On 02/06/2018 04:01 PM, Matthias Walther wrote:
Hi again
Hi Matthias,
Indeed. But I still don't understand why the exact same entries in the conntrack table sometimes work and sometimes not.
I don't know.I think you're going to need to enlist the help of someone that understand connection tracking better than I do.
The ones, that had a running ping, didn't break down.
Yay.
I made all tunnels working now by repeatedly deleting the conntrack entries till every single tunnel came up.
I'm glad that it's working.I don't like the fact that you needed to do repeatedly delete connection tracking entries to make them work.
Did you delete all entries? Or did you selectively delete the ones that weren't working?
I wonder if GRE tunnels (on Linux) have anything comparable to BGP's passive mode. Maybe setting one side passive and having the other side initiate things might work better.
For the first time, since we started writing here, every single of the seven tunnels works at the same time. I set up pings for every single one of them. So in theory this should be stable until the next reboot.
:-)
One thing noticing though: In once case, the ping went though the tunnel correctly, but BGP couldn't establish a connection. Only after deleting the entry for a couple of times, BGP came up aswell. I don't know yet what this means.
That's really odd.I'd hope that a tcpdump would shed some light on that situation (if it ever happens again).
ffrl_fra0 BGP ffnet up 23:43:55 Established ffrl_fra1 BGP ffnet up 2018-02-01 Established ffrl_ber0 BGP ffnet up 2018-02-05 Established ffrl_ber1 BGP ffnet up 23:36:19 Established ffrl_dus0 BGP ffnet up 23:38:22 Established ffrl_dus1 BGP ffnet up 2018-02-05 Established ibgp_gw02 BGP ffnet up 2018-02-05 EstablishedAs you can see, the other tunnels have been running for quite some time now.
Nice. -- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
