Routing

Expand all | Collapse all

EBGP Peer - Prefix Limit Issue !!!

  • 1.  EBGP Peer - Prefix Limit Issue !!!

    Posted 01-15-2014 12:22

    Hi Champs,

    We have one EBGP customer who has configured prefeix-limit 1000 and it went down due to limit reached. But we are just sending him < 600 routes which are  within limit. Every time they have to clear bgp neighbor after idle for establishment.

    Am not sure how they receive routes >= 1000 from us as we are sending within limits but one suspect that at the time of issue we observed that our IBGP flapped with RR's as we have 2 RR's in our setup.

    Issue observed as first time EBGP flapped when our IBGP flapped with both RR and second time EBGP flapped when IBGP flapped with one RR from which all routes were best at that moment.

    Is it possible that when we got flap with one RR then we advertise routes from another RR to that EBGP customer and he didn't flush old route entries and received new ones which increase in prefix-limit.

    We applied just traceoptions for the specific neigbour for t-shoot. Is there anything else can we do from our side ?

    Schematic Diagram:-

    RR----------- IBGP (PE) ------------ EBGP (CE)
                          |
                          |
                         RR

    Logs from Our side :
     
    Jan 15 11:48:07.106531 bgp_recv: peer 172.24.168.46 (External AS 47423): received unexpected EOF
    Jan 15 11:48:07.106564 bgp_peer_close: closing peer 172.24.168.46 (External AS 47423), state is 4 (OpenSent)
    Jan 15 11:48:07.106741 bgp_event: peer 172.24.168.46 (External AS 47423) old state OpenSent event TransportError new state Idle
    Jan 15 11:48:07.107059 bgp_event: peer 172.24.168.46 (External AS 47423) old state Idle event Start new state Active
    Jan 15 11:50:35.107774 bgp_event: peer 172.24.168.46 (External AS 47423) old state Active event ConnectRetry new state Connect
    Jan 15 11:50:35.108919 bgp_event: peer 172.24.168.46 (External AS 47423) old state Connect event Open new state OpenSent
    Jan 15 11:50:35.108935 advertising graceful restart receiving-speaker-only capability to neighbor 172.24.168.46 (External AS 47423)
    Jan 15 11:50:35.108947 bgp_send: sending 59 bytes to 172.24.168.46 (External AS 47423)
    Jan 15 11:50:35.108954
    Jan 15 11:50:35.108954 BGP SEND 172.24.168.47+56721 -> 172.24.168.46+179
    Jan 15 11:50:35.108961 BGP SEND message type 1 (Open) length 59
    Jan 15 11:50:35.109810
    Jan 15 11:50:35.109810 BGP RECV 172.24.168.46+179 -> 172.24.168.47+56721
    Jan 15 11:50:35.109819 BGP RECV message type 3 (Notification) length 24
    Jan 15 11:50:35.109848 bgp_read_message: peer 172.24.168.46 (External AS 47423): Notification arrived, expected Open
    Jan 15 11:50:35.109868 bgp_read_message:2258: NOTIFICATION received from 172.24.168.46 (External AS 47423): code 2 (Open Message Error) subcode 8 (invalid), Data&colon;  00 01 01
    Jan 15 11:50:39.682385 bgp_recv: peer 172.24.168.46 (External AS 47423): received unexpected EOF
    Jan 15 11:50:39.682427 bgp_peer_close: closing peer 172.24.168.46 (External AS 47423), state is 4 (OpenSent)
    Jan 15 11:50:39.682611 bgp_event: peer 172.24.168.46 (External AS 47423) old state OpenSent event TransportError new state Idle
    Jan 15 11:50:39.682927 bgp_event: peer 172.24.168.46 (External AS 47423) old state Idle event Start new state Active
     
     
    Logs from Customer side :
     
    show ip bgp nei 172.24.168.47 | include ^BGP|Desc|state|prefix|reset
    BGP neighbor is 172.24.168.47,  remote AS 35819,  local AS 47423 no-prepend replace-as, external link
    Description: MobilySA Internet Peering Connection (limited routes exchanged)
      BGP state = Idle
      Peer had exceeded the max. no. of prefixes configured.
      Maximum prefixes allowed 1000
      Reduce the no. of prefix and clear ip bgp 172.24.168.47 to restore peering
      Last reset 1w0d, due to Peer over prefix limit of session 1
     
    Regards,
    R@thore



  • 2.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-15-2014 20:10

    Can you show how your peer has configured the prefix limit? Check to see the teardown value. I think this maybe the issue. The teardown value represents a percentage of the max number. Whatever values he has configured, it must allow at least your 600 routes. So for example:

     

    prefix-limit {maximum 1000;teardown 70;

     

    so at least 700 routes before teardown of session. But then are you the only one sending routes? Does he have multiple peers? What is the total number of routes he wants to receive? Then again, if you sending im that much routes, can you send some aggregate routes instead. You could reduce that number to a negligible amout if you can do that.

     



  • 3.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-16-2014 00:07

    Thanks lyndidon,

     

    I have already requested for configuration and all details. Get back to you once received. Do you have any comment regarding as its possible to receive same routes from my side without flush old entries.

