<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif">I wonder if they have something similar to CoPP configured on their side. I only have a little Juniper experience, but I think they may have a routing engine filter inbound on their router (applied to their loopback interface) that may be limiting this traffic. It's worth checking into. It's easy to miss since they're probably looking at the BGP and interface configs. They might not even be thinking about the RE filter. Hopefully someone with more Juniper experience will come along and straighten me out if I'm wrong.</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif">John</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Jun 28, 2013 at 8:59 AM, Matthew Huff <span dir="ltr"><<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-US" link="blue" vlink="purple"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">No, I don’t have any <span>CoPP</span> defined (at least at the moment trying to debug it). No ACLs or anything else like that. The ISP keeps wanting me to send them my BGP configuration (which I’ve sent to at least 3 different people), <span>rarther</span> than looking at the obvious that BGP won’t ever come up if we can’t get a TCP session established.<u></u><u></u></span></p>
<div class="im"><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Courier New";color:#1f497d">----<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Courier New";color:#1f497d">Matthew Huff <span> </span>| 1 Manhattanville Rd<u></u><u></u></span></p><p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Courier New";color:#1f497d">Director of Operations | Purchase, NY 10577<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.5pt;font-family:"Courier New";color:#1f497d">OTA Management LLC<span> </span>| Phone: <a href="tel:914-460-4039" value="+19144604039" target="_blank">914-460-4039</a><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p></div><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> John Neiberger [mailto:<a href="mailto:jneiberger@gmail.com" target="_blank">jneiberger@gmail.com</a>] <br>
<b>Sent:</b> Friday, June 28, 2013 10:56 AM<br><b>To:</b> Matthew Huff<br><b>Cc:</b> cisco-nsp (<a href="mailto:cisco-nsp@puck.nether.net" target="_blank">cisco-nsp@puck.nether.net</a>); <a href="mailto:ipv6-ops@lists.cluenet.de" target="_blank">ipv6-ops@lists.cluenet.de</a><br>
<b>Subject:</b> Re: [c-nsp] Weird IPv6 problem passing Layer3 traffic<u></u><u></u></span></p></div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal"><span style="font-family:"Tahoma","sans-serif"">Do you have CoPP configured? I've seen this exact behavior when I didn't have a permit statement for my neighbor or link address in the right ACL, so it was getting rate-limited to death.<u></u><u></u></span></p>
</div></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p><div><p class="MsoNormal">On Fri, Jun 28, 2013 at 8:33 AM, Matthew Huff <<a href="mailto:mhuff@ox.com" target="_blank">mhuff@ox.com</a>> wrote:<u></u><u></u></p>
<p class="MsoNormal">Trying to bring up a new BGP peering session with a ISP. IPv4 peering is working fine on the same interface. The BGP peering fails early in trying to go active. Using "debug tcp transactions", I see the SYN going out, but no ACK ever returning. I can't telnet to their box on port 179 either (debug packet shows it doing the same, SYN begin sent, but no packets, including ACK). However, I can ping their interface.<br>
<br>The interface config has been stripped, and still doesn't work. I've reset the interface, and even rebooted our router, with no change in behavior.<br><br>We have a Cisco 7204VXR with NPE-G2, running 15.2(4)S1. I have an identical router with same version connected to another ISP and a tunnel to HE.net. It's not my first time at the rodeo. We are connected via metro Ethernet to a sub-interface on a JunOS box (model and version unknown). My suspicion is that either they have an ACL that's blocking it, or their BGP process isn't listening on that sub-interface. But they claim that it isn't their problem. I have zero JunOS experience and they seem to be flopping around.<br>
<br>Anyone have any idea what else the problem might be?<br><br>From our side (simplied config to test):<br><br><br>interface FastEthernet2/1<br> ip address 162.211.110.2 255.255.255.252<br> speed auto<br> duplex auto<br>
ipv6 address 2607:F518:15F::2/126<br> ipv6 enable<br>end<br><br>rtr-inet2#show ipv6 cef 2607:F518:15F::1<br>2607:F518:15F::1/128<br> attached to FastEthernet2/1<br><br>rtr-inet2#show ipv6 cef exact-route 2607:F518:15F::2 2607:F518:15F::1<br>
2607:F518:15F::2 -> 2607:F518:15F::1 => IPV6 adj out of FastEthernet2/1, addr 2607:F518:15F::1<br><br>rtr-inet2#show ipv6 neighbors<br>IPv6 Address Age Link-layer Addr State Interface<br>
2607:F518:15F::1 0 0021.5903.1367 REACH Fa2/1<br><br>rtr-inet2#ping 2607:F518:15F::1<br>Type escape sequence to abort.<br>Sending 5, 100-byte ICMP Echos to 2607:F518:15F::1, timeout is 2 seconds:<br>
!!!!!<br>Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms<br><br>----<br>Matthew Huff | 1 Manhattanville Rd<br>Director of Operations | Purchase, NY 10577<br>OTA Management LLC | Phone: <a href="tel:914-460-4039" value="+19144604039" target="_blank">914-460-4039</a><br>
<br><br>_______________________________________________<br>cisco-nsp mailing list <a href="mailto:cisco-nsp@puck.nether.net" target="_blank">cisco-nsp@puck.nether.net</a><br><a href="https://puck.nether.net/mailman/listinfo/cisco-nsp" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-nsp</a><br>
archive at <a href="http://puck.nether.net/pipermail/cisco-nsp/" target="_blank">http://puck.nether.net/pipermail/cisco-nsp/</a><u></u><u></u></p></div><p class="MsoNormal"><u></u> <u></u></p></div></div></div></div></div>
</div></blockquote></div><br></div>