[c-nsp] 6500 IOS recommendation?

Chris Welti chris.welti at switch.ch
Wed Oct 23 11:42:59 EDT 2013 

Hi Ross,

We actively noticed the issue when our connection to the AMS-IX routeservers flapped.
Roughly 65000 prefixes out of which around 3000 were not correctly removed.
No idea if VPNv4 prefixes are also affected, but note that this only happens to withdrawn prefixes under
certain conditions (multiple prefixes in one withdraw message with one of them not being a best route).

Regards,
Chris

>From Cisco Bugsearch:

BGP route does not disappear from the RIB
CSCuh43027
Description
Symptom:
Prefixes withdrawn from BGP are not removed from the RIB, although they are removed from the BGP table.
Conditions:
A withdraw message contains more than one NLRI, one of which is for a route that is not chosen as best. If deterministic med is enabled, then the other NLRI in the withdraw message might not eventually be removed from the RIB.
Workaround:
Forcibly clear the RIB.
Further Problem Description:
This issue may also occur if BGP PIC is enabled and the withdraw message contains a route that is currently serving as a backup path.
Customer Visible

Details
Last Modified:
Oct 21,2013
Status:
Fixed
Severity:
2 Severe
Product:
Cisco IOS
Support Cases:
12
Known Affected Releases: 	
(2)
15.2(4)M2
15.1(1)SY
Known Fixed Releases: 	
(17)
15.1(1)IB273.101
15.1(3)S5.22
15.4(0.11)T
15.2(4)M4.3
15.4(0.15)S
15.1(1)IBB85.35
15.3(3)S0.2
15.3(3)M0.2
15.2(1)E
15.2(4)S4
15.1(3)S6
15.2(4)M5
15.1(2)SY
15.2(1.1)EY
15.1(1)IC66.17
15.2(4)S4a
12.2(60)EZ2

Am 23/10/13 17:17, schrieb Ross Halliday:
>> A little word of advice for those that use BGP: Don't use 15.1(1)SY and
>> 15.1(1)SY1.
>> They have a nasty little BGP bug that can create black holes or loops
>> for random prefixes due to stale RIB entries of withdrawals that are not
>> processed correctly (CSCuh43027).
>> Some withdrawn prefixes are being removed from the BGP table, but not from
>> the RIB!
>> It's very hard to debug and even notice as it usually only affects a
>> couple thousand prefixes, but it's
>> annoying.
>> A lot of 15.1, 15.2. and 15.3 trains have the same issues, so be careful
>> also on the 7600 "S" train.
>> It is fixed in 15.1(2)SY and 15.2(4)S4 only.
>> So if you want to use 15.1 on Sup720/Sup2T, use 15.1(2)SY.
> 
> A couple THOUSAND? Sheesh that's half of my IGP, I think I'd notice that! (in a few hours)
> 
> I don't have access to view the bug details, does this impact VPNv4 prefixes?
> 
> Thanks
> Ross
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list