cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
45742
Views
15
Helpful
4
Replies
Highlighted
Beginner

BGP "hold time expired"

Hi,

I have two tunnels set up with Hurricane Electric for our IPV6 connection; the problem is that tunnel 10 is constantly dropping; this is the configuration I am using on my BGP router.

ipv6 unicast-routing

interface Tunnel9

description Hurricane Electric IPv6 Tunnel

no ip address

ipv6 address 2001:470:13:85::2/64

ipv6 enable

tunnel source 200.32.250.29

tunnel destination 216.66.70.2

tunnel mode ipv6ip

!

interface Tunnel10

description Hurricane Elec 2nd IPv6 Tunnel

no ip address

ipv6 address 2001:470:13:A5::2/64

ipv6 enable

tunnel source 200.32.198.121

tunnel destination 216.66.70.2

tunnel mode ipv6ip

router bgp 10269

no synchronization

bgp log-neighbor-changes

timers bgp 80 500

neighbor 2001:470:13:85::1 remote-as 6939

neighbor 2001:470:13:A5::1 remote-as 6939

no auto-summary

!

address-family ipv6

neighbor 2001:470:13:85::1 activate

neighbor 2001:470:13:A5::1 activate

network 2800:410::/32

exit-address-family

Tunnel 9 is working fine no problem, but tunnel 10 is constantly going up and down the configuration are the same for teh two tunnels..

I did a     “”show IP bgp Neighbors””  and noticed that with the 2001:470:13:A5::1 link Tunnel 10,     it has  this information  “”Configured hold time is 180,keepalive interval is 60 seconds  Minimum holdtime from neighbor is 0 seconds””

And the other tunnel with address 2001:470:13:85::1 tunnel 9, doesn’t have this  Minimum holdtime from neighbor is 0 seconds.

I keep receiving this error message that the hold time has expired,,,,,,,,

*Sep 11 19:34:51.006: %BGP-5-ADJCHANGE: neighbor 2001:470:13:A5::1 Down BGP Notification sent *Sep 11 19:34:51.006: %BGP-3-NOTIFICATION: sent to neighbor 2001:470:13:A5::1 4/0 (hold time expired)

I configured My router Timers to the Default values which are keep alive interval is 60, and hold time is 180.

I increase the timer to Keep alive 80 and hold time 400, but still the tunnel goes up and down. I also deleted tunnel 9 completely and just left tunnel 10 but still tunnel 10, was going up and down,  I ask and some one told me that the problem could be that the “tunnel destination 216.66.70.2 “ is the same for both tunnels.

Can any one please help me set up this tunnel I have been trying to keep this tunnel up for the past 5 days,

Thanks,

danny

This are the show IP bgp Neighbors , result.

C3745_IPV6-RTR1#show ip bgp neighbors

BGP neighbor is 2001:470:13:85::1,  remote AS 6939, external link

  BGP version 4, remote router ID 72.52.92.142

  BGP state = Established, up for 03:50:44

  Last read 00:00:03, hold time is 180, keepalive interval is 60 seconds

  Neighbor capabilities:

    Route refresh: advertised and received(old & new)

    Address family BGP IPv4: advertised

    Address family BGP IPv6: advertised and received

  Message statistics:

    InQ depth is 0

    OutQ depth is 0

                         Sent       Rcvd

    Opens:                  1          1

    Notifications:          0          0

    Updates:                0       4747

    Keepalives:           233          2

    Route Refresh:          0          0

    Total:               4499       4750

  Default minimum time between advertisement runs is 30 seconds

For address family: BGP IPv6

  BGP table version 5377, neighbor version 5377/0  Output queue size : 0

  Index 1, Offset 0, Mask 0x2

1 update-group member

                                 Sent       Rcvd

  Prefix activity:               ----       ----

    Prefixes Current:            4186       4184 (Consumes 301248 bytes)

