Welcome to Hurricane Electric's Tunnelbroker.net forums!
Started by lkenter, August 27, 2009, 01:07:10 PM
Quote from: tigerfishdaisy on August 29, 2009, 08:48:15 AMIt's a bug in Quagga on any sort of Linux. Google for details.
Quote from: lkenter on August 27, 2009, 01:07:10 PMI've setup another BGP peer on a remote location and with this setup I could get a session up and runnning. I did notice that I cannot connect to port 179 at the HE router. This is a normal thing according to the HE support, but I stil think it might be the reason my session isn't coming up. I have nothing listening on port 179 so how can this happen?!I hope someone can help me out with this. or send me the details of there quagga setup.Regards,Lucas
telnet 2001:470:15:80::2 bgpTrying 2001:470:15:80::2, 179 ...% Connection refused by remote host
nei 2001:470:15:80::1 update-source 2001:470:15:80::2
Quote from: lkenter on September 02, 2009, 02:42:16 PMIs it perhaps possible to remove the filter on port 179? I know it should work with the passive option, but I think there is something going wroing there because it tries to connect back to that port. Regards,
>telnet 2001:470:15:80::2 179 Trying 2001:470:15:80::2, 179 ... Open[Connection to 2001:470:15:80::2 closed by foreign host]
$ telnet 2001:470:15:80::2 179Trying 2001:470:15:80::2...Connected to 2001:470:15:80::2.Escape character is '^]'.Connection closed by foreign host.
Quote ttl N set a fixed TTL N on tunneled packets. N is a number in the range 1--255. 0 is a special value meaning that packets inherit the TTL value. The default value for IPv4 tunnels is: inherit. The default value for IPv6 tunnels is: 64.
Quote from: lkenter on September 05, 2009, 03:22:54 PMcat /proc/sys/net/ipv6/conf/ipv6-he/hop_limit shows 64 for me as well even now that I added the ttl 255 line in /etc/network/interfaces.Don't understand it, but I'm willing to accept it anyway :-)
Quote from: maestroevolution on September 11, 2009, 11:41:42 AMQuote from: lkenter on September 05, 2009, 03:22:54 PMcat /proc/sys/net/ipv6/conf/ipv6-he/hop_limit shows 64 for me as well even now that I added the ttl 255 line in /etc/network/interfaces.Don't understand it, but I'm willing to accept it anyway :-)(Sorry for delay in getting back; been busy)eBGP (external BGP) defaults to a TTL of 1, as it expects its remote peer to be directly connected, normally via POS/Gig/TenGig or whatever. To run eBGP when not directly connected (such as through a firewall), you need to increase the ttl to accommodate the intermediate routers/firewalls from decrementing the ttl.With tunneling protocols, your mileage may vary. I've seen a few firewalls decrement the TTL of both the outer packet (IPv4, protocol 41) and the inner packet (IPv6, TCP, port 179). This is the exception, not the rule, though. IMHO, the inner packet is payload and shouldn't be touched, but I once troubleshot an issue where this was the cause: a device was decrementing the outer and inner headers as it routed the packet.My two bits,Joel
QuoteEven odder then, since it seems that this would be something that should be configured in quagga rather than on the interface itself. If quagga is setting up its options such that the TTL is set to 1 for its transmitted packets, or reconfiguring the interface to a TTL of 1 (doubt it ... that'd be rude), why would changing the TTL in the interface set up fix things?Also, I'm curious. Which firewalls have you seen which decrement a transiting tunnel packet's payload packet TTL? That'd be good to know for future reference.