BGP logs

Unanswered Question
Aug 17th, 2009

Experts,

I am in process of troubleshooting a bouncing bgp session.

Scenerio : 2 routers running ebgp, connected via a L2 link. Config vise they are directly connected.

Problem: BGP bounces occassinally. No errors, drops observed on physical interface which is a gigabitethernet. Other side its an ATM interface. Dont have visibility to other router with ATM interface.

Logs:

%BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP Notification sent

%BGP-3-NOTIFICATION: sent to neighbor x.x.x.x 4/0 (hold time expired)

0 bytes

%BGP-5-ADJCHANGE: neighbor x.x.x.x Up

Questions:

1. BGP notification sent, does it mean that this router tearing down the session due to missing keepalives ?

2. What does 4/0 and 0 bytes indicate in 2nd statement of log ?

Any suggestion/idea will be helpful.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Mohamed Sobair Mon, 08/17/2009 - 03:59

Hi,

I am not sure about your physical connectivity but the answers to your questions are:

1- Yes, the session is teared down due to three missing keepalives.

2- the 4/0 means the neighbor is (Unreachable).

HTH

Mohamed

Giuseppe Larosa Mon, 08/17/2009 - 04:06

Hello Chetan,

1) yes your understanding is correct: local node sends a BGP notification because it has failed to receive BGP keepalives from neighbor.

2)

4/0 this should be Error Code and Error subcode for hold time expiration

see

http://www.ietf.org/rfc/rfc4271.txt

I suggest you to verify with the counterpart if they implement QoS to protect BGP messages: some router platforms like C7500 or C7200 hasn't the hidden system queue for handling routing protocol messages and requires an explicit configuration in order to protect the messages and to give them priority over user traffic.

Also Check the usage of the PVC and for ATM errors with

sh atm pvc x/y

Hope to help

Giuseppe

chetanmahendroo Mon, 08/17/2009 - 04:22

Experts,

Thanks for your time and explanations.

Link is not heavily utilized so protecting control plane traffic can be ignored.

Actually Telco has already cleared their part of physical layer, so i am exploring the possibilities of bgp bouncing by understanding the logs.

BTW log : %BGP-3-NOTIFICATION

What does " 3 " indicate here ?

Regards

Actions

This Discussion