[FUG-BR] OpenBGPD no FreeBSD
Eduardo Schoedler
listas em esds.com.br
Terça Abril 10 18:52:21 BRT 2012
A propósito: Polling em interfaces modernas só atrapalha pois elas tem moderação de interrupção.
Sds,
--
Eduardo Schoedler
Enviado via iPhone
Em 07/04/2012, às 09:22, Alisson <alissongoncalves em bsd.com.br> escreveu:
> Bom dia pessoal...
>
> depois de varios dias procurando a solução em foruns e listas...
>
> descobri a solução em uma lista americana...
>
> não era firewall e nem nada...
>
>
> o problema estava em uma váriavel...
>
> basta setar net.inet.tcp.signature_verify_input=0
>
> que na hora funcionou....
>
> obrigado
>
> Em 5 de abril de 2012 18:05, Alisson <alissongoncalves em bsd.com.br> escreveu:
>
>> pelos posts que vi... esse erro é normal no FreeBSD pq ele nao suporta
>> isso..
>>
>> ontem fiz o teste e compilei o que pedia la no topico..
>>
>> options TCP_SIGNATURE #include support for RFC 2385
>> options IPSEC
>> device crypto
>>
>> options DEVICE_POLLING
>> device carp
>> device if_bridge
>> options IPSEC_NAT_T
>> device pf
>> device pfsync
>> device pflog
>>
>> mas mesmo assim o erro continuou
>>
>> Em 5 de abril de 2012 17:13, Alisson <alissongoncalves em bsd.com.br>escreveu:
>>
>> executei o comandobgpd -dv e veja o retorno
>>>
>>> bgpd -dv
>>> startup
>>>
>>> no kernel support for PF_KEY
>>> session engine ready
>>> route decision engine ready
>>> peer_internet = "10.0.1.1"
>>> meuip = "10.0.1.2"
>>> *cannot bind to 10.0.1.2:179: Address already in use*
>>> new ktable rdomain_0 for rtableid 0
>>> RDE reconfigured
>>> SE reconfigured
>>> neighbor 10.0.1.1 (PROVEDOR): state change None -> Idle, reason: None
>>> neighbor 10.0.1.1 (PROVEDOR): state change Idle -> Connect, reason: Start
>>>
>>> neighbor 10.0.1.1 (PROVEDOR): socket error: Operation timed out
>>> neighbor 10.0.1.1 (PROVEDOR): state change Connect -> Active, reason:
>>> Connection open failed
>>>
>>> neighbor 10.0.1.1 (PROVEDOR): socket error: Operation timed out
>>>
>>>
>>>
>>> Em 5 de abril de 2012 16:14, Alisson <alissongoncalves em bsd.com.br>escreveu:
>>>
>>> Certo... alterei novamente
>>>>
>>>> LADO PEER
>>>>
>>>> peer_internet="10.0.1.1"
>>>> meuip="10.0.1.2"
>>>>
>>>>
>>>> #global configuration
>>>> AS 65010
>>>> router-id $meuip
>>>> listen on $meuip
>>>> log updates
>>>>
>>>> #network we announce
>>>> network 192.168.40.0/24
>>>>
>>>> #Neighbor
>>>>
>>>> neighbor $peer_internet {
>>>> remote-as 65001
>>>> descr PROVEDOR
>>>> local-address $meuip
>>>>
>>>> announce self
>>>> }
>>>>
>>>>
>>>> LADO PROVEDOR
>>>>
>>>> peer1="10.0.1.2"
>>>> meuip="10.0.1.1"
>>>>
>>>> #global configuration
>>>> AS 65001
>>>> router-id $meuip
>>>> listen on $meuip
>>>>
>>>> log updates
>>>>
>>>> #network we announce
>>>> network 192.168.50.0/24
>>>>
>>>> #Neighbor
>>>>
>>>> neighbor $peer1 {
>>>> remote-as 65010
>>>> descr PEER1
>>>> local-address $meuip
>>>> announce self
>>>> }
>>>>
>>>> LADO PROVEDOR
>>>>
>>>>
>>>> (root em PROVEDOR)[~]# bgp
>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>> State/PrfRcvd
>>>> PEER1 65010 0 0 0 Never Active
>>>>
>>>>
>>>> LADO PEER1
>>>>
>>>> (root em PEER1)[~]# bgp
>>>>
>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>> State/PrfRcvd
>>>> PROVEDOR 65001 0 0 0 Never
>>>> Active
>>>>
>>>>
>>>> /var/log/messages
>>>>
>>>> Apr 5 15:08:48 PEER1 bgpd[1987]: neighbor 10.0.1.1 (PROVEDOR): socket
>>>> error: Operation timed out
>>>> Apr 5 15:12:03 PEER1 bgpd[1987]: neighbor 10.0.1.1 (PROVEDOR): socket
>>>> error: Operation timed out
>>>>
>>>>
>>>> Apr 5 15:08:30 PROVEDOR bgpd[1658]: neighbor 10.0.1.2 (PEER1): socket
>>>> error: Operation timed out
>>>> Apr 5 15:11:46 PROVEDOR bgpd[1658]: neighbor 10.0.1.2 (PEER1): socket
>>>> error: Operation timed out
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Em 5 de abril de 2012 09:22, Alisson <alissongoncalves em bsd.com.br>escreveu:
>>>>
>>>> Pessoal fiz as alterações... os ips da rede 10... e os ips da loopbackup
>>>>> (172) estão se pingando...
