On Thu, 7 May 2015 13:01:49 +0200 Marko Cupać <marko.cu...@mimar.rs> wrote:
> On Wed, 6 May 2015 10:53:38 +0000 (UTC) > Stuart Henderson <s...@spacehopper.org> wrote: > > > Can you get a packet capture of TCP port 179 during a failure? > > > > tcpdump -i <interface> -w bgp.`date +%Y%m%d-%H%M`.pcap -s1500 tcp > > and port 179 > > > > It might be best to run it from a script run from cron which pkills > > tcpdump and rotates the file to avoid having huge files. > > I am capturing packets on interface facing problematic ISP, and I will > send pcap files if/when bgpd crashes again. > > > Any idea what software (version number may be relevant too) your > > neighbours are using? Or at least what hardware vendor shows up in > > their MAC address? > > Their MAC is 54:75:d0:45:8f:00 which appears to be Cisco. > > In the meantime I contacted this ISP's support and told them they are > crashing my bgpd, probably because they are sending me non-standard > bgp packets which do not start with all-ones, as the standard > requires. The guy didn't have much idea what I was speaking about, > but he said he will forward request to network engineers. An hour > later he contacted me back, saying that "they indeed found some > irregularities which are now fixed". He couldn't give me the details. > > If my bgpd crashes again I will have pcap files ready. Also, if there > is anything else I can do to help troubleshoot this I'd be glad to > participate. > > Regards, I dropped by just to say that I haven't given this up, but I haven't replied anything because I had no bgpd crashes since my last email. Probably ISP indeed fixed their part of not sending me garbage. I also have been capturing bgp packets, and will continue to do so until the end of the month in case I get another crash. -- Marko Cupać https://www.mimar.rs
