A network engineer notices that BGP sessions between two directly connected routers are flapping every few minutes. The routers are running IOS-XE 17.3 and have CoPP enabled. The engineer checks the CoPP policy and sees a class-map matching BGP packets with a police rate of 8000 bps. The BGP session uses MD5 authentication and the routers exchange a full BGP table with 500,000 prefixes. What is the most likely cause of the BGP session flapping?
Trap 1: The BGP MD5 authentication is causing excessive CPU utilization,…
MD5 authentication adds CPU overhead but does not cause CoPP drops if the police rate is adequate. The issue is the police rate being too low.
Trap 2: The CoPP class-map is not matching BGP packets correctly because it…
While possible, the scenario states the class-map matches BGP packets, and the symptom is directly related to the police rate being too low.
Trap 3: The BGP hold timer is set too low, causing the session to reset…
The hold timer default is 180 seconds; session flapping every few minutes suggests CoPP drops are the cause, not the hold timer.
- A
The BGP MD5 authentication is causing excessive CPU utilization, triggering CoPP drops.
Why wrong: MD5 authentication adds CPU overhead but does not cause CoPP drops if the police rate is adequate. The issue is the police rate being too low.
- B
The CoPP police rate of 8000 bps is too low for the BGP keepalive and update traffic, causing packet drops.
BGP with 500,000 prefixes generates significant update traffic, and 8000 bps is insufficient, leading to dropped packets and session flapping.
- C
The CoPP class-map is not matching BGP packets correctly because it uses a wrong access-list.
Why wrong: While possible, the scenario states the class-map matches BGP packets, and the symptom is directly related to the police rate being too low.
- D
The BGP hold timer is set too low, causing the session to reset before CoPP drops are noticed.
Why wrong: The hold timer default is 180 seconds; session flapping every few minutes suggests CoPP drops are the cause, not the hold timer.