BGP 对等互连没有出现 /31 子网

3046

Created On 07/07/21 17:59 PM - Last Modified 06/24/25 21:10 PM

Symptom

BGP 同行留在ACTIVE模式，不会移动到ESTABLISHED状态。

注意 var/log/pan/routed.log 中的以下日志

2021-06-15 11:03:37.813 -0700 debug: pan_socket(src/pan_dc_sck.c:788): new socket 1565 opened for domain 2 type 1 proto 0, total opened socket 3.
2021-06-15 11:03:37.813 -0700 debug: pan_bind(src/pan_dc_sck.c:831): bind socket 1565 successfully.
**** AUDIT       0x0303 - 7    (0000) **** I:000015c4 F:00000002
sckrecv.c 1249 :at 11:03:37, 15 June 2021 (410673 ms)
Processed an ATG_SCK_SOCKET IPS OK.
Socket ID           = 1565
Socket type         = 0X00000001
Socket family       = 0X00000002
Socket protocol     = 0X00000000
Application handle  = 0X03B40000
Stub socket handle  = 0X2DA40000
Local inet address  = 10.20.0.46
Local port          = 0
Remote inet address = 10.20.0.47
Remote port         = 179

**** PROBLEM     0x0303 - 20   (0000) **** I:000015c6 F:00000001
sckrecv2.c 1968 :at 11:03:37, 15 June 2021 (410673 ms)
Failed to connect to remote address.
Sockets error code = 101
Remote address     = 10.20.0.47
Remote port        = 179
Socket ID          = 1565
Socket type        = 0X00000001
Socket family      = 0X00000002
Socket protocol    = 0X00000000
Stub socket handle = 0X2DA40000
Application handle = 0X03B40000

Environment

BGP 使用 /31 子网接口的对等体。
BGP 会话由对端发起。

Cause

这是预期的行为，因为 /31 子网不完全支持PAN-OS.
什么时候BGP会话由具有 /31 子网的对等方发起，不会创建套接字，也不会向对等方发送任何数据包。套接字错误是“101 = 网络无法访问”

Resolution

使用 /30 或其他子网。
如果可能，禁用传出BGP对等方的会话。如果firewall正在启动BGPsession 那么这个问题是没有看到的。

BGP 对等互连没有出现 /31 子网

Symptom

Environment

Cause

Resolution

Other users also viewed: