Do you have CoPP configured? I've seen this exact behavior when I didn't have a permit statement for my neighbor or link address in the right ACL, so it was getting rate-limited to death.
On Fri, Jun 28, 2013 at 8:33 AM, Matthew Huff <[email protected]> wrote: > Trying to bring up a new BGP peering session with a ISP. IPv4 peering is > working fine on the same interface. The BGP peering fails early in trying > to go active. Using "debug tcp transactions", I see the SYN going out, but > no ACK ever returning. I can't telnet to their box on port 179 either > (debug packet shows it doing the same, SYN begin sent, but no packets, > including ACK). However, I can ping their interface. > > The interface config has been stripped, and still doesn't work. I've reset > the interface, and even rebooted our router, with no change in behavior. > > We have a Cisco 7204VXR with NPE-G2, running 15.2(4)S1. I have an > identical router with same version connected to another ISP and a tunnel to > HE.net. It's not my first time at the rodeo. We are connected via metro > Ethernet to a sub-interface on a JunOS box (model and version unknown). My > suspicion is that either they have an ACL that's blocking it, or their BGP > process isn't listening on that sub-interface. But they claim that it isn't > their problem. I have zero JunOS experience and they seem to be flopping > around. > > Anyone have any idea what else the problem might be? > > From our side (simplied config to test): > > > interface FastEthernet2/1 > ip address 162.211.110.2 255.255.255.252 > speed auto > duplex auto > ipv6 address 2607:F518:15F::2/126 > ipv6 enable > end > > rtr-inet2#show ipv6 cef 2607:F518:15F::1 > 2607:F518:15F::1/128 > attached to FastEthernet2/1 > > rtr-inet2#show ipv6 cef exact-route 2607:F518:15F::2 2607:F518:15F::1 > 2607:F518:15F::2 -> 2607:F518:15F::1 => IPV6 adj out of FastEthernet2/1, > addr 2607:F518:15F::1 > > rtr-inet2#show ipv6 neighbors > IPv6 Address Age Link-layer Addr State > Interface > 2607:F518:15F::1 0 0021.5903.1367 REACH Fa2/1 > > rtr-inet2#ping 2607:F518:15F::1 > Type escape sequence to abort. > Sending 5, 100-byte ICMP Echos to 2607:F518:15F::1, timeout is 2 seconds: > !!!!! > Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms > > ---- > Matthew Huff | 1 Manhattanville Rd > Director of Operations | Purchase, NY 10577 > OTA Management LLC | Phone: 914-460-4039 > > > _______________________________________________ > cisco-nsp mailing list [email protected] > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ >
