[j-nsp] BGP problem...

Erol Kahraman erol.kahraman at gmail.com
Fri Apr 8 01:20:22 EDT 2005 

thx folks,
i see the some solutions which i will check. So i will change the
question. If i flood UDP packets to your network, how you will stop me
to fill your pipe and block BGP keepalive?

On Apr 7, 2005 7:15 PM, Michael Loftis <mloftis at wgops.com> wrote:
> 
> 
> --On Thursday, April 07, 2005 2:31 PM +0300 Erol Kahraman
> <erol.kahraman at gmail.com> wrote:
> 
> > hi,
> > I have a M7i router which is connected to internet via 2Mb F/R
> > connection. Everything is ok. But when i make a stress test my BGP
> > connection peer send me log as follows.
> >
> > Apr  7 12:48:20  Router1 rpd[2520]: bgp_traffic_timeout: NOTIFICATION
> > sent to x.y.z.t (External AS 21): code 4 (Hold Timer Expired Error),
> > Reason: holdtime expired for x.y.z.t (External AS 21), socket buffer
> > sndcc: 19 rcvcc: 0 TCP state: 4, snd_una: 3435220949 snd_nxt:
> > 3435220968 snd_wnd: 16384 rcv_nxt: 1777406639 rcv_adv: 1777423023,
> > keepalive timer 0
> > Apr  7 12:49:02  Router1 rpd[2520]: x.y.z.t (External AS 21): reseting
> > pending active connection
> >
> > I have flooded an UDP packets to any server in my network from
> > external source. I have filter which block that traffic but after some
> > time the BGP connection is reseted. After that i've wrote a policer
> > like this to limit all traffik to 1,9M and exclude BGP packets for the
> > rest 100k bandwith.
> > In spide of this my problem is persist. Do some of you have
> > experienced problem like this.
> >
> 
> >                     log;
> >                     reject;
> 
> Don't reject, discard, and don't log either. reject sends packets BACK
> flooding the other side of your link too (unless this is what you want to
> do for the test) and log can overwhelm the RE in a situation like this.
> And by Mb i'm not sure if you mean Mbyte or Mbit either...at Mbit i find it
> hard to believe you'd be overloadign anythign other htan the FR circuit.
> at Mbyte it's possible the RE is getting overloaded.  Also since the filter
> and policer is on the input on your side, nothing stops the other side from
> fillign the pipe too full with UDP packets so that the BGP session goes.
> 
> 


-- 
Erol KAHRAMAN
System Network Administrator

More information about the juniper-nsp mailing list