activate
> no neighbor 2001:1900:x:x:x:x:x:xxxx send-community
> neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL in
> neighbor 2001:1900:x:x:x:x:x:xxxx route-map ALLOW-ALL out
> exit-address-family
> !
> route-map ALLOW-ALL permit 100
> description Match any route
> !
> line vty
> !
> bfd
> peer 62.x.x.x local-address 62.xx.xx.xx interface vtnet0
> no shutdown
> ! !
> any help on how to continue with this is very much appreciated. We have no idea what to do here
>
> Cheers
> Soeren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20230514/ffb3f24a/attachment.htm>
More information about the frog
mailing list