A could place to look for guidelines regarding securing your BGP sessions properly ( and your router )
http://www.team-cymru.org/Services/Bogons/ Best Regards William Jackson Technical Department Sapphire Networks -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shane Ronan Sent: 06 July 2008 03:28 To: Lee Hetherington Cc: <juniper-nsp@puck.nether.net> Subject: Re: [j-nsp] Odd BGP Issue Just because I am curious, neither of the providers or JTAC thought of the solutions I did? Sent from my iPhone On Jul 5, 2008, at 11:45 AM, "Lee Hetherington" <[EMAIL PROTECTED] > wrote: > Hi All, > > I have a very odd problem with a J Series router and wonder if > anyone can help, as neither our providers nor JTAC can shed any > light on this one. > > We have a J2320-JH, it has a Link to AS1200 over a 2meg serial x.21 > connection and then a 100meg connection to AS1299 over ethernet. I > have bgp from our as accepting ANY from them and announcing a > single /23 network to them. > > My original 2meg connection has been stable and running a BGP > session with no flapping for almost 3 weeks now. As soon as I > introduce the new peer, the route table increases as you'd expect to > around 500k routes, becomes stable with 245k active routes and then > the originally stable connection starts to flap giving a Hold Timer > Expired Error. This then keeps flapping. > > Whilst this first session is flapping there are no errors on the > interfaces to either AS1200 or AS1299. However, whilst the session > is flapping I note that almost exactly 1mbits/sec is going out of > our new AS1299 connection and comming into our AS1200 connection. > This traffic however does not come onto our LAN as the gig > connection to our switch is showing none or very minimal traffic. > > The guys at AS1200 havent got back to me yet, but the guys from > AS1299 have told me to check my prefix-limit, but I dont currently > have this configured. JTAC tell me my router is fine and my > configuration is correct. > > Anyone have an idea? The providers seem to be stumped but this > leaves me with one peer disabled currently. > > Thanks, > > Lee > > > > _______________________________________________ > juniper-nsp mailing list juniper-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp