Yes, enabling "ip tcp path-mtu-discovey" in the other end solves this:
1) The 6500 initiates the session and has "ip tcp path-mtu-discovey". The other end does not: 6500# 00:13:01: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 1.1.1.1(11002) -> 7.7.7.7(179), 1 packet 00:13:04: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 10.10.10.1(11003) -> 10.10.10.7(179), 1 packet 6500# 00:13:05: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up 00:13:05: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up 6500# 6500# 6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data) Datagrams (max data segment is 1460 bytes): 6500# 6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data) Datagrams (max data segment is 536 bytes): 6500# 6500# 2) "ip tcp path-mtu-discovey" was configured in the other end and the sessions were cleared: 00:14:19: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Down Peer closed the session 00:14:19: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Down Peer closed the session 6500# 6500# 6500# 00:14:45: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 10.10.10.1(11004) -> 10.10.10.7(179), 1 packet 00:14:47: %BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up 6500# 00:14:47: %SEC-6-IPACCESSLOGP: list bgp-control denied tcp 1.1.1.1(11005) -> 7.7.7.7(179), 1 packet 00:14:48: %BGP-5-ADJCHANGE: neighbor 1.1.1.1 Up 6500# 6500# 6500# 6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data) Datagrams (max data segment is 1460 bytes): 6500# 6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data) Datagrams (max data segment is 1460 bytes): 6500# Valid for both iBGP and eBGP. Thanks. Antonio Soares, CCIE #18473 (R&S) amsoa...@netcabo.pt -----Original Message----- From: Oliver Boehmer (oboehmer) [mailto:oboeh...@cisco.com] Sent: quinta-feira, 19 de Fevereiro de 2009 19:32 To: Antonio Soares; Phil Mayers Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] BGP MSS=576 bytes Antonio Soares <> wrote on Thursday, February 19, 2009 18:38: > This is what i got with 12.2(18)SXF15a and "ip tcp path-mtu-discovery" > enabled: > > 6500#sh ip bgp neighbors 1.1.1.1 | inc (path-mtu|max data) Datagrams > (max data segment is 536 bytes): > 6500# > 6500# > 6500#sh ip bgp neighbors 10.10.10.1 | inc (path-mtu|max data) > Datagrams (max data segment is 1460 bytes): > 6500# > > MSS=1460 for directly connected peerings and MSS=536 for non-directly > connected peerings. Got the same behavior for iBGP and eBGP. did you enable it on both ends and did you reset the session? > So basically it didn't work as i was expecting. It seems SXI puts some > order here. As far as I know, SXI allows to enable/disable PMTUD per BGP neighbor, and defaults to PMTUD being enabled.. oli > > -----Original Message----- > From: cisco-nsp-boun...@puck.nether.net > [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Phil Mayers > Sent: domingo, 15 de Fevereiro de 2009 11:53 > To: Antonio M. Soares > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] BGP MSS=576 bytes > > Antonio M. Soares wrote: >> Hello group, >> >> I have a 6500 running 122-18.SXF7 with lots of BGP peers and all of >> the BGP sessions have negotiated a MSS of 536 bytes. Here's an > > I think you need a newer IOS. Certainly under SXI I see: > > ac-core#sh ip bgp neighbors | inc path-mtu|max data seg > Transport(tcp) path-mtu-discovery is enabled Datagrams (max data > segment is 536 bytes): Transport(tcp) path-mtu-discovery is > enabled Datagrams (max data segment is 1460 bytes): Transport(tcp) > path-mtu-discovery is enabled Datagrams (max data segment is 9060 > bytes): Transport(tcp) path-mtu-discovery is enabled Datagrams (max > data segment is 536 bytes): > > ...depending on whether the neighbor is similarly equipped to be > jumbo-framed and PMTU. _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/