BGP flapping while peering with Cisco ASR - Hold timer expired error

Jimmy Halim jhalim at ap.equinix.com
Mon Apr 1 07:31:59 CEST 2013


Hi guys,

Interestingly, actually the BGP packets from that particular peers are not
hitting the permitted filter in my server:
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
dpt:bgp

Problem is solved after I changed the filter to:
ACCEPT     tcp  --  anywhere         anywhere            tcp dpt:bgp


I have no clue why only this peer is having the issue with my route
server. Let me know if you guys have any clue.

Thanks,
Jimmy




On 29/3/13 11:42 PM, "Martin Kraus" <martin.kraus at wujiman.net> wrote:

>On Fri, Mar 29, 2013 at 08:40:05PM +0800, Jimmy Halim wrote:
>> Hi guys,
>> 
>> We have just moved 1 of our route server from OpenBGPd to BIRD this
>> morning. However we were having issue bringing up 1 BGP session with our
>> peering that is running ASR. We keep getting hold timer expired error.
>>The
>> BGP keep flapping every 2 minutes.
>> 
>> From the tcpdump, I can see we are getting destination unreachable due
>>to
>> destination host is administratively prohibited.
>> 
>> Have u guys encountered this issue? All other BGP with other peering are
>> working ok. Below is the log from ASR..
>> 
>> Logs from ASR
>> -------------
>> 
>> RP/0/RP0/CPU0:Mar 29 07:48:19.078 UTC: bgp[1044]:
>>%ROUTING-BGP-5-ADJCHANGE
>> : neighbor 119.27.63.253 Up (VRF: default)
>> RP/0/RP0/CPU0:Mar 29 07:49:53.328 UTC: tcp[355]: %IP-TCP_NSR-5-DISABLED
>>:
>> 119.27.63.38:28514 <-> 119.27.63.253:179:: NSR disabled for TCP
>>connection
>> because Retransmission threshold exceeded
>> RP/0/RP0/CPU0:Mar 29 07:49:53.343 UTC: bgp[1044]:
>> %ROUTING-BGP-3-NBR_NSR_DISABLED : NSR disabled on neighbor 119.27.63.253
>> due to TCP retransmissions
>> RP/0/RP1/CPU0:Mar 29 07:49:53.357 UTC: bgp[1044]:
>> %ROUTING-BGP-5-NBR_NSR_DISABLED_STANDBY : NSR disabled on neighbor
>> 119.27.63.253 on standby due to Peer closing down the session (VRF:
>> default)
>
>Hi.
>Do your bgp tables sync between bird and ASR before the hold time
>expires? Or
>does it get stuck after it establishes and then closes down?
>
>I'd venture a guess that the administratively prohibited is what the ASR
>sends
>to the unix machine running bird, right? That might just be an access list
>blocking incoming tcp to port 179. I can see from the log that the
>connection
>is established from the ASR(port 28514) to the unix(port 179). Therefore
>it
>might be unrelated to the hold time expiration.
>
>mk




More information about the Bird-users mailing list