[c-nsp] 7606 to 6509 [BGP hold time issue]
Mack McBride
mack.mcbride at viawest.com
Fri May 4 13:03:26 EDT 2012
A couple of things come to mind.
1) does the 6500 or 7600 have COPP (previously mentioned)
2) does the 6500 or 7600 have uRPF enabled?
3) the route table being full on the 7600 could be causing the issue (interacts badly with uRPF and many other things)
4) Have you done BGP debugs on either device?
5) Are the interfaces between the devices error free?
LR Mack McBride
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Scantlebury, Kieron
Sent: Friday, May 04, 2012 1:08 AM
To: Nick Kritsky; Phil Mayers
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 7606 to 6509 [BGP hold time issue]
Correct. No switches in between. Direct connection.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Nick Kritsky
Sent: 03 May 2012 19:47
To: Phil Mayers
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] 7606 to 6509 [BGP hold time issue]
Is PMTUD enabled for this peer? Did you try to disable it?
Such behavior can also be explained by misbehaving active inline IPS or firewall with crappy ALG, but I understand that you are using direct link - right? No switches in between?
Nick
On Thu, May 3, 2012 at 8:36 PM, Phil Mayers <p.mayers at imperial.ac.uk> wrote:
> On 03/05/12 17:11, Scantlebury, Kieron wrote:
>>
>> We matched MTU. It was one of the first things we attempted. We also
>> lowered MTU to 1280 both ends. No change.
>
>
> Have you TESTED the MTU? Setting it is all fine and well, but this
> really, really sounds like an MTU problem.
>
> You want to use ping with "don't frag" set:
>
> ping ip <dst> df-bit size 1500
>
>
> The other thing could be some kind of firewall filter, or possibly
> CoPP at the far end - if the far end has aggressive CoPP, a small
> amount of BGP traffic might work, but a lot might get dropped.
> However, I'd be surprised if this effect causes problems for long enough to let holdtime expire.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list