Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6665
Views
8
Helpful
4
Replies

BGP logs

chetanmahendroo
Level 1
Level 1

‎08-17-2009 01:00 AM - edited ‎03-04-2019 05:45 AM

Experts,

I am in process of troubleshooting a bouncing bgp session.

Scenerio : 2 routers running ebgp, connected via a L2 link. Config vise they are directly connected.

Problem: BGP bounces occassinally. No errors, drops observed on physical interface which is a gigabitethernet. Other side its an ATM interface. Dont have visibility to other router with ATM interface.

Logs:

%BGP-5-ADJCHANGE: neighbor x.x.x.x Down BGP Notification sent

%BGP-3-NOTIFICATION: sent to neighbor x.x.x.x 4/0 (hold time expired)

0 bytes

%BGP-5-ADJCHANGE: neighbor x.x.x.x Up

Questions:

1. BGP notification sent, does it mean that this router tearing down the session due to missing keepalives ?

2. What does 4/0 and 0 bytes indicate in 2nd statement of log ?

Any suggestion/idea will be helpful.

Labels:
0 Helpful
4 Replies 4

Mohamed Sobair
Level 7
Level 7

‎08-17-2009 03:59 AM

Hi,

I am not sure about your physical connectivity but the answers to your questions are:

1- Yes, the session is teared down due to three missing keepalives.

2- the 4/0 means the neighbor is (Unreachable).

HTH

Mohamed

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-17-2009 04:06 AM

Hello Chetan,

1) yes your understanding is correct: local node sends a BGP notification because it has failed to receive BGP keepalives from neighbor.

2)

4/0 this should be Error Code and Error subcode for hold time expiration

see

http://www.ietf.org/rfc/rfc4271.txt

I suggest you to verify with the counterpart if they implement QoS to protect BGP messages: some router platforms like C7500 or C7200 hasn't the hidden system queue for handling routing protocol messages and requires an explicit configuration in order to protect the messages and to give them priority over user traffic.

Also Check the usage of the PVC and for ATM errors with

sh atm pvc x/y

Hope to help

Giuseppe

chetanmahendroo
Level 1
Level 1
In response to Giuseppe Larosa

‎08-17-2009 04:22 AM

Experts,

Thanks for your time and explanations.

Link is not heavily utilized so protecting control plane traffic can be ignored.

Actually Telco has already cleared their part of physical layer, so i am exploring the possibilities of bgp bouncing by understanding the logs.

BTW log : %BGP-3-NOTIFICATION

What does " 3 " indicate here ?

Regards

0 Helpful

vishwancc
Level 3
Level 3
In response to chetanmahendroo

‎08-18-2009 09:09 PM

Hi Chetan,

3 denotes the how critical is the message it range from 0 to 7 these are only informational messages .

I will suggest to run some debug commands for that particular neigbour .

You could use this link to check the possible causes

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009478a.shtml#bgp_trouble_neighbor.

Chao

Vishwa

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card