[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


BGP Drops every 90 to 120 seconds

Posted on 2007-12-03
Medium Priority
Last Modified: 2010-05-18

I'm having a major issue with my ISP. We just turned on BGP this past friday and I'm having intermittent ping loss on my /24 block that I am advertising.  The techies can't seem to figure out why! Here is the result of "show ip bgp neighbor "

GP neighbor is 63.X.X.X,  remote AS 1, external link
  BGP version 4, remote router ID 137.X.X.X
  BGP state = Established, up for 00:00:34
  Last read 00:00:04, last write 00:00:06, hold time is 90, keepalive interval is 30 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:               1791       1791
    Notifications:          0       1784
    Updates:             3570       1791
    Keepalives:         10827      10827
    Route Refresh:          0          0
    Total:              16188      16193
  Default minimum time between advertisement runs is 30 seconds

Here is a part of my config:
router bgp 13XXX
 no synchronization
 bgp log-neighbor-changes
 network 63.X.X.0 mask
 neighbor 63.X.X.177 remote-as 1
 neighbor 151.X.X.53 remote-as 2
 no auto-summary

Any ideas on what might cause? If I do a TRACE on 63.X.X.178 (s0/1/0.500) it takes forever.
Question by:njmatt
  • 5
  • 3
LVL 32

Expert Comment

ID: 20396690
What type of connection do you have to your ISP? Cehck for input/output drops on the peering interface.
Did you open a troulble ticket with your ISP?

How and where are you verifying that t here is packet loss?

harbor235 ;}

Author Comment

ID: 20396877
Yes I have opened a ticket with my ISP, but they are "doing research"

I have two T1's. One BGP session remains up with no problems. The other ISP does not. If I ping the /24 block it will be good for a while from some remote sites, and doesn't work at all from other remote sites. It's VERY random. This is probably due to the unreliable routes being published by the problematic ISP.

Is there a command that will give info on the drop and reconnect? I

Author Comment

ID: 20397002
Last reset 00:01:23, due to BGP Notification received, hold time expired
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

LVL 32

Expert Comment

ID: 20397372
There are many reasons a BGP session can go down, physical link, resource depleteion, etc ....

show inerface <your_interface>   ; this will give you input/output drops, checksum errors etc ..

harbor235 ;}

Author Comment

ID: 20402740
After some testing, Ive discovered the following:

FYI: S0/0/0 (151.X.X.53, ASN#1)  BGP functions and routes fine
S0/1/0.500 (63.X.X.178, ASN#2)  BGP Drops every 2 minutes as long as the firewall (zone-member security out-zone) is on S0/1/0.500
If we MOVE zone-member security out-zone from s0/1/0.500 to s0/1/0 the BGP connection to ASN#2 stays up (my question here is: does that firewall function on the .500 interface in this configuration?)


If zone-member security is on S0/1/0 and S0/0/0 (working BGP session) is shut ASN 701 will be learned and a route will be entered into the routing table. I can ping anywhere from the router, but LAN Internet access does not work.

If zone-member security is on S0/1/0.500 and S0/0/0 (working BGP session) is shut ASN#2 will be learned and a route will be entered into the routing table. I can ping anywhere from the router, and LAN Internet access DOES work, but the connection drops every 2 minutes. During the up-time all functions are seemingly perfect. The second I plug in S0/0/0 (151.X.X.53) and it initiates BGP, the S0/1/0.500 (63.X.X.178) is removed from the routing table and will NOT return unless the other interface (S0/0/0) is shut. If I were to shut S0/0/0 (151.X.X.53) the route returns.

As you can see, it seems that the zone-member firewall is preventing the BGP connection to ASN#2 from staying up, but that doesnt explain why the other ISP is unaffected by the same firewall.

Author Comment

ID: 20402741
point increase
LVL 32

Expert Comment

ID: 20407549
Can you provide a diagram detailing what your arvhitecture looks like?

Does BGP reset or are the routes being withdrawn?

You need to provide some log messages and more information, i.,e the interface stats from my earlier post.

show interface <BGP peer interface>

harbor235 ;"

Accepted Solution

njmatt earned 0 total points
ID: 20412240
Well cisco helped me out. They had me add a few things to my zone-based policy firewall, but we still were restricted to one BGP connection. We had to add this access-list:
access-list 150 permit tcp any any eq bgp
access-list 150 permit tcp any eq bgp any

Anyways. I don't know much about BGP since this is my first time using it, but I don't know why BGP is only adding one route to the routing table at a time. If I shut one interface, the other takes over. I changed the weights and that didn't seem to do much. How can I get both external routes to show up in the routing table? See here:

#show ip route
Gateway of last resort is to network is variably subnetted, 2 subnets, 2 masks
S       63.X.X.0/24 is directly connected, FastEthernet0/0
C       63.X.X.176/30 is directly connected, Serial0/1/0.500
     151.X.X.0/30 is subnetted, 1 subnets
C       151.X.X.52 is directly connected, Serial0/0/0
C is directly connected, FastEthernet0/0
B* [20/0] via 151.X.X.53, 00:02:32

#show ip bgp  
BGP table version is 31, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*          63.X.X.177             0           100 ASN1 i
*>                   0           200 ASN2 i
*> 63.X.X.0/24                  0         32768 i


Expert Comment

ID: 20499587
Closed, 500 points refunded.
Community Support Moderator

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question