[c-nsp] 7606 to 6509 [BGP hold time issue]
Nick Kritsky
nick.kritsky at gmail.com
Thu May 3 14:46:52 EDT 2012
Is PMTUD enabled for this peer? Did you try to disable it?
Such behavior can also be explained by misbehaving active inline IPS
or firewall with crappy ALG, but I understand that you are using
direct link - right? No switches in between?
Nick
On Thu, May 3, 2012 at 8:36 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 03/05/12 17:11, Scantlebury, Kieron wrote:
>>
>> We matched MTU. It was one of the first things we attempted. We also
>> lowered MTU to 1280 both ends. No change.
>
>
> Have you TESTED the MTU? Setting it is all fine and well, but this really,
> really sounds like an MTU problem.
>
> You want to use ping with "don't frag" set:
>
> ping ip <dst> df-bit size 1500
>
>
> The other thing could be some kind of firewall filter, or possibly CoPP at
> the far end - if the far end has aggressive CoPP, a small amount of BGP
> traffic might work, but a lot might get dropped. However, I'd be surprised
> if this effect causes problems for long enough to let holdtime expire.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list