Community discussions

MikroTik App
 
richammond
just joined
Topic Author
Posts: 11
Joined: Fri Dec 06, 2019 12:39 pm

BGP session stuck in connect state

Tue Oct 11, 2022 1:03 pm

Dear SysAdmins,

Ports in the firewall are allowed, everything used to work correctly, no config changed - however, for the past few weeks, we've noticed that our BGP connection is stuck on "connect" which means new routes are not being advertised and any changes are not taken effect.

The only way to resolve this is ask the DC to manually reset the BGP on their side and it goes back to idle->connect->established.
Rebooting the CCR or switching it off completely for a few hours does not make any difference.

https://prnt.sc/Pw9m293QXXHI

Anyone experienced the same issue? And if so, how was it resolved?

Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6818
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP session stuck in connect state

Tue Oct 11, 2022 1:07 pm

I assume that remote peer is also MT?
 
richammond
just joined
Topic Author
Posts: 11
Joined: Fri Dec 06, 2019 12:39 pm

Re: BGP session stuck in connect state

Tue Oct 11, 2022 1:31 pm

I assume that remote peer is also MT?
No, they must be using a different equipment. But all was working perfectly fine without any changes to our config. Suddenly it stopped establishing and shows "connect" instead of established :-(
Last edited by richammond on Thu Oct 20, 2022 11:40 am, edited 1 time in total.
 
richammond
just joined
Topic Author
Posts: 11
Joined: Fri Dec 06, 2019 12:39 pm

Re: BGP session stuck in connect state

Wed Oct 12, 2022 11:39 am

Anyone available to help?
 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP session stuck in connect state

Wed Oct 12, 2022 12:09 pm

Your firewall is very strange (and unsafe)! I presume you are doing debugging and will remove those rules that allow everything at a later stage?
When the connection is stuck in "connect" it means the SYN/ACK SYN/ACK sequence does not complete, likely a problem with the connection or a firewall.
Does it help to disable/enable the peer on your side?
There is a known problem in RouterOS v6 where connections that do get through the connect phase get stuck in the "open sent" state.
But that is something different that what you see here. On routers which have outgoing BGP connects (that are passive at the other side) I need to use this scheduled script:
/system scheduler
add interval=1h2m3s name=bgp-restart on-event="/routing bgp peer {\r\
    \n   :foreach peer in [find state=\"opensent\"] do={\r\
    \n      :log warning \"Restart stuck BGP Peer: \$([get \$peer name])\"\r\
    \n      disable \$peer\r\
    \n      enable \$peer\r\
    \n   }\r\
    \n}" policy=read,write,policy,test start-date=apr/29/2021 start-time=\
    17:03:00
That "unsticks" those connections. When disable/enable resolves it for you you can try such a scriot with state "connect".
 
richammond
just joined
Topic Author
Posts: 11
Joined: Fri Dec 06, 2019 12:39 pm

Re: BGP session stuck in connect state

Thu Oct 13, 2022 12:16 pm

Thanks so much for your response.

Unfortunately, the disable/enable does not help :-( It still gets stuck at the "connect" stage :-( Even a reboot of the CCR does not re-establish the connection.

Will hope v7 upgrade fixes it. Waiting until v7 is super stable before upgrading then will report back once done to see if the issue still remains.

Thanks again
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6818
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: BGP session stuck in connect state

Thu Oct 13, 2022 12:22 pm

That is not a problem on your side, you should contact the remote peer maintainer to resolve the issue.
 
pe1chl
Forum Guru
Forum Guru
Posts: 9026
Joined: Mon Jun 08, 2015 12:09 pm

Re: BGP session stuck in connect state

Thu Oct 13, 2022 2:30 pm

In case you want to debug it and/or provide evidence, use the packet sniffer with appropriate settings (protocol tcp, port 179, maybe other filters like interface or IP) and saving to a file. Let it run for a while and stop it. Download the file and load it in Wireshark.
Most likely you will see only SYN packets to the remote, and no reply. But maybe there is other info in there.

About the "open sent" issue @mrz: it would be nice when there was a timeout and reconnect in case "open sent" does not proceed to an established session.
That happens when BGP is used between two MikroTik routers, one side active and one side passive, and the connection is flaky. When both are active it does not happen.

Who is online

Users browsing this forum: No registered users and 5 guests