BGP flapping while peering with Cisco ASR - Hold timer expired error

Jimmy Halim jhalim at
Mon Apr 1 07:31:59 CEST 2013

Hi guys,

Interestingly, actually the BGP packets from that particular peers are not
hitting the permitted filter in my server:
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp

Problem is solved after I changed the filter to:
ACCEPT     tcp  --  anywhere         anywhere            tcp dpt:bgp

I have no clue why only this peer is having the issue with my route
server. Let me know if you guys have any clue.


On 29/3/13 11:42 PM, "Martin Kraus" <martin.kraus at> wrote:

>On Fri, Mar 29, 2013 at 08:40:05PM +0800, Jimmy Halim wrote:
>> Hi guys,
>> We have just moved 1 of our route server from OpenBGPd to BIRD this
>> morning. However we were having issue bringing up 1 BGP session with our
>> peering that is running ASR. We keep getting hold timer expired error.
>> BGP keep flapping every 2 minutes.
>> From the tcpdump, I can see we are getting destination unreachable due
>> destination host is administratively prohibited.
>> Have u guys encountered this issue? All other BGP with other peering are
>> working ok. Below is the log from ASR..
>> Logs from ASR
>> -------------
>> RP/0/RP0/CPU0:Mar 29 07:48:19.078 UTC: bgp[1044]:
>> : neighbor Up (VRF: default)
>> RP/0/RP0/CPU0:Mar 29 07:49:53.328 UTC: tcp[355]: %IP-TCP_NSR-5-DISABLED
>> <-> NSR disabled for TCP
>> because Retransmission threshold exceeded
>> RP/0/RP0/CPU0:Mar 29 07:49:53.343 UTC: bgp[1044]:
>> %ROUTING-BGP-3-NBR_NSR_DISABLED : NSR disabled on neighbor
>> due to TCP retransmissions
>> RP/0/RP1/CPU0:Mar 29 07:49:53.357 UTC: bgp[1044]:
>> %ROUTING-BGP-5-NBR_NSR_DISABLED_STANDBY : NSR disabled on neighbor
>> on standby due to Peer closing down the session (VRF:
>> default)
>Do your bgp tables sync between bird and ASR before the hold time
>expires? Or
>does it get stuck after it establishes and then closes down?
>I'd venture a guess that the administratively prohibited is what the ASR
>to the unix machine running bird, right? That might just be an access list
>blocking incoming tcp to port 179. I can see from the log that the
>is established from the ASR(port 28514) to the unix(port 179). Therefore
>might be unrelated to the hold time expiration.

More information about the Bird-users mailing list