09-23-2011 11:47 AM
HI, yesterday at night, I try to migrate a JUNIPER to ASR. The BGP configuration is very simple, but the BGP n never UP, with show bgp nei every time stay en ACTVE mode. Attached the configuration and the show log. TOday I will be do Labs between JUnipero and ASR 9006.
router bgp 20299
address-family ipv4 unicast
network 186.32.128.0/19
network 186.32.224.0/20
network 190.4.31.92/30
network ...............
net....etc
neighbor 190.4.31.93
remote-as 23383
description BGP - NAVEGA 3xSTM1
address-family ipv4 unicast
route-policy out-navega out
remove-private-AS
!
!
neighbor 190.4.32.25
remote-as 23383
description BGP - NAVEGA 1xSTM1
address-family ipv4 unicast
remove-private-AS
!
!
prefix-set amnet-sps-cable-out-navega
186.32.128.0/19,
186.32.224.0/20,
190.53.48.0/20,
190.53.192.0/19
end-set
!
prefix-set home-sps-out-navega-columbus
205.211.192.0/22,
205.211.201.0/24,
205.211.218.0/23,
205.211.220.0/23,
205.211.244.0/22,
205.211.248.0/21,
205.211.222.0/23,
205.211.233.0/24,
200.12.227.0/24,
190.53.48.0/20
end-set
route-policy out-navega
if destination in amnet-sps-cable-out-navega then
pass
endif
end-policy
!
route-policy out-navega-1xSTM1
if destination in home-sps-out-navega-columbus then
pass
else
drop
endif
end-policy
sho log
RP/0/RSP1/CPU0:Sep 23 09:47:11.897 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5b6ef) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:47:12.506 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5763f) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:47:13.108 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3742, drop packet (pak 0xddc5e773) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:47:48.562 : tcp[378]: [t14] Queue pak (0xddc5e20f): 190.4.31.93:50004 -> 190.4.31.94:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:47:52.609 : tcp[378]: [t13] Queue pak (0xddc5e773): 190.4.32.25:53139 -> 190.4.32.26:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:47:57.591 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5de77) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:47:58.146 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5dadf) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:47:58.749 : tcp[378]: [t9] Lpts set the drop flag for 445 ->2029, drop packet (pak 0xddc5d1e3) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:16.122 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5b6ef) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:16.872 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5e20f) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:17.623 : tcp[378]: [t9] Lpts set the drop flag for 445 ->3422, drop packet (pak 0xddc5d1e3) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:19.118 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5b6ef) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:19.690 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5d1e3) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:48:20.193 : tcp[378]: [t9] Lpts set the drop flag for 445 ->13919, drop packet (pak 0xddc5e773) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:49:57.325 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5d913) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:49:57.995 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5b6ef) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:49:58.648 : tcp[378]: [t9] Lpts set the drop flag for 445 ->54772, drop packet (pak 0xddc5b6ef) and send a RST
RP/0/RSP1/CPU0:Sep 23 09:51:13.572 : tcp[378]: [t12] Queue pak (0xddc5dadf): 190.4.31.93:51562 -> 190.4.31.94:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:51:37.532 : tcp[378]: [t18] Queue pak (0xddc5dadf): 190.4.32.25:58976 -> 190.4.32.26:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:52:17.590 : tcp[378]: [t16] Queue pak (0xddc5d913): 190.4.31.93:54254 -> 190.4.31.94:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:52:41.549 : tcp[378]: [t16] Queue pak (0xddc5e043): 190.4.32.25:50350 -> 190.4.32.26:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:53:21.607 : tcp[378]: [t15] Queue pak (0xddc5e043): 190.4.31.93:50893 -> 190.4.31.94:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:54:05.567 : tcp[378]: [t15] Queue pak (0xddc5e773): 190.4.32.25:64285 -> 190.4.32.26:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:54:25.629 : tcp[378]: [t18] Queue pak (0xddc5763f): 190.4.31.93:51608 -> 190.4.31.94:179 len=45 FAILED
RP/0/RSP1/CPU0:Sep 23 09:55:09.587 : tcp[378]: [t13] Queue pak (0xddc5b6ef): 190.4.32.25:62523 -> 190.4.32.26:179 len=45 FAILED
09-23-2011 12:23 PM
hi Luis,
For eBGP you need an inbound and outbound RPL route-policy or by default we will drop everything. This is only for eBGP, not required for iBGP.
example:
route-policy ebgp
pass
end-policy
apply in and out for the eBGP neighbor.
regards,
David Pothier
Cisco Systems
09-23-2011 12:35 PM
Hi David and thanks i configured this in the bgp neigbor configure
neighbor 190.4.31.93
remote-as 23383
description BGP - NAVEGA 3xSTM1
address-family ipv4 unicast
route-policy out-navega out
remove-private-AS
in this policy I try to delimit which network want advertise to my bgp neighbor. In my firts post copie the complete config but I don't if my route policy is wrong.
09-23-2011 12:53 PM
hi Luis,
You have an outbound route-policy, but your missing an inbound route-policy.
You need to add an inbound route-policy for the eBGP neighbor.
Also - please send the output of "sho run lpts pifib hardware police flow", I want to verify that you are using the default lpts policer flows.
regards,
David Pothier
Cisco Systems
09-23-2011 01:03 PM
HI, about the inboudn policy i will the configure in afew minutes in a litle labs, and the command doesn't work check the output
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police flow
^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police?
police
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
location Location Specification RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police flow
^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police?
police
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
location Location Specification
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware ?
police ingress policers configuration command
tcam pre-ifib tcam configuration commands
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware tcam ?
limit Set upper TCAM size limit
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
location Location Specification
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police ?
location Location Specification
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location ?
0/2/CPU0 Enter Location
0/RSP0/CPU0 Enter Location
0/RSP1/CPU0 Enter Location
WORD Enter Location
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/RSP0/CPU0
^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/RSP1/CPU0
^
% Invalid input detected at '^' marker.
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location 0/2/CPU0
Fri Sep 23 19:58:24.728 UTC
% No such configuration item(s)
RP/0/RSP1/CPU0:ASRAmnet#sho run lpts pifib hardware police location flow
^
% Invalid input detected at '^' marker.
09-24-2011 09:44 AM
Hi Luis,
Check this command:
RP/0/RSP0/CPU0:A9K-BNG#show lpts pifib hardware police location 0/0/CPU0 | i BGP
that will tell us the police rate for the BGP flows
Also can you show us the configuration for the interface that holds the ip address
190.4.32.26 and 190.4.31.94
The issue is that the BGP packets from the peer don't reach the 9k's bgp process hence it'll toggle between idle/active state.
I have also seen this error when the capabilities from the peer are different then ours like for isntance the remote side wants to initiate the AF for ipv6 or mismatched GR config on either side.
One thing to easily verify is from the peer to do a "telnet
In that case a debug on the bgp neighborship establishment would be helpful:
debug bgp
debug bgp io
debug bgp
debug bgp events
xander
09-28-2011 10:01 PM
Hi Guys
The last saturday we found a post about problems with ASR interconnection with Juniper M10i and the solution was the router id configuration. We configured ROUTER ID and the BGP pass the active to establish status immediately and wonrking good.
Thanks alot for all your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide