BGP flapping while peering with Cisco ASR - Hold timer expired error
jhalim at ap.equinix.com
Mon Apr 1 07:31:59 CEST 2013
Interestingly, actually the BGP packets from that particular peers are not
hitting the permitted filter in my server:
ACCEPT tcp -- anywhere anywhere state NEW tcp
Problem is solved after I changed the filter to:
ACCEPT tcp -- anywhere anywhere tcp dpt:bgp
I have no clue why only this peer is having the issue with my route
server. Let me know if you guys have any clue.
On 29/3/13 11:42 PM, "Martin Kraus" <martin.kraus at wujiman.net> wrote:
>On Fri, Mar 29, 2013 at 08:40:05PM +0800, Jimmy Halim wrote:
>> Hi guys,
>> We have just moved 1 of our route server from OpenBGPd to BIRD this
>> morning. However we were having issue bringing up 1 BGP session with our
>> peering that is running ASR. We keep getting hold timer expired error.
>> BGP keep flapping every 2 minutes.
>> From the tcpdump, I can see we are getting destination unreachable due
>> destination host is administratively prohibited.
>> Have u guys encountered this issue? All other BGP with other peering are
>> working ok. Below is the log from ASR..
>> Logs from ASR
>> RP/0/RP0/CPU0:Mar 29 07:48:19.078 UTC: bgp:
>> : neighbor 184.108.40.206 Up (VRF: default)
>> RP/0/RP0/CPU0:Mar 29 07:49:53.328 UTC: tcp: %IP-TCP_NSR-5-DISABLED
>> 220.127.116.11:28514 <-> 18.104.22.168:179:: NSR disabled for TCP
>> because Retransmission threshold exceeded
>> RP/0/RP0/CPU0:Mar 29 07:49:53.343 UTC: bgp:
>> %ROUTING-BGP-3-NBR_NSR_DISABLED : NSR disabled on neighbor 22.214.171.124
>> due to TCP retransmissions
>> RP/0/RP1/CPU0:Mar 29 07:49:53.357 UTC: bgp:
>> %ROUTING-BGP-5-NBR_NSR_DISABLED_STANDBY : NSR disabled on neighbor
>> 126.96.36.199 on standby due to Peer closing down the session (VRF:
>Do your bgp tables sync between bird and ASR before the hold time
>does it get stuck after it establishes and then closes down?
>I'd venture a guess that the administratively prohibited is what the ASR
>to the unix machine running bird, right? That might just be an access list
>blocking incoming tcp to port 179. I can see from the log that the
>is established from the ASR(port 28514) to the unix(port 179). Therefore
>might be unrelated to the hold time expiration.
More information about the Bird-users