I have a QFX 5100 and a Linux server running Debian 11 (kernel 5.10.70). I set up a GRE tunnel with 192.168.0.0/31 as the subnet, the QFX is .0 and the server is .1.
I can ping the other end from each side, so no connectivity issues. I can telnet and connect on TCP port 179 on each side, so no firewall issues that I can think of.
However, when I try to BGP peer (the server is running GoBGP) them the sessions are stuck in OpenSent/OpenConfirm, eventually the hold timer expires and then the cycle repeats. I captured a pcap on the server and found a bunch of retransmits for keepalive packets sent by the server, so figured that it might be a MTU/MSS issue.
Things I've tried that haven't seemed to fix it:
- Clamped MSS on both sides to 1300 bytes, I've been able to get (at maximum) 1456 byte IP+ICMP packets with the DF bit set through with no issue
- Lowered the MTU on both sides to 1400, did not help so reverted
Configuration on QFX:
interfaces { gr-0/0/0 { tunnel { source <snip>; destination <snip>; } family inet { address 192.168.78.0/31; } } } ... group HOME { accept-remote-nexthop; local-address 192.168.78.0; hold-time 300; mtu-discovery; import DEV-IN; export DEV-OUT; peer-as 64599; local-as <snip>; tcp-mss 1300; neighbor 192.168.78.1; } Configuration on the Linux server:
$ ip route | grep gre1 192.168.78.0/31 dev gre1 proto kernel scope link src 192.168.78.1 advmss 1300 $ cat /etc/gobgp/gobgpd.conf [global.config] as = 64599 router-id = "192.168.78.1" port = 179 [[neighbors]] [neighbors.config] neighbor-address = "192.168.78.0" peer-as = "<snip>" [neighbors.timers.config] hold-time = 300 Has anyone run into this before?
Thanks!
No comments:
Post a Comment