BGP4 Session Goes Down receiving FULL Routers from providers

rom · ‎09-21-2011

CONF

router bgp 22999

no synchronization

bgp log-neighbor-changes

bgp maxas-limit 254

network 196.12.173.0

aggregate-address 196.12.173.0 255.255.255.0 summary-only

neighbor 64.247.171.17 remote-as 11992

neighbor 64.247.171.17 version 4

neighbor 64.247.171.17 soft-reconfiguration inbound

neighbor 64.247.171.17 distribute-list ramallo_in in

neighbor 64.247.171.17 distribute-list ramallo_out out

neighbor 196.12.168.202 remote-as 11367

neighbor 196.12.168.202 ebgp-multihop 2

neighbor 196.12.168.202 version 4

neighbor 196.12.168.202 next-hop-self

neighbor 196.12.168.202 soft-reconfiguration inbound

neighbor 196.12.168.202 distribute-list ramallo_out out

SHOW VERSION

Router# show ver

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M3, REL

EASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Compiled Sun 18-Jul-10 03:32 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

Router uptime is 1 week, 10 hours, 11 minutes

System returned to ROM by power-on

System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M3.bin"

Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 483328K/40960K bytes of memory.

Processor board ID FTX1445A1W4

3 Gigabit Ethernet interfaces

2 Serial interfaces

DRAM configuration is 64 bits wide with parity enabled.

255K bytes of non-volatile configuration memory.

250880K bytes of ATA System CompactFlash 0 (Read/Write)

SHOW LOG

*Sep 21 21:58:09.107: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (

update malformed) 0 bytes

*Sep 21 21:58:09.107: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei

ved from 196.12.168.202:

FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 00BB 0200 0000 2440 0101 0040 0216 0205

0000 2C67 0000 392E 0000 329C 0000 4BE5 0000 6D21 4003 04C4 0CA8 CA18 BE61 8B18

BE61 9818 BE61 9118 BE61 8F18 BE61 8318 BE61 9F18 BE61 9718 BE61 9618 BE61 9918

BE61 9E18 BE61 9C18 BE61 9B18 BE61 9D18 BE61 8C18 BE61 8118 BE61 9318 BE61 8E18

BE61 9418 BE61 9518 BE61 9A18 BE61 8218 BE61 8D18 BE61 9218 BE61 8918 BE61 8618

BE61 8518 BE61 8818 BE61 8A18 BE61 8718 BE61 8418 BE61 8018 BE61 90

*Sep 21 21:58:09.107: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory

exhaustion.

*Sep 21 21:58:19.895: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory

*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic

ast topology base removed from session No memory

*Sep 21 21:58:19.895: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni

cast topology base removed from session BGP Notification sent

*Sep 21 21:58:28.707: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up

*Sep 21 21:58:31.267: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up

*Sep 21 21:58:35.607: %SYS-5-CONFIG_I: Configured from console by vty0 (196.12.1

73.25)

*Sep 21 22:02:35.387: %SYS-2-MALLOCFAIL: Memory allocation of 65536 bytes failed

from 0x2342E9A8, alignment 0

Pool: Processor Free: 125144 Cause: Memory fragmentation

Alternate Pool: None Free: 0 Cause: No Alternate pool

-Process= "BGP Router", ipl= 0, pid= 239, -Traceback= 0x2340604Cz 0x23423490z

0x21AF2D38z 0x21AA5C80z 0x21AA5FB0z 0x21B63554z 0x21B63E58z 0x21AC7844z 0x21AC7D

04z 0x21AC83A8z

*Sep 21 22:02:35.387: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Down BGP Notific

ation sent

*Sep 21 22:02:35.387: %BGP-3-NOTIFICATION: sent to neighbor 196.12.168.202 3/1 (

update malformed) 0 bytes

*Sep 21 22:02:35.387: %BGP-4-MSGDUMP: unsupported or mal-formatted message recei

ved from 196.12.168.202:

FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 0061 0200 0000 3240 0101 0040 0216 0205

0000 2C67 0000 392E 0000 329C 0000 6D52 0000 1B89 4003 04C4 0CA8 CA40 0600 C007

0800 001B 89C8 3BC4 C618 C83D 1018 C83D 1A18 C83B 3C18 C829 D618 BA00 D417 BA00

D0

*Sep 21 22:02:35.387: %BGP-4-BGP_OUT_OF_MEMORY: BGP resetting because of memory

exhaustion.

