Cisco WAN :: BGP Peering Causes 7200 To Crash?
Apr 10, 2012
I have two 7204VXR with NPE-G2 and 1Gb of ram. One router has 2 eBGP peers and the other has 3. The routers receive all internet routes from the 5 peers and send 2 internal routes. There is an iBGP peering between both routers. On all peers I have a route-map to send only our routes.
All was working fine since a couple of months when I suddenly saw an increase of memory on one of the router (router B), 1 hour later the memory was 100% and router crash and reboot. The other router (router A) with the same hardware capacity, same ram and same amount of routes was working good. After router B restart, I shut all eBGP peering on it, keeping only iBGP with router A, ram used was the same as router A (about 50% used) but CPU was about 30% used by process Router BGP whereas router A which has active traffic and active eBGP is only 20% and bgp process i almost 0%. Restarting peers one by one on router B cause the same issue, increase of memory then crash, even with only one peer.
What I suspected :
- A peer on router B but I can't isolate one because the problem appears with each taken one by one
- Not enough memory, but router A has the same number of routes and don't have any problem
- IOS version ? same on both 12.4.(15)T1
- Why process router BGP use 30% on router B when all eBGP peers are shut except iBGP and no traffic pass.
- A routing loop but I only send internal routes to peers and only have one iBGP session with no sync nor redistribution with an IGP
Of course I can't run any debu ip bgp on routers as the number of routes is very large (300K).
View 1 Replies
ADVERTISEMENT
Sep 25, 2011
7200 VXR router got rebooted after due software crash dump.I have replaced NPE-G1 but still router is rebooting. Currently I am running with 12.4 (15)T 13 IOS.Crash Dump file is attached.
View 4 Replies
View Related
Feb 21, 2012
I have many WiSM WLC's running 7.0.116.0. One WLC was rebooted few days ago but there was no crash file and nothing in logs say why this issue happened.There was a power problem at the same time the WLC rebooted (some switches and PE's was rebooted as well) but if it is a power issue why only one WLC inside the WiSM rebooted and the other WLC is still working fine with no reboot?I have 5 WiSM modules connected to the same 6500 box, only one WLC was rebooted which indicates a crash but no crash file registered for it.Is there anyway I can find the reason why that WLC was rebooted?
View 6 Replies
View Related
Mar 24, 2013
I have a scenario where I may have to run VRFs on a router that is currently facing an ISP as a BGP peer. peering two BGP peers, one of which is VRF aware (and hence configured within the address-family ipv4 vrf X subsection) and the other is not? (the BGP aware and internet facing segment will go into its own VRF where previously this router was only in that VRF and hence had no awareness).Are there any caveats or restrictions? Does the presence of the VRF throw the ISP peer?
View 3 Replies
View Related
May 15, 2013
Topology :
PE router-T (ASN 1111) ----eBGP---- CE router-T (ASN 65500) ----iBGP---- CE router-V (ASN 65500 ) ----eBGP---- PE router-V (ASN 2222)
When We have configured in this mannger everything is working fine. Only thing is that I can not receive all the NEtwork updates coming from PE- Router - V in CE router T. It's due to synchroization rule (I have not tunrned off synch in CE Router T.) Now for Load sharing purpose I have applied one Route map on iBGP peering from CE Router V to CE router T in OUT direction mentioning any routes coming via ASN 65555 than set Local Preference = 150 and will prefer path via MPLS SP - V. Rest via MPLS SP - T.
But as soon as I have applied the Route-Map. It's not reflected.When I have applied clear ip bgp * on CE rotuer - V than I can see two routes in CE router - T with LP 150 and default. Everything is working OK.
When trying to check the auto failover by Shuting LAN int of CE router-V --- Failover is also working via CE router-T.When reenabling the LAN int ----- After that iBGP perring is flapping continuolsly. Finally We have remove the route-map ad it was stable.
find the route map :
CE Router - V
router bgp 65500
!
address-family ipv4
[code].....
I have also checked the MTU issue between these two Peer (LAN int. of both the CE routers) by pinging each other with size 1500 with df-bit set.
View 5 Replies
View Related
Mar 20, 2011
i have an Cisco ASR 1002 Router. I would like to connect our dezentral location to the Router.Unfortunately has this location an standard DSL connection with an dynamic offical IP Address.I have found an Config witch can handle an dynamic IP Addess (enclosed).
Is it possible to works witch the "set responder-only" command togehter with an dynamic crypto map? How I can configure it.
crypto isakmp policy 1 encr 3des hash md5 authentication pre-share group 2 lifetime 300crypto isakmp key xxx address 0.0.0.0 0.0.0.0 no-xauthcrypto isakmp identity hostnamecrypto isakmp keepalive 10 periodic
!
crypto ipsec transform-set dezentral-location esp-3des esp-md5-hmac
!
crypto dynamic-map fil 1 set transform-set dezentral-location set pfs group2 match address 150 reverse-route
!
crypto map Filialen 1 ipsec-isakmp dynamic fil
View 1 Replies
View Related
Sep 13, 2011
I have remote site in which site to site vpn is configured with hub site using 5510 model. now i am using load balancer in which 2 isp will terminate one is isfy and other is reliance . now i want if suppose ipsec-tunnel is configured primary with sify. if sify link fail at hub site then at remote site should be able to communicate with reliance that is secondary?
View 7 Replies
View Related
Nov 3, 2012
I want to use chanelized POS PA in 7200 router. I want to know can I use chanelized PA for both chanelized and non-chanelized OC3/STM1? Does the both chanelized and non-chanelized feature is supported on chanelized module or I have to use other module?
View 1 Replies
View Related
Dec 8, 2010
We are working on taking a port off of a switch and connecting it to a mux (TAC 900). Port is trunked to another switch in another geographic location. From wht I am being told from the engineer who handles the transmission end of things he said once our segment is physically connected the mux will crash. He supplied the error code to the vendor and they said it is crashing because of a jumbo packet in excess of 1536 bytes. Soon it will be a moot point as the hardware will be, upgraded but we need tis running NOW.
View 8 Replies
View Related
Feb 24, 2012
I ran across this today on a 7200 that when all the vty lines are filled, and dont release, you enter clear line vty x and it is supposed to release the line. Well in some versions it doesn't work.
Here is the work around I found. clear tcp line vty x
View 3 Replies
View Related
Apr 16, 2012
I want to monitor my 7200's CPU packets per second rate.Any command i can run to show this?Or any MIB so I can poll this? 7200 NPE-G1 can handle 1mpps. And i want to verify the actual rate.
View 1 Replies
View Related
May 20, 2013
I want to know a number of maximum tcp connection at same time on interface of my 7200 router, how I'll do that?
View 3 Replies
View Related
Dec 11, 2012
I am having issues with frequent bgp flaps on the Cisco 7200 series router from past 1 week. I have raised a ticket with ISP but couldn't get any resolution from them as the flap is for about 2min.When ever we see BGP flap, we are not able to ping the remote end IP, Also at that point we drops on the interface connected to ISP.
View 1 Replies
View Related
Sep 27, 2011
I was recently given a Cisco 7200 VXR and told to erase the stored configurations in it. how to do erasing of Cisco 7200 stored config else I might have to delete them line by line.
View 4 Replies
View Related
Dec 15, 2010
We have network consisting of approx. 8 7200's running LNS/MPLS/BGP and we provide predominantly private networks to clients(Majority of client networks are a mix of Ethernet tails and DSL).We have received a request from one client to support multicast - Having never implemented multicast, have a few questions:
1. Is is supported/possible to provide multicast within a vrf on 7200's?(From initial investigations, it appears to be)
2. Is it possible to only enable mutilcast in a vrf(i.e. not globally)?
3. Any recommended guides/best pratices?(Googling has revealed nothing really that is similiar to what we want to do)4. What are the potential ramifications?(Resource overhead, Security implications, anything else?)
View 1 Replies
View Related
Mar 23, 2013
I am planning to provide a redudnt link to our customer. The setup as below:
One link over wireless while the other link over wired link, I want to make sure that I should maintain the same public IP addresses for the customer therefore, I am looking for L2 failover for my customer.
If the wireless down the customer should migrated to wired and vis versa. I have 7200 CISCO Router as Core.
View 3 Replies
View Related
Mar 7, 2011
I am trying to configure a dynamic failover with IP SLA on a Cisco 7200 using 12.2(33) IOS. I would like to have something similar as the following configuration:
ip sla monitor 1type echo protocol ipIcmpEcho x.x.x.xfrequency 3ip sla monitor schedule 1 life forever start-time now!!track 10 rtr 1 reachability
access-list 101 permit icmp any host X.X.X.X echo!route-map LOCAL_POL permit 10 match ip address 101 set ip next-hop Y.Y.Y.Y set interface Null0!ip local policy route-map LOCAL_POL
!
ip route XX.XX.XX.XX 255.255.255.0 YY.YY.YY.YY track 10ip route XX.XX.XX.XX 255.255.255.0 ZZ..ZZ.ZZ.ZZ 254
My questions are the following
Question 1: What is the equivalent of ip sla monitor in 12.3 for dynamic failover with IPsla Should I used
ip sla ethernet-monitor 1 type echo domain name ?
or
ip sla 1 path echo X.X.X.X or ethernet mpid echo domain name or icmp-echo time out 1000 frequency 3 threhsold 2
I do not know if I have to used ethernet-monitor or ip sla. What is the domain name and the mpid associated to the ethernet-monitor ip sla.In the case where I have to used ip sla 1, shoud I used a path-echo, ethernet mpdi or icmp-echo for dynamic failover
Question 2: In 12.3, what is the equivalent to ip sla monitor schedule 1 life forever start-time now.I have found thec command ip sla schedule 1 start now but it does not seems that we could configure the duration.
