[j-nsp] JUNOS violating RFC1771 on BGP collision detection

Daniel Roesen dr at cluenet.de
Tue Jun 8 19:05:37 EDT 2004


Hi Pedro,

On Tue, Jun 08, 2004 at 03:19:51PM -0700, Pedro Roque Marques wrote:
> > Finally I've found PR #32902 which sounds matching, but was closed
> > with no information in which JUNOS this is fixed. Is it fixed at
> > all?
> 
> State-Changed-From-To: open->closed
> State-Changed-Why:
> Commited as part of 38477.
> 
> Number:         38477
> Committed-In:   6.1R2 6.2R1

Ah OK. 38477 is not publicly visible btw.

> >  This is hurting and explains why I've always had the
> > subjective impression that it sometimes takes JUNOS long to
> > establish sessions (but didn't dig deeper into why).
> 
> Unlikely that this behaviour would influence anything other than
> situations where you do have an inbound filter in one of the peers.

Well, I'm not the only one who observed that BGP sessions with Junipers
tend to take longer to establish. Not always, but sometimes. This is just
one theory of why. Of course, the Active->Connect->OpenSent transition
should be quite quick, but given the retry timers, a collision might
introduce additional delays. I'm not talking "several minutes" but
"subjectively taking longer than used between Ciscos".

Perhaps this changes with newer JunOS. :-)

> btw: if you configure the side that isn't allow to establish a TCP
> session w/ "passive" your problem goes away.
> and if you have that firewall filter configured "passive" is would be
> recomended anyway.

Yep, logical consequence. :-) Then again, the customer in question
should fix his ACLs. :-)

Thanks for your reply!


Best regards,
Daniel


More information about the juniper-nsp mailing list