[Bug 223835] BGP session not established with md5 password via FRRouting

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=223835

--- Comment #6 from Andrey V. Elsukov <ae at FreeBSD.org> ---
(In reply to Alexey from comment #4)
> (In reply to Andrey V. Elsukov from comment #3)
> [root at gate /home/pautina]# netstat -sp tcp | grep sig
>         0 packets with matching signature received
>         5261 packets with bad signature received

This means that socket is configured to receive and send TCP MD5 signatures,
but TCP segments has wrong signatures. You need to make sure that used password
is correct. 

>         5579 times failed to make signature due to no SA

This means that outbound or inbound TCP segments have been failed to find
corresponding SA for given addresses and ports.

>         0 times unexpected signature received
>         2 times no signature provided by segment
> 
> what are you mean about addresses daemon, what the daemon, frr, bgpd?
> 
> Maybe this?
> frr      bgpd       41894 5  tcp6   *:179                 *:*
> frr      bgpd       41894 6  tcp4   *:179                 *:*
> frr      bgpd       41894 7  tcp6   *:2605                *:*
> frr      bgpd       41894 8  tcp4   *:2605                *:*

I would check the output of tcpdump for given TCP connections. Addresses in
packets dump should match to addresses used in SAs. You also can use -M flag to
specify used password and see that it is correct.

-- 
You are receiving this mail because:
You are the assignee for the bug.