>>>>>
>>>>> LADO PEER1
>>>>>
>>>>> peer_internet="10.0.1.1"
>>>>> meuip="172.16.2.255"
>>>>>
>>>>> #global configuration
>>>>>
>>>>> AS 65010
>>>>> router-id $meuip
>>>>> listen on $meuip
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> fib-update no
>>>>> log updates
>>>>>
>>>>> #network we announce
>>>>> network 192.168.40.0/24
>>>>>
>>>>>
>>>>> #Neighbor
>>>>>
>>>>> neighbor $peer_internet {
>>>>> remote-as 65001
>>>>> descr PROVEDOR
>>>>> multihop 2
>>>>> local-address $meuip
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> announce self
>>>>> }
>>>>>
>>>>> LADO PROVEDOR
>>>>>
>>>>>
>>>>> peer1="10.0.1.2"
>>>>> meuip="172.16.1.255"
>>>>>
>>>>>
>>>>> #global configuration
>>>>> AS 65001
>>>>> router-id $meuip
>>>>> listen on $meuip
>>>>>
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> fib-update no
>>>>> log updates
>>>>>
>>>>> #network we announce
>>>>> network 192.168.50.0/24
>>>>>
>>>>>
>>>>> #Neighbor
>>>>>
>>>>> neighbor $peer1 {
>>>>> remote-as 65010
>>>>> descr PEER1
>>>>> multihop 2
>>>>> local-address $meuip
>>>>> holdtime 180
>>>>> holdtime min 3
>>>>> announce self
>>>>> }
>>>>>
>>>>>
>>>>>
>>>>> (root em PROVEDOR)[~]# bgp
>>>>>
>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>> State/PrfRcvd
>>>>> PEER1 65010 0 0 0 Never
>>>>> Active
>>>>>
>>>>> (root em PEE1)[~]# bgp
>>>>>
>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>> State/PrfRcvd
>>>>> PROVEDOR 65001 0 0 0 Never
>>>>> Active
>>>>>
>>>>> /var/log/messages
>>>>> Apr 5 08:13:25 PROVEDOR bgpd[1598]: neighbor 10.0.1.2 (PEER1): socket
>>>>> error: Connection refused
>>>>>
>>>>>
>>>>>
>>>>> Em 4 de abril de 2012 19:50, Alisson <alissonfer em gmail.com> escreveu:
>>>>>
>>>>> Boa noite Pessoal,
>>>>>>
>>>>>> tudo certo?
>>>>>>
>>>>>> estou tendo alguns problemas com o OpenBGP no FreeBSD para levantar
>>>>>> sessões.
>>>>>>
>>>>>> fiz testes com AS e IPS invalidos.
>>>>>>
>>>>>> segue abaixo as configurações
>>>>>>
>>>>>> LADO PEER 1
>>>>>>
>>>>>> peer_internet="10.0.1.1"
>>>>>> meuip="10.0.1.10"
>>>>>>
>>>>>> # global configuration
>>>>>> AS 65010
>>>>>> router-id $meuip
>>>>>> listen on $meuip
>>>>>> holdtime 180
>>>>>> holdtime min 3
>>>>>> fib-update no
>>>>>> log updates
>>>>>> #network we announce
>>>>>> network 192.168.40.0/23
>>>>>>
>>>>>> #Neighbor
>>>>>>
>>>>>> neighbor $peer_internet {
>>>>>> remote-as 65001
>>>>>> descr PROVEDOR
>>>>>> multihop 2
>>>>>> local-address $meuip
>>>>>> passive
>>>>>> holdtime 180
>>>>>> holdtime min 3
>>>>>> announce self
>>>>>>
>>>>>> }
>>>>>>
>>>>>> LADO PROVEDOR
>>>>>>
>>>>>> peer1="10.0.1.10"
>>>>>> meuip="10.0.1.1"
>>>>>>
>>>>>> #global configuration
>>>>>> AS 65001
>>>>>> router-id $meuip
>>>>>> listen on $meuip
>>>>>>
>>>>>> holdtime 180
>>>>>> holdtime min 3
>>>>>> fib-update no
>>>>>> log updates
>>>>>>
>>>>>> #network we announce
>>>>>> network 192.168.50.0/23
>>>>>>
>>>>>> #Neighbor
>>>>>>
>>>>>> neighbor $peer1 {
>>>>>> remote-as 65010
>>>>>> descr PEER1
>>>>>> multihop 2
>>>>>> local-address $meuip
>>>>>> passive
>>>>>> holdtime 180
>>>>>> holdtime min 3
>>>>>> announce self
>>>>>>
>>>>>> }
>>>>>>
>>>>>>
>>>>>> e veja o resultado - a sessão nao levanta...
>>>>>>
>>>>>> (root em local-peer1)[~]# bgp
>>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>>> State/PrfRcvd
>>>>>> PROVEDOR 65001 0 0 0 Never
>>>>>> Active
>>>>>>
>>>>>> (root em local-provedor)[~]# bgp
>>>>>> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
>>>>>> State/PrfRcvd
>>>>>> PEER1 65010 0 0 0 Never Active
>>>>>>
>>>>>> /var/log/messages
>>>>>>
>>>>>> Apr 4 18:12:17 local-peer1 bgpd[2215]: no kernel support for PF_KEY
>>>>>>
>>>>>> alguem já teve este tipo de problema com OpenBGP?
>>>>>>
>>>>>> obrigado!
>>>>>>
>>>>>>
>>>>>
>>>>
Mais detalhes sobre a lista de discussão freebsd