" the bgp keepalives and holddown timers between 2 speakers could be totally different "
So the service-provider arena, you can protect your router from aggressive bgp keepalive & hold down timers. I will demonstrate both IOS and IOS-XR configurations.
IOS
Bgp timers are defined per peer-group or by each neighbor. The timers are defined by setting the keepalive interval, hold-down and optional hold-down-minimum interval
e.g by a specific bgp neighbor
router bgp 65001
neighbor 1.1.1.1 timer 15 45 45
or by a peer-group
router bgp 65001
bgp log-neighbor-changes
neighbor socpuppets peer-group
neighbor socpuppets remote-as 65009
neighbor socpuppets timers 30 90 90
#neighbor 1.1.1.1 peer-group socpuppets
IOS-XR
Bgp timers are defined per neighbor-group, session-group or by each neighbor. The timers are defined via the keepalibe interval, hold-down and optional hold-down-minimum.
e.g using a session-group
router bgp 65002
!
session-group peer-iBGP2
remote-as 65001
timers 30 180 180
!
or by a specific neighbor or neighbor-group
router bgp 65001
neighbor 192.168.11.13
timers 15 64 64
!
!
router bgp 65001
neighbor-group cust1-peers
timers 45 90 90
!
!
When you have peer that doesn't meet the set minum BGP hold-down interval, you will see an error message similar to these below
( debug bgp IOS & log )
( show log IOS-XR )
So if you encounter a BGP peer that just flat out refuses to establish during the initial open, check for any minimum BGP hold-down restrictions.
IMHO: All SPs should set a minimum bgp hold down timer for bgp sessions external to peers that they don't manage. Most do not but it's a good preventive practice.
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( $ $ )=
o
/ \
No comments:
Post a Comment