On 26.3.2013 12:40, Kay Rechthien wrote:
Hey, On 08.03.2013, at 16:21, Ondrej Filip <feela@network.cz> wrote:
On 8.3.2013 09:38, Rashed Alwarrag wrote:
Dear birds Experts
Hi Rashed!
we have a BGP peer between Bird server and Juniper devices , we mentioned that in our Juniper router wrong MD5 password log appear as below
kernel: %KERN-4: tcp_auth_ok: Packet from 192.168.0.10:179 <http://192.168.0.10:179> wrong MD5 digest
when we capture the BGP update we mentioned that the bird server is sending to the router the update with an unexpected MD5 key and The router ignore this update then again the bird server retransmit the same update with correct MD5
Are you using Linux or BSD?
Ondrej
we have the issue also here. Our Routeservers are running latest Ubuntu. the issue is visible at cisco and juniper routers clearly. there are like ~10 bad packets per day and they don't affect the bgp session but they create a log entry every time at the routers.
Can you send us the output of this command: "ethtool -k <interface>" (posibly 'ethtool -k eth0") This usually helps: /usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth0 gso off /usr/sbin/ethtool -K eth0 sg off
best regards kay
Hi Ondrej, Am 26.03.2013 12:47, schrieb Ondrej Filip:
This usually helps:
/usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth0 gso off /usr/sbin/ethtool -K eth0 sg off
doesn't solve the problem. Regards Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716 Zentrale Lichtstr. 43i, 50825 Koeln http://www.de-cix.net
Hi Bernhard, Which linux kernel version do you use? I'm not sure but I think older linux kernel(<= 2.6.36, maybe) sometimes do that. If you don't use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl. Thanks, Eiichiro Bernhard Hahn wrote (2013/04/11 18:10):
Hi Ondrej,
Am 26.03.2013 12:47, schrieb Ondrej Filip:
This usually helps:
/usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth0 gso off /usr/sbin/ethtool -K eth0 sg off
doesn't solve the problem.
Regards Bernhard
-- ################################################### Eiichiro Watanabe Internet Multifeed Co.
Sorry, I made a mistake. If you use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl.
If you don't use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl.
Thanks, Eiichiro Eiichiro Watanabe wrote (2013/04/11 19:05):
Hi Bernhard,
Which linux kernel version do you use? I'm not sure but I think older linux kernel(<= 2.6.36, maybe) sometimes do that.
If you don't use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl.
Thanks, Eiichiro
Bernhard Hahn wrote (2013/04/11 18:10):
Hi Ondrej,
Am 26.03.2013 12:47, schrieb Ondrej Filip:
This usually helps:
/usr/sbin/ethtool -K eth0 tso off /usr/sbin/ethtool -K eth0 gso off /usr/sbin/ethtool -K eth0 sg off
doesn't solve the problem.
Regards Bernhard
-- ################################################### Eiichiro Watanabe Internet Multifeed Co.
Am 11.04.2013 12:05, schrieb Eiichiro Watanabe:
Hi Bernhard,
Which linux kernel version do you use?
it's a 2.6.32
I'm not sure but I think older linux kernel(<= 2.6.36, maybe) sometimes do that.
If you don't use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl.
it's set to 1, so we should be ok, if I got you right? Regards Bernhard -- Bernhard Hahn DE-CIX Management GmbH e-mail: bernhard.hahn@de-cix.net Lindleystr. 12, 60314 Frankfurt Phone: +49 69 1730 902-34 Geschaeftsfuehrer Harald A. Summa Mobile: +49 171 552 3643 Registergericht AG Koeln, HRB 51135 Fax: +49 69 4056 2716
Bernhard Hahn wrote (2013/04/11 23:22):
Am 11.04.2013 12:05, schrieb Eiichiro Watanabe:
Hi Bernhard,
Which linux kernel version do you use?
it's a 2.6.32
If you use it with 64bit Archtecture and multiple core CPUs, I recommend you would upgrade it to the later one. I encountered similar situation with Debian/Linux(64bit/Squeeze/2.6.32) 2 years ago and upgraded to 2.6.39(Squeeze-backports) at that time, then the issue had been gone. Now I am using Squeeze-backports/3.2.0, it has been fine. The related information is as the following link. http://kerneltrap.org/mailarchive/linux-netdev/2010/5/4/6276345
I'm not sure but I think older linux kernel(<= 2.6.36, maybe) sometimes do that.
If you don't use newer one, please try to set "net.ipv4.tcp_sack = 0" with sysctl.
it's set to 1, so we should be ok, if I got you right?
No. I meant that you should try to set it to 0, if it is hard to upgrade your kernel soon. TCP option field is used not only TCP-MD5 but also TCP SACK. So it sometimes disturbs TCP-MD5 is working when TCP SACK is enabled. Thanks, Eiichiro
Regards Bernhard
-- ################################################### Eiichiro Watanabe Internet Multifeed Co.
participants (3)
-
Bernhard Hahn -
Eiichiro Watanabe -
Ondrej Filip