    Prefixes Total:              5247       5720

    Implicit Withdraw:            929       1402

    Explicit Withdraw:            132        134

    Used as bestpath:             n/a       4184

    Used as multipath:            n/a          0

                                   Outbound    Inbound

  Local Policy Denied Prefixes:    --------    -------

    Suppressed duplicate:                 0        729

    AS_PATH loop:                       n/a          1

    Total:                                0        730

  Number of NLRIs in the update sent: max 0, min 0

Connections established 1; dropped 0

  Last reset never

Connection state is ESTAB, I/O status: 1, unread input bytes: 0       

Connection is ECN Disabled

Local host: 2001:470:13:85::2, Local port: 179 Foreign host: 2001:470:13:85::1, Foreign port: 27652

Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)

Event Timers (current time is 0xD430D0):

Timer          Starts    Wakeups            Next

Retrans           781          1             0x0

TimeWait            0          0            0x0

AckHold           548         31             0x0

SendWnd             0          0             0x0

KeepAlive           1          0             0x0

GiveUp              0          0             0x0

PmtuAger            0          0             0x0

DeadWait            0          0             0x0

iss: 2096359627  snduna: 2096676254  sndnxt: 2096676254     sndwnd:  15991

irs: 3491247889  rcvnxt: 3491655495  rcvwnd:      15360  delrcvwnd:   1024

SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms

minRTT: 20 ms, maxRTT: 300 ms, ACK hold: 200 ms

Flags: passive open, nagle, gen tcbs

IP Precedence value : 6

Datagrams (max data segment is 1420 bytes):

Rcvd: 1605 (out of order: 2), with data: 781, total data bytes: 407605

Sent: 1364 (retransmit: 1, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 1364, total data bytes: 371194

         

BGP neighbor is 2001:470:13:A5::1,  remote AS 6939, external link

  BGP version 4, remote router ID 72.52.92.142

  BGP state = Established, up for 00:33:15

  Last read 00:01:06, hold time is 180, keepalive interval is 60 seconds

“”””  Configured hold time is 180,keepalive interval is 60 seconds  Minimum holdtime from neighbor is 0 seconds ””””

  Neighbor capabilities:

    Route refresh: advertised and received(old & new)

    Address family BGP IPv4: advertised

    Address family BGP IPv6: advertised and received

  Message statistics:

    InQ depth is 0

    OutQ depth is 0

                         Sent       Rcvd

    Opens:                  3          3

    Notifications:          2          0

    Updates:                0      11046

    Keepalives:           225          6

    Route Refresh:          0          0

    Total:              10794      11055

  Default minimum time between advertisement runs is 30 seconds

For address family: BGP IPv6

  BGP table version 5377, neighbor version 5377/0  Output queue size : 0

  Index 1, Offset 0, Mask 0x2

  1 update-group member

                                 Sent       Rcvd

  Prefix activity:               ----       ----

    Prefixes Current:            4186       4185 (Consumes 301320 bytes)

    Prefixes Total:              4340       4383

    Implicit Withdraw:           4312        177

    Explicit Withdraw:             22         21

    Used as bestpath:             n/a          1

    Used as multipath:            n/a          0

                                   Outbound    Inbound

  Local Policy Denied Prefixes:    --------    -------

    Suppressed duplicate:                 0         88

    AS_PATH loop:                       n/a          1

    Total:                                0         89

  Number of NLRIs in the update sent: max 0, min 0

  Connections established 3; dropped 2

  Last reset 00:36:32, due to BGP Notification sent, hold time expired

Connection state is ESTAB, I/O status: 1, unread input bytes: 0       

Connection is ECN Disabled

Local host: 2001:470:13:A5::2, Local port: 179 Foreign host: 2001:470:13:A5::1, Foreign port: 35382

Enqueued packets for retransmit: 2, input: 0  mis-ordered: 0 (0 bytes)

Event Timers (current time is 0xD434F4):

Timer          Starts    Wakeups            Next

Retrans           255          8        0xD43A78

TimeWait            0          0             0x0

AckHold           198         36             0x0

SendWnd             0          0             0x0

KeepAlive           0          0             0x0

GiveUp              0          0             0x0

PmtuAger            0          0             0x0

DeadWait            0          0             0x0

iss: 2143457352  snduna: 2143751576  sndnxt: 2143751935     sndwnd:  16331

irs: 3803321236  rcvnxt: 3803616454  rcvwnd:      15909  delrcvwnd:    475

SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 9696 ms

minRTT: 60 ms, maxRTT: 300 ms, ACK hold: 200 ms

Flags: passive open, nagle, gen tcbs

IP Precedence value : 6

Datagrams (max data segment is 1420 bytes):

Rcvd: 687 (out of order: 0), with data: 392, total data bytes: 295217

Sent: 662 (retransmit: 8, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 662, total data bytes: 321070

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Hi Danny,

The debugs show retransmitted TCP packets, as suspected.

