[CentOS] 6.5 vpn/gre/ospf breakage

Thu Mar 27 13:17:25 UTC 2014
Johnny Hughes <johnny at centos.org>

On 03/27/2014 07:53 AM, Steve Clark wrote:
> On 03/27/2014 08:44 AM, SilverTip257 wrote:
>> On Thu, Mar 27, 2014 at 8:24 AM, Steve Clark <sclark at netwolves.com> wrote:
>>
>>> Hi List,
>>>
>>>
>> Hi Steve,
>>
>>
>>> FYI.
>>>
>>> We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco
>>> rtrs using ospf.
>>> with kernel 2.6.32-358.23.2
>>>
>>> We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same
>>> configuration scripts for
>>> our vpn/gre tunnels.
>>>
>> There was a brief thread (total of three posts) on multicast changes with
>> the newer CentOS 6 kernel.
>> http://lists.centos.org/pipermail/centos/2014-February/141062.html
>>
>> Apparently something odd going on in 2.6.32-431.x.x -- functionality that
>> operates fine in the older 2.6.32-358.x.x kernels.
>>
>>
>>> What I see is the first gre tunnel works great and I get an ospf neighbor.
>>>
>>> The second tunnel comes up and I can ping across it and I see our side
>>> sending hello packets in the gre tunnel
>>> but I never receive any hello packets from the cisco.
>>>
>>> The cisco sees our hellos because it goes into the Init state. I do a
>>> tcpdump
>>> and I see esp traffic coming from the cisco like it is sending hellos but
>>> they never show up in a tcpdump
>>> on the gre tunnel. It is like the kernel is not delivering them.
>>>
>>> Also my gre tunnels on CentOS 6.5 are named gre1 at NONE and gre2 at NONE with
>>> an ip a s, while on the 6.4 CentOS system
>>> they show up as only gre1 and gre2?  Whats with the @NONE?
>>>
>>> Looking at the Changelog of the kernel a lot of changes to the ip_gre
>>> module were made in 2.6.32-380
>>>
>>>
>> Sounds like you might be aware of the post I linked to above.
>> ( In case you're not, I'll send this message anyways. )
>>
>>
>>
> Hi Mike,
>
> Thanks for the info - I had missed that thread. This appears to be similar to problem I am seeing.
> I am getting the multicast hellos on the first gre/vpn but not the second one. Reverting to kernel
> 2.6.32-358.23.2 makes everything work again.
>
>

http://bugs.centos.org/view.php?id=6952

That looks like the CentOS bug ... is there a upstream one in
bugzilla.redhat.com that anyone can find?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20140327/c7586168/attachment-0005.sig>