Re: BGP between ASR1004 and Juniper

mwasimud09 · ‎09-24-2017

Hi Everyone

I am running into a very weird issue for about a month now.

One of our ISP has upgraded the ebgp peer from cisco to juniper on the ISP end.

We have ASR 1004 bgp peer on our end with dual ISPs using route-maps.

After the router replacement bgp was flapping and the fix was mss size to 1450 on our cisco asr 1004 bgp router. After that BGP is stable and i can see routes from that ISP. But some websites work means browsable and some dont browse.

i noticed what ever website that goes to this akamaiedge.net dont work(not browsable)

We do have another ISP and if i divert all the traffic to that one everything works fine.

and it started happening as soon the ISP BGP peer replaced the router.

With this new router we have copper 2gig etherchannel between ASR1004 to a layer 2 switch and then from layer 2 switch we have 2gig etherchannel multimode fiber between layer 2 switch to isp newly installed juniper router.

With old cisco router on isp end it was single mode fiber between layer 2 switch to the old ISP Cisco router.

so the difference is single mode to multimode and one wire to etherchannel.

Can any one please help identify where the problem is.

I have "no negotiate" and "speed1000"on the interfaces of asr1004 rotuer that goes to layer2 switch.

Flavio Miranda · ‎09-24-2017

Hi,

I think you are looking in too many directions. But, if BGP is working even though for some websites, this means that the physical connection is ok.

About the "non-browsable" websites, I'd take a look on DNS service first. When BGP routers finished route exchange it not expected for only some website stop working.

mwasimud09 · ‎09-25-2017

Thanks for you reply,

but DNS is not the issue as we host our own dns locally not through ISPs

Philip D'Ath · ‎09-24-2017

It sounds like you are experiencing an MTU squeeze. I would try a "ip tcp adjust-mss 1400" on the interface facing towards your uplinks with the issue.

mwasimud09 · ‎09-25-2017

I have the Portchannel going to the ISP router.

Should i try the MSS on portchannel or should i do it on interfaces in that portchannel.

I know interfaces should take the changes made on Po. but this is not the case on ASR1004 Router.

thanks.

mwasimud09 · ‎09-25-2017

orite. so here is what i found so far.

the ISP router is using mss size of 1448.

so i did tcp mss to 1448 on the interface going to ISP router.

I also changed the tcp mss global command to 1448 (it was 1450, we had to do it to fix the bgp flapping)

but still websites are not browsable. So i changed the mtu size on the local windows machine to 1490 and boom all the sites are browsable.

SO what am i missing on the bgp router. I dont want to change mtu size on every machine on the campus.

I am really close but still stuck.

Philip D'Ath · ‎09-25-2017

I think I would talk to your upstream first and say that you need a "clean" 1500 byte MTU as it is impacting your abiulity to use their service. I don't think I would stick with them if they can't provide that.

Failing that I would try adjusting the MSS to something like 1400 on the layer 3 interface facing towards that ISP.

mwasimud09 · ‎09-25-2017

Well according to the ISP the MTU is 1500 and MSS is 1448 on their router.

its just that when we dont have global tcp mss to 1450 the bgp wont stabilize.

i tried with 1400 on the interface and still no luck.

it only works when i change the mtu on the local PC machines.

Below are my config for the Portchannel and interfaces that go to the ISP router via a layer2 switch.

interface Port-channel3
ip address x.x.x.x
ip access-group 12 in
ip tcp adjust-mss 1400
no negotiation auto
bgp-policy source ip-qos-map
end
!
interface GigabitEthernet0/0/18
no ip address
ip tcp adjust-mss 1400
speed 1000
no negotiation auto
channel-group 3 mode active
!

interface GigabitEthernet0/0/19
no ip address
ip tcp adjust-mss 1400
speed 1000
no negotiation auto
channel-group 3 mode active

mwasimud09 · ‎09-25-2017

Problem fixed.

The juniper router calculates MTU differently and they (ISP) had to increase the MTU from 1500 to 1600 and boom. all the website are now browsable on our client PCs.

shaps · ‎09-26-2017

From what I remember the juniper adds the ethernet header (14bytes) when calculating the mtu on the wire