Did you configure "ipv6 mtu <>" on the tunnel interface?

Try it with value 1280. Check with " show ipv6 int tunn" what the IPv6 MTU is.

Otherwise, try "ip tcp mss 1280" and see if it helps.

1480 looks weird as a value. Consider that ethernet uses MTU 1500 and the IPv6 header

is not 20 bytes like for IPv4, but 40 bytes. So, 1460 looks more plausible.

Thanks,

Luc

View solution in original post

4 REPLIES 4
Highlighted
Cisco Employee

Danny, what are the underlying physical networks that these tunnels use ? Looking at KRTT value - I think there could be problems on the lower layer which result in the TCP connection that the BGP uses to become slow / blocked.

Possible MTU issue on the way ? (though MSS is rather low for both BGP sessions, I'd not discard that - and verify with the sniffer trace if you have a chance what really happens at TCP layer). You should also be able to use the CLIs similar to the ones mentioned in http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/ht_socop.html to get more insight at the operation of TCP layer if the sniffer is not available..

Highlighted
Cisco Employee

Hi,

The first thing to doubt here when BGP sessions flap, is MTU issues, as Andrew has mentioned.

Do you have the output of show bgp ipv6 neighbor from the other side of the tunnel?

If the KRTT value increases, and or you see retransmits, and or you see

"Keepalives are temporarily in throttle due to closed TCP window"

in the BGP output, then it is likely an MTU issue or at least a TCP issue.

Debug ip tcp transactions on the router could help shed a light on the issue.

You could quickly try this:

   ip tcp mss <>

which will set the mss for all TCP session globally, terminating on the router. (Configure it on both routers.)

Thanks,

Luc

Highlighted

Luc,

I do not have access to the next router, that router belongs to Hurricane Electric; they are the ones who are providing a tunnel for our IPv6.

Hurricane says I should use MTU 1480 is max, and 1280 is minimum, they are using those values, I configured MTU 1480 on Tunnel11 , but when I do a show interface Tunnel11 it show that  the tunnel is still using MTU 1514.

Can you suggest what value to use on       ip tcp mss <>    ?????????

Below is the result of the Debug ip tcp transactions

Thanks fro your help….

danny

C3745_IPV6-RTR1#show interface Tunnel11

Tunnel11 is up, line protocol is up

  Hardware is Tunnel

  Description: Hurricane Elec 2nd IPv6 Tunnel

  MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation TUNNEL, loopback not set

  Keepalive not set

  Tunnel source 200.32.250.84, destination 216.66.70.2

  Tunnel protocol/transport IPv6/IP, key disabled, sequencing disabled

  Tunnel TTL 255

  Checksumming of packets disabled,  fast tunneling enabled

  Tunnel transmit bandwidth 8000 (kbps)

  Tunnel receive bandwidth 8000 (kbps)

  Last input 00:00:08, output 00:00:08, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 23

  Queueing strategy: fifo

  Output queue: 0/0 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     53278 packets input, 10326237 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     61799 packets output, 10589035 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

C3745_IPV6-RTR1#

Result for the Debug ip tcp transactions

C3745_IPV6-RTR1#Debug ip tcp transactions

TCP special event debugging is on

C3745_IPV6-RTR1#

*Mar 10 22:08:07.290: TCP: Alert! Received a broadcast packet from 201.47.57.50

C3745_IPV6-RTR1#

*Mar 10 22:09:04.426: 2001:470:13:A5::2:179 <---> 2001:470:13:A5::1:11490   congestion window changes

*Mar 10 22:09:04.426: cwnd from 2102 to 1420, ssthresh from 2840 to 2840

*Mar 10 22:09:04.426: TCP0: timeout #1 - timeout is 606 ms, seq 1381785815

*Mar 10 22:09:04.426: TCP: (179) -> 2001:470:13:A5::1(11490)

