Project

General

Profile

Bug #8115

After update 2.3.4_1-> 2.4.0 ospf over gre looks broken

Added by Konstantin Pobudzey about 2 years ago. Updated 4 months ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
FRR
Target version:
-
Start date:
11/21/2017
Due date:
% Done:

0%

Estimated time:
Affected Version:
Affected Architecture:

Description

#
#site1 ( 2.3.4_1 )
logs
Nov 4 09:47:58 ospfd 45632 Packet[DD]: Neighbor 10.10.10.18 MTU 1400 is larger than [gre1:10.10.10.25]'s MTU 1376
Nov 4 09:47:53 ospfd 45632 Packet[DD]: Neighbor 10.10.10.18 MTU 1400 is larger than [gre1:10.10.10.25]'s MTU 1376
Nov 4 09:47:48 ospfd 45632 Packet[DD]: Neighbor 10.10.10.18 MTU 1400 is larger than [gre1:10.10.10.25]'s MTU 1376
Nov 4 09:47:43 ospfd 45632 Packet[DD]: Neighbor 10.10.10.18 MTU 1400 is larger than [gre1:10.10.10.25]'s MTU 1376

#site2 ( updated to 2.4.0 ) <- ospf broken
#route
10.10.10.25 link#12 UH 2322 1376 gre2

#logs site2
Nov 4 16:50:04 ospfd 52879 *** sendmsg in ospf_write failed to 224.0.0.5, id 0, off 0, len 64, interface gre2, mtu 1400: Permission denied

It looks like site2 after upgrade it not sending correct MTU info to it peer on site1
GRE header ignored may be .

#After rollback from 2.4.0 to 2.3.4 all working as expected.

site1 site2
-----------IPSEC transport mode---------------------- |--------GRE------------------------
ospf stuck in exstart |----------GRE----------------------
-----------IPSEC transport mode----------------------

MTU is 1400 on GRE Interface

Again with version 2.3.4_1 on both sites all working as expected

Let me know , if more details needed

History

#1 Updated by Konstantin Pobudzey about 2 years ago

Sorry picture broken . GRE tunnel inside IPSEC

#2 Updated by Wagner Sartori Junior about 2 years ago

same here. GRE under ipsec. I setup a cronjob every minute correcting the mtu when needed, my tunnels are up now. I'm running 2.4.2.

#3 Updated by Konstantin Pobudzey about 2 years ago

Hi Wagner .Could you advice on exact cronjob workaround ?

#4 Updated by Wagner Sartori Junior about 2 years ago

In my case:

/bin/sh -c "if ! ifconfig gre1 | grep 'mtu 1410' > /dev/null ; then ifconfig gre1 mtu 1410 ; fi" 

#5 Updated by Konstantin Pobudzey almost 2 years ago

workaround was :

MTU settings for GRE interfaces
new 2.4 version MTU 1376
old 2.3.4 version MTU 1400

in this case
old<--> old <--working
old<--> new <--working
new<--> new <--working

Possibly 2.3.4 version is more broken ( or have different logic for MTU settings )
1) 2.3.4 GUI settings for GRE interface MTU 1400 --> produced 1376 for ifconfig output

gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1376
options=80000<LINKSTATE>

2) 2.4.0-2 GUI settings for GRE interface MTU 1376 --> produced 1376 for ifconfig output

gre0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1376
options=80000<LINKSTATE>

#6 Updated by Jim Pingle 4 months ago

  • Project changed from pfSense to pfSense Packages
  • Category set to FRR
  • Status changed from New to Duplicate

Duplicate of #9204

Also available in: Atom PDF