[j-nsp] BGP problem...

Josef Buchsteiner josefb at juniper.net
Fri Apr 8 02:35:27 EDT 2005 

Erol,

BGP has TOS internet-control set and will go into Q0 per default when
sourced from the RE as it is TCP. Once there is a retransmission the
packet will get pumped into Q3. In the case below the problem has not
been isolated at all. We send out packets form the RE's point of view
but there is no troubelshooting done if this ever reaches the remote
end or not. I've no understanding what this UDP test really does however
I would suggest doing some simple test and see if the BGP KA are
getting delivered to the remote end or not or if the problem is the
remote side not able to transmit the packets back to you. So you might
look at the wrong side... here it just says that this M7i has not
received anything from the remote peer and therefor dropping the
session.

Josef

Thursday, April 7, 2005, 3:21:54 PM, you wrote:

  
RT> I believe BGP updates are'nt type 6 (control) by default in
RT> JunOS, as does OSPF LSA updates. You'll have to define the policer.

RT>  -----Original Message-----
RT>  From: juniper-nsp-bounces at puck.nether.net
RT>  [mailto:juniper-nsp-bounces at puck.nether.net]On Behalf Of Erdem Sener
RT>  Sent: April 7, 2005 8:14 AM
RT>  To: juniper-nsp at puck.nether.net
RT>  Subject: RE: [j-nsp] BGP problem...




RT>  It seems you're congesting the line and due to BGP update packets  (tcp
RT>  179)
RT>  being dropped you lost your neighborship.

RT>  The best would be configuring CoS and dedicating a small amount of
RT>  bandwitdh (e.g 5%)
RT>  for 'network control' such as bgp updates, OSPF LSA's etc.

 >> -----Original Message-----
 >> From: juniper-nsp-bounces at puck.nether.net
 >> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of
 >> Erol Kahraman
 >> Sent: Thursday, April 07, 2005 2:31 PM
 >> To: juniper-nsp at puck.nether.net
 >> Subject: [j-nsp] BGP problem...
 >>
 >> hi,
 >> I have a M7i router which is connected to internet via 2Mb
 >> F/R connection. Everything is ok. But when i make a stress
 >> test my BGP connection peer send me log as follows.
 >>
 >> Apr  7 12:48:20  Router1 rpd[2520]: bgp_traffic_timeout:
 >> NOTIFICATION sent to x.y.z.t (External AS 21): code 4 (Hold
 >> Timer Expired Error),
 >> Reason: holdtime expired for x.y.z.t (External AS 21), socket buffer
 >> sndcc: 19 rcvcc: 0 TCP state: 4, snd_una: 3435220949 snd_nxt:
 >> 3435220968 snd_wnd: 16384 rcv_nxt: 1777406639 rcv_adv:
 >> 1777423023, keepalive timer 0 Apr  7 12:49:02  Router1
 >> rpd[2520]: x.y.z.t (External AS 21): reseting pending active
 >> connection
 >>
 >> I have flooded an UDP packets to any server in my network
 >> from external source. I have filter which block that traffic
 >> but after some time the BGP connection is reseted. After that
 >> i've wrote a policer like this to limit all traffik to 1,9M
 >> and exclude BGP packets for the rest 100k bandwith.
 >> In spide of this my problem is persist. Do some of you have
 >> experienced problem like this.
 >>
 >> PLICER
 >> if-exceeding {
 >>     bandwidth-limit 1900000;
 >>     burst-size-limit 10k;
 >> }
 >> then discard;
 >>
 >> FILTER
 >> term T15 {
 >>                 from {
 >>                     protocol udp;
 >>                     destination-port [ xx  ];
 >>                 }
 >>                 then {
 >>                     log;
 >>                     reject;
 >>                 }
 >>
 >> term T30 {
 >>             from {
 >>                 address {
 >>                     0.0.0.0/0;
 >>                 }
 >>                 port-except bgp;
 >>             }
 >>             then {
 >>                 policer POLICER1;
 >>                 count SAYAC1;
 >>                 accept;
 >>             }
 >>
 >> INTERFACE
 >>     e1-0/3/0 {
 >>         encapsulation frame-relay;
 >>         lmi {
 >>             lmi-type ansi;
 >>         }
 >>         unit 0 {
 >>             dlci 40;
 >>             family inet {
 >>                 filter {
 >>                     input FILTER1;
 >>
 >>
 >> --
 >> Erol KAHRAMAN
 >> System Network Administrator
 >> _______________________________________________
 >> juniper-nsp mailing list juniper-nsp at puck.nether.net
 >> http://puck.nether.net/mailman/listinfo/juniper-nsp
 >>


RT>  UYARI/NOTIFICATION:
RT> 
RT> ***************************************************************************
RT>  Bu e-posta ve ekleri sadece gonderilen adres sahiplerine
RT> aittir. Bu mesajin yanlislikla tarafiniza ulasmis olmasi halinde,
RT> lutfen gondericiye derhal bilgi veriniz ve mesaji sisteminizden
RT> siliniz. BORUSAN TELEKOM bu mesajin icerigi ve ekleri ile ilgili
RT> olarak hukuksal hicbir sorumluluk kabul etmez.  Gonderen taraf
RT> hata veya unutmalardan sorumluluk kabul etmez.

RT>  The information contained in this e-mail and any files
RT> transmitted with it are intended solely for the use of the
RT> individual or entity to whom they are addressed.If you received
RT> this message in error, please immediately notify the sender and
RT> delete it from your system.BORUSAN TELEKOM doesn't accept any
RT> legal responsibility for the contents and attachments of this
RT> message.The sender does not accept liability for any errors or
RT> omissions.

RT> 
RT> ***************************************************************************

RT>  _______________________________________________
RT>  juniper-nsp mailing list juniper-nsp at puck.nether.net
RT> http://puck.nether.net/mailman/listinfo/juniper-nsp

RT>  _______________________________________________
RT>  juniper-nsp mailing list juniper-nsp at puck.nether.net
RT> http://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list