*Mar 10 22:09:05.034: TCP0: timeout #2 - timeout is 1212 ms, seq 1381785815

*Mar 10 22:09:05.034: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:06.246: TCP0: timeout #3 - timeout is 2424 ms, seq 1381785815

*Mar 10 22:09:06.246: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:08.670: TCP0: timeout #4 - timeout is 4848 ms, seq 1381785815

*Mar 10 22:09:08.670: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:13.518: TCP0: timeout #5 - timeout is 9696 ms, seq 1381785815

*Mar 10 22:09:13.518: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:23.214: TCP0: timeout #6 - timeout is 9696 ms, seq 1381785815

*Mar 10 22:09:23.214: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:32.910: TCP0: Data repacketized, seq 1381785815, sent 90 byte

*Mar 10 22:09:32.910: TCP0: timeout #7 - timeout is 9696 ms, seq 1381785815

*Mar 10 22:09:32.910: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:09:42.606: TCP0: Data repacketized, seq 1381785815, sent 230 byte

*Mar 10 22:09:42.606: TCP0: timeout #8 - timeout is 9696 ms, seq 1381785815

*Mar 10 22:09:42.606: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:10:25.658: TCP: connection attempt to port 445

*Mar 10 22:10:25.658: TCP: sending RST, seq 0, ack 3268483690

*Mar 10 22:10:25.658: TCP: sent RST to 190.135.190.199:1589 from 200.32.250.84:445

*Mar 10 22:10:26.334: TCP: connection attempt to port 445

*Mar 10 22:10:26.334: TCP: sending RST, seq 0, ack 3268483690

*Mar 10 22:10:26.334: TCP: sent RST to 190.135.190.199:1589 from 200.32.250.84:445

C3745_IPV6-RTR1#

*Mar 10 22:10:26.934: TCP: connection attempt to port 445

*Mar 10 22:10:26.934: TCP: sending RST, seq 0, ack 3268483690

*Mar 10 22:10:26.934: TCP: sent RST to 190.135.190.199:1589 from 200.32.250.84:445

C3745_IPV6-RTR1#

*Mar 10 22:11:26.186: 2001:470:13:A5::2:179 <---> 2001:470:13:A5::1:11490   congestion window changes

*Mar 10 22:11:26.186: cwnd from 2013 to 1420, ssthresh from 2840 to 2840

*Mar 10 22:11:26.186: TCP0: timeout #1 - timeout is 606 ms, seq 1381786408

*Mar 10 22:11:26.186: TCP: (179) -> 2001:470:13:A5::1(11490)

*Mar 10 22:11:26.794: TCP0: timeout #2 - timeout is 1212 ms, seq 1381786408

*Mar 10 22:11:26.794: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:11:28.006: TCP0: timeout #3 - timeout is 2424 ms, seq 1381786408

*Mar 10 22:11:28.006: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:11:30.430: TCP0: timeout #4 - timeout is 4848 ms, seq 1381786408

*Mar 10 22:11:30.430: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:11:35.278: TCP0: timeout #5 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:11:35.278: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:11:44.974: TCP0: Data repacketized, seq 1381786408, sent 284 byte

*Mar 10 22:11:44.974: TCP0: timeout #6 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:11:44.974: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:11:54.670: TCP0: timeout #7 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:11:54.670: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:04.366: TCP0: timeout #8 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:04.366: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:14.062: TCP0: timeout #9 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:14.062: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:23.758: TCP0: timeout #10 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:23.758: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:33.454: TCP0: Data repacketized, seq 1381786408, sent 303 byte

*Mar 10 22:12:33.454: TCP0: timeout #11 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:33.454: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:43.150: TCP0: Data repacketized, seq 1381786408, sent 607 byte

*Mar 10 22:12:43.150: TCP0: timeout #12 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:43.150: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:12:46.766: TCP: Alert! Received a broadcast packet from 58.251.60.228

*Mar 10 22:12:46.790: TCP: connection attempt to port 9415

*Mar 10 22:12:46.790: TCP: sending RST, seq 0, ack 1358110563

*Mar 10 22:12:46.790: TCP: sent RST to 58.251.60.228:12200 from 200.32.198.121:9415

