openbgpds not talking each other since 8.2-STABLE upgrade

Nikolay Denev ndenev at gmail.com
Tue Jan 3 07:07:52 UTC 2012 

On Jan 3, 2012, at 5:53 AM, Doug Barton wrote:

> We have a pair of physical FreeBSD systems configured as routers
> designed to operate in an active/standby CARP configuration. Everything
> used to work fine, but since an upgrade to 8.2-STABLE on December 29th
> the two routers don't speak BGP to each other anymore. They both
> function fine individually, and failover works. It is only the openbgpd
> communication between them that's not flowing.
> 
> They have OpenBGPd (openbgpd-4.9.20110612_1 from ports) installed.  The
> active router takes BGP full route feeds from our peers and *should*
> feed it to the standby router via a direct connection (crossover cable
> between physical em2 ports).
> 
> The relative "bgpctl show" reports:
> 
> 10.0.0.2           12345          0          0     0 Never    Active
> 
> or
> 
> 10.0.0.2           12345          0          0     0 Never    Connect
> 
> The bgp daemon for the active server periodically reports:
> 
> bgpd[6773]: neighbor 10.0.0.2: socket error: Operation timed out
> 
> There is not a connectivity problem between the two hosts; ssh for
> example works fine.  Telnet'ing to the bgp port times out, even from the
> same machine.
> 
> There is no firewall configured on that interface.
> 
> TCP-MD5 is *not* configured on the bgpd side.  We did try enabling it
> (properly) between the two machines via /etc/ipsec.conf to see if it
> would make a difference, but that also had no effect on this problem.
> 
> We've tried tcpdump, and both machines can clearly see the TCP SYN and
> SYN-ACK setup packets flowing in both directions, but the ACK packet
> never happens.  In netstat -an, the opening side gets:
> 
> tcp4       0      0 10.0.0.2.16797     10.0.0.1.179      SYN_SENT
> 
> and the receiving side gets:
> 
> tcp4       0      0 10.0.0.1.179       10.0.0.2.16797    SYN_RCVD
> 
> Just to make sure pf can't possibly be affecting this, right at the top
> of pf.conf on both machines:
> 
> ##  Pass inter-router traffic
> pass quick on em2 from 10.0.0.2 to 10.0.0.1
> pass quick on em2 from 10.0.0.1 to 10.0.0.2
> 
> This is sufficient because we can connect to bgpd with nc:
> 
> $ nc -S 10.0.0.2 179
> ????????????????-??Z?^w?A??
> 
> Produces:
> 
> $ netstat -an | fgrep 10.0.0.2
> tcp4       0      0 10.0.0.1.25711     10.0.0.2.179      ESTABLISHED
> 
> and
> 
> $ netstat -an | fgrep 10.0.0.1
> tcp4       0      0 10.0.0.2.179      10.0.0.1.25711     ESTABLISHED
> 
> So this appears to be some sort of weird problem specific to openbgpd
> and the updated kernel.
> 
> At this point I'm at a loss as to how to proceed, so any suggestions on
> how to fix, or even debug this will be greatly appreciated.
> 
> 
> Doug
> 

Since I've had similar problem with Quagga after updating to 8.2-STABLE I'd suggest
you to try setting "net.inet.tcp.signature_verify_input=0" and see if that would help.

Here is another thread about the similar (if not the same) problem : 
http://groups.google.com/group/mailing.freebsd.bugs/browse_thread/thread/ea347a919dbc165d/eeaa2965fc4f64c9?show_docid=eeaa2965fc4f64c9&pli=1

Regards,
Nikolay

More information about the freebsd-net mailing list