Claudio Jeker wrote:
With bgpd master
Clear session from bgpd side, session comes back up right away.
Clear session from remote side, session comes back up with delay.
With bgpd slave
Clear session from bgpd side, session comes back up with delay.
Clear session from remote side, session comes back up with possible very
long delay. Much bigger then when master.
I think this is fixed in -current. Henning commited something to make the
delays on neighbor clears faster.
My first tests was done with current (sep 29), but with a small
difference in the setup lab. It was done in live network. But I will
sure redo it again. It's to important to me for not be 150% sure it's
working well. So far, it just wasn't. I have well over 100+ peer
sessions, of witch ~70+ are using MD5 and I can't not have them stable.
Plus I have no choice as well to either buy bigger Cisco routers, and
hell I don't want that! Or use OpenBSD and that's what I want. I ma fed
up with CPU limitation power of Cisco and I will kiss them goodbye!
Even reloading the Cisco router and killing the bpgd and starting new,
it will not come up!
Always the same errors in the logs.
No MD5 digest received from the OpenBSD side looks like.
It looks like the tcpmd5 is enabled to late when opeining a session.
I try to have a look at it.
You have no idea how much I would appreciate that! I started to look at
the code, but that's a long process for me.
===============
Why is bgpd will not establish a session as slave when MD5 is configure
even if the RFC said both sides should be allow to do so?
bgpd wants to be the master every time?
Something sure looks weird here.
That's more like a bug. Btw. MD5 between to bgpd is working, at least it
works for me.
That's what I thought, but I know better then starting to say there is a
bug. Before I do, I sure want to be sure, but it does look like it to me
however so far. My tests so far show that you can have MD5 as long as
OpenBSD is master, but clear sessions, depending with side initiate it,
doesn't come back in one case and are slow in the other. (That was with
3.7 for my last tests on this one) Will redo.
==========================================
But it should be establish however for MD5 for sure as any sides can be
the master in a bgp session.
However, not here?
Comments on this?
I think my tests are valid. Am I doing something I should be doing here?
I don't think so, but that's what I found so far and why I can't keep a
stable session with MD5 enable on it.
For me it looks like a bug for now.
Same thought here.
Daniel
