Hi List,
FYI.
We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco rtrs using ospf. with kernel 2.6.32-358.23.2
We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same configuration scripts for our vpn/gre tunnels.
What I see is the first gre tunnel works great and I get an ospf neighbor.
The second tunnel comes up and I can ping across it and I see our side sending hello packets in the gre tunnel but I never receive any hello packets from the cisco.
The cisco sees our hellos because it goes into the Init state. I do a tcpdump and I see esp traffic coming from the cisco like it is sending hellos but they never show up in a tcpdump on the gre tunnel. It is like the kernel is not delivering them.
Also my gre tunnels on CentOS 6.5 are named gre1@NONE and gre2@NONE with an ip a s, while on the 6.4 CentOS system they show up as only gre1 and gre2? Whats with the @NONE?
Looking at the Changelog of the kernel a lot of changes to the ip_gre module were made in 2.6.32-380
On Thu, Mar 27, 2014 at 8:24 AM, Steve Clark sclark@netwolves.com wrote:
Hi List,
Hi Steve,
FYI.
We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco rtrs using ospf. with kernel 2.6.32-358.23.2
We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same configuration scripts for our vpn/gre tunnels.
There was a brief thread (total of three posts) on multicast changes with the newer CentOS 6 kernel. http://lists.centos.org/pipermail/centos/2014-February/141062.html
Apparently something odd going on in 2.6.32-431.x.x -- functionality that operates fine in the older 2.6.32-358.x.x kernels.
What I see is the first gre tunnel works great and I get an ospf neighbor.
The second tunnel comes up and I can ping across it and I see our side sending hello packets in the gre tunnel but I never receive any hello packets from the cisco.
The cisco sees our hellos because it goes into the Init state. I do a tcpdump and I see esp traffic coming from the cisco like it is sending hellos but they never show up in a tcpdump on the gre tunnel. It is like the kernel is not delivering them.
Also my gre tunnels on CentOS 6.5 are named gre1@NONE and gre2@NONE with an ip a s, while on the 6.4 CentOS system they show up as only gre1 and gre2? Whats with the @NONE?
Looking at the Changelog of the kernel a lot of changes to the ip_gre module were made in 2.6.32-380
Sounds like you might be aware of the post I linked to above. ( In case you're not, I'll send this message anyways. )
-- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark@netwolves.com http://www.netwolves.com _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 03/27/2014 08:44 AM, SilverTip257 wrote:
On Thu, Mar 27, 2014 at 8:24 AM, Steve Clark sclark@netwolves.com wrote:
Hi List,
Hi Steve,
FYI.
We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco rtrs using ospf. with kernel 2.6.32-358.23.2
We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same configuration scripts for our vpn/gre tunnels.
There was a brief thread (total of three posts) on multicast changes with the newer CentOS 6 kernel. http://lists.centos.org/pipermail/centos/2014-February/141062.html
Apparently something odd going on in 2.6.32-431.x.x -- functionality that operates fine in the older 2.6.32-358.x.x kernels.
What I see is the first gre tunnel works great and I get an ospf neighbor.
The second tunnel comes up and I can ping across it and I see our side sending hello packets in the gre tunnel but I never receive any hello packets from the cisco.
The cisco sees our hellos because it goes into the Init state. I do a tcpdump and I see esp traffic coming from the cisco like it is sending hellos but they never show up in a tcpdump on the gre tunnel. It is like the kernel is not delivering them.
Also my gre tunnels on CentOS 6.5 are named gre1@NONE and gre2@NONE with an ip a s, while on the 6.4 CentOS system they show up as only gre1 and gre2? Whats with the @NONE?
Looking at the Changelog of the kernel a lot of changes to the ip_gre module were made in 2.6.32-380
Sounds like you might be aware of the post I linked to above. ( In case you're not, I'll send this message anyways. )
Hi Mike,
Thanks for the info - I had missed that thread. This appears to be similar to problem I am seeing. I am getting the multicast hellos on the first gre/vpn but not the second one. Reverting to kernel 2.6.32-358.23.2 makes everything work again.
On 03/27/2014 07:53 AM, Steve Clark wrote:
On 03/27/2014 08:44 AM, SilverTip257 wrote:
On Thu, Mar 27, 2014 at 8:24 AM, Steve Clark sclark@netwolves.com wrote:
Hi List,
Hi Steve,
FYI.
We have been using CentOS 6.4 and have 2 vpn/gre tunnels to separate cisco rtrs using ospf. with kernel 2.6.32-358.23.2
We have upgraded to 6.5 bit using kernel 2.6.32-431.5.1 and the exact same configuration scripts for our vpn/gre tunnels.
There was a brief thread (total of three posts) on multicast changes with the newer CentOS 6 kernel. http://lists.centos.org/pipermail/centos/2014-February/141062.html
Apparently something odd going on in 2.6.32-431.x.x -- functionality that operates fine in the older 2.6.32-358.x.x kernels.
What I see is the first gre tunnel works great and I get an ospf neighbor.
The second tunnel comes up and I can ping across it and I see our side sending hello packets in the gre tunnel but I never receive any hello packets from the cisco.
The cisco sees our hellos because it goes into the Init state. I do a tcpdump and I see esp traffic coming from the cisco like it is sending hellos but they never show up in a tcpdump on the gre tunnel. It is like the kernel is not delivering them.
Also my gre tunnels on CentOS 6.5 are named gre1@NONE and gre2@NONE with an ip a s, while on the 6.4 CentOS system they show up as only gre1 and gre2? Whats with the @NONE?
Looking at the Changelog of the kernel a lot of changes to the ip_gre module were made in 2.6.32-380
Sounds like you might be aware of the post I linked to above. ( In case you're not, I'll send this message anyways. )
Hi Mike,
Thanks for the info - I had missed that thread. This appears to be similar to problem I am seeing. I am getting the multicast hellos on the first gre/vpn but not the second one. Reverting to kernel 2.6.32-358.23.2 makes everything work again.
http://bugs.centos.org/view.php?id=6952
That looks like the CentOS bug ... is there a upstream one in bugzilla.redhat.com that anyone can find?
-
Johnny Hughes -
SilverTip257 -
Steve Clark