[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


BGP Drops every 90 to 120 seconds

Posted on 2007-12-03
Medium Priority
Last Modified: 2010-05-18

I'm having a major issue with my ISP. We just turned on BGP this past friday and I'm having intermittent ping loss on my /24 block that I am advertising.  The techies can't seem to figure out why! Here is the result of "show ip bgp neighbor "

GP neighbor is 63.X.X.X,  remote AS 1, external link
  BGP version 4, remote router ID 137.X.X.X
  BGP state = Established, up for 00:00:34
  Last read 00:00:04, last write 00:00:06, hold time is 90, keepalive interval is 30 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:               1791       1791
    Notifications:          0       1784
    Updates:             3570       1791
    Keepalives:         10827      10827
    Route Refresh:          0          0
    Total:              16188      16193
  Default minimum time between advertisement runs is 30 seconds

Here is a part of my config:
router bgp 13XXX
 no synchronization
 bgp log-neighbor-changes
 network 63.X.X.0 mask
 neighbor 63.X.X.177 remote-as 1
 neighbor 151.X.X.53 remote-as 2
 no auto-summary

Any ideas on what might cause? If I do a TRACE on 63.X.X.178 (s0/1/0.500) it takes forever.
Question by:njmatt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 32

Expert Comment

ID: 20396690
What type of connection do you have to your ISP? Cehck for input/output drops on the peering interface.
Did you open a troulble ticket with your ISP?

How and where are you verifying that t here is packet loss?

harbor235 ;}

Author Comment

ID: 20396877
Yes I have opened a ticket with my ISP, but they are "doing research"

I have two T1's. One BGP session remains up with no problems. The other ISP does not. If I ping the /24 block it will be good for a while from some remote sites, and doesn't work at all from other remote sites. It's VERY random. This is probably due to the unreliable routes being published by the problematic ISP.

Is there a command that will give info on the drop and reconnect? I

Author Comment

ID: 20397002
Last reset 00:01:23, due to BGP Notification received, hold time expired
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

LVL 32

Expert Comment

ID: 20397372
There are many reasons a BGP session can go down, physical link, resource depleteion, etc ....

show inerface <your_interface>   ; this will give you input/output drops, checksum errors etc ..

harbor235 ;}

Author Comment

ID: 20402740
After some testing, Ive discovered the following:

FYI: S0/0/0 (151.X.X.53, ASN#1)  BGP functions and routes fine
S0/1/0.500 (63.X.X.178, ASN#2)  BGP Drops every 2 minutes as long as the firewall (zone-member security out-zone) is on S0/1/0.500
If we MOVE zone-member security out-zone from s0/1/0.500 to s0/1/0 the BGP connection to ASN#2 stays up (my question here is: does that firewall function on the .500 interface in this configuration?)


If zone-member security is on S0/1/0 and S0/0/0 (working BGP session) is shut ASN 701 will be learned and a route will be entered into the routing table. I can ping anywhere from the router, but LAN Internet access does not work.

If zone-member security is on S0/1/0.500 and S0/0/0 (working BGP session) is shut ASN#2 will be learned and a route will be entered into the routing table. I can ping anywhere from the router, and LAN Internet access DOES work, but the connection drops every 2 minutes. During the up-time all functions are seemingly perfect. The second I plug in S0/0/0 (151.X.X.53) and it initiates BGP, the S0/1/0.500 (63.X.X.178) is removed from the routing table and will NOT return unless the other interface (S0/0/0) is shut. If I were to shut S0/0/0 (151.X.X.53) the route returns.

As you can see, it seems that the zone-member firewall is preventing the BGP connection to ASN#2 from staying up, but that doesnt explain why the other ISP is unaffected by the same firewall.

Author Comment

ID: 20402741
point increase
LVL 32

Expert Comment

ID: 20407549
Can you provide a diagram detailing what your arvhitecture looks like?

Does BGP reset or are the routes being withdrawn?

You need to provide some log messages and more information, i.,e the interface stats from my earlier post.

show interface <BGP peer interface>

harbor235 ;"

Accepted Solution

njmatt earned 0 total points
ID: 20412240
Well cisco helped me out. They had me add a few things to my zone-based policy firewall, but we still were restricted to one BGP connection. We had to add this access-list:
access-list 150 permit tcp any any eq bgp
access-list 150 permit tcp any eq bgp any

Anyways. I don't know much about BGP since this is my first time using it, but I don't know why BGP is only adding one route to the routing table at a time. If I shut one interface, the other takes over. I changed the weights and that didn't seem to do much. How can I get both external routes to show up in the routing table? See here:

#show ip route
Gateway of last resort is to network is variably subnetted, 2 subnets, 2 masks
S       63.X.X.0/24 is directly connected, FastEthernet0/0
C       63.X.X.176/30 is directly connected, Serial0/1/0.500
     151.X.X.0/30 is subnetted, 1 subnets
C       151.X.X.52 is directly connected, Serial0/0/0
C is directly connected, FastEthernet0/0
B* [20/0] via 151.X.X.53, 00:02:32

#show ip bgp  
BGP table version is 31, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*          63.X.X.177             0           100 ASN1 i
*>                   0           200 ASN2 i
*> 63.X.X.0/24                  0         32768 i


Expert Comment

ID: 20499587
Closed, 500 points refunded.
Community Support Moderator

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question