Hi Claudio,
I've attached both the MRT session dumps and a tcpdump capture.
Kind regards,
Arnoud Vermeer
Claudio Jeker schreef:
> On Mon, Feb 23, 2009 at 02:11:38PM +0100, Arnoud Vermeer wrote:
>
>> I found a different way to replicate the bug, this time it crashes ALL
>> the IPv6 sessions connected to multiple Foundry switches (cisco seems
>> fine). I have setup a v6 session with a tcp md5sig like so:
>>
>> group "peers-rs-v6" {
>> announce IPv6 unicast
>> announce IPv4 none
>> softreconfig in yes
>> enforce neighbor-as yes
>> set nexthop no-modify
>> local-address 2001:7F8:1::A500:6777:4
>>
>> neighbor 2001:7f8:1::A500:1200:1 {
>> descr "AS1200-v6-01"
>> remote-as 1200
>> announce all
>> passive
>> tcp md5sig password hondjes
>> }
>>
>> neighbor 2001:7f8:1::a504:8345:1 {
>> descr "XSNEWS-v6-01"
>> remote-as 48345
>> announce all
>> passive
>> max-prefix 5
>> }
>>
>> }
>>
>> # bgpctl s s
>> AS1200-v6-01 1200 9042 8142 0 00:13:34 Idle
>> XSNEWS-v6-01 48345 9374 8492 0 00:12:22 1/5
>>
>> While in Idle, the session logs the following in daemon:
>>
>> Feb 23 14:00:03 radix-new bgpd[19498]: Connection attempt from neighbor
>> 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle
>> Feb 23 14:00:23 radix-new bgpd[19498]: Connection attempt from neighbor
>> 2001:7f8:1::a500:1200:1 (AS1200-v6-01) while session is in state Idle
>>
>> I then clear the peering with the md5 hash:
>>
>> bgpctl neigh AS1200-v6-01 clear
>>
>> # bgpctl neigh AS1200-v6-01 clear
>> request processed
>> # bgpctl s s
>> XSNEWS-v6-01 48345 9380 8497 0 00:14:35 1/5
>> AS1200-v6-01 1200 9042 8142 0 00:17:15 Active
>>
>> but then after a few seconds, when the session becomes alive, the empty
>> update get send out, and all foundry based v6 sessions reset.
>>
>> # bgpctl s s
>> XSNEWS-v6-01 48345 9381 8501 0 00:00:11 Idle
>> AS1200-v6-01 1200 9047 8152 0 00:00:11 Idle
>>
>>
>
> Could you please provide mrt session dumps or tcpdumps of the session that
> fail. This seems like foundry is freaking out about something that is
> actually a valid BGP update. Neither Henning nor I do have sessions to
> foundry routers that we can play with.
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of all-in-dump-1322]
base64 encoded Mime section invalid - length (0) was wrong.
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of all-out-dump-1322]
base64 encoded Mime section invalid - length (0) was wrong.
[demime 1.01d removed an attachment of type application/octet-stream which had
a name of md5.pcap]