*Mar 10 22:12:46.790: TCP: Alert! Received a broadcast packet from 58.251.60.228

*Mar 10 22:12:46.998: TCP: connection attempt to port 9415

*Mar 10 22:12:46.998: TCP: sending RST, seq 0, ack 1358110563

*Mar 10 22:12:46.998: TCP: sent RST to 58.251.60.228:12200 from 200.32.250.84:9415

*Mar 10 22:12:47.030: TCP: connection attempt to port 9415

C3745_IPV6-RTR1#

*Mar 10 22:12:47.030: TCP: sending RST, seq 0, ack 1358110563

*Mar 10 22:12:47.030: TCP: sent RST to 58.251.60.228:12200 from 200.32.250.29:9415

C3745_IPV6-RTR1#

*Mar 10 22:12:52.846: TCP0: timeout #13 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:12:52.846: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:02.542: TCP0: timeout #14 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:02.542: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:12.238: TCP0: Data repacketized, seq 1381786408, sent 747 byte

*Mar 10 22:13:12.238: TCP0: timeout #15 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:12.238: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:21.934: TCP0: timeout #16 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:21.934: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:31.630: TCP0: Data repacketized, seq 1381786408, sent 766 byte

*Mar 10 22:13:31.630: TCP0: timeout #17 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:31.630: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:41.326: TCP0: Data repacketized, seq 1381786408, sent 837 byte

*Mar 10 22:13:41.326: TCP0: timeout #18 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:41.326: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:13:51.022: TCP0: timeout #19 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:13:51.022: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:00.718: TCP0: timeout #20 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:00.718: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:06: %BGP-5-ADJCHANGE: neighbor 2001:470:13:A5::1 Down BGP Notification sent

C3745_IPV6-RTR1#

*Mar 10 22:14:06: %BGP-3-NOTIFICATION: sent to neighbor 2001:470:13:A5::1 4/0 (hold time expired) 0 bytes

C3745_IPV6-RTR1#

*Mar 10 22:14:08.498: TCP0: state was ESTAB -> FINWAIT1 [179 -> 2001:470:13:A5::1(11490)]

*Mar 10 22:14:08.498: TCP0: sending FIN

C3745_IPV6-RTR1#

*Mar 10 22:14:10.414: TCP0: Data repacketized, seq 1381786408, sent 858 byte

*Mar 10 22:14:10.414: TCP0: timeout #21 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:10.414: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:18.238: TCP: connection attempt to port 445

*Mar 10 22:14:18.238: TCP: sending RST, seq 0, ack 1413472717

*Mar 10 22:14:18.238: TCP: sent RST to 187.15.98.240:4107 from 200.32.250.29:445

*Mar 10 22:14:19.130: TCP: connection attempt to port 445

*Mar 10 22:14:19.130: TCP: sending RST, seq 0, ack 1413472717

*Mar 10 22:14:19.130: TCP: sent RST to 187.15.98.240:4107 from 200.32.250.29:445

C3745_IPV6-RTR1#

*Mar 10 22:14:20.110: TCP0: timeout #22 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:20.110: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:22.614: TCP: input 201.47.57.50(21) -> 58215: ACK while in LISTEN

*Mar 10 22:14:22.614: TCP: sending RST, seq 1598498515, ack 0

*Mar 10 22:14:22.614: TCP: sent RST to 201.47.57.50:21 from 200.32.250.29:58215

C3745_IPV6-RTR1#

*Mar 10 22:14:29.806: TCP0: timeout #23 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:29.806: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:39.502: TCP0: timeout #24 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:39.502: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:14:49.198: TCP0: timeout #25 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:49.198: TCP: (179) -> 2001:470:13:A5::1(11490)

