Re: BGP MTU Path Discovery

shira.forkosh@bynet.co.il · ‎05-24-2019

Hi, I had a problem with iBGP neighborship that I solved by changing the MTU of one of the links on my PE router. After I read that MTU mismatch can cause this issue, I was wondering why the BGP MTU Path Discovery feature, that's enabled by default on Cisco routers, didn’t prevent it.

Therefore, I did a lab that simulates the topology of my real network, and I success to recover the same situation of the problem that I had there.

This is the topology that I did in my lab:

So first, I will explain the problem:

My PE routers are having iBGP VPNV4 neighborships to the Router Reflector.

Between the P routers and all the other routers that connected directly to it, there are ospf and mpls neighborships (this is MP-BGP network).

So in this state, the segment size that chosen by the BGP MTU Path Discovery feature was 8882 byets (8986-4 bytes= 8882 bytes).

The reason the P router has bigger MTU in 14 bytes is because it is running IOS-XR and the links are Ethernet.

In my real network, the link between PE1 and P was going down, so the iBGP neighborship between PE1 and the Router Reflector built by the path that going through PE2 .

After a while, I saw a lot of syslogs messages in PE1 about iBGP neighborship that was going up and down.

I saw the new segments size that was chosen for this neighborship was bigger than the MTU that is between PE2 and P, and the reason for this was that the MTU between PE1 and PE2 was bigger.

So in my lab I did sniffer with wireshark to figure out why the MTU discovery path feature didn't prevent this issue, and I saw was that the MSS syn ack packet that the routers send back to router that start the iBGP neighborships was include the MTU(minus 4 bytets) of the direct link that connected to them, and it didn't relate the MTU of all the path between those routers.

I also tried to change the MTU between PE2 and P routers (to smaller MTU) for check if the segments size change (after clearing the iBGP neighborship between PE2 and Router Reflector). So in this case the segment size change to smaller size, but it was because I changed the MTU in the link that is directly connected to PE2 (and it the first link/first hop that PE2 used to build the neighborship to the Router Reflector).

My question is why this is acting in this way. I can change the MTU on my network for solve this problem, but I want first to understand why the MSS in BGP MTU Path Discovery feature doesn’t check all the path between the iBGP neighbors.

Giuseppe Larosa · ‎05-24-2019

Hello Shira,

Path MTU discovery is supported by TCP and UDP.

BGP is based on TCP for transport using well known port 179 (server side)

In the past there was an upper limit for BGP around 4000 -4400 bytes for the MSS, this might explain why in your tests true end to end path MTU discovery is not performed.

Of course in production network is highly recommended to have the same MTU on all links with just accomodation for software specific implementation ( in IOS XR MTU is a layer 2 concept you have an additional overhead of 14 bytes , that becomes 18 bytes on tagged subinterfaces)

Edit:

see the following tech note

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116377-troubleshoot-bgp-mtu.html

PMTUD can be broken in your network by the fact there is an MPLS cloud in the middle.

Cisco routers can use the MPLS LSPs also for iBGP session packets this might be the root cause of your issue.

To make another example Juniper allows to set the TCP MSS for BGP at neighbor level

https://www.juniper.net/documentation/en_US/junos/topics/example/bgp-tcp-mss.html

Hope to help

Giuseppe

shira.forkosh@bynet.co.il · ‎05-26-2019

Hi Giuseppe,

Thanks you for you response.

I already read the first tech note, and the things that were mentioned didn't relevant for this topology.

You wrote that "PMTUD can be broken" in MPLS network. Can you explain more about this? I didn't find any information about this behavior in all the documents that I read.