     

    And we can't send aggregate as we are just matching internal routes community. Find below configuration which we have for this customer,

     

    set protocols bgp group BB10 type external
    set protocols bgp group BB10 traceoptions file BB-BGP
    set protocols bgp group BB10 traceoptions flag open detail
    set protocols bgp group BB10 traceoptions flag state detail
    set protocols bgp group BB10 traceoptions flag packets detail
    set protocols bgp group BB10 traceoptions flag all
    set protocols bgp group BB10 neighbor 172.24.168.46 description "BB_service "
    set protocols bgp group BB10 neighbor 172.24.168.46 import BB10-IMPORT
    set protocols bgp group BB10 neighbor 172.24.168.46 authentication-key bY1RLNbYZGqmfz6Ap0IEclTzKWx-2gn/9CBI"
    set protocols bgp group BB10 neighbor 172.24.168.46 export BB10-EXPORT
    set protocols bgp group BB10 neighbor 172.24.168.46 peer-as 47423


    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 93.186.17.8/29 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 93.186.25.8/29 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 93.186.17.96/27 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 93.186.27.160/27 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 131.117.168.32/28 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 5.100.168.32/28 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 131.117.168.96/27 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 from route-filter 5.100.168.96/27 orlonger
    set policy-options policy-statement BB10-IMPORT term BB10 then local-preference 700
    set policy-options policy-statement BB10-IMPORT term BB10 then accept
    set policy-options policy-statement BB10-IMPORT term Reject then reject

    set policy-options policy-statement BB10-EXPORT term block-private from route-filter 10.0.0.0/8 orlonger
    set policy-options policy-statement BB10-EXPORT term block-private from route-filter 172.16.0.0/12 orlonger
    set policy-options policy-statement BB10-EXPORT term block-private from route-filter 192.168.0.0/16 orlonger
    set policy-options policy-statement BB10-EXPORT term block-private then reject
    set policy-options policy-statement BB10-EXPORT term reject-EBGP-Custs from community EBGP-Customers
    set policy-options policy-statement BB10-EXPORT term reject-EBGP-Custs then reject
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community Central_Region_Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community Western_Region_Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community Eastern_Region_Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community MSMN-Central-Region-Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community MSMN-Western-Region-Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from community MSMN-Eastern-Region-Community
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT from route-filter 0.0.0.0/0 upto /24
    set policy-options policy-statement BB10-EXPORT term BB10-EXPORT then accept
    set policy-options policy-statement BB10-EXPORT term reject then reject



  • 4.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-16-2014 09:32

    CE Side configuration:-

     

    BB10 configuration for this peering session is as follows:

    router bgp xxx
    neighbor 172.24.168.47 remote-as 35819
    neighbor 172.24.168.47 local-as 47423 no-prepend replace-as
    neighbor 172.24.168.47 description MobilySA Internet Peering Connection (limited routes exchanged)
    neighbor 172.24.168.47 password 7
    address-family ipv4
      neighbor 172.24.168.47 activate
      neighbor 172.24.168.47 soft-reconfiguration inbound
      neighbor 172.24.168.47 route-map MobilySA_BB10_IN in
      neighbor 172.24.168.47 route-map MobilySA_BB10_OUT out
      neighbor 172.24.168.47 maximum-prefix 1000
     
    Our inbound route-map permits any prefix between /0 and /24 in length.
    Our outbound route-map permits prefix 5.100.168.96 between /29 and /32 in length, only.
     
    The last logs from when the BGP session went down were:
     
    Jan  8 00:33:49.209 UTC: %BGP-4-MAXPFX: Number of prefixes received from 172.24.168.47 (afi 0) reaches 751, max 1000
    Jan  8 05:34:14.806 UTC: %BGP-4-MAXPFX: Number of prefixes received from 172.24.168.47 (afi 0) reaches 751, max 1000
    Jan  8 05:34:14.822 UTC: %BGP-3-MAXPFXEXCEED: Number of prefixes received from 172.24.168.47 (afi 0): 1001 exceeds limit 1000
    Jan  8 05:34:14.822 UTC: %BGP-5-ADJCHANGE: neighbor 172.24.168.47 Down BGP Notification sent
     

    It seems we are advertising for a limit but how can we trace that this behaviour as we already applied traceroute but am not sure its beneficial or not.

     



  • 5.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-16-2014 11:22

    Yo have at least one this you can start with:'BGP-3-MAXPFXEXCEED: Number of prefixes received from 172.24.168.47 (afi 0): 1001 exceeds limit 1000"". On their end, the out is that this neighbor is sending that number of routes.

    On the this Router "172.24.168.47" run the following command:

    >show route advertising-protocol bgp 172.24.168.46

    It may not show at this time but at least you will get an idea; And definitely the next time it happens.

    **edit your last post and delete the password (if it is not hashed always remove those kinds of info).



  • 6.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-16-2014 11:57

    Hi,

     

    Basically, we have executed this command multiple times "show route advertising-protocol bgp 172.24.168.46" but whenever we saw only 553 routes are advertised. We just want to catch this command at the time of issue. Is there any automated method like event-script to catch this command.

     

    Regarding event-script i thought its not benefited because at the time of neighbor down there is not benefit to execute the command.



  • 7.  RE: EBGP Peer - Prefix Limit Issue !!!

    Posted 01-18-2014 00:05

    Sorry, I do not know how to use those scripts yet.