Configuring md5 on control brings BGP down
Affects | Status | Importance | Assigned to | Milestone | ||
---|---|---|---|---|---|---|
Juniper Openstack | Status tracked in Trunk | |||||
R4.0 |
Fix Released
|
Critical
|
Ignatious Johnson Christopher | |||
Trunk |
Fix Committed
|
Critical
|
Ignatious Johnson Christopher |
Bug Description
Version: 4.0.0.0-5 mitaka
Topo:
host1 = 'root@10.
host2 = 'root@10.
host3 = 'root@10.
host4 = 'root@10.
host5 = 'root@10.
host6 = 'root@10.
router_asn = 64510
env.roledefs = {
'all': [host1, host2, host3, host4, host5, host6],
'contrail-
'contrail-
'contrail-
'openstack': [host6, host2, host1],
'contrail-
'contrail-lb': [host5],
'build': [host_build]
}
env.hostnames = {
'all': ['nodem6', 'nodem7', 'nodem8', 'nodem9', 'nodem10', 'nodem14']
}
Configuring global or per peer md5 values between BGP control peers brings BGP down.
The md5 values are set correctly in BGP router:
"bgp-router": {
]
},
],
},
The flap messages pop up correctly as expected. I have attached control logs and sandesh messages. I am only seeing this on multi node openstack HA setup and not on a non HA setup.
description: | updated |
description: | updated |
tags: | added: sanity |
tags: | added: blocker |
tags: | removed: contrail-control |
tags: | added: provisioning |
Issue is with tcp_tw_recycle set. This is not recommended in many scenarios. This is affecting time-stamps, which in turn is causing kernel to drop the SYN packets
13432 SYNs to LISTEN sockets dropped
Disabling tcp_tw_recycle solved the issue. This needs to be added to provisioning. (or to reimage...)
Following command helped to resolve the issue vindicating above points. tcp_tw_ recycle= 0; service contrail-control restart
sysctl -w net.ipv4.
https:/ /serverfault. com/questions/ 583488/ no-response- to-some- syn-packets- when-timestamps -are-enabled