Re: anyone tried bgpd vs. he.net/tunnelbroker.net

* jared r r spiegel <jrrs <at> ice-nine.org> [2005-09-18 06:50]:
>   tried it a while ago (~3.6?) with openbsd bgpd and it
>   would bomb on me complaining of unsupported capability.

> Sep 17 23:08:02 4801a bgpd[21303]: neighbor 2001:470:1f01:ffff::122 (he.net): re
> ceived notification: error in OPEN message, unsupported capability

well, it is the OTHER side bombing out. your peer send us a notification 
saying they don't grok one of our capabilities.

> Sep 17 23:08:02 4801a bgpd[21303]: neighbor 2001:470:1f01:ffff::122 (he.net): re
> ceived "unsupported capability" notification without data part, disabling capabi
> lity announcements altogether

and in violation of the RFCs, the notification does not contain the 
capability the peer didn't understand in the data part, so all we can 
do is disabling the capabilities negotiation alltogether.

> Sep 17 23:08:02 4801a bgpd[21303]: neighbor 2001:470:1f01:ffff::122 (he.net): st
> ate change OpenSent -> Idle, reason: NOTIFICATION received
> Sep 17 23:08:02 4801a bgpd[21303]: neighbor 2001:470:1f01:ffff::122 (he.net): st
> ate change Idle -> Connect, reason: Start
> <repeat>

well, the next connection attempt should succeed, without capabilities 
negotiation. the peer might, however, insist on v6 unicast beeing 
negotiated, which of course fails due to the capabilities negotiation 
problem.

the peer is broken and needs to be fixed.

your only workaround is to not send any capability it does not grok. 
this is guesswork. you might want to try to not announce v4 unicast 
capabilities.

--

-- 
BS Web Services, http://www.bsws.de/
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)