Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IP's not pinging
New on LowEndTalk? Please Register and read our Community Rules.

IP's not pinging

Hey all, I've been having some great troubles with a few servers I own lately. I'm announcing a few subnets via bgp and the problems that I've been facing are that the ip's are not pinging. My server provider says it is because of wrong rpki records but that's not true for all subnets (it's true for 1/4 and i'm dealing with it). This is the case on my 2 ubuntu 18.04 servers, it however is not the case on my debian 9 server. I hope by seeking help on here the problems can be resolved.

Comments

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    It might help to share the respective IPs...

  • @RickBakkr said:
    It might help to share the respective IPs...

    185.241.149.0/24 and 77.243.85.0/24

  • running "tracert 185.241.149.0" and "tracert 77.243.85.0" works fine for me, which means it's being announced just fine.

    Did you bind the IP already? Obviously it's not gonna respond to ICMP if you didn't configure it.

  • rubenruben Member, Host Rep

    @WouterTB said: 185.241.149.0/24 and 77.243.85.0/24

    I dont see those two prefixes announced as /24s in the DFZ, only as /23s from Heficed. RPKI and route objects seem to be valid for your ASN.
    You should check if you export them correctly to your upstream and if they receive them.

  • Maybe check firewall?

  • Preference: 100
    Input filter: ACCEPT
    Output filter: (unnamed)
    Routes: 810603 imported, 2 exported, 810603 preferred
    Route change stats: received rejected filtered ignored accepted
    Import updates: 1827257 0 0 0 1827257
    Import withdraws: 56326 0 --- 0 56326
    Export updates: 1827259 1827257 0 --- 2
    Export withdraws: 56326 --- --- --- 0
    BGP state: Established

    This looks good to me. disabled firewall already

  • What ASN are you announcing those prefixes to?

    The prefies you are announcing should have a valid IRR record to you ASN, RPKI would be good as well. And most transits reject invalid RPKI

  • Hey, found the problem I think, it's rpki related thanks for the help though all

  • Hey, to come back to this, the problem still isn't solved. The subnets are transferred from one server to another server with a different ASN, rpki records etc. are updated but there still is a routing conflict my provider says, I however cannot find out how to solve this routing conflict. Could it perhaps be that the route still goes to the old server instead of the new one or something? clouvider hasn't been really helpful pointing out the routing problem either on their end...
    thanks in advance

  • rubenruben Member, Host Rep

    @WouterTB said: Could it perhaps be that the route still goes to the old server instead of the new one or something?

    Looking at my routing data, your two /24s do not even appear in the DFZ, only as less-specifics announced by Heficed which should not cause any issues. RPKI and ROAs look still good.

    Make sure to check that you export your prefixes with:
    birdc show route export PROTOCOLNAME

Sign In or Register to comment.