New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
IP's not pinging
Hey all, I've been having some great troubles with a few servers I own lately. I'm announcing a few subnets via bgp and the problems that I've been facing are that the ip's are not pinging. My server provider says it is because of wrong rpki records but that's not true for all subnets (it's true for 1/4 and i'm dealing with it). This is the case on my 2 ubuntu 18.04 servers, it however is not the case on my debian 9 server. I hope by seeking help on here the problems can be resolved.
Comments
It might help to share the respective IPs...
185.241.149.0/24 and 77.243.85.0/24
running "tracert 185.241.149.0" and "tracert 77.243.85.0" works fine for me, which means it's being announced just fine.
Did you bind the IP already? Obviously it's not gonna respond to ICMP if you didn't configure it.
I dont see those two prefixes announced as /24s in the DFZ, only as /23s from Heficed. RPKI and route objects seem to be valid for your ASN.
You should check if you export them correctly to your upstream and if they receive them.
Maybe check firewall?
Preference: 100
Input filter: ACCEPT
Output filter: (unnamed)
Routes: 810603 imported, 2 exported, 810603 preferred
Route change stats: received rejected filtered ignored accepted
Import updates: 1827257 0 0 0 1827257
Import withdraws: 56326 0 --- 0 56326
Export updates: 1827259 1827257 0 --- 2
Export withdraws: 56326 --- --- --- 0
BGP state: Established
This looks good to me. disabled firewall already
What ASN are you announcing those prefixes to?
The prefies you are announcing should have a valid IRR record to you ASN, RPKI would be good as well. And most transits reject invalid RPKI
Hey, found the problem I think, it's rpki related thanks for the help though all
Hey, to come back to this, the problem still isn't solved. The subnets are transferred from one server to another server with a different ASN, rpki records etc. are updated but there still is a routing conflict my provider says, I however cannot find out how to solve this routing conflict. Could it perhaps be that the route still goes to the old server instead of the new one or something? clouvider hasn't been really helpful pointing out the routing problem either on their end...
thanks in advance
Looking at my routing data, your two /24s do not even appear in the DFZ, only as less-specifics announced by Heficed which should not cause any issues. RPKI and ROAs look still good.
Make sure to check that you export your prefixes with:
birdc show route export PROTOCOLNAME