'Re: BGP flapping while peering with Cisco ASR - Hold timer expired error'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bird-users
Subject:    Re: BGP flapping while peering with Cisco ASR - Hold timer expired error
From:       Martin Kraus <martin.kraus () wujiman ! net>
Date:       2013-03-29 15:42:14
Message-ID: 20130329154213.GH23752 () finrod
[Download RAW message or body]

On Fri, Mar 29, 2013 at 08:40:05PM +0800, Jimmy Halim wrote:
> Hi guys,
> 
> We have just moved 1 of our route server from OpenBGPd to BIRD this
> morning. However we were having issue bringing up 1 BGP session with our
> peering that is running ASR. We keep getting hold timer expired error. The
> BGP keep flapping every 2 minutes.
> 
> From the tcpdump, I can see we are getting destination unreachable due to
> destination host is administratively prohibited.
> 
> Have u guys encountered this issue? All other BGP with other peering are
> working ok. Below is the log from ASR..
> 
> Logs from ASR
> -------------
> 
> RP/0/RP0/CPU0:Mar 29 07:48:19.078 UTC: bgp[1044]: %ROUTING-BGP-5-ADJCHANGE
> : neighbor 119.27.63.253 Up (VRF: default)
> RP/0/RP0/CPU0:Mar 29 07:49:53.328 UTC: tcp[355]: %IP-TCP_NSR-5-DISABLED :
> 119.27.63.38:28514 <-> 119.27.63.253:179:: NSR disabled for TCP connection
> because Retransmission threshold exceeded
> RP/0/RP0/CPU0:Mar 29 07:49:53.343 UTC: bgp[1044]:
> %ROUTING-BGP-3-NBR_NSR_DISABLED : NSR disabled on neighbor 119.27.63.253
> due to TCP retransmissions
> RP/0/RP1/CPU0:Mar 29 07:49:53.357 UTC: bgp[1044]:
> %ROUTING-BGP-5-NBR_NSR_DISABLED_STANDBY : NSR disabled on neighbor
> 119.27.63.253 on standby due to Peer closing down the session (VRF:
> default)

Hi.
Do your bgp tables sync between bird and ASR before the hold time expires? Or
does it get stuck after it establishes and then closes down?

I'd venture a guess that the administratively prohibited is what the ASR sends
to the unix machine running bird, right? That might just be an access list
blocking incoming tcp to port 179. I can see from the log that the connection
is established from the ASR(port 28514) to the unix(port 179). Therefore it
might be unrelated to the hold time expiration.

mk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic