BGP Flapping Issue Case Study

來源:本站原創 網絡技術 超過3,278 views圍觀 0條評論

硬件平臺

GSR

軟件版本

IOS 12.0(32)SY8

案例介紹

用戶發現兩個IBGP鄰居不停的flapping,有一個明顯的規律是bgp 鄰居建立起來之后經過大約5分鐘的時間就會因為holdtimer超時而down掉,然后鄰居又會馬上建立起來。

問題分析思路

1. 用戶環境
兩個IBGP鄰居用loopback0建立IBGP鄰居,中間經過多臺路由器。示意拓撲如下:

clip_image001

2. 問題的規律

從log中我們可以發現這個IBGP鄰居斷掉以及重建的規律。每次都是因為holdtimer超時,并且是因為對端收不到本端發出去keepalive報文。

Dec  6 13:28:36: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up 
Dec  6 13:33:55: %BGP-3-NOTIFICATION: received from neighbor 2.2.2.2 4/0 (holdtime expired) 0 bytes 
Dec  6 13:33:55: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down BGP Notification received
Dec  6 13:34:22: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up 
Dec  6 13:39:37: %BGP-3-NOTIFICATION: received from neighbor 2.2.2.2 4/0 (holdtime expired) 0 bytes 
Dec  6 13:39:37: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Down BGP Notification received

3. 因為bgp鄰居每次斷掉之后就會很快的重建起來,IP路由應該沒有問題。(1)現在我們要理解bgp鄰居建立起來之后會做什么。發送路由更新,也就是update報文。(2)對于bgp來說,鄰居的維護使用keepalive報文,但是如果有路由更新,發送update報文的話,此update報文就具有keepalive報文的功能,路由器就不用再專門發送一個bgp keepalive報文。 綜合以上兩點我們可以懷疑是bgp update報文對端沒有收到。

4. 由于是第一個update報文,根據路由表容量的大小,我們可以知道這個報文會達到最大值,我們知道bgp 報文最大可以達到4096個字節,同時也受限于TCP 對端的MSS大小。 MSS(Maximum Segment Size ) 是指一個host能夠接受最大TCP datagram的大小,這個值是在tcp option字段中協商得到的。我們可以通過以下命令知道。如下這個命令輸出的Datagrams (max data segment is 4394 bytes)

R1#  show ip bgp vpnv all neighbors 2.2.2.2  
BGP neighbor is 2.2.2.2,  remote AS 65350, internal link
 Description: To_ R2
 Member of peer-group NXVRRgroup for session parameters
  BGP version 4, remote router ID 202.100.126.219
  BGP state = Established, up for 00:00:56
Last read 00:00:51, last write 00:00:56, hold time is 180, keepalive interval is 60
seconds
  Neighbor capabilities:
    Route refresh: advertised and received(new)
    Four-octets ASN Capability: advertised and received
    Address family VPNv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:                 35         35
    Notifications:          2         28
    Updates:           935784        467
    Keepalives:        133137     147643
    Route Refresh:          0          1
    Total:            1068931     148175
  Default minimum time between advertisement runs is 0 seconds
 
 For address family: VPNv4 Unicast
  BGP table version 1316545, neighbor version 0/0
 Output queue size : 0
  Index 3, Offset 0, Mask 0x8
  Route-Reflector Client
  Member of update-group 3
  NXVRRgroup peer-group member
  NEXT_HOP is always this router
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:            3591        184 (Consumes 12512 bytes)
    Prefixes Total:                 0        184
    Implicit Withdraw:              0          0
    Explicit Withdraw:              0          0
    Used as bestpath:             n/a         46
    Used as multipath:            n/a          0
 
                                   Outbound    Inbound
  Local Policy Denied Prefixes:    --------    -------
    Total:                                0          0
  Number of NLRIs in the update sent: max 0, min 0
 
  Address tracking is enabled, the RIB does have a route to 2.2.2.2
  Connections established 35; dropped 34
  Last reset 00:01:17, due to BGP Notification received, hold time expired
Connection state is ESTAB, I/O status: 1, unread input bytes: 0
Mininum incoming TTL 0, Outgoing TTL 255
Local host: 1.1.1.1, Local port: 179
Foreign host: 2.2.2.2, Foreign port: 24434
 
Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
 
Event Timers (current time is 0x74A9E3D88):
Timer          Starts    Wakeups            Next
Retrans             2          0             0x0
TimeWait            0          0             0x0
AckHold             4          3             0x0
SendWnd             0          0             0x0
KeepAlive           0          0             0x0
GiveUp              0          0             0x0
PmtuAger            0          0             0x0
DeadWait            0          0             0x0
 
iss: 1432533502  snduna: 1432533575  sndnxt: 1432533575     sndwnd:  65463
irs: 4098882880  rcvnxt: 4098886860  rcvwnd:      61556  delrcvwnd:   3979
 
SRTT: 836 ms, RTTO: 3946 ms, RTV: 1137 ms, KRTT: 0 ms
minRTT: 0 ms, maxRTT: 300 ms, ACK hold: 200 ms
Flags: passive open, nagle, path mtu capable, gen tcbs, 
  SACK option permitted
 
Datagrams (max data segment is 4394 bytes):
Rcvd: 8 (out of order: 0), with data: 6, total data bytes: 3979
Sent: 5 (retransmit: 0, fastretransmit: 0), with data: 1, total data bytes: 72

5. 所以我們可以用帶DF的ping來測試此路徑中是否能允許此update報文通過,因為bgp update報文在路徑中不能被分片。

R1#ping       
Protocol [ip]: 
Target IP address: 2.2.2.2 
Repeat count [5]: 
Datagram size [100]: 2200 //我們發現當datagram大小為2200的時候此路徑都不通
Timeout in seconds [2]: 
Extended commands [n]: y
Source address or interface: loopback0
Type of service [0]: 
Set DF bit in IP header? [no]: yes
Validate reply data? [no]: 
Data pattern [0xABCD]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Sweep range of sizes [n]: 
Type escape sequence to abort.
Sending 5, 2200-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

6. 至此我們可以知道是路徑中某臺路由器的接口mtu較小導致。

問題總結

此問題原因是因為客戶的IGP環境發生了改變,某一臺路由器的流量出口選擇了一條備份鏈路,但是此鏈路接口mtu很小,導致bgp update報文在此被堵塞而造成holdtimer超時。

經驗總結

1. 對于bgp 的troubleshooting,因為bgp 是基于tcp報文的,所以不僅僅是ip層面的,也有可能是也要基于tcp層面進行分析。

2. BGP neighbor發出的notification而導致的鄰居down掉,我們都可以基于給出的 error code 和subcode(holdtimer 超時是4/0)來知道down掉的原因。具體的code的分類和意思可以參考RFC4271.

相關命令

Show ip bgp *

原文 http://www.cisco.com/cisco/web/support/CN/111/1116/1116654_BgpFlappingIssueCaseStudy.html

文章出自:CCIE那點事 http://www.qdxgqk.live/ 版權所有。本站文章除注明出處外,皆為作者原創文章,可自由引用,但請注明來源。 禁止全文轉載。
本文鏈接:http://www.qdxgqk.live/?p=3309轉載請注明轉自CCIE那點事
如果喜歡:點此訂閱本站
  • 相關文章
  • 為您推薦
  • 各種觀點
?
暫時還木有人評論,坐等沙發!
發表評論

您必須 [ 登錄 ] 才能發表留言!

?
?
萌宠夺宝游戏