We have limits of 100 set for as path length on the upstream routers, this did not solve the problem.
I think the issue almost has to be 32 bit ASNs. The router on our network that was ingressing the troublesome prefix was/is running s72033-adventerprisek9_wan-mz.122-33.SXI1.bin and it was unaffected, the affected routers were all either customers on other non-affected routers or iBGP peers of the router where the prefix came into the network. John van Oppen Spectrum Networks http://spectrumnetworks.us Direct: 206.973.8302 Main: 206.973.8300 -----Original Message----- From: Rodney Dunn [mailto:rod...@cisco.com] Sent: Thursday, June 17, 2010 7:09 AM To: Gordon Bezzina Cc: John van Oppen; 'Kostas Fotiadis'; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] Continous BGP session resets on SRD3 We are working to get some clarification on this. In the interim... Can anyone prove they saw this when either: a) The upstream speaker did not have the AS Path limit configured to something lower (say less than 200)? b) The upstream speaker was running with code *newer* than one of these: 15.1(01.07.01)PIA14 15.1(01.05.01)PIA13 15.1(01)XB 15.0(01.01)SID 15.0(01)M 12.4(24.06.06)PIL12 12.4(24.06.05)PIB12 12.4(24.06)PI11l 12.2(33.01.21)MCP05 12.2(33)ZI 12.2(33)XNE 12.2(33)SXI02 12.2(32.08.17)REC186 12.2(32.08.15)YCA273.10 12.2(32.08.11)XJC273.11 12.2(32.08.11)SX277 12.2(32.08.06)YCA246.10 12.2(32.08.01)YCA273.15 12.0(32)SY10 From what Shimol and I appear to have gleaned so far it's an issue between a 4byte AS (new) speaker and and non 4 byte (old) speaker *and* the 4byte AS (new) upstream speaker is on a version of code older than one of the ones above. Can folks confirm/deny if their deployment where they saw this either did or did not match those conditions above? Read it carefully as it can be tricky. Thanks, Rodney On 6/17/10 12:19 AM, Gordon Bezzina wrote: > Hi, > > The other end is a GSR, but I do not have control on. > Anyhow performed emergency upgrade my 7600 from SRD3 to SRE1, did the trick. > > It now works without any problems. > > Thanks to all. > > Best Regards > Gordon > > -----Original Message----- > From: John van Oppen [mailto:jvanop...@spectrumnet.us] > Sent: L-Erbgħa, 16 ta' Ġunju 2010 17:43 > To: Kostas Fotiadis; Gordon Bezzina > Cc: cisco-nsp@puck.nether.net > Subject: RE: [c-nsp] Continous BGP session resets on SRD3 > > We saw this issue about 8 hours ago too... It appeared to affect GSRs > running anything older than gsr-k4p-mz.120-32.SY9.bin as well as 7200s > running non-current versions of IOS. Our 6500s were all fine but they > are all running at least s72033-adventerprisek9_wan-mz.122-33.SXI1.bin. > > This sure looked like it was tickling CSCeh13489 but we already limit the > maximum AS-path length to well-under 255 and that did not seem to protect us. > We ended up doing an emergency upgrade of the GSRs involved. > > > John van Oppen > Spectrum Networks > Direct: 206-973-8302 > Main: 206-973-8300 > > ________________________________________ > From: cisco-nsp-boun...@puck.nether.net [cisco-nsp-boun...@puck.nether.net] > on behalf of Kostas Fotiadis [kostas.fotia...@oteglobe.net] > Sent: Wednesday, June 16, 2010 4:41 AM > To: Gordon Bezzina > Cc: cisco-nsp@puck.nether.net > Subject: Re: [c-nsp] Continous BGP session resets on SRD3 > > Hi Gordon, > > Just hang-up the phone with TAC. > We also had the same issue this morning. > One session was iBGP and the other eBGP. > Engineer said, undocumented bug, needs to do more research and get back to be. > Don't know what he did and fix it. I guess you need to open a case... > > Good luck, > Kostas > > > On 16/6/2010 12:37 μμ, Gordon Bezzina wrote: >> Hi, >> >> Since this morning I am experiencing a weird problem on one of my full >> feeds link. >> My router is a 7606 with dual RSP720-3CXL-GE and running SRD3. >> >> I have a multihop bgp peer to get the full bgp feed from my customer. >> >> Suddenly this morning the connection started flapping. With the >> following error message: >> >> Jun 16 07:40:03 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX Up >> Jun 16 07:42:36 CEST: %BGP-5-ADJCHANGE: neighbor W.X.Y.Z vpn vrf XX >> Down BGP Notification sent Jun 16 07:42:36 CEST: %BGP-3-NOTIFICATION: >> sent to neighbor W.X.Y.Z 3/4 (invalid flags for attribute) 3 bytes >> 000000 >> 15w6d: BGP: 217.15.96.9 Bad attributes Jun 16 07:42:36 CEST: >> %BGP-4-MSGDUMP: unsupported or mal-formatted message received from >> W.X.Y.Z: >> FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 012B 0200 0001 1040 0101 02C0 >> 119A >> 0226 >> 0000 3D77 0000 22E0 0000 04F9 0000 3065 0003 0065 0003 0065 0000 C288 >> 0000 >> 22E4 >> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 >> 0000 >> 22E4 >> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 >> 0000 >> 22E4 >> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 >> 0000 >> 22E4 >> 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 0000 22E4 4002 4E02 >> 263D >> 7722 >> E004 F930 655B A05B A0C2 8822 E422 E422 E422 E422 E422 E422 E422 E422 >> E422 >> E422 >> >> Jun 16 07:42:42 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor W.X.Y.Z IPv4 >> Unicast vpn vrf XX topology base removed from session BGP >> Notification sent >> >> The sequence is as follows: >> It basically goes up, starts getting the feed, then at around 290K >> routes it logs this error and resets the session. It will Then start >> over again. >> >> Note that this does not seem to be the route dampening issue - I do >> not even have dampening enabled on my router. >> >> Also mls cef is set at 350K for IPv4 and free RAM is over 1G >> >> Any ideas? >> >> Thanks/Regards >> Gordon >> >> _______________________________________________ >> cisco-nsp mailing list cisco-nsp@puck.nether.net >> https://puck.nether.net/mailman/listinfo/cisco-nsp >> archive at http://puck.nether.net/pipermail/cisco-nsp/ >> >> >> > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/