Incoming connection rejected

Julien Sansonnens julien at jsansonnens.ch
Wed Apr 25 15:44:37 CEST 2018


Hello all,

I'm having a hard time trying to peer with some router over GRE tunnel. I'm
using bird 1.6.4
I have many GRE tunnels and BGP sessions is working fine on all of the them
except one.

Session is locked on "Idle" state.
Here are my logs:

2018-04-25 15:22:00 <TRACE> carl: Waiting for fd00:1111::2 to become my
neighbor
2018-04-25 15:22:02 <TRACE> carl: Incoming connection from fd00:1111::2
(port 32967) rejected
2018-04-25 15:22:06 <TRACE> carl: Incoming connection from fd00:1111::2
(port 53399) rejected
2018-04-25 15:22:10 <TRACE> carl: Incoming connection from fd00:1111::2
(port 50357) rejected
2018-04-25 15:22:14 <TRACE> carl: Incoming connection from fd00:1111::2
(port 53999) rejected
2018-04-25 15:22:18 <TRACE> carl: Incoming connection from fd00:1111::2
(port 36137) rejected
2018-04-25 15:22:23 <TRACE> carl: Incoming connection from fd00:1111::2
(port 59443) rejected

I can ping6 f d00:1111::2 withou problem. Tunnel looks OK to me.

No problem with firewall. BGP packets are exchanged through the tunnel:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on peer-carl, link-type LINUX_SLL (Linux cooked), capture size
262144 bytes
15:26:59.597762 IP6 fd00:1111::2.47991 > fd00:1111::1.bgp: Flags [S], seq
3532263744, win 28320, options [mss 1416,sackOK,TS val 1966373497 ecr
0,nop,wscale 5], length 0
15:26:59.597898 IP6 fd00:1111::1.bgp > fd00:1111::2.47991: Flags [S.], seq
2214438171, ack 3532263745, win 28320, options [mss 1416,nop,wscale 7],
length 0
15:26:59.601269 IP6 fd00:1111::2.47991 > fd00:1111::1.bgp: Flags [.], ack
1, win 885, length 0
15:26:59.601442 IP6 fd00:1111::2.47991 > fd00:1111::1.bgp: Flags [P.], seq
1:48, ack 1, win 885, length 47: BGP
15:26:59.601467 IP6 fd00:1111::1.bgp > fd00:1111::2.47991: Flags [.], ack
48, win 222, length 0
15:26:59.602785 IP6 fd00:1111::1.bgp > fd00:1111::2.47991: Flags [R.], seq
1, ack 48, win 222, length 0
15:27:02.621914 IP6 fd00:1111::2.34513 > fd00:1111::1.bgp: Flags [S], seq
1485692031, win 28320, options [mss 1416,sackOK,TS val 1966374253 ecr
0,nop,wscale 5], length 0
15:27:02.622016 IP6 fd00:1111::1.bgp > fd00:1111::2.34513: Flags [S.], seq
3172792013, ack 1485692032, win 28320, options [mss 1416,nop,wscale 7],
length 0
15:27:02.625695 IP6 fd00:1111::2.34513 > fd00:1111::1.bgp: Flags [.], ack
1, win 885, length 0
15:27:02.625726 IP6 fd00:1111::2.34513 > fd00:1111::1.bgp: Flags [P.], seq
1:48, ack 1, win 885, length 47: BGP
15:27:02.625736 IP6 fd00:1111::1.bgp > fd00:1111::2.34513: Flags [.], ack
48, win 222, length 0
15:27:02.626707 IP6 fd00:1111::1.bgp > fd00:1111::2.34513: Flags [R.], seq
1, ack 48, win 222, length 0
15:27:08.248676 IP6 fd00:1111::2.42773 > fd00:1111::1.bgp: Flags [S], seq
4186722687, win 28320, options [mss 1416,sackOK,TS val 1966375660 ecr
0,nop,wscale 5], length 0
15:27:08.248777 IP6 fd00:1111::1.bgp > fd00:1111::2.42773: Flags [S.], seq
4273937540, ack 4186722688, win 28320, options [mss 1416,nop,wscale 7],
length 0
15:27:08.252422 IP6 fd00:1111::2.42773 > fd00:1111::1.bgp: Flags [.], ack
1, win 885, length 0
15:27:08.252457 IP6 fd00:1111::2.42773 > fd00:1111::1.bgp: Flags [P.], seq
1:48, ack 1, win 885, length 47: BGP
15:27:08.252501 IP6 fd00:1111::1.bgp > fd00:1111::2.42773: Flags [.], ack
48, win 222, length 0
15:27:08.253429 IP6 fd00:1111::1.bgp > fd00:1111::2.42773: Flags [R.], seq
1, ack 48, win 222, length 0

I do not really see where the problem may come from, the same configuration
works with all my other peers.
Thank you for your help !



--
Julien Sansonnens
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20180425/f4030073/attachment.html>


More information about the Bird-users mailing list