Здравствуйте.Дано - офисный гейт в мир на Centos 6 и машинка-маршрутизатор на FreeBSD, соединяющая территориальные офисы средствами ipip-туннелей. На обоих серверах используется quagga.
Ранее в качестве гейта использовалась FreeBSD 9 так же с quagga, bgp работал отлично, равно как он отлично работает и с другими офисами (машина эта и сейчас доступна, как раз переезжаем на CentOS, так что вопросы "покажи как это работало на старом гейте" - уместны). В CentOS подсунул аналогичный конфиг. sh ip bgp sum показывает State:OpenConfirm на CentOS и State:OpenSent на FreeBSD, то есть до FreeBSD OPEN-сообщение не доходит.
tcpdump показывает, что машинка с CentOS отправляет BGP OPEN и отправляет куда нужно. На стороне машинки с FreeBSD тишина. Как я писал выше, серверы связаны через ipip-туннель, tcp в туннеле работает нормально, mtu у концов туннеля одинаков, тестировал отправку данных размером пару Mb туда и обратно - проблем нет. В фаерволле на CentOS используется только NAT, на FreeBSD - установлен skip on gif-девайс туннеля в pf. IP-форвардинг включен.
приведу tcpdump со стороны CentOS. адрес CentOS 192.168.11.81, FreeBSD 10.100.101.2.
10.100.101.2.40011 > 192.168.11.81.179: Flags [P.], cksum 0xe3d7 (correct), seq 1:54, ack 1, win 8289, options [nop,nop,TS val 1396210027 ecr 9472051], length 53: BGP, length: 53
Open Message (1), length: 53
Version 4, my AS 65100, Holdtime 180s, ID 10.100.100.2
Optional parameters, length: 24
Option Capabilities Advertisement (2), length: 6
Multiprotocol Extensions (1), length: 4
AFI IPv4 (1), SAFI Unicast (1)
Option Capabilities Advertisement (2), length: 2
Route Refresh (Cisco) (128), length: 0
Option Capabilities Advertisement (2), length: 2
Route Refresh (2), length: 0
Option Capabilities Advertisement (2), length: 6
32-Bit AS Number (65), length: 4
4 Byte AS 65100
22:04:33.555597 IP (tos 0xc0, ttl 1, id 22410, offset 0, flags [DF], proto TCP (6), length 64)
192.168.11.81.179 > 10.100.101.2.40011: Flags [.], cksum 0x28aa (correct), ack 54, win 96, options [nop,nop,TS val 9489183 ecr 1396210027,nop,nop,sack 1 {1:54}], length 0
22:04:42.079391 IP (tos 0xc0, ttl 1, id 22411, offset 0, flags [DF], proto TCP (6), length 124)
192.168.11.81.179 > 10.100.101.2.40011: Flags [P.], cksum 0x881a (correct), seq 1:73, ack 54, win 96, options [nop,nop,TS val 9497707 ecr 1396210027], length 72: BGP, length: 72
Open Message (1), length: 53
Version 4, my AS 65011, Holdtime 180s, ID 192.168.11.81
Optional parameters, length: 24
Option Capabilities Advertisement (2), length: 6
Multiprotocol Extensions (1), length: 4
AFI IPv4 (1), SAFI Unicast (1)
Option Capabilities Advertisement (2), length: 2
Route Refresh (Cisco) (128), length: 0
Option Capabilities Advertisement (2), length: 2
Route Refresh (2), length: 0
Option Capabilities Advertisement (2), length: 6
32-Bit AS Number (65), length: 4
4 Byte AS 65011
Keepalive Message (4), length: 19
22:04:49.115624 IP (tos 0xc0, ttl 1, id 64589, offset 0, flags [DF], proto TCP (6), length 105)
10.100.101.2.40011 > 192.168.11.81.179: Flags [P.], cksum 0xa70f (correct), seq 1:54, ack 1, win 8289, options [nop,nop,TS val 1396225587 ecr 9472051], length 53: BGP, length: 53
Open Message (1), length: 53
Version 4, my AS 65100, Holdtime 180s, ID 10.100.100.2
Optional parameters, length: 24
Option Capabilities Advertisement (2), length: 6
Multiprotocol Extensions (1), length: 4
AFI IPv4 (1), SAFI Unicast (1)
Option Capabilities Advertisement (2), length: 2
Route Refresh (Cisco) (128), length: 0
Option Capabilities Advertisement (2), length: 2
Route Refresh (2), length: 0
Option Capabilities Advertisement (2), length: 6
32-Bit AS Number (65), length: 4
4 Byte AS 65100
22:04:49.115642 IP (tos 0xc0, ttl 1, id 22412, offset 0, flags [DF], proto TCP (6), length 64)
192.168.11.81.179 > 10.100.101.2.40011: Flags [.], cksum 0xaf19 (correct), ack 54, win 96, options [nop,nop,TS val 9504743 ecr 1396225587,nop,nop,sack 1 {1:54}], length 0
22:05:04.675613 IP (tos 0xc0, ttl 1, id 2918, offset 0, flags [DF], proto TCP (6), length 105)
10.100.101.2.40011 > 192.168.11.81.179: Flags [P.], cksum 0x6a47 (correct), seq 1:54, ack 1, win 8289, options [nop,nop,TS val 1396241147 ecr 9472051], length 53: BGP, length: 53
Open Message (1), length: 53
Version 4, my AS 65100, Holdtime 180s, ID 10.100.100.2
Optional parameters, length: 24
Option Capabilities Advertisement (2), length: 6
Multiprotocol Extensions (1), length: 4
AFI IPv4 (1), SAFI Unicast (1)
Option Capabilities Advertisement (2), length: 2
Route Refresh (Cisco) (128), length: 0
Option Capabilities Advertisement (2), length: 2
Route Refresh (2), length: 0
Option Capabilities Advertisement (2), length: 6
32-Bit AS Number (65), length: 4
4 Byte AS 65100
bgpd.conf на CentOS (упростил донельзя):
[root@gwd-new ~]# egrep -v ^! /etc/quagga/bgpd.conf
hostname ndm.domain.BGP
password ***
log file /var/log/quagga/bgpd.log debugging
log stdout
router bgp 65011
bgp router-id 192.168.11.81
bgp log-neighbor-changes
neighbor 10.100.101.2 remote-as 65100
line vty
bgpd.conf на FreeBSD:
hostname mellory1.BGP
password ****
log file /var/log/bgpd.log debugging
log stdout
service password-encryption
!
router bgp 65100
bgp router-id 10.100.100.2
neighbor 192.168.11.81 remote-as 65011
neighbor 192.168.11.81 description dm.domain(BACKUP)
neighbor 192.168.11.81 next-hop-self
neighbor 192.168.11.81 soft-reconfiguration inbound
neighbor 192.168.11.81 route-map dm_backup in
neighbor 192.168.11.81 route-map dm_backup_out out
route-map dm_backup_out permit 20
match ip address prefix-list pref
set metric 20
!
route-map dm_backup_out permit 100
set metric 10
route-map dm_backup permit 10
match ip address prefix-list dm
match as-path dm
ip as-path access-list dm permit _65011_
подскажите, в какую сторону копать?