[j-nsp] SRX 550 BGP Flapping

Payam Chychi pchychi at gmail.com
Tue Jan 30 04:35:07 EST 2018 

On Mon, Jan 29, 2018 at 10:31 PM sameer mughal <pcs.sameer1 at gmail.com>
wrote:

> Thanks for the reply.
> Can you please help me how can I check and correct this ?
>
> <
> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon
> >
> Virus-free.
> www.avast.com
> <
> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link
> >
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> On Tue, Jan 30, 2018 at 11:25 AM, Emille Blanc <
> emille at abccommunications.com
> > wrote:
>
> > You might want to check the MTU of the path, or ensure that pmtu is
> > enabled.
> > It looks like you're using a redundant ethernet interface (reth). If
> > you're using a non-standard MTU, make sure it is set correctly for its
> > member interface(s).
> >
> > ________________________________________
> > From: juniper-nsp [juniper-nsp-bounces at puck.nether.net] On Behalf Of
> > sameer mughal [pcs.sameer1 at gmail.com]
> > Sent: Monday, January 29, 2018 8:20 PM
> > To: juniper-nsp at puck.nether.net
> > Subject: Re: [j-nsp] SRX 550 BGP Flapping
> >
> > I have seen hold time error. what will be the fix on this issue?
> >
> > show bgp neighbor xx.xx.xx.xx
> > Peer: xx.xx.xx.xx+179 AS xxxx  Local: xx.xx.xx.xx+56228 AS xxxx
> >   Type: External    State: Established    Flags: <Sync>
> >   Last State: OpenConfirm   Last Event: RecvKeepAlive
> >   Last Error: Hold Timer Expired Error
> >   Export: [ IMPORT-LAN-INTO-BGP ] Import: [ Reject-BGP ]
> >   Options: <Preference LocalAddress AuthKey PeerAS Refresh>
> >   Options: <AdvertisePeerAs>
> >   Authentication key is configured
> >   Local Address: xx.xx.xx.xx Holdtime: 90 Preference: 170
> >   Number of flaps: 30
> >   Last flap event: HoldTime
> >   Error: 'Hold Timer Expired Error' Sent: 30 Recv: 0
> >   Peer ID: xx.xx.xx.xx Local ID: xx.xx.xx.xx       Active Holdtime: 90
> >   Keepalive Interval: 30         Group index: 0    Peer index: 0
> >   BFD: disabled, down
> >   Local Interface: reth2.0
> >   NLRI for restart configured on peer: inet-unicast
> >   NLRI advertised by peer: inet-unicast
> >   NLRI for this session: inet-unicast
> >   Peer supports Refresh capability (2)
> >   Stale routes from peer are kept for: 300
> >   Peer does not support Restarter functionality
> >   Peer does not support Receiver functionality
> >   Peer does not support LLGR Restarter or Receiver functionality
> >   Peer supports 4 byte AS extension (peer-as xx.xx.xx.xx)
> >   Peer does not support Addpath
> >   Table inet.0 Bit: 10000
> >     RIB State: BGP restart is complete
> >
> > <https://www.avast.com/sig-email?utm_medium=email&utm_
> > source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
> > Virus-free.
> > www.avast.com
> > <https://www.avast.com/sig-email?utm_medium=email&utm_
> > source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
> > <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> >
> > On Tue, Jan 30, 2018 at 9:14 AM, sameer mughal <pcs.sameer1 at gmail.com>
> > wrote:
> >
> > > Hi,
> > > Can anyone help me on this bgp flapping issue?
> > >
> > > show bgp summary
> > > Groups: 1 Peers: 1 Down peers: 0
> > > Table          Tot Paths  Act Paths Suppressed    History Damp State
> > > Pending
> > > inet.0
> > >                       37         31          0          0          0
> > >     0
> > > Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last
> > > Up/Dwn State|#Active/Received/Accepted/Damped...
> > > xx.xx.xx.xx         9541         86         70       0      *30 *
> > >  28:28 31/37/36/0           0/0/0/0
> > >
> > > {primary:node0}
> > >
> > > Peer: xx.xx.xx.xx +179 AS 9541 Local: xx.xx.xx.xx +56228 AS 64520
> > >   Type: External    State: Established    Flags: <Sync>
> > >   Last State: OpenConfirm   Last Event: RecvKeepAlive
> > >   Last Error: Hold Timer Expired Error
> > >   Export: [ IMPORT-LAN-INTO-BGP ] Import: [ Reject-BGP ]
> > >   Options: <Preference LocalAddress AuthKey PeerAS Refresh>
> > >   Options: <AdvertisePeerAs>
> > >   Authentication key is configured
> > >   Local Address: 192.168.111.74 Holdtime: 90 Preference: 170
> > >   Number of flaps: 30
> > >   Last flap event: HoldTime
> > >   Error: 'Hold Timer Expired Error' Sent: 30 Recv: 0
> > >   Peer ID: xx.xx.xx.xx Local ID: xx.xx.xx.xx        Active Holdtime: 90
> > >   Keepalive Interval: 30         Group index: 0    Peer index: 0
> > >   BFD: disabled, down
> > >   Local Interface: reth2.0
> > >   NLRI for restart configured on peer: inet-unicast
> > >   NLRI advertised by peer: inet-unicast
> > >   NLRI for this session: inet-unicast
> > >   Peer supports Refresh capability (2)
> > >   Stale routes from peer are kept for: 300
> > >   Peer does not support Restarter functionality
> > >   Peer does not support Receiver functionality
> > >   Peer does not support LLGR Restarter or Receiver functionality
> > >   Peer supports 4 byte AS extension (peer-as 9541)
> > >   Peer does not support Addpath
> > >   Table inet.0 Bit: 10000
> > >     RIB State: BGP restart is complete
> > >     Send state: in sync
> > >     Active prefixes:              31
> > >     Received prefixes:            37
> > >     Accepted prefixes:            36
> > >     Suppressed due to damping:    0
> > >     Advertised prefixes:          48
> > >   Last traffic (seconds): Received 28   Sent 10   Checked 58
> > >   Input messages:  Total 80     Updates 30      Refreshes 0     Octets
> > 2749
> > >   Output messages: Total 64     Updates 5       Refreshes 0     Octets
> > 1618
> > >   Output Queue[0]: 0            (inet.0, inet-unicast)
> > >
> > >
> > > <https://www.avast.com/sig-email?utm_medium=email&utm_
> > source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=icon>
> > Virus-free.
> > > www.avast.com
> > > <https://www.avast.com/sig-email?utm_medium=email&utm_
> > source=link&utm_campaign=sig-email&utm_content=webmail&utm_term=link>
> > > <#m_-4192711485207260329_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> > >
> > _______________________________________________
> > juniper-nsp mailing list juniper-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/juniper-nsp
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
He was pretty clear, you need to set the interface mtu to proper level
(default 1500) unless you have smaller/mix mtu values in your network/path.

As an alternative, you can set pmtu to help packets determine the proper
mtu value between connections.

Lastly, you should be able to set mss to aid with mixed mtu values.
Discover the lowest mtu and then -40 bytes.

Simplest thing to do is lookup these things via google so you can have a
better idea on how they operate. (Like, using ping to determine mtu value
between you and a remote location)

Good luck

-- 
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer

More information about the juniper-nsp mailing list