*Sep 21 22:02:46.379: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Down No memory

*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 64.247.171.17 IPv4 Unic

ast topology base removed from session No memory

*Sep 21 22:02:46.379: %BGP_SESSION-5-ADJCHANGE: neighbor 196.12.168.202 IPv4 Uni

cast topology base removed from session BGP Notification sent

*Sep 21 22:03:00.319: %BGP-5-ADJCHANGE: neighbor 196.12.168.202 Up

*Sep 21 22:03:01.347: %BGP-5-ADJCHANGE: neighbor 64.247.171.17 Up

Router#

Any ideas?

vmiller · ‎09-21-2011

I don't think you have enough horsepower for all bgp routes, note the number of

SYS-2-MALLOCFAIL nessages.

Do you NEED all the routes ?

rom · ‎09-21-2011

A C2911 with 512 it is enough :-( ???

vmiller · ‎09-21-2011

No, the 29xx series is more of a remote branch router. here is a clip from 2008 to give you an idea:

BGP table version is 4727126, main routing table version 4727126

284303 network entries

using 28714603 bytes of memory

9076734 path entries using 435683232 bytes of memory

1527630 BGP path attribute entries using 85555176 bytes of memory

1292500 BGP AS-PATH entries using 34542132 bytes of memory

23279 BGP community entries using 1673428 bytes of memory

17 BGP extended community entries using 508 bytes of memory

0 BGP route-map cache entries using 0 bytes of memory

0 BGP filter-list cache entries using 0 bytes of memory

BGP using 586169079 total bytes of memory

trust me, it has not shrunk.

But back to the question, do you need all the routes or can you function with a default?

rom · ‎09-21-2011

Is more efficient having all routes?

vmiller · ‎09-21-2011

My take is, unless you are a tier 1 or tier 2 provider, accepting a default for the internet will be more efficient.

How many Links and how many different providers are you going to connect to?

If you are a small office, probably just 1, in which case thats the only route to the internet.

If you have 2 providers, there are still ways to keep it simple.

rom · ‎09-21-2011

two providers 10mb each

100 +/-

several servers

vmiller · ‎09-21-2011

Ok, sounds reasonable.

What you need to consider is how to use 2 providers.

Prmary and back up ?

Load share ?

stuff like that.

A lot will depend on how you plan on firewalling traffic also.

Consider laying out a design, posting it here, and moving ahead from there. A lot of these folks, (Like Mr. Marshall below) have a a depth of experience in design, but you need to decide what the design parameters are.

rom · ‎09-21-2011

load share.

Jon Marshall · ‎09-21-2011

You need about 512Mb just for one BGP peer to receive full routes. You are receiving the full routing table from 2 providers by the looks of it which means you have nowhere near enough RAM - you have 512MB RAM on your router. From Cisco doc -

To store a complete global BGP routing table from one BGP peer, it is best to have a minimum of 512 MB or 1 GB of RAM in the router. If 256 MB of RAM is used, it is recommended that you use more route filters. If you use 512 MB of RAM, more Internet routes can be placed in the routing table with fewer route filters

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a83.shtml

So you either need to filter the routes you are receiving from your providers or you need a router with more memory.

Jon

Kevin Hart · ‎09-21-2011

Hi

disable "soft-reconfiguration inbound" on both peers (see below).

soft-reconfiguration stores another copy of the BGP table prior to applying any filters! Not recommend when receiving the full Internet routing table.

router bgp 22999

no neighbor 64.247.171.17 soft-reconfiguration inbound

no neighbor 196.12.168.202 soft-reconfiguration inbound

Peter Paluch · ‎09-21-2011

Kevin,

Very good point! In fact, the soft-reconfiguration inbound is a fossil that should not be used at all anymore. Since all reasonable BGP implementations now support the ROUTE REFRESH per RFC 2918, there is no point in having the soft-reconfiguration still configured. I would put it even stronger than you did: the soft-reconfiguration is not recommended at all. It is amazing for me to see how often are people still configuring it.

Best regards,

Peter

rom · ‎09-23-2011

ok. i took the soft-conf feature.

still I am having the same problem.

Peter Paluch · ‎09-23-2011

Romualdo,

If deactivating the soft-reconfiguration did not help then your router is simply unable to hold so many BGP routes in its memory. You can either add more RAM or - what everyone has asked you to do - start filtering out unnecessary routes more aggressively. It is as plain as that.

Best regards,

Peter

vmiller · ‎09-23-2011

Why would you want full Internet routes if you aren't a provider ?

I still think that trying to get this to work on a 29xx is a waste of time.