*Mar 10 22:14:49.790: TCB66146A08 created

*Mar 10 22:14:49.790: TCB66146A08 setting property TCP_WINDOW_SIZE (0) 66146974

*Mar 10 22:14:49.790: TCB66146A08 setting property TCP_MD5KEY (5) 0

*Mar 10 22:14:49.790: TCB66146A08 setting property TCP_TOS (11) 66146960

*Mar 10 22:14:49.790: TCP: Random local port generated 40516

*Mar 10 22:14:49.790: TCB66146A08 bound to 2001:470:13:A5::2.40516

*Mar 10 22:14:49.790: TCP: sending SYN, seq 4232682970, ack 0

*Mar 10 22:14:49.790: TCP0: Connection to 2001:470:13:A5::1:179, advertising MSS 1420

C3745_IPV6-RTR1#

*Mar 10 22:14:49.790: TCP0: state was CLOSED -> SYNSENT [40516 -> 2001:470:13:A5::1(179)]

C3745_IPV6-RTR1#

*Mar 10 22:14:52.790: 2001:470:13:A5::2:40516 <---> 2001:470:13:A5::1:179   congestion window changes

*Mar 10 22:14:52.790: cwnd from 1420 to 1420, ssthresh from 65535 to 2840

*Mar 10 22:14:52.790: TCP0: timeout #1 - timeout is 6000 ms, seq 4232682970

*Mar 10 22:14:52.790: TCP: (40516) -> 2001:470:13:A5::1(179)

C3745_IPV6-RTR1#

*Mar 10 22:14:58.790: TCP0: timeout #2 - timeout is 12000 ms, seq 4232682970

*Mar 10 22:14:58.790: TCP: (40516) -> 2001:470:13:A5::1(179)

*Mar 10 22:14:58.894: TCP0: timeout #26 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:14:58.894: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:08.590: TCP0: timeout #27 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:08.590: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:10.790: TCP0: timeout #3 - timeout is 9000 ms, seq 4232682970

*Mar 10 22:15:10.790: TCP: (40516) -> 2001:470:13:A5::1(179)

C3745_IPV6-RTR1#

*Mar 10 22:15:18.286: TCP0: timeout #28 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:18.286: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:19.790: TCP0: state was SYNSENT -> CLOSED [40516 -> 2001:470:13:A5::1(179)]

*Mar 10 22:15:19.790: TCB 0x66146A08 destroyed

C3745_IPV6-RTR1#

*Mar 10 22:15:27.982: TCP0: timeout #29 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:27.982: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:37.678: TCP0: timeout #30 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:37.678: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:47.374: TCP0: timeout #31 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:47.374: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:15:54.130: TCP: connection attempt to port 445

*Mar 10 22:15:54.130: TCP: sending RST, seq 0, ack 3404201484

*Mar 10 22:15:54.130: TCP: sent RST to 212.13.4.6:4040 from 200.32.250.29:445

*Mar 10 22:15:54.758: TCP: connection attempt to port 445

*Mar 10 22:15:54.758: TCP: sending RST, seq 0, ack 3404201484

*Mar 10 22:15:54.758: TCP: sent RST to 212.13.4.6:4040 from 200.32.250.29:445

C3745_IPV6-RTR1#

*Mar 10 22:15:55.374: TCP: connection attempt to port 445

*Mar 10 22:15:55.374: TCP: sending RST, seq 0, ack 3404201484

*Mar 10 22:15:55.374: TCP: sent RST to 212.13.4.6:4040 from 200.32.250.29:445

C3745_IPV6-RTR1#

*Mar 10 22:15:57.070: TCP0: timeout #32 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:15:57.070: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:06.766: TCP0: timeout #33 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:06.766: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:16.462: TCP0: timeout #34 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:16.462: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:18.922: TCP: connection attempt to port 445

*Mar 10 22:16:18.922: TCP: sending RST, seq 0, ack 2823131698

*Mar 10 22:16:18.922: TCP: sent RST to 113.13.149.208:2738 from 200.32.198.121:445

*Mar 10 22:16:19.606: TCP: connection attempt to port 445

*Mar 10 22:16:19.606: TCP: sending RST, seq 0, ack 2823131698

*Mar 10 22:16:19.606: TCP: sent RST to 113.13.149.208:2738 from 200.32.198.121:445

C3745_IPV6-RTR1#

*Mar 10 22:16:20.370: TCP: connection attempt to port 445

*Mar 10 22:16:20.370: TCP: sending RST, seq 0, ack 2823131698

*Mar 10 22:16:20.370: TCP: sent RST to 113.13.149.208:2738 from 200.32.198.121:445

C3745_IPV6-RTR1#

*Mar 10 22:16:26.158: TCP0: timeout #35 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:26.158: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:35.854: TCP0: timeout #36 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:35.854: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:45.550: TCP0: timeout #37 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:45.550: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:16:55.246: TCP0: timeout #38 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:16:55.246: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:17:04.942: TCP0: timeout #39 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:17:04.942: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:17:09.658: TCP: connection attempt to port 445

*Mar 10 22:17:09.658: TCP: sending RST, seq 0, ack 2560565982

*Mar 10 22:17:09.658: TCP: sent RST to 67.255.121.153:2409 from 200.32.198.121:445

*Mar 10 22:17:10.190: TCP: connection attempt to port 445

*Mar 10 22:17:10.190: TCP: sending RST, seq 0, ack 2560565982

*Mar 10 22:17:10.190: TCP: sent RST to 67.255.121.153:2409 from 200.32.198.121:445

C3745_IPV6-RTR1#

*Mar 10 22:17:10.794: TCP: connection attempt to port 445

*Mar 10 22:17:10.794: TCP: sending RST, seq 0, ack 2560565982

*Mar 10 22:17:10.794: TCP: sent RST to 67.255.121.153:2409 from 200.32.198.121:445

C3745_IPV6-RTR1#

*Mar 10 22:17:12.362: TCP: connection attempt to port 445

*Mar 10 22:17:12.362: TCP: sending RST, seq 0, ack 3802411356

*Mar 10 22:17:12.362: TCP: sent RST to 190.56.135.26:21939 from 200.32.250.84:445

*Mar 10 22:17:12.910: TCP: connection attempt to port 445

*Mar 10 22:17:12.910: TCP: sending RST, seq 0, ack 3802411356

*Mar 10 22:17:12.910: TCP: sent RST to 190.56.135.26:21939 from 200.32.250.84:445

C3745_IPV6-RTR1#

*Mar 10 22:17:13.462: TCP: connection attempt to port 445

*Mar 10 22:17:13.462: TCP: sending RST, seq 0, ack 3802411356

*Mar 10 22:17:13.462: TCP: sent RST to 190.56.135.26:21939 from 200.32.250.84:445

C3745_IPV6-RTR1#

*Mar 10 22:17:14.638: TCP0: timeout #40 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:17:14.638: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:17:19.790: TCB66146A08 created

*Mar 10 22:17:19.790: TCB66146A08 setting property TCP_WINDOW_SIZE (0) 66146974

*Mar 10 22:17:19.790: TCB66146A08 setting property TCP_MD5KEY (5) 0

*Mar 10 22:17:19.790: TCB66146A08 setting property TCP_TOS (11) 66146960

*Mar 10 22:17:19.790: TCP: Random local port generated 20029

*Mar 10 22:17:19.790: TCB66146A08 bound to 2001:470:13:A5::2.20029

*Mar 10 22:17:19.790: TCP: sending SYN, seq 3008116576, ack 0

*Mar 10 22:17:19.790: TCP0: Connection to 2001:470:13:A5::1:179, advertising MSS 1420

*Mar 10 22:17:19.790: TCP0: state was CLOSED -> SYNSENT [20029 -> 2001:470:13:A5::1(179)]

C3745_IPV6-RTR1#

*Mar 10 22:17:22.790: 2001:470:13:A5::2:20029 <---> 2001:470:13:A5::1:179   congestion window changes

*Mar 10 22:17:22.790: cwnd from 1420 to 1420, ssthresh from 65535 to 2840

*Mar 10 22:17:22.790: TCP0: timeout #1 - timeout is 6000 ms, seq 3008116576

*Mar 10 22:17:22.790: TCP: (20029) -> 2001:470:13:A5::1(179)

C3745_IPV6-RTR1#

786408

*Mar 10 22:17:34.030: TCP: (179) -> 2001:470:13:A5::1(11490)

C3745_IPV6-RTR1#

*Mar 10 22:17:40.790: TCP0: timeout #3 - timeout is 9000 ms, seq 3008116576

*Mar 10 22:17:40.790: TCP: (20029) -> 2001:470:13:A5::1(179)