Question 3: Should I also enable ip sla responder
View 2 Replies
View Related
Apr 19, 2012
I have a 7200 router with a 12.2.(46a) IOS and I am trying to activate Netflow on a subinterface. From the documentation of Cisco, I should be able to do it since the ios 12.2.(14)S but the command is unavailable.
[URL]
I have tried also to enter the command in the subinterface directly but it doesn't recognize it.
View 2 Replies
View Related
May 20, 2013
We have a Cisco 7204 G1 running c7200-advipservicesk9-mz.122-33.SRE7.bin and we're having a lot of difficulties getting a VTI working to a Cisco 2921 with adv. security. I've ruled out that the 2921 is at fault by successfully establishing a VTI to another 2921 and a 7200 running a different IOS release.
We see the tunnel come up, but when I sent a ping from the 2921 to the 7204 there isn't a reply. When I look at the results on the 7204 from a 'sh crypto engine connection active', I see the decrypt counters increase, but I don't see the Encrypt counters increase as it's trying to reply to the ping. I'm not sure if this is because there is an issue with the encryption or whether there might be a more fundamental issue with the router not replying to the pings.
I've tried the following IOS releases (c7200-advipservicesk9-mz.122-33.SRE7 & c7200-advipservicesk9-mz.122-33.SRE6) and they all behave the same way - this makes me think it might be a config issue rather than and IOS bug which is what I first thought. c7200-advipservicesk9-mz.122-33.SRE7.bin.
sh crypto engine connections active
Crypto Engine Connections
ID Interface Type Algorithm Encrypt Decrypt IP Address
1 Tu10 IPsec 3DES+SHA 0 31 10.5.5.1
2 Tu10 IPsec 3DES+SHA 19 0 10.5.5.1
1001 Tu10 IKE SHA+3DES 0 0 10.5.5.1
Here is a copy of my config on the 7204 - the other end (Cisco 2921) is configured in the same way.
crypto isakmp policy 1
encr 3des
authentication pre-share
[code].....
View 16 Replies
View Related
Feb 9, 2011
OSPF-4-ERRRCV: Received invalid packet: Bad LLS Checksum with one of our tunnels
View 1 Replies
View Related
Jun 16, 2012
Just updated the fw to 1.2.5.70 and after a while, the device crashed wth the following message in the flash log.
21474836472012-Jun-17 11:46:21Emergency %SYSLOG-F-OSFATAL: FATAL ERROR: GOAH: ABORT DATA exception ***** FATAL ERROR ***** SW Version : 1.2.5.70 Version Date: 11-Jun-2012 Version Tim e: 17:35:31 Instruction 0x150348 Exception vector 0x10 Program state register 0x60000013 0x0015014c ***** END OF FATAL ERROR ***** Haven't seen the switch crashing before.
View 10 Replies
View Related
Dec 18, 2012
I have a CISCO 2921 router , today it auto reboot two times. I user show version command and see have a crash message "0x21A6DD74".
System returned to ROM by error - a Software forced crash, PC 0x21A6DD74 at 11:15:14 GMT Wed Dec 19 2012
System image file is "flash0:c2900-universalk9-mz.SPA.151-2.T1.bin"
Last reload type: Normal Reload
View 4 Replies
View Related
Apr 13, 2011
I just upgraded several of my C2960S-48FPD-L from 12.2(55)SE to 12.2(58)SE and now almost every time I try to SSH to it the switch reboots and gives me these trace backs ...
07:58:52 CST Thu Apr 14 2011: Unexpected exception to CPU vector 200, PC = 1EADA28
-Trace back= 0x1EADA28z 0x1CDC324z 0x1EA5520z 0x1CDC35Cz 0x1CDD0E0z 0x1CDF0C4z 0x1CE06CCz 0x1CE07F8z 0x1D67348z 0x1D611BCz
Writing crash info to flash:/crashinfo_ext/crashinfo_ext_3
07:58:56 CST Thu Apr 14 2011: Unexpected exception to CPU vector 1100, PC = 121BB98
-Trace back= 0x121BB98z 0x12250FCz 0xFA7540z 0xA807B8z 0xA75DF4z 0xA78080z 0x94B708z 0x9717C0z 0x918DD8z 0x936520z 0x9344BCz 0x9345FCz 0x93484Cz 0x1D67348z 0x1D611BCz
=== Flushing messages (07:58:56 CST Thu Apr 14 2011) ===
Buffered messages: (last 4096 bytes only)
0x00000005 R6 = 0x01224F44 R7 = 0x02A23C6C
000089: *Feb 28 18:03:13.577 CST: %PLATFORM-1-CRASHED: R8 = 0x00000080 R9 = 0x00000000 R10 = 0x00000000 R11 = 0x00000071
000090: *Feb 28 18:03:13.577 CST: %PLATFORM-1-CRASHED: R12 = 0x00034855 R13 = 0x00000280 R14 = 0x01CE0778 R15 = 0x00000000
000091: *Feb 28 18:03:13.577 CST: %PLATFORM-1-CRASHED: R16 = 0x00000000 R17 = 0x00000000 R18 = 0x00000000 R19 = 0x00000000
[ code]....
