[j-nsp] Odd BGP Issue

William Jackson wjackson at sapphire.gi
Mon Jul 7 05:45:37 EDT 2008 

A could place to look for guidelines regarding securing your BGP
sessions properly ( and your router )

http://www.team-cymru.org/Services/Bogons/


Best Regards
 
William Jackson
Technical Department
Sapphire Networks



-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net
[mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Shane Ronan
Sent: 06 July 2008 03:28
To: Lee Hetherington
Cc: <juniper-nsp at puck.nether.net>
Subject: Re: [j-nsp] Odd BGP Issue

Just because I am curious, neither of the providers or JTAC thought of  
the solutions I did?

Sent from my iPhone

On Jul 5, 2008, at 11:45 AM, "Lee Hetherington"
<lee.hetherington at redtechnology.com 
 > wrote:

> Hi All,
>
> I have a very odd problem with a J Series router and wonder if  
> anyone can help, as neither our providers nor JTAC can shed any  
> light on this one.
>
> We have a J2320-JH, it has a Link to AS1200 over a 2meg serial x.21  
> connection and then a 100meg connection to AS1299 over ethernet.  I  
> have bgp from our as accepting ANY from them and announcing a  
> single /23 network to them.
>
> My original 2meg connection has been stable and running a BGP  
> session with no flapping for almost 3 weeks now.  As soon as I  
> introduce the new peer, the route table increases as you'd expect to  
> around 500k routes, becomes stable with 245k active routes and then  
> the originally stable connection starts to flap giving a Hold Timer  
> Expired Error.  This then keeps flapping.
>
> Whilst this first session is flapping there are no errors on the  
> interfaces to either AS1200 or AS1299.  However, whilst the session  
> is flapping I note that almost exactly 1mbits/sec is going out of  
> our new AS1299 connection and comming into our AS1200 connection.   
> This traffic however does not come onto our LAN as the gig  
> connection to our switch is showing none or very minimal traffic.
>
> The guys at AS1200 havent got back to me yet, but the guys from  
> AS1299 have told me to check my prefix-limit, but I dont currently  
> have this configured.  JTAC tell me my router is fine and my  
> configuration is correct.
>
> Anyone have an idea?  The providers seem to be stumped but this  
> leaves me with one peer disabled currently.
>
> Thanks,
>
> Lee
>
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list