On Jan 3, 2012, at 5:53 AM, Doug Barton wrote: > We have a pair of physical FreeBSD systems configured as routers > designed to operate in an active/standby CARP configuration. Everything > used to work fine, but since an upgrade to 8.2-STABLE on December 29th > the two routers don't speak BGP to each other anymore. They both > function fine individually, and failover works. It is only the openbgpd > communication between them that's not flowing. > > They have OpenBGPd (openbgpd-4.9.20110612_1 from ports) installed. The > active router takes BGP full route feeds from our peers and *should* > feed it to the standby router via a direct connection (crossover cable > between physical em2 ports). > > The relative "bgpctl show" reports: > > 10.0.0.2 12345 0 0 0 Never Active > > or > > 10.0.0.2 12345 0 0 0 Never Connect > > The bgp daemon for the active server periodically reports: > > bgpd[6773]: neighbor 10.0.0.2: socket error: Operation timed out > > There is not a connectivity problem between the two hosts; ssh for > example works fine. Telnet'ing to the bgp port times out, even from the > same machine. > > There is no firewall configured on that interface. > > TCP-MD5 is *not* configured on the bgpd side. We did try enabling it > (properly) between the two machines via /etc/ipsec.conf to see if it > would make a difference, but that also had no effect on this problem. > > We've tried tcpdump, and both machines can clearly see the TCP SYN and > SYN-ACK setup packets flowing in both directions, but the ACK packet > never happens. In netstat -an, the opening side gets: > > tcp4 0 0 10.0.0.2.16797 10.0.0.1.179 SYN_SENT > > and the receiving side gets: > > tcp4 0 0 10.0.0.1.179 10.0.0.2.16797 SYN_RCVD > > Just to make sure pf can't possibly be affecting this, right at the top > of pf.conf on both machines: > > ## Pass inter-router traffic > pass quick on em2 from 10.0.0.2 to 10.0.0.1 > pass quick on em2 from 10.0.0.1 to 10.0.0.2 > > This is sufficient because we can connect to bgpd with nc: > > $ nc -S 10.0.0.2 179 > ????????????????-??Z?^w?A?? > > Produces: > > $ netstat -an | fgrep 10.0.0.2 > tcp4 0 0 10.0.0.1.25711 10.0.0.2.179 ESTABLISHED > > and > > $ netstat -an | fgrep 10.0.0.1 > tcp4 0 0 10.0.0.2.179 10.0.0.1.25711 ESTABLISHED > > So this appears to be some sort of weird problem specific to openbgpd > and the updated kernel. > > At this point I'm at a loss as to how to proceed, so any suggestions on > how to fix, or even debug this will be greatly appreciated. > > > Doug >
Since I've had similar problem with Quagga after updating to 8.2-STABLE I'd suggest you to try setting "net.inet.tcp.signature_verify_input=0" and see if that would help. Here is another thread about the similar (if not the same) problem : http://groups.google.com/group/mailing.freebsd.bugs/browse_thread/thread/ea347a919dbc165d/eeaa2965fc4f64c9?show_docid=eeaa2965fc4f64c9&pli=1 Regards, Nikolay_______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
