On 3/31/2017 9:47 AM, Mike Tancsa wrote:
OK, sort of good news sort of indeterminate news. I compiled up a version on FreeBSD #11 stable. The problem might not be there. However, I was not able to bring up all my peers as bgp passwords do not seem to work. I have about 9 peers that I use passwords with and its possible those peers might be triggering the problem. But with the other 20+ peers, I was not able to see the issue, at least for the 15min or so that I have the peers up so far.
OK, I managed to get tcp md5 working. I think the issue is with the new interface for ipsec in FreeBSD. I updated the kernel at the same time, and something broke md5 for both quagga and frr. I reverted to the old kernel and bgp passwords are working. However, the issue with the peers being out of order also seems to have mangled my bgp config that I brought over as it too is all mangled. Parts of the config are saved out of order and I think its broken my prefix lists for some peers so I will have to shut this test down for today. But on the plus side, I did NOT see any evidence of the Quagga bug. I was able to hard clear an ibgp peer and all the routes came back as expected. It took just over 2 min for the session to come up, but it did and the outQ stayed at zero. ---Mike
Other minor details I noticed-- from the configs I cp'd over from Quagga, for whatever reason
#1 bgp log-neighbor-changes disappeared
I re added it and it seems to work
#2 peers seem to take a long time to come up. Suspiciously, about 180secs after a hard clear or start up
#3 show ip bgp sum displays all the peers out of order ?
Anyways, I will need to get the bgp passwords working before I am more confident to say whether the bug is still there or not.
the config seems to say it is
configure:18185: checking whether TCP_MD5SIG is declared configure:18185: cc -c -g -Os -fno-omit-frame-pointer -Wall -Wextra -Wmissing-prototypes -Wmissing-declarations -Wpointer-arith -Wbad-function-cast -Wwrite-strings -Wno-unused-result -Wno-unused-parameter -Wno-missing-field-initializers -I/usr/local/include -static conftest.c >&5 configure:18185: $? = 0 configure:18185: result: yes ... #define HAVE_DECL_TCP_MD5SIG 1 | /* end confdefs.h. */ | #include <sys/utsname.h>
---Mike
-- ------------------- Mike Tancsa, tel +1 519 651 3400 Sentex Communications, mike@sentex.net Providing Internet services since 1994 www.sentex.net Cambridge, Ontario Canada http://www.tancsa.com/