View 9 Replies
View Related
Sep 11, 2012
I have a rare case. switch 6500 make crash and go to rommon. when review the crash appear that the switch charge the configuration from nvram, but, at the ending there are a few line command, that make the switch go to crash.. then I have to booting from rommon and start again. I use the version 12.2.33.sxi9 and 12.2.sxi3 and the configregister is 0x2102
I think that the switch get the startup-config file from other file-system.
*Sep 1 03:42:42.352 Inviern: %SYS-5-CONFIG_I: Configured from memory by console
access-list 199 permit icmp host 10.10.10.10 host 20.20.20.20
crypto map NiStTeSt1 10 ipsec-manual
match address 199
set peer 20.20.20.20
exit
no access-list 199
no crypto map NiStTeSt1
*Sep 1 03:42:46.952 Inviern: %SYS-5-RESTART: System restarted.
View 3 Replies
View Related
Nov 30, 2012
My router is running with BGP (One eBGP and One IBGP session). I have filterdown the BGP roting table by using prefix-List and default route to upstream router.But still found the CPU process is high (80%/80% with 60MB traffic).
Sh Proc CPU
-------------------
CPU utilization for five seconds: 88%/88%; one minute: 87%; five minutes: 87%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
[Code].....
View 5 Replies
View Related
Aug 28, 2012
I am having a weird issue with my Cisco 7200 router. From the router i am able to ping and reach out to the internet but from the client i am able to reach out to the internet but unable to ping I am not sure where is the issue but when i traceroute to it my packets are dropped at my routers interface. All my pings from the client time out. I checked the Access list to make sure ICMP is not blocked. Following is my running conf
ip audit notify log
ip audit po max-events 100
ip ssh break-string ~
ipv6 unicast-routing
no ftp-server write-enable
[code]....
View 2 Replies
View Related
Jan 2, 2011
My company has a spare 7200 VXR, originally planned to be placed on our TDM network. This plan was not followed through, but I'd like to switch it's function to work as a core router on our BGP network. I'd like for this 7200 to be able to handle full routes from our eBGP peer, something the SUP module in my 6500 isn't capable of doing. What kind of SUP module should i look at replacing this 7200 VXR with?
View 5 Replies
View Related
Jul 30, 2012
I'm using PA-SON-OC3 on 7200VXR (NPE-G1). I want to upgrade the link to OC12 with same wavelenght. I found PA-SRP-OC12SMI for this purpose but I'm not sure about compatiblity.
View 2 Replies
View Related
Nov 28, 2012
Primary optical link between CPE and PE, and backup 3G/ADSL link between CPE and PE.I am considering link failure detection on primary link (after which backup link should take over). Which method is the least CPU intesive:
1) BGP protocol between CPE and PE
2) RIP protocol between CPE and PE
3) BFD on static routes on PE
Is there difference in terms of CPU load between above mentioned methods or they are more or less the same?Hardver platforms are sup720 BXL and Cisco 7200 G2.
View 4 Replies
View Related
Mar 1, 2011
how many GRE tunnels (without IPSEC) can 7206 router supported. I have low bandwidth 2000 links & i want to configure GRE tunnels for them.
View 1 Replies
View Related
Nov 17, 2011
I have set a tunnel between Cisco pix 6.3 and Cisco Router 7200. Show Isakmp sa showing below detail on Pix
Total : 1
Embryonic : 0
dst src state pending created
xx6.x71.x29.x68 x2.1x7.52.1x1 QM_IDLE 0 0
Is tunnel is UP ? Traffice is not going throgh the tunnel . why ?
View 1 Replies
View Related
Feb 26, 2011
what does VXR and S means in these series?
View 1 Replies
View Related
Mar 12, 2013
In my Lab environment in GNS I have connected two 7200 series router through fastethernet on router A I have given IP adress 192.168.10.54 and router B I have given IP address 192.168.10.53 and default route as 0.0.0.0 0.0.0.0 192.168.10.53 and when I run the command on router A it shows result as follows "C 192.168.10.52/24 is directly connected ,Fast ethernet 2/0".
So I need to know why it's showing the result of .52 at last why not .53 or .54 at last what is the reason it's showing .52 which I have not mentioned in my IP address.
View 5 Replies
View Related
