[ixpmanager] BGP Session stuck in Connect state

Nick Hilliard nick at foobar.org
Thu May 19 13:52:18 IST 2022 

DDFR | Samaneh Amini via ixpmanager wrote on 19/05/2022 14:26:
> I can ping from both birdserver and bgp-peer each other. And telnet from 
> birdserver to bgp-peer:179 works *but* telnet from bgp-peer to 
> birdserver:179 *doesn’t work*.  

Sounds like a TCP MD5 problem?  Can you check the MD5 passwords 
configured on both sides and make sure they match?  From the tcpdump 
output below, one side of the bgp session may not have md5 configured at 
all.

Nick


> I’m sure that is not a firewall 
> issue.TCP 3-way handshake of one direction(client:randomPort to 
> Bird:179) is not successful I have captured packets with tcpdump in bird 
> and I see that the SYN packets from my client(192.168.184.4) is 
> received, but no SYN-ACK from bird is sent as reply. If session begins 
> from bird to the client(192.168.184.4:179) I see SYN-ACK and ACK
> 
> May I ask you to help me to resolve the issue?
> 
> root at bird01-NEW:~# netstat -nltp | grep 179
> 
> tcp        0      0 192.168.184.1:179       0.0.0.0:*               
> LISTEN      2400/bird
> 
> *******************************************
> 
> root at bird01-NEW:~# ps -ef | grep bird
> 
> root        2400       1  0 12:25 ?        00:00:00 /usr/sbin/bird -c 
> /usr/local/etc/bird/bird-rs00-ipv4.conf -s 
> /var/run/bird/bird-rs00-         ipv4.ctl
> 
> root        2697    2175  0 12:26 pts/1    00:00:00 grep --color=auto bird
> 
> root at bird01-NEW:~# tcpdump -i ens192 host 192.168.184.4 &&  port 179
> 
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> 
> listening on ens192, link-type EN10MB (Ethernet), capture size 262144 bytes
> 
> 12:35:06.894079 IP 192.168.184.4.64541 > bird01-NEW.bgp: Flags [S], seq 
> 1259990989, win 16384, options [mss 1950], length 0
> 
> 12:35:08.898288 IP 192.168.184.4.64541 > bird01-NEW.bgp: Flags [S], seq 
> 1259990989, win 16384, options [mss 1950], length 0
> 
> 12:35:12.899725 IP 192.168.184.4.64541 > bird01-NEW.bgp: Flags [S], seq 
> 1259990989, win 16384, options [mss 1950], length 0
> 
> 12:35:13.450636 IP bird01-NEW.53075 > 192.168.184.4.bgp: Flags [S], seq 
> 4069192083, win 64240, options [nop,nop,md5 shared secret not supplied 
> with -M, can't check - de5e7c3156f705570daf560d4e26126c,mss 
> 1460,nop,nop,sackOK,nop,wscale 7], length 0
> 
> 12:35:13.452216 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 120077824, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:15.449811 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 120077824, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:19.451138 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 120077824, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:20.902836 IP 192.168.184.4.64541 > bird01-NEW.bgp: Flags [S], seq 
> 1259990989, win 16384, options [mss 1950], length 0
> 
> 12:35:27.453709 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 120077824, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:46.986676 IP bird01-NEW.53075 > 192.168.184.4.bgp: Flags [S], seq 
> 4069192083, win 64240, options [nop,nop,md5 shared secret not supplied 
> with -M, can't check - de5e7c3156f705570daf560d4e26126c,mss 
> 1460,nop,nop,sackOK,nop,wscale 7], length 0
> 
> 12:35:46.990027 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 2697219754, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:48.987024 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 2697219754, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:35:52.106596 ARP, Request who-has 192.168.184.4 tell bird01-NEW, 
> length 28
> 
> 12:35:52.107789 ARP, Reply 192.168.184.4 is-at 54:78:1a:f4:c0:c4 (oui 
> Unknown), length 46
> 
> 12:35:52.988634 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 2697219754, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:36:00.991970 IP 192.168.184.4.bgp > bird01-NEW.53075: Flags [S.], seq 
> 2697219754, ack 4069192084, win 16384, options [mss 1460], length 0
> 
> 12:36:11.376982 IP 192.168.184.4.54255 > bird01-NEW.bgp: Flags [S], seq 
> 3131800043, win 16384, options [mss 1950], length 0
> 
> 12:36:13.380743 IP 192.168.184.4.54255 > bird01-NEW.bgp: Flags [S], seq 
> 3131800043, win 16384, options [mss 1950], length 0
> 
> 12:36:17.382021 IP 192.168.184.4.54255 > bird01-NEW.bgp: Flags [S], seq 
> 3131800043, win 16384, options [mss 1950], length 0
> 
> 12:36:21.619634 IP bird01-NEW.40369 > 192.168.184.4.bgp: Flags [S], seq 
> 3340451196, win 64240, options [nop,nop,md5 shared secret not supplied 
> with -M, can't check - cf33042552b287b450d84c156cf9e594,mss 
> 1460,nop,nop,sackOK,nop,wscale 7], length 0
> 
> 12:36:21.621677 IP 192.168.184.4.bgp > bird01-NEW.40369: Flags [S.], seq 
> 1339172962, ack 3340451197, win 16384, options [mss 1460], length 0
> 
> *Met vriendelijke groet,*
> 
> 	
> 
> *Samaneh Amini*
> 
> 	
> 
> Netwerkengineer ma, di, wo, do, vr aanwezig
> 
> 	
> 
> DDFR-handtekening verkort
> 
> 
> 
> _______________________________________________
> INEX IXP Manager mailing list
> ixpmanager at inex.ie
> Unsubscribe or change options here: https://www.inex.ie/mailman/listinfo/ixpmanager
>

More information about the ixpmanager mailing list