[c-nsp] Non-default BGP hold / keepalive timers

Bruce Pinsky bep at whack.org
Mon Oct 3 20:00:07 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Pete Templin wrote:
> David J. Hughes wrote:
> 
>>>Providing your BGP peering neighbor's implementation doesn't have 
>>>knobs to
>>>disallow a connection below a certain holdtime value.
>>
>>
>>Can't see one in IOS and JunOS doesn't appear to have one either from 
>>my reading.  Interestingly JunOS uses default settings of 3 * 30 
>>seconds rather than IOS's 3 * 60 seconds.  If it works with IOS and 
>>JunOS peers I think I'm pretty safe.
> 
> 
> IOS has the knobs.  Bruce was referring to implementations that use it:
> 
> Lab-R2(config-router)#neig 1.1.1.1 timers ?
>    <0-65535>  Keepalive interval
> 
> Lab-R2(config-router)#neig 1.1.1.1 timers 5 ?
>    <0-65535>  Holdtime
> 
> Lab-R2(config-router)#neig 1.1.1.1 timers 5 15 ?
>    <0-65535>  Minimum hold time from neighbor
>    <cr>


And it will happily enforce it as well:

Client side
- -------------
*Oct  3 23:42:51.911: BGP: 100.0.0.2 sending OPEN, version 4, my as: 65001,
holdtime 90 seconds
*Oct  3 23:42:51.931: BGP: 100.0.0.2 send message type 1, length (incl.
header) 45
*Oct  3 23:42:52.071: BGP: 100.0.0.2 rcv message type 3, length (excl.
header) 2
*Oct  3 23:42:52.071: %BGP-3-NOTIFICATION: received from neighbor 100.0.0.2
2/6 (unacceptable hold time) 0 bytes
*Oct  3 23:42:52.071: BGP: 100.0.0.2 went from OpenSent to Closing
*Oct  3 23:42:52.199: BGP: 100.0.0.2 went from Closing to Idle
*Oct  3 23:42:52.199: BGP: 100.0.0.2 closing


Provider side
- --------------
*Oct  3 23:42:52.075: BGP: 100.0.0.1 rcv OPEN, version 4, holdtime 90 seconds
*Oct  3 23:42:52.075: BGP: 100.0.0.1 went from Connect to OpenSent
*Oct  3 23:42:52.075: BGP: 100.0.0.1 sending OPEN, version 4, my as: 13979,
holdtime 180 seconds
*Oct  3 23:42:52.075: BGP: 100.0.0.1 went from OpenSent to Closing
*Oct  3 23:42:52.075: %BGP-3-NOTIFICATION: sent to neighbor 100.0.0.1 2/6
(unacceptable hold time) 0 bytes  FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF
002D 0104 FDE9 005A 6400 0001 1002 0601 0400 0100 0102 0280 0002 0202 00
*Oct  3 23:42:52.083: BGP: 100.0.0.1 send message type 3, length (incl.
header) 21
*Oct  3 23:42:53.275: BGP: 100.0.0.1 local error close after sending
NOTIFICATION
*Oct  3 23:42:54.323: BGP: 100.0.0.1 went from Closing to Idle
*Oct  3 23:42:54.323: BGP: 100.0.0.1 closing


And one could argue that setting a minimum required holdtime could be
considered a best practice to avoid someone intentionally or
unintentionally causing undue CPU load on your system.

I also see no such capability in JunOS.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFDQcYGE1XcgMgrtyYRAuAkAJ9JD3bW/gsU236GoaqTy4Yu2iN4FgCgnFh3
cLsWn1l/ugZqMHQSLKs0xjI=
=5RhX
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list