[c-nsp] 7606 to 6509 [BGP hold time issue]
Scantlebury, Kieron
Kieron.Scantlebury at Level3.com
Fri May 4 03:07:38 EDT 2012
Correct. No switches in between. Direct connection.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Kritsky
Sent: 03 May 2012 19:47
To: Phil Mayers
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 7606 to 6509 [BGP hold time issue]
Is PMTUD enabled for this peer? Did you try to disable it?
Such behavior can also be explained by misbehaving active inline IPS or firewall with crappy ALG, but I understand that you are using direct link - right? No switches in between?
Nick
On Thu, May 3, 2012 at 8:36 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 03/05/12 17:11, Scantlebury, Kieron wrote:
>>
>> We matched MTU. It was one of the first things we attempted. We also
>> lowered MTU to 1280 both ends. No change.
>
>
> Have you TESTED the MTU? Setting it is all fine and well, but this
> really, really sounds like an MTU problem.
>
> You want to use ping with "don't frag" set:
>
> ping ip <dst> df-bit size 1500
>
>
> The other thing could be some kind of firewall filter, or possibly
> CoPP at the far end - if the far end has aggressive CoPP, a small
> amount of BGP traffic might work, but a lot might get dropped.
> However, I'd be surprised if this effect causes problems for long enough to let holdtime expire.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list