On Wed, 6 May 2015 10:53:38 +0000 (UTC) Stuart Henderson <s...@spacehopper.org> wrote:
> Can you get a packet capture of TCP port 179 during a failure? > > tcpdump -i <interface> -w bgp.`date +%Y%m%d-%H%M`.pcap -s1500 tcp and > port 179 > > It might be best to run it from a script run from cron which pkills > tcpdump and rotates the file to avoid having huge files. I am capturing packets on interface facing problematic ISP, and I will send pcap files if/when bgpd crashes again. > Any idea what software (version number may be relevant too) your > neighbours are using? Or at least what hardware vendor shows up in > their MAC address? Their MAC is 54:75:d0:45:8f:00 which appears to be Cisco. In the meantime I contacted this ISP's support and told them they are crashing my bgpd, probably because they are sending me non-standard bgp packets which do not start with all-ones, as the standard requires. The guy didn't have much idea what I was speaking about, but he said he will forward request to network engineers. An hour later he contacted me back, saying that "they indeed found some irregularities which are now fixed". He couldn't give me the details. If my bgpd crashes again I will have pcap files ready. Also, if there is anything else I can do to help troubleshoot this I'd be glad to participate. Regards, -- Marko Cupać https://www.mimar.rs