Hi,i'm runing mwan3 (2.8.16-1) on openwrt 19.07.06.
I found that the console ha…s an output
`mwan3 _connected_v6_temp is full maxelem 65536 reached`
This will cause mwan3 to fail to diverge normally and luci to be inaccessible, etc.
After investigation,i think it is caused by limition of IPV6 Routing Table.
The routing table is imported init kernal by bird2,So how to remove these restrictions? Is this the problem?
Here's the configuration file
```
root@home-1-OpenWrt:/etc/config# cat mwan3
config rule 'vpn_ca_udp'
option dest_ip '104.218.*.*
option dest_port '52471'
option proto 'udp'
option sticky '0'
option use_policy 'balanced'
config rule 'vpn_ca'
option dest_ip '104.218.*.*'
option dest_port '52471'
option proto 'tcp'
option sticky '0'
option use_policy 'balanced'
config rule 'vpn_hk'
option dest_ip '103.152.*.*'
option sticky '0'
option proto 'all'
option use_policy 'balanced'
config rule 'heipv6_update'
option dest_ip '64.62.200.2'
option proto 'all'
option sticky '0'
option use_policy 'wan_only'
config rule 'direct'
option proto 'all'
option sticky '0'
option ipset 'direct'
option use_policy 'balanced'
config rule 'https_china'
option dest_port '443'
option ipset 'china'
option sticky '1'
option proto 'tcp'
option use_policy 'balanced'
config rule 'China_v4'
option proto 'all'
option sticky '0'
option ipset 'china'
option use_policy 'balanced'
config rule 'ssh'
option dest_port '22'
option proto 'tcp'
option sticky '1'
option use_policy 'balanced'
config rule 'https'
option dest_port '443'
option proto 'tcp'
option sticky '1'
option use_policy 'VPN'
config rule 'ipv4_tcp'
option sticky '0'
option proto 'tcp'
option dest_port '1024:65535'
option use_policy 'VPN'
config rule 'default_rule_v6'
option dest_ip '::/0'
option family 'ipv6'
option proto 'all'
option sticky '0'
option use_policy 'default'
config rule 'default_rule_v4'
option dest_ip '0.0.0.0/0'
option family 'ipv4'
option proto 'all'
option sticky '0'
option use_policy 'VPN'
config globals 'globals'
option mmx_mask '0x3F00'
option rtmon_interval '5'
config interface 'wan'
option enabled '1'
option family 'ipv4'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
option initial_state 'online'
option track_method 'ping'
option size '56'
option max_ttl '60'
option check_quality '0'
option failure_interval '5'
option recovery_interval '5'
option reliability '1'
list track_ip '223.5.5.5'
list track_ip '1.2.4.8'
list track_ip '1.1.1.1'
config policy 'wan_only'
option last_resort 'default'
list use_member 'wan1_m50_w50'
config policy 'balanced'
option last_resort 'default'
list use_member 'wan3_m50_w50'
list use_member 'wan1_m50_w50'
list use_member 'wan2_m50_w50'
config interface 'wan2'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
option enabled '1'
list track_ip '223.5.5.5'
list track_ip '1.2.4.8'
list track_ip '1.1.1.1'
config interface 'wan3'
option enabled '1'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
list track_ip '223.5.5.5'
list track_ip '1.2.4.8'
list track_ip '1.1.1.1'
config policy 'wan2_only'
option last_resort 'default'
list use_member 'wan2_m50_w50'
config policy 'wan3_only'
option last_resort 'default'
list use_member 'wan3_m50_w50'
config interface 'Unmetered_VPN'
option enabled '1'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
list track_ip '10.200.200.1'
list track_ip '1.1.1.1'
config policy 'VPN'
option last_resort 'default'
list use_member 'hk_1_vpn_m50_w50'
list use_member 'Unmetered_VPN_m60_w55'
