Hallo,
gibt es bzgl. BGP (Quagga) irgendwelche bekannten Probleme in
Zusammenhang mit GRE-Tunnel-Verbindungen?
Ich habe hier reproduzierbar das Problem, dass ich über einen GRE-Tunnel
keine BGP-Updates verschicken kann, obwohl ansonsten alle anderen
Dienste problemlos funktionieren. Eine TCP-Verbindung zur jeweiligen
Gegenstelle auf dem BGP-Port ist ebenfalls problemlos möglich. Aber
Quagga meldet immer nur:
2010/07/10 13:15:00 BGP: Performing BGP general scanning
2010/07/10 13:15:00 BGP: scanning IPv4 Unicast routing tables
2010/07/10 13:15:00 BGP: scanning IPv6 Unicast routing tables
2010/07/10 13:15:00 BGP: Import timer expired.
2010/07/10 13:15:04 BGP: 172.17.1.2 [FSM] Timer (connect timer expire)
2010/07/10 13:15:04 BGP: 172.17.1.2 [FSM] ConnectRetry_timer_expired
(Active
Connect)
2010/07/10 13:15:04 BGP: 172.17.1.2 [Event] Connect start to 172.17.1.2
fd 12
2010/07/10 13:15:04 BGP: 172.17.1.2 [FSM] Non blocking connect waiting
result
2010/07/10 13:15:04 BGP: 172.17.1.2 [Event] Connect failed (Operation
now in progress)
2010/07/10 13:15:04 BGP: 172.17.1.2 [FSM] TCP_connection_open_failed
(Connect
Active)
2010/07/10 13:15:06 BGP: 172.17.1.5 [FSM] Timer (connect timer expire)
2010/07/10 13:15:06 BGP: 172.17.1.5 [FSM] ConnectRetry_timer_expired
(Active
Connect)
2010/07/10 13:15:06 BGP: 172.17.1.5 [Event] Connect start to 172.17.1.5
fd 12
2010/07/10 13:15:06 BGP: 172.17.1.5 [FSM] Non blocking connect waiting
result
2010/07/10 13:15:06 BGP: 172.17.1.5 [Event] Connect failed (Operation
now in progress)
2010/07/10 13:15:06 BGP: 172.17.1.5 [FSM] TCP_connection_open_failed
(Connect
Active)
2010/07/10 13:15:15 BGP: Import timer expired.
Auf der jeweiligen Gegenseit sieht es ähnlich aus. Die beiden BGP-Daemon
wollte einfach nicht über den GRE-Tunnel miteinander sprechen.
Ich habe jetzt alternativ zum GRE-Tunnel einen OpenVPN-Tunnel aufgebaut.
Damit funktioniert es bei identischer Quagga-Konfiguration auf Anhieb:
2010/07/10 13:17:00 BGP: Performing BGP general scanning
2010/07/10 13:17:00 BGP: scanning IPv4 Unicast routing tables
2010/07/10 13:17:00 BGP: scanning IPv6 Unicast routing tables
2010/07/10 13:17:00 BGP: Import timer expired.
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] Timer (connect timer expire)
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] ConnectRetry_timer_expired
(Active
Connect)
2010/07/10 13:17:04 BGP: 172.17.1.2 [Event] Connect start to 172.17.1.2
fd 12
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] Non blocking connect waiting
result
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] TCP_connection_open
(Connect
OpenSent)
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] Receive_OPEN_message
(OpenSent
OpenConfirm)
2010/07/10 13:17:04 BGP: 172.17.1.2 sending KEEPALIVE
2010/07/10 13:17:04 BGP: 172.17.1.2 KEEPALIVE rcvd
2010/07/10 13:17:04 BGP: 172.17.1.2 [FSM] Receive_KEEPALIVE_message
(OpenConfirm
Established)
2010/07/10 13:17:04 BGP: 172.17.1.2 sending KEEPALIVE
2010/07/10 13:17:04 BGP: 172.17.1.2 KEEPALIVE rcvd
2010/07/10 13:17:05 BGP: 172.17.1.2 [FSM] Timer (routeadv timer expire)
2010/07/10 13:17:05 BGP: 172.17.1.2 send UPDATE 0.0.0.0/0
2010/07/10 13:17:05 BGP: 172.17.1.2 send UPDATE 78.46.208.240/28
2010/07/10 13:17:05 BGP: 172.17.1.2 send UPDATE 178.63.60.128/26
2010/07/10 13:17:05 BGP: 172.17.1.2 send UPDATE 172.17.1.2/32
2010/07/10 13:17:05 BGP: 172.17.1.2 send UPDATE 172.16.108.0/24
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd UPDATE w/ attr: nexthop
172.17.1.2, origin ?, metric 100, path 2
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd UPDATE about 0.0.0.0/0 --
DENIED due to: filter;
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd UPDATE w/ attr: nexthop
172.17.1.2, origin ?, path 2 4
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 78.46.151.128/28
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 192.168.111.2/32
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 192.168.8.201/32
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 192.168.7.1/32
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 172.16.77.2/32
2010/07/10 13:17:05 BGP: 172.17.1.2 rcvd 78.47.110.232/29
...usw...usw...
Irgendeine Idee?
Gruß,
Jörn
