[c-nsp] Continous BGP session resets on SRD3
Shimol Shah
shimshah at cisco.com
Fri Jun 18 10:20:00 EDT 2010
Rodney, Luc and myself had a detailed discussion internally on this.
Below is our summary of this issue. Sharing for everyone's benefit.
We think a large but valid AS PATH was originated by someone/somewhere,
which included at-least one 4 byte ASN. When this reached the border
router which was 4 byte ASN capable, it corrupted the update when
sending it to ASN2 only peer. So the ASN2 peer on receiving it reset the
peer-ship to ASN4 peer and logged the notification 3/4 message.
This is a bug on the border router. It is addressed via CSCsy27511.
The issue can be possibly worked around by configuring "bgp maxas-limit
#" knob on the ASN4 capable upstream(border, box corrupting the
packet), but issue with that is there is no right value to use for it.
We have been able to reproduce above with a AS path length as small as 35.
So recommendation is to upgrade past the above bug.
A more compelling reason to upgrade are the more serious issues of:
http://www.cisco.com/warp/public/707/cisco-sa-20090729-bgp.shtml
Shimol
On 6/18/10 8:41 AM, Tima Maryin wrote:
> I've been told by TAC that this problem caused by CSCta33973
>
>
> Rodney Dunn wrote:
>> We are working to get some clarification on this.
>>
>> In the interim...
>>
>> Can anyone prove they saw this when either:
>>
>> a) The upstream speaker did not have the AS Path limit configured to
>> something lower (say less than 200)?
>>
>> b) The upstream speaker was running with code *newer* than one of these:
>>
>> 15.1(01.07.01)PIA14 15.1(01.05.01)PIA13 15.1(01)XB 15.0(01.01)SID
>> 15.0(01)M 12.4(24.06.06)PIL12 12.4(24.06.05)PIB12 12.4(24.06)PI11l
>> 12.2(33.01.21)MCP05 12.2(33)ZI 12.2(33)XNE 12.2(33)SXI02
>> 12.2(32.08.17)REC186 12.2(32.08.15)YCA273.10 12.2(32.08.11)XJC273.11
>> 12.2(32.08.11)SX277 12.2(32.08.06)YCA246.10 12.2(32.08.01)YCA273.15
>> 12.0(32)SY10
>>
>> From what Shimol and I appear to have gleaned so far it's an issue
>> between a 4byte AS (new) speaker and and non 4 byte (old) speaker
>> *and* the 4byte AS (new) upstream speaker is on a version of code
>> older than one of the ones above.
>>
>> Can folks confirm/deny if their deployment where they saw this either
>> did or did not match those conditions above?
>>
>> Read it carefully as it can be tricky.
>>
>> Thanks,
>> Rodney
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list