Hi again :) Am 06.02.2018 um 00:10 schrieb Grant Taylor: > >> Then I tried a working tunnel: >> >> Set up a ping, flushed the entry, but: >> root@unimatrixzero ~ # conntrack -D -s 185.66.194.1 >> conntrack v1.4.3 (conntrack-tools): 0 flow entries have been deleted. >> root@unimatrixzero ~ # conntrack -D -d 185.66.194.1 >> gre 47 179 src=192.168.10.62 dst=185.66.194.1 srckey=0x0 >> dstkey=0x0 src=185.66.194.1 dst=176.9.38.150 srckey=0x0 dstkey=0x0 >> [ASSURED] mark=0 use=1 >> conntrack v1.4.3 (conntrack-tools): 1 flow entries have been deleted. >> >> The not working tunnel seems to have a conntrack entry based on the >> remote IP as source. The working tunnel seems to have a conntrack >> entry based on the remote IP as destination. > > You might be onto something. This may come back to the race condition > that I was referring to. Indeed. But I still don't understand why the exact same entries in the conntrack table sometimes work and sometimes not. > > Are the tunnels that had the persistent ping running still working > correctly? > The ones, that had a running ping, didn't break down. I made all tunnels working now by repeatedly deleting the conntrack entries till every single tunnel came up. For the first time, since we started writing here, every single of the seven tunnels works at the same time. I set up pings for every single one of them. So in theory this should be stable until the next reboot. One thing noticing though: In once case, the ping went though the tunnel correctly, but BGP couldn't establish a connection. Only after deleting the entry for a couple of times, BGP came up aswell. I don't know yet what this means. ffrl_fra0 BGP ffnet up 23:43:55 Established ffrl_fra1 BGP ffnet up 2018-02-01 Established ffrl_ber0 BGP ffnet up 2018-02-05 Established ffrl_ber1 BGP ffnet up 23:36:19 Established ffrl_dus0 BGP ffnet up 23:38:22 Established ffrl_dus1 BGP ffnet up 2018-02-05 Established ibgp_gw02 BGP ffnet up 2018-02-05 Established As you can see, the other tunnels have been running for quite some time now. Bye, Matthias -- To unsubscribe from this list: send the line "unsubscribe lartc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html