On Mon, Jul 22, 2024 at 10:28:29AM +0100, Stuart Henderson wrote:
> On 2024/07/22 10:15, Claudio Jeker wrote:
> > On Sun, Jul 21, 2024 at 11:41:21AM +0200, Alexander Bluhm wrote:
> > > 
> > > Of course pf states have different timeouts than ARP or ND6.  Or
> > > are you more concerned about dynamic BGP routes that get referenced
> > > by states?
> > 
> > Both. In most cases BGP routers will probably avoid states since routing
> > at that level is asymetric.
> 
> Typically I use stateful rules on BGP routers for traffic to the router
> itself, and stateless for forwarded traffic. (Some people.may use
> "sloppy" but I ran into problems with that).
> 
> As such the BGP sessions themselves are typically on stateful rules,
> and in many cases this is to a loopback IP address distributed by OSPF
> running across multiple WAN links - so if an old route is cached, there
> will be problems if a WAN link goes down.

The rtisvalid() check in route_cache() should prevent unusable
routes in the cache.  Does your WAN route have the UP flag?

If the OSPF router changes the routing table, the ro->ro_generation
== gen check should prevent using the cached route.

Have you seen the problems you descibe recently?  If yes, this is
a bug that should be fixed.  In 2024/03/31 I made the final commit
in this area, so I am interested in newer bug reports.

bluhm