*Mar 10 22:17:40.806: TCP0: state was SYNSENT -> ESTAB [20029 -> 2001:470:13:A5::1(179)]

*Mar 10 22:17:40.806: TCP0: Connection to 2001:470:13:A5::1:179, received MSS 1420, MSS is 1420

*Mar 10 22:17:40.806: TCB66146A08 connected to 2001:470:13:A5::1.179

*Mar 10 22:17:40: %BGP-5-ADJCHANGE: neighbor 2001:470:13:A5::1 Up

C3745_IPV6-RTR1#

*Mar 10 22:17:43.726: TCP0: timeout #43 - timeout is 9696 ms, seq 1381786408

*Mar 10 22:17:43.726: TCP: (179) -> 2001:470:13:A5::1(11490)

*Mar 10 22:17:43.742: TCP0: RST received, Closing connection

*Mar 10 22:17:43.742: TCP0: state was FINWAIT1 -> CLOSED [179 -> 2001:470:13:A5::1(11490)]

*Mar 10 22:17:43.742: TCB 0x6616BE80 destroyed

C3745_IPV6-RTR1#

C3745_IPV6-RTR1#

*Mar 10 22:21:59.846: 2001:470:13:A5::2:20029 <---> 2001:470:13:A5::1:179   congestion window changes

*Mar 10 22:21:59.846: cwnd from 29727 to 1420, ssthresh from 2840 to 7976

*Mar 10 22:21:59.846: TCP0: timeout #1 - timeout is 606 ms, seq 3008407421

*Mar 10 22:21:59.846: TCP: (20029) -> 2001:470:13:A5::1(179)

*Mar 10 22:22:00.454: 2001:470:13:A5::2:20029 <---> 2001:470:13:A5::1:179   congestion window changes

*Mar 10 22:22:00.454: cwnd from 1420 to 1420, ssthresh from 7976 to 2840

*Mar 10 22:22:00.454: TCP0: timeout #2 - timeout is 1212 ms, seq 3008407421

*Mar 10 22:22:00.454: TCP: (20029) -> 2001:470:13:A5::1(179)

C3745_IPV6-RTR1#

*Mar 10 22:22:01.666: TCP0: timeout #3 - timeout is 2424 ms, seq 3008407421

*Mar 10 22:22:01.666: TCP: (20029) -> 2001:470:13:A5::1(179)

*Mar 10 22:22:01.802: TCP: input 201.47.57.50(21) -> 18160: ACK while in LISTEN

*Mar 10 22:22:01.802: TCP: sending RST, seq 1981346762, ack 0

*Mar 10 22:22:01.802: TCP: sent RST to 201.47.57.50:21 from 200.32.250.84:18160

C3745_IPV6-RTR1#

*Mar 10 22:22:04.090: TCP0: timeout #4 - timeout is 4848 ms, seq 3008407421

*Mar 10 22:22:04.090: TCP: (20029) -> 2001:470:13:A5::1(179)

C3745_IPV6-RTR1#

*Mar 10 22:22:08.938: TCP0: timeout #5 - timeout is 9696 ms, seq 3008407421

*Mar 10 22:22:08.938: TCP: (20029) -> 2001:470:13:A5::1(179)

*Mar 10 22:18:54.114: TCP: Alert! Received a broadcast packet from 189.3.19.53

*Mar 10 22:18:54.118: TCP: Alert! Received a broadcast packet from 189.3.19.53

*Mar 10 22:19:07.010: TCP163: state was TIMEWAIT -> CLOSED [23 -> 200.32.198.19(4597)]

Highlighted

Hi Danny,

The debugs show retransmitted TCP packets, as suspected.

Did you configure "ipv6 mtu <>" on the tunnel interface?

Try it with value 1280. Check with " show ipv6 int tunn" what the IPv6 MTU is.

Otherwise, try "ip tcp mss 1280" and see if it helps.

1480 looks weird as a value. Consider that ethernet uses MTU 1500 and the IPv6 header

is not 20 bytes like for IPv4, but 40 bytes. So, 1460 looks more plausible.

Thanks,

Luc

View solution in original post