ASR 9006 BGP Idle to active

Unanswered Question
Sep 23rd, 2011

HI, yesterday at night, I try to migrate a JUNIPER to ASR. The BGP configuration is very simple, but the BGP n never UP,  with show bgp nei every time  stay en ACTVE mode.  Attached the configuration and the  show log.  TOday I will be do Labs   between  JUnipero and ASR 9006.

router bgp 20299

address-family ipv4 unicast

  network 186.32.128.0/19

  network 186.32.224.0/20

  network 190.4.31.92/30

  network ...............

  net....etc

neighbor 190.4.31.93

  remote-as 23383

  description BGP - NAVEGA 3xSTM1

  address-family ipv4 unicast

   route-policy out-navega out

   remove-private-AS

  !

!

neighbor 190.4.32.25

  remote-as 23383

  description BGP - NAVEGA 1xSTM1

  address-family ipv4 unicast

   remove-private-AS

  !

!

prefix-set amnet-sps-cable-out-navega

  186.32.128.0/19,

  186.32.224.0/20,

  190.53.48.0/20,

  190.53.192.0/19

  end-set

!

prefix-set home-sps-out-navega-columbus

  205.211.192.0/22,

  205.211.201.0/24,

  205.211.218.0/23,

  205.211.220.0/23,

  205.211.244.0/22,

  205.211.248.0/21,

  205.211.222.0/23,

  205.211.233.0/24,

  200.12.227.0/24,

  190.53.48.0/20

  end-set

route-policy out-navega

  if destination in amnet-sps-cable-out-navega then

    pass

  endif

  end-policy

!

route-policy out-navega-1xSTM1

  if destination in home-sps-out-navega-columbus then

    pass

  else

    drop

  endif

  end-policy

sho log

RP/0/RSP1/CPU0:Sep 23 09:47:11.897 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5b6ef) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:47:12.506 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5763f) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:47:13.108 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5e773) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:47:48.562 : tcp[378]: [t14] Queue pak (0xddc5e20f): 190.4.31.93:50004 -> 190.4.31.94:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:47:52.609 : tcp[378]: [t13] Queue pak (0xddc5e773): 190.4.32.25:53139 -> 190.4.32.26:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:47:57.591 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5de77) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:47:58.146 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5dadf) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:47:58.749 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5d1e3) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:16.122 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5b6ef) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:16.872 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5e20f) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:17.623 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5d1e3) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:19.118 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5b6ef) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:19.690 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5d1e3) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:48:20.193 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5e773) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:49:57.325 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5d913) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:49:57.995 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5b6ef) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:49:58.648 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5b6ef) and send a RST

RP/0/RSP1/CPU0:Sep 23 09:51:13.572 : tcp[378]: [t12] Queue pak (0xddc5dadf): 190.4.31.93:51562 -> 190.4.31.94:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:51:37.532 : tcp[378]: [t18] Queue pak (0xddc5dadf): 190.4.32.25:58976 -> 190.4.32.26:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:52:17.590 : tcp[378]: [t16] Queue pak (0xddc5d913): 190.4.31.93:54254 -> 190.4.31.94:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:52:41.549 : tcp[378]: [t16] Queue pak (0xddc5e043): 190.4.32.25:50350 -> 190.4.32.26:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:53:21.607 : tcp[378]: [t15] Queue pak (0xddc5e043): 190.4.31.93:50893 -> 190.4.31.94:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:54:05.567 : tcp[378]: [t15] Queue pak (0xddc5e773): 190.4.32.25:64285 -> 190.4.32.26:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:54:25.629 : tcp[378]: [t18] Queue pak (0xddc5763f): 190.4.31.93:51608 -> 190.4.31.94:179 len=45 FAILED

RP/0/RSP1/CPU0:Sep 23 09:55:09.587 : tcp[378]: [t13] Queue pak (0xddc5b6ef): 190.4.32.25:62523 -> 190.4.32.26:179 len=45 FAILED

