On 2012-05-08, [email protected] <[email protected]> wrote: > Hi misc, > > I'm about to set up two OpenBGPd machines. At the moment they are each > connected to two different upstream providers running OpenBGPd (and > OpenOSFPd on the internal interfaces). Operating system is > > OpenBSD test-a.openbgp.bla.com 5.0 GENERIC.MP#0 amd64 > > (dmesg below) > > On a host reserved for testing (CentOS 6.2 x86_64), which sits > logically > (seen from the internet) behind those machines, in a otherwise empty > /22, I see weird network problems (tcpdumping traffic on port 25, and > loading it into wireshark for further analysis): > > Receiving mails (port 25, plain SMTP, a 3MiByte attachment) from an > external mail server, which comes in via one of the new BGP machines, I > see massive 'TCP out of order' messages in wireshark, as well as 'TCP > Dup ACK' messages. This is on the testbed machine itself. > > On the OpenBGPd router, captured exactly the same traffic, all seems > perfect. > > There are two Cisco switches sitting between test-a.openbgp.bla.com and > the testbed mail server, all interfaces perfectly clean, no duplex > problems, no underruns, no runts, nothing -- perfect. > > Traffic within my AS is also absolutely no problem, the Linux machine > runs here perfectly as well. > > Any idea where to look?
Is PF in use? if so, have you done anything to make sure that you aren't running into problems due to stateful firewall only seeing half the packets (i.e. inbound via one machine, outbound via the other)? (Specifically, if this is happening and unavoidable, you could look at 'defer' in pfsync, or sloppy states in PF). > > Thanks, > > Bernd > > $ dmesg [ snipped from quote, but thanks for including it :) ]