list use_member 'Unmetered_VPN_2_m60_w60'
list use_member 'Unmetered_VPN_3_m60_w60'
config interface 'Unmetered_VPN_2'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
option enabled '1'
list track_ip '10.200.200.1'
list track_ip '1.1.1.1'
config interface 'Unmetered_VPN_3'
option enabled '1'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
list track_ip '10.200.200.1'
list track_ip '1.1.1.1'
config interface 'hk_1_vpn'
option enabled '1'
option initial_state 'online'
option family 'ipv4'
option track_method 'ping'
option reliability '1'
option count '1'
option size '56'
option max_ttl '60'
option check_quality '0'
option timeout '2'
option interval '5'
option failure_interval '5'
option recovery_interval '5'
option down '3'
option up '3'
list track_ip '10.200.210.1'
list track_ip '1.1.1.1'
list track_ip '8.8.8.8'
config policy 'Unmetered'
option last_resort 'unreachable'
list use_member 'Unmetered_VPN_m60_w55'
list use_member 'Unmetered_VPN_2_m60_w60'
list use_member 'Unmetered_VPN_3_m60_w60'
config policy 'hk1'
option last_resort 'unreachable'
list use_member 'hk_1_vpn_m50_w50'
config member 'Unmetered_VPN_m60_w55'
option interface 'Unmetered_VPN'
option metric '60'
option weight '55'
config member 'Unmetered_VPN_2_m60_w60'
option interface 'Unmetered_VPN_2'
option metric '60'
option weight '60'
config member 'Unmetered_VPN_3_m60_w60'
option interface 'Unmetered_VPN_3'
option metric '60'
option weight '60'
config member 'hk_1_vpn_m50_w50'
option interface 'hk_1_vpn'
option metric '50'
option weight '50'
config member 'hk_1_vpn_m60_w50'
option interface 'hk_1_vpn'
option metric '60'
option weight '50'
config member 'wan1_m50_w50'
option interface 'wan'
option metric '50'
option weight '50'
config member 'wan2_m50_w50'
option metric '50'
option weight '50'
option interface 'wan2'
config member 'wan3_m50_w50'
option interface 'wan3'
option metric '50'
option weight '50'
```
bird.conf
```
router id 192.168.7.1;
define LOCAL_ASN = 141011;
define OUR_PREFIXES= [
2602:feda:ab0::/44{44,48},
2406:840:e240::/44{44,48}
];
roa4 table r4;
roa6 table r6;
log syslog all;
protocol device {
scan time 60;
}
#protocol static {
# ipv6;
# route 2602:feda:ab5::1/128 via 2602:feda:ab3::1%'br-home_1_arch';
#}
protocol static BGP_Prefix{
ipv6;
route 2602:feda:ab3::/48 reject;
}
protocol kernel {
learn;
# persist;
ipv6 {
import all;
export filter {
# krt_prefsrc = 2602:feda:ab3::1;
accept;
};
};
}
protocol direct {
#interface "dummy*";
ipv6 {
import all;
export all;
};
}
function net_len_too_long(){
case net.type {
NET_IP4: return net.len > 24; # IPv4 CIDR 大于 /24 为太长
NET_IP6: return net.len > 48; # IPv6 CIDR 大于 /48 为太长
else: print "net_len_too_long: unexpected net.type ", net.type, " ", net; return false;
}
}
define BOGON_ASNS = [
0, # RFC 7607
23456, # RFC 4893 AS_TRANS
64496..64511, # RFC 5398 and documentation/example ASNs
64512..65534, # RFC 6996 Private ASNs
65535, # RFC 7300 Last 16 bit ASN
65536..65551, # RFC 5398 and documentation/example ASNs
65552..131071, # RFC IANA reserved ASNs
4200000000..4294967294, # RFC 6996 Private ASNs
4294967295 # RFC 7300 Last 32 bit ASN
];
define BOGON_PREFIXES_V4 = [
0.0.0.0/8+, # RFC 1122 'this' network
10.0.0.0/8+, # RFC 1918 private space
100.64.0.0/10+, # RFC 6598 Carrier grade nat space
127.0.0.0/8+, # RFC 1122 localhost
169.254.0.0/16+, # RFC 3927 link local
172.16.0.0/12+, # RFC 1918 private space
192.0.2.0/24+, # RFC 5737 TEST-NET-1
