[c-nsp] Continous BGP session resets on SRD3
John van Oppen
jvanoppen at spectrumnet.us
Fri Jun 18 02:55:33 EDT 2010
We have limits of 100 set for as path length on the upstream routers, this did not solve the problem.
I think the issue almost has to be 32 bit ASNs. The router on our network that was ingressing the troublesome prefix was/is running s72033-adventerprisek9_wan-mz.122-33.SXI1.bin and it was unaffected, the affected routers were all either customers on other non-affected routers or iBGP peers of the router where the prefix came into the network.
John van Oppen
Spectrum Networks
http://spectrumnetworks.us
Direct: 206.973.8302
Main: 206.973.8300
-----Original Message-----
From: Rodney Dunn [mailto:rodunn at cisco.com]
Sent: Thursday, June 17, 2010 7:09 AM
To: Gordon Bezzina
Cc: John van Oppen; 'Kostas Fotiadis'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Continous BGP session resets on SRD3
We are working to get some clarification on this.
In the interim...
Can anyone prove they saw this when either:
a) The upstream speaker did not have the AS Path limit configured to
something lower (say less than 200)?
b) The upstream speaker was running with code *newer* than one of these:
15.1(01.07.01)PIA14 15.1(01.05.01)PIA13 15.1(01)XB 15.0(01.01)SID
15.0(01)M 12.4(24.06.06)PIL12 12.4(24.06.05)PIB12 12.4(24.06)PI11l
12.2(33.01.21)MCP05 12.2(33)ZI 12.2(33)XNE 12.2(33)SXI02
12.2(32.08.17)REC186 12.2(32.08.15)YCA273.10 12.2(32.08.11)XJC273.11
12.2(32.08.11)SX277 12.2(32.08.06)YCA246.10 12.2(32.08.01)YCA273.15
12.0(32)SY10
From what Shimol and I appear to have gleaned so far it's an issue
between a 4byte AS (new) speaker and and non 4 byte (old) speaker *and*
the 4byte AS (new) upstream speaker is on a version of code older than
one of the ones above.
Can folks confirm/deny if their deployment where they saw this either
did or did not match those conditions above?
Read it carefully as it can be tricky.
Thanks,
Rodney
On 6/17/10 12:19 AM, Gordon Bezzina wrote:
> Hi,
>
> The other end is a GSR, but I do not have control on.
> Anyhow performed emergency upgrade my 7600 from SRD3 to SRE1, did the trick.
>
> It now works without any problems.
>
> Thanks to all.
>
> Best Regards
> Gordon
>
> -----Original Message-----
> From: John van Oppen [mailto:jvanoppen at spectrumnet.us]
> Sent: L-Erbgħa, 16 ta' Ġunju 2010 17:43
> To: Kostas Fotiadis; Gordon Bezzina
> Cc: cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] Continous BGP session resets on SRD3
>
> We saw this issue about 8 hours ago too... It appeared to affect GSRs running anything older than gsr-k4p-mz.120-32.SY9.bin as well as 7200s running non-current versions of IOS. Our 6500s were all fine but they are all running at least s72033-adventerprisek9_wan-mz.122-33.SXI1.bin.
>
> This sure looked like it was tickling CSCeh13489 but we already limit the maximum AS-path length to well-under 255 and that did not seem to protect us. We ended up doing an emergency upgrade of the GSRs involved.
>
>
> John van Oppen
> Spectrum Networks
> Direct: 206-973-8302
> Main: 206-973-8300
>
> ________________________________________
> From: cisco-nsp-bounces at puck.nether.net [cisco-nsp-bounces at puck.nether.net] on behalf of Kostas Fotiadis [kostas.fotiadis at oteglobe.net]
> Sent: Wednesday, June 16, 2010 4:41 AM
> To: Gordon Bezzina
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Continous BGP session resets on SRD3
>
> Hi Gordon,
>
> Just hang-up the phone with TAC.
> We also had the same issue this morning.
> One session was iBGP and the other eBGP.
> Engineer said, undocumented bug, needs to do more research and get back to be.
> Don't know what he did and fix it. I guess you need to open a case...
>
> Good luck,
> Kostas
>
>
> On 16/6/2010 12:37 μμ, Gordon Bezzina wrote:
>> Hi,
>>
>> Since this morning I am experiencing a weird problem on one of my full
>> feeds link.
>> My router is a 7606 with dual RSP720-3CXL-GE and running SRD3.
>>
>> I have a multihop bgp peer to get the full bgp feed from my customer.
>>
>> Suddenly this morning the connection started flapping. With the
>> following error message:
>>
>> Jun 16 07:40:03 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX Up
>> Jun 16 07:42:36 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX
>> Down BGP Notification sent Jun 16 07:42:36 CEST: %BGP-3-NOTIFICATION:
>> sent to neighbor W.X.Y.Z 3/4 (invalid flags for attribute) 3 bytes
>> 000000
>> 15w6d: BGP: 217.15.96.9 Bad attributes Jun 16 07:42:36 CEST:
>> %BGP-4-MSGDUMP: unsupported or mal-formatted message received from
>> W.X.Y.Z:
>> FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 012B 0200 0001 1040 0101 02C0
>> 119A
>> 0226
>> 0000 3D77 0000 22E0 0000 04F9 0000 3065 0003 0065 0003 0065 0000 C288
>> 0000
>> 22E4
>> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4
>> 0000
>> 22E4
>> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4
>> 0000
>> 22E4
>> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4
>> 0000
>> 22E4
>> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 4002 4E02
>> 263D
>> 7722
>> E004 F930 655B A05B A0C2 8822 E422 E422 E422 E422 E422 E422 E422 E422
>> E422
>> E422
>>
>> Jun 16 07:42:42 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor W.X.Y.Z IPv4
>> Unicast vpn vrf XX topology base removed from session BGP
>> Notification sent
>>
>> The sequence is as follows:
>> It basically goes up, starts getting the feed, then at around 290K
>> routes it logs this error and resets the session. It will Then start
>> over again.
>>
>> Note that this does not seem to be the route dampening issue - I do
>> not even have dampening enabled on my router.
>>
>> Also mls cef is set at 350K for IPv4 and free RAM is over 1G
>>
>> Any ideas?
>>
>> Thanks/Regards
>> Gordon
>>
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list