Коллеги, доброго дня на днях оказался в анлогичной ситуации
Mar 8 00:47:51 br-4 rpd[1116]: bgp_recv: read from peer Х.Х.Х.Х (Internal AS ХХХХХ) failed: Connection reset by peer
Mar 8 00:47:51 br-4 rpd[1116]: bgp_recv: read from peer Х.Х.Х.Х (Internal AS ХХХХХ) failed: Connection reset by peer
Mar 8 00:47:55 br-4 rpd[1116]: bgp_hold_timeout:3675: NOTIFICATION sent to Х.Х.Х.Х (Internal AS ХХХХХ): code 4 (Hold Timer Expired Error),
Reason: holdtime expired for Х.Х.Х.Х (Internal AS ХХХХХ), socket buffer sndcc: 57 rcvcc: 0 TCP state: 4,
snd_una: 219186777 snd_nxt: 219186815 snd_wnd: 12600 rcv_nxt: 1543988835 rcv_adv: 1544005219, hold timer 0
Mar 8 00:47:59 br-4 rpd[1116]: bgp_recv: read from peer Х.Х.Х.1 (Internal AS ХХХХХ) failed: Connection reset by peer
Mar 8 00:47:59 br-4 rpd[1116]: bgp_hold_timeout:3675: NOTIFICATION sent to Х.Х.Х.Х (Internal AS ХХХХХ): code 4 (Hold Timer Expired Error),
Reason: holdtime expired for Х.Х.Х.Х (Internal AS ХХХХХ), socket buffer sndcc: 57 rcvcc: 0 TCP state: 4, snd_una: 426976337 snd_nxt: 426976375 snd_wnd: 14600 rcv_nxt: 796298714 rcv_adv: 796315098, hold timer 0
Mar 8 00:48:01 br-4 rpd[1116]: bgp_hold_timeout:3675: NOTIFICATION sent to Х.Х.Х.2 (External AS YYYYY): code 4 (Hold Timer Expired Error),
Reason: holdtime expired for Х.Х.Х.Х (External AS YYYYY), socket buffer sndcc: 57 rcvcc: 0 TCP state: 4, snd_una: 3815310661 snd_nxt: 3815310699 snd_wnd: 29440 rcv_nxt: 3950147902 rcv_adv: 3950164286, hold timer 0
Filter: lo0.0-i
Counters:
Name Bytes Packets
DEF-DISCARD-lo0.0-i 7692621845 79818657
ICMP-lo0.0-i 326538 2462
ICMP-Frag-lo0.0-i 0 0
Mgmt-lo0.0-i 19283886030 393523484
NTP-lo0.0-i 3979436 52328
accept-bgp-lo0.0-i 2440549 23955
icmp-is-frag-lo0.0-i 0 0
Policers:
Name Packets
copp-lim-1m-NTP-lo0.0-i 0
icmp-lim-1m-ICMP-ACC-lo0.0-i 159
отследили БОМБИЛКУ
15:45:25.115638 In IP 195.59.70.199 > 195.х.х.х: ICMP echo request, id 8167, seq 7, length 64
15:45:25.625413 In IP 195.59.70.199 > 195.х.х.х: ICMP echo request, id 8167, seq 8, length 64
15:45:26.117734 In IP 195.59.70.199 > 195.х.х.х: ICMP echo request, id 8167, seq 9, length 64
15:45:26.625234 In IP 195.59.70.199 > 195.х.х.х: ICMP echo request, id 8167, seq 10, length 64
применили политики
admin@br-4# show firewall policer icmp-lim-1m | display set
set firewall policer icmp-lim-1m if-exceeding bandwidth-limit 512k
set firewall policer icmp-lim-1m if-exceeding burst-size-limit 1500
set firewall policer icmp-lim-1m then discard
результата не принесло, сессии падают Junic на 10 минут словно замирает, интерфейс управления не отвечает (понятно почему)
Прописал статический arp на пирах, но сессии так же падают
Затем началось что то странное с размером пакетами
15:21:07.818807 In IP X.X.X.X.63286 > X.X.X.Y. bgp: . ack 19 win 32409
15:21:18.362632 In IP X.X.X.X.63286 > X.X.X.Y.bgp: P 1:20(19) ack 19 win 32409: BGP, length: 19
15:21:18.364004 In IP X.X.X.X.63286 > X.X.X.Y.bgp: . 20:1480(1460) ack 19 win 32409: BGP, length: 1460
15:21:18.364052 Out IP X.X.X.Y. bgp > X.X.X.X.63286: . ack 1480 win 14905
15:21:18.365520 In IP X.X.X.X.63286 > X.X.X.Y .bgp: . 1480:2940(1460) ack 19 win 32409: BGP, length: 1460
15:21:18.387723 Out IP X.X.X.Y bgp > X.X.X.X.63286: . ack 2940 win 16384
15:21:18.388728 In IP X.X.X.X.63286 > X.X.X.Y bgp: P 2940:2979(39) ack 19 win 32409: BGP, length: 39
выставили MTU Discovery, jambo Frame
Все наши действия не привели к желаемому результату, а спустя сутки Junic работал как ни в чем не было.
Коллеги нужен совет, каковы мои должны быть действия при следующем апокалипсисе?