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
dpothier Fri, 09/23/2011 - 12:23

hi Luis,

For eBGP you need an inbound and outbound RPL route-policy or by default we will drop everything. This is only for eBGP, not required for iBGP.

http://www.cisco.com/en/US/docs/routers/asr9000/software/asr9k_r4.1/routing/configuration/guide/routing_cg41asr9k_chapter1.html#con_1750580

example:

route-policy ebgp

pass

end-policy

apply in and out for the eBGP neighbor.

regards,

David Pothier

Cisco Systems

lcoghi001 Fri, 09/23/2011 - 12:35

Hi David and thanks i configured  this in the  bgp neigbor configure





neighbor 190.4.31.93

  remote-as 23383

  description BGP - NAVEGA 3xSTM1

  address-family ipv4 unicast

   route-policy out-navega out

   remove-private-AS

in this policy I try to delimit  which network want advertise  to my bgp neighbor. In my firts post   copie the complete config but I don't  if my  route policy is wrong.

dpothier Fri, 09/23/2011 - 12:53

hi Luis,

You have an outbound route-policy, but your missing an inbound route-policy.

You need to add an inbound route-policy for the eBGP neighbor.

Also - please send the output of  "sho run lpts pifib hardware police flow", I want to verify that you are using the default lpts policer flows.

regards,

David Pothier

Cisco Systems

lcoghi001 Fri, 09/23/2011 - 13:03

HI, about the  inboudn policy i will the configure in afew minutes  in a litle labs, and the command doesn't work  check the  output

RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police flow

                                                           ^

% Invalid input detected at '^' marker.

RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police?        

police 

RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?

  location  Location Specification RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police flow
                                                           ^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police?        
police 
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
  location  Location Specification

RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware ?              
  police  ingress policers configuration command
  tcam    pre-ifib tcam configuration commands
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware tcam ?
  limit  Set upper TCAM size limit
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
  location  Location Specification
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
  location  Location Specification
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location ?
  0/2/CPU0     Enter Location
  0/RSP0/CPU0  Enter Location
  0/RSP1/CPU0  Enter Location
  WORD         Enter Location
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/RSP0/CPU0
                                                    ^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/RSP1/CPU0
                                                    ^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/2/CPU0  
Fri Sep 23 19:58:24.728 UTC
% No such configuration item(s)

RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location flow   
                                                                    ^
% Invalid input detected at '^' marker.

xthuijs Sat, 09/24/2011 - 09:44

Hi Luis,

Check this command:

RP/0/RSP0/CPU0:A9K-BNG#show lpts pifib hardware police location 0/0/CPU0 | i BGP

that will tell us the police rate for the BGP flows

Also can you show us the configuration for the interface that holds the ip address

190.4.32.26 and 190.4.31.94

The issue is that the BGP packets from the peer don't reach the 9k's bgp process hence it'll toggle between idle/active state.

I have also seen this error when the capabilities from the peer are different then ours like for isntance the remote side wants to initiate the AF for ipv6 or mismatched GR config on either side.

One thing to easily verify is from the peer to do a "telnet 179" and see if the telnet wants to establish, if it does, then everything up to TCP is perfectly fine.

In that case a debug on the bgp neighborship establishment would be helpful:

debug bgp

debug bgp io

debug bgp

debug bgp events

xander

lcoghi001 Wed, 09/28/2011 - 22:01

Hi Guys

The last saturday  we found a post about problems with ASR  interconnection  with Juniper M10i and  the solution was the router id configuration. We configured  ROUTER ID and the BGP  pass  the active to establish status immediately and wonrking good.

Thanks alot for all your help.

Actions

Login or Register to take actions

This Discussion

Posted September 23, 2011 at 11:47 AM
Stats:
Replies:6 Avg. Rating:
Views:1847 Votes:0
Shares:0
Tags: ios, bgp, asr, xr
+

Related Content

Discussions Leaderboard