192.88.99.0/24+, # RFC 7526 deprecated 6to4 relay anycast. If you wish to allow this, change `24+` to `24{25,32}`(no more specific)
192.168.0.0/16+, # RFC 1918 private space
198.18.0.0/15+, # RFC 2544 benchmarking
198.51.100.0/24+, # RFC 5737 TEST-NET-2
203.0.113.0/24+, # RFC 5737 TEST-NET-3
224.0.0.0/4+, # multicast
240.0.0.0/4+ # reserved
];
define BOGON_PREFIXES_V6 = [
::/8+, # RFC 4291 IPv4-compatible, loopback, et al
0100::/64+, # RFC 6666 Discard-Only
2001::/32{33,128}, # RFC 4380 Teredo, no more specific
2001:2::/48+, # RFC 5180 BMWG
2001:10::/28+, # RFC 4843 ORCHID
2001:db8::/32+, # RFC 3849 documentation
2002::/16+, # RFC 7526 deprecated 6to4 relay anycast. If you wish to allow this, change `16+` to `16{17,128}`(no more specific)
3ffe::/16+, # RFC 3701 old 6bone
fc00::/7+, # RFC 4193 unique local unicast
fe80::/10+, # RFC 4291 link local unicast
fec0::/10+, # RFC 3879 old site local unicast
ff00::/8+ # RFC 4291 multicast
];
function is_bogon_prefix() {
case net.type {
NET_IP4: return net ~ BOGON_PREFIXES_V4;
NET_IP6: return net ~ BOGON_PREFIXES_V6;
else: print "is_bogon_prefix: unexpected net.type ", net.type, " ", net; return false;
}
}
function is_bogon_asn() {
if bgp_path ~ BOGON_ASNS then return true;
return false;
}
protocol rpki {
# debug all;
roa4 { table r4; };
roa6 { table r6; };
# Please, do not use rpki-validator.realmv6.org in production
remote "rtr.rpki.cloudflare.com" port 8282;
retry keep 5;
refresh keep 30;
expire 600;
}
filter peer_in_v4 {
if (roa_check(r4, net, bgp_path.last) = ROA_INVALID) then
{
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
reject;
}
accept;
}
filter peer_in_v6 {
if is_bogon_asn() then {
print "is bogon asn", net, " for ASN ", bgp_path.last;
reject;
}
if is_bogon_prefix() then {
print "is bogon prefix", net, " for ASN ", bgp_path.last;
reject;
}
if (roa_check(r6, net, bgp_path.last) = ROA_INVALID) then
{
print "Ignore RPKI invalid ", net, " for ASN ", bgp_path.last;
reject;
}
accept;
}
function bgp_export() {
if net !~ OUR_PREFIXES then return false;
if is_bogon_asn() then return false;
if is_bogon_prefix() then return false;
if net_len_too_long() then {
# print "net ", net, " prefix too long";
return false;
}
if proto = "BGP_Prefix" then return true;
return true;
}
function bgp_export_all() {
if bgp_export() then return true;
if source != RTS_BGP then return false;
return true;
}
template bgp tpl_bgp {
graceful restart on;
local as LOCAL_ASN;
ipv6 {
next hop self;
import filter peer_in_v6;
export filter{
if net ~ OUR_PREFIXES then bgp_path.prepend(141011);
if bgp_export() then accept;
else reject;
};
};
}
template bgp tpl_ibgp {
local as LOCAL_ASN;
rr client;
direct;
ipv6 {
next hop self;
import filter {
if is_bogon_asn() then {
print "is bogon asn", net, " for ASN ", bgp_path.last;
reject;
}
if is_bogon_prefix() then {
print "is bogon prefix", net, " for ASN ", bgp_path.last;
reject;
}
accept;
};
export filter {
if bgp_export_all() then accept;
if proto != RTS_BGP then reject;
if is_bogon_asn() then reject;
if is_bogon_prefix() then reject;
accept;
};
};
}
template bgp tpl_bgp_rs {
graceful restart on;
rs client;
local as LOCAL_ASN;
ipv6 {
next hop self;
import filter peer_in_v6;
export filter{
if bgp_export_all() then accept;
if net ~ OUR_PREFIXES then bgp_path.prepend(141011);
};
};
}
protocol bgp home_1_arch from tpl_ibgp {
description "HOME_1_AECH BGP";
source address 2602:feda:ab3::1;
neighbor 2602:feda:ab3:0:3843:aeff:fe5b:18cb%'eth0' as 141011;
}
```