Here are the outputs. The commands were ran when BGP is working properly. The Gre Tunnles are passing BGP messages and routing is fine. I only have the issue when the IPSec tunnle between the 2 ASAs go down.
Here is an extended ping output with DF set and MTU set at 1500
Atlntc3825NY#ping
Protocol [ip]:
Target IP address: 192.168.179.21
Repeat count [5]: 2
Datagram size [100]: 1500
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: loopb 4
Type of service [0]:
Set DF bit in IP header? [no]: y
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 2, 1500-byte ICMP Echos to 192.168.179.21, timeout is 2 seconds:
Packet sent with a source address of 192.168.179.21
Packet sent with the DF bit set
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 1/1/1 ms
Atlntc3825NY#
This is the router that has to be rebooted. Its a 3825.
Atlntc3825NY#sh interfaces tunnel 0
Tunnel0 is up, line protocol is up
Hardware is Tunnel
Description: GRE to Huntington
Internet address is 192.168.30.102/30
MTU 17916 bytes, BW 100000 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.179.21 (Loopback4), destination 192.168.255.50
Tunnel Subblocks:
src-track:
Tunnel0 source tracking subblock associated with Loopback4
Set of tunnels with source Loopback4, 1 member (includes iterators), on i
BGP neighbor is 192.168.30.101, remote AS 65001, external link
BGP version 4, remote router ID 192.168.255.51
BGP state = Established, up for 19:39:20
Last read 00:00:46, last write 00:00:18, hold time is 180, keepalive interval is 60 seconds
Neighbor sessions:
1 active, is multisession capable
Neighbor capabilities:
Route refresh: advertised and received(new)
Four-octets ASN Capability: advertised and received
Address family IPv4 Unicast: advertised and received
Multisession Capability: advertised and received
Message statistics, state Established:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 1 1
Notifications: 0 0
Updates: 34 38
Keepalives: 1299 1292
Route Refresh: 0 0
Total: 1334 1331
Default minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Session: 192.168.30.101 session 1
BGP table version 383, neighbor version 383/0
Output queue size : 0
Index 1
1 update-group member
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 367 354 (Consumes 18408 bytes)
Prefixes Total: 369 366
Implicit Withdraw: 2 2
Explicit Withdraw: 0 10
Used as bestpath: n/a 168
Used as multipath: n/a 0
Outbound Inbound
Local Policy Denied Prefixes: -------- -------
AS_PATH loop: n/a 13
Invalid Path: 9 n/a
Total: 9 13
Number of NLRIs in the update sent: max 105, min 0
Address tracking is enabled, the RIB does have a route to 192.168.30.101
Connections established 1; dropped 0
Last reset never
Transport(tcp) path-mtu-discovery is enabled
Graceful-Restart is disabled
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 1
Local host: 192.168.30.102, Local port: 59287
Foreign host: 192.168.30.101, Foreign port: 179
Connection tableid (VRF): 0
Maximum output segment queue size: 50
Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes)
Event Timers (current time is 0x438EA5C):
Timer Starts Wakeups Next
Retrans 1333 24 0x0
TimeWait 0 0 0x0
AckHold 1304 1280 0x0
SendWnd 0 0 0x0
KeepAlive 0 0 0x0
GiveUp 0 0 0x0
PmtuAger 227887 227886 0x438EB37
DeadWait 0 0 0x0
Linger 0 0 0x0
ProcessQ 0 0 0x0
iss: 2931119445 snduna: 2931147525 sndnxt: 2931147525 sndwnd: 15890
irs: 840568039 rcvnxt: 840596200 rcvwnd: 15719 delrcvwnd: 665
SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms
minRTT: 12 ms, maxRTT: 300 ms, ACK hold: 200 ms
Status Flags: active open
Option Flags: nagle, path mtu capable
IP Precedence value : 6
Datagrams (max data segment is 1436 bytes):
Rcvd: 2640 (out of order: 0), with data: 1306, total data bytes: 28160
Sent: 2629 (retransmit: 24, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 1310, total data bytes: 28079
Packets received in fast path: 0, fast processed: 0, slow path: 0
fast lock acquisition failures: 0, slow path: 0
The next output shows a 2 neighbors. I do have 2 seperate IPSec Tunnels working on the firewall, each going to a different Data center. I have the same GRE/IPSec with BGP configuration for both. I get the same issue with both FRE tunnels and BGP.
Atlntc3825NY#sh ip bgp summary
BGP router identifier 192.168.179.25, local AS number 65016
BGP table version is 383, main routing table version 383
367 network entries using 44040 bytes of memory
725 path entries using 37700 bytes of memory
48/29 BGP path/bestpath attribute entries using 5952 bytes of memory
22 BGP AS-PATH entries using 528 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 88220 total bytes of memory
BGP activity 376/9 prefixes, 736/11 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.11.252.49 4 64999 1333 1330 383 0 0 19:41:57 354
192.168.30.101 4 65001 1334 1337 383 0 0 19:41:57 354
Atlntc3825NY#
This command was run after a rebot and while BGP is working fine. The log was cleaned out of all messages.
Atlntc3825NY#sh log | i BGP
000303: *Oct 29 18:16:28.524: %BGP-5-ADJCHANGE: neighbor 192.168.30.101 Up
000304: *Oct 29 18:16:28.584: %BGP-5-ADJCHANGE: neighbor 10.11.252.49 Up
Atlntc3825NY#
This is the core router in my data center, I ran the same sh commands.
ATLHunt3825#sh int tunnel 9
Tunnel9 is up, line protocol is up
Hardware is Tunnel
Description: GRE Tunnel to Atlantic Babylon
Internet address is 192.168.30.101/30
MTU 17916 bytes, BW 10000 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 4/255, rxload 3/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 192.168.255.50 (Loopback1), destination 192.168.179.21
Tunnel Subblocks:
src-track:
Tunnel9 source tracking subblock associated with Loopback1
Set of tunnels with source Loopback1, 1 member (includes iterators), on interface
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:00:02, output 00:00:34, output hang never
Last clearing of "show interface" counters 10w1d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 153681
Queueing strategy: fifo
Output queue: 0/0 (size/max)
30 second input rate 125000 bits/sec, 70 packets/sec
30 second output rate 163000 bits/sec, 72 packets/sec
158948538 packets input, 1976205449 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
168717490 packets output, 3284828058 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Any ideas?
Thanks,
