Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3394
Views
7
Helpful
7
Replies

BGP Dropping every 3 minutes

mshirley551
Level 1
Level 1

‎08-23-2013 03:20 AM - edited ‎03-04-2019 08:51 PM

I have the following connectivity:

CE - CIG IPSEC tunnel which is up and i can hop across from Cig to CE.

BGP neighbor relationship betwenn CE and CIG resets every 3 minutes.  I have tried bouncing the tunnel and clearing down to the crypto etc but nothing works.  Get the following in the logs:

Help please???

Labels:
0 Helpful
7 Replies 7

John Blakley
VIP Alumni
VIP Alumni

‎08-23-2013 04:22 AM

I could possibly be going down the wrong path here, but I see a lot of ZBFW logs. Does the address 199.189.112.134 correlate to the other side in any way?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful

paul driver
VIP
VIP

‎08-23-2013 06:03 AM - edited ‎03-17-2024 02:16 AM

Hello,

Is it possible you haven't allowed bgp updates to flow or be initiated both ways, as by default the ZBFW inspect command is  performing stateful inspection and  maintains a state table, whereas ZBFW Pass command is classful - meaning it doesn't keep state table and is unidirectional.

Additionally make sure you are not advertising the src/dest of the tunnel over the ipsec tunnel itself, or the bgp peer address via the transit network of the ispec tunnel

res
Paul

 

 

Please don't forget to rate any posts that have been helpful.

 

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

subhojithalder198
Level 1
Level 1
In response to paul driver

‎08-24-2013 01:02 PM

Hi,

Pls allow tcp 179 port in the fw & check once

Br/Subhojit

0 Helpful

Vignesh Rajendran Praveen
Cisco Employee
Cisco Employee

‎08-24-2013 07:45 PM

Hello Mark,

BGP session flapping every 3 minutes is usually associated with a MTU issue along the path between the CE & the CIG devices. To resolve this issue quickly I would propose the below action plan.

Action Plan:-

=============

Remove path mtu discovery under BGP on both CE & CIG devices.

***********Plz do rate this post if you found it helpful*************************


Thanks & Regards,


Vignesh R P

Vignesh Rajendran Praveen
Cisco Employee
Cisco Employee
In response to Vignesh Rajendran Praveen

‎08-24-2013 07:49 PM

Hello Mark,

"no bgp transport path-mtu-discovery" is the command to disable PMTU Discovery under the #router bgp mode.

***********Plz do rate this post if you found it helpful*************************


Thanks & Regards,


Vignesh R P

0 Helpful

kushalkh
Level 1
Level 1

‎10-12-2023 08:12 PM

As mentioned by @jvig , its interface MTU for me as well. eBGP was setup on sub-interface of Bundle-Ether (ex: BE333.999). MTU of Bundle-Ether(BE333) was 9216 and the sub-interface of Bundle-Ether (BE333.999)was 9220. The eBGP worked immediately after I changed the Bundle-Ether sub-interface(BE333.999) to 9216 (matching main interface).

Thanks everyone.

0 Helpful

Kandarp Patel
Level 1
Level 1

‎03-15-2024 11:22 AM

Recently we experienced same issue where P2P IP connectivity was not stable (dropping ping in between) and BGP dropping every 3 minutes. 

We found the subnet mask was configured wrong on CE router with /28 instead of /30. after fixing it, ping and BGP was stable.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card