[c-nsp] BGP Problem

Kevin Graham mahargk at gmail.com
Sun Jul 24 21:08:42 EDT 2005


It wasn't mentioned how much memory you've got on this router, but
since you're using almost / all of it, you should drop
'soft-reconfiguration inbound' for that ebgp peer (and presumably
others neighbors you didn't list previously).

You said you were running the latest release but not which train nor
what platform this is and how much memory on it. sh ver and sh mem
sum?

On 7/24/05, Arturo Servin <aservin at remoteconfig.net> wrote:
> Harold Ritter (hritter) wrote:
> 
> >Arturo,
> >
> >The shortage of memory definitely triggers the sending of the
> >notification message to the peer in your scenario.
> >
> >Harold
> >
> >-----Original Message-----
> >From: Arturo Servin [mailto:aservin at remoteconfig.net]
> >Sent: Sunday, July 24, 2005 6:01 PM
> >To: Harold Ritter (hritter)
> >Cc: cisco-nsp at puck.nether.net
> >Subject: Re: [c-nsp] BGP Problem
> >
> >Harold Ritter (hritter) wrote:
> >
> >
> >
> >>Arturo,
> >>
> >>Do you have other message in the log before or after this message. How
> >>is the memory utilization on the router?
> >>
> >>Thanks,
> >>
> >>
> >>Harold
> >>
> >>-----Original Message-----
> >>From: Arturo Servin [mailto:aservin at remoteconfig.net]
> >>Sent: Thursday, July 21, 2005 4:34 PM
> >>To: Harold Ritter (hritter)
> >>Cc: cisco-nsp at puck.nether.net
> >>Subject: Re: [c-nsp] BGP Problem
> >>
> >>Harold Ritter (hritter) wrote:
> >>
> >>
> >>
> >>
> >>
> >>>This looks like a valid update. Do you have maximum-prefix configured
> >>>on this neighbor? What level of IOS is this?
> >>>
> >>>Harold
> >>>
> >>>-----Original Message-----
> >>>From: cisco-nsp-bounces at puck.nether.net
> >>>[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arturo Servin
> >>>Sent: Wednesday, July 20, 2005 3:03 PM
> >>>To: cisco-nsp at puck.nether.net
> >>>Subject: [c-nsp] BGP Problem
> >>>
> >>>Hi,
> >>>
> >>>  We had this error on one router. We think that it was a bgp attack,
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >>
> >>>but we are not sure. The router has the last IOS version of the trend
> >>>and it is not affected by the BGP bug.
> >>>
> >>>Jul 17 22:11:33: %BGP-3-NOTIFICATION: sent to neighbor <IP neighbor>
> >>>(update malformed) 0 bytes  FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF
> >>>0047 0200 0000 2840 0101 0040 020E 0206 2BA4 0A80 1B6A 04D7 493B 4BE5
> >>>4003 04CF F8E1 E940 0600 C007 064B E5DD 0404 0416 C845 6814 C872 00
> >>>
> >>>  Some body with the same experience in the past?
> >>>
> >>>Thanks,
> >>>-as
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>   12.2(15)T12.
> >>
> >>   We do not have configured anything uncommon.
> >>
> >>router bgp 10479
> >>no synchronization
> >>bgp log-neighbor-changes
> >>network a.b.c.d
> >>neighbor A.B.C.D  remote-as 11172
> >>neighbor A.B.C.D next-hop-self
> >>neighbor A.B.C.D soft-reconfiguration inbound  neighbor A.B.C.D
> >>filter-list 11 in  neighbor A.B.C.D filter-list 10 out  no auto-summary
> >>
> >>-as
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >    Yes:
> >
> >Jul 17 22:25:18: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes
> >failed from 0x8044D28C, alignment 0
> >Pool: Processor  Free: 31696  Cause: Not enough free memory Alternate
> >Pool: None  Free: 0  Cause: No Alternate pool
> >
> >-Process= "BGP Router", ipl= 0, pid= 84
> >-Traceback= 80451BD0 80453B70 8044D290 807C2CA8 807D415C 807D4FA8
> >807C5CC8 807CC340 804764B4
> >
> >    I tought that the "BGP Attack" made the Memory allocation failure,
> >but, possibly the BGP problema was the result of any other problem. We
> >saw a lot of CPU usage and memory, I guess it was because some virus in
> >the LAN where the router is.
> >
> >-as
> >
> >
> >
>     Thanks, it is good to know. We had never had that problem and
> someone suggest the cisco bug. Now I know that we have to look in
> someplace else.
> 
> Best Regards,
> -asn
> 
> --
> 
> Remote Config, The Remote Configuration Company
> http://www.remoteconfig.net
> Global Service Offices
> contact at remoteconfig.net
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list