[c-nsp] route-map IN / OUT deny issue

[Andy B.]

Instead of shutting down my transit BGP neighbor, I was updating my
route-maps from and to my transit with this, so that I would send 0
prefixes from me and receive 0 prefixes from him.

route-map TRANSIT-IN deny 10
route-map TRANSIT-OUT deny 10

my BGP config is like this:

neighbor x.x.x.x remote-as 1234
neighbor x.x.x.x route-map TRANSIT-IN in
neighbor x.x.x.x route-map TRANSIT-IN out

After I did these 2 deny lines, my router has gone nuts, starting to
drop many many BGP sessions with various peers and customers, mostly
with this message:


%BGP-3-NOTIFICATION: sent to neighbor y.y.y.187 4/0 (hold time expired) 0 bytes

OSPF was going down and up as well.

This kept going all the time until after about 1 hour I removed both
route-map IN/OUT deny 10 lines, then after a few minutes, everything
became stable again.

CPU was obviously at 100%:

CPU utilization for five seconds: 100%/10%; one minute: 99%; five minutes: 96%
 PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process
 442    34802356  21731575       1601 58.38% 56.35% 56.52%   0 BGP Router
 329      938516   1208660        776 15.99% 17.63% 15.58%   0 IP RIB Update
 340      227608   1498205        151  3.88%  7.43%  6.58%   0 XDR mcast
 563    38626436    284432     135801  3.88%  3.41%  3.53%   0 BGP Scanner
 273     5178956  43762732        118  0.85%  0.99%  0.92%   0 IP Input

All I wanted to do was to "mute" the BGP session with one of my
transits, for testing purpose, without shutting down the BGP session.

Router: 6504 with sup720-3bxl on IOS SXI3

What did I do wrong here? I cannot imagine that a simple route-map
deny line can do such harm...?

Andy