Re: BGPD Socket errors when trying to establish IBGP on lo1

Wed, 02 Jun 2010 03:45:15 -0700 

On Wed, Jun 02, 2010 at 10:56:59AM +0100, rh...@hushmail.com wrote:
> Despite having a working OSPF setup and no PF config, I'm seeing 
> socket errors in the logs when attempting to establish an IBGP 
> session to lo1 on another machine.
> 
> # ospfctl sh ne
> ID              Pri State        DeadTime Address         Iface     
> Uptime
> 172.16.101.169  100 FULL/BCKUP   00:00:13 172.16.101.178  bge0      
> 00:42:50
> 
> # ping 172.16.101.169
> PING 172.16.101.169 (172.16.101.169): 56 data bytes
> 64 bytes from 172.16.101.169: icmp_seq=0 ttl=255 time=0.355 ms
> 64 bytes from 172.16.101.169: icmp_seq=1 ttl=255 time=0.240 ms
> 64 bytes from 172.16.101.169: icmp_seq=2 ttl=255 time=0.240 ms
> 
> # pfctl -sr 
> pass all flags S/SA keep state
> block drop in on ! lo0 proto tcp from any to any port 6000:6010
> 
> 
> # bgpd -dv
> startup
> MY_ASN = "65015"
> MY_IPV4NET = "172.16.101.0/20"
> MY_ROUTER_ID = "172.16.101.170"
> route decision engine ready
> RDE reconfigured
> session engine ready
> listening on 0.0.0.0
> listening on ::
> SE reconfigured
> neighbor 172.16.101.169: state change None -> Idle, reason: None
> neighbor 172.16.101.169: state change Idle -> Connect, reason: Start
> neighbor 172.16.101.169: socket error: Operation timed out
> neighbor 172.16.101.169: state change Connect -> Active, reason: 
> Connection open failed
> neighbor 172.16.101.169: socket error: Operation timed out
> neighbor 172.16.101.169: state change Connect -> Idle, reason: Stop
> session engine exiting
> Lost child: session engine exited
> route decision engine exiting
> kernel routing table decoupled
> Terminating
> 
> bgpd.conf:
> MY_ASN = "65015"
> MY_IPV4NET = "172.16.101.0/20"
> MY_ROUTER_ID = "172.16.101.170"
> AS $MY_ASN
> router-id $MY_ROUTER_ID
> holdtime 90
> holdtime min 3
> fib-update yes
> network 172.16.101.0/20
> group "iBGP_Neighbors" { 
>     remote-as $MY_ASN
>     tcp md5sig password **********************
>     announce all
>     neighbor 172.16.101.169
> } 
> 

First try without "tcp md5sig" and enable it only when it is working.
But I guess your problem is that the other side is expecting the
connection to come from a different IP than the one selected by the route
lookup. In that case set "local-address 172.16.101.170" in the iBGP group.

Setting "local-address" is a good habit and necessary if you use loopback
interfaces or have non directly attached peers.
-- 
:wq Claudio

Reply via email to