ASA 8.4 EIGRP neighbor flap

Moderator: mike

Post Reply
User avatar
NitrousOxyde
Posts: 59
Joined: Sun Oct 15, 2017 4:54 pm
Location: Baku

ASA 8.4 EIGRP neighbor flap

Post by NitrousOxyde » Sun Mar 04, 2018 10:01 am

Comrades,

I'm running 2x ASA 8.4.2 in EVE in active/standby mode, and have configured some EIGRP peerings on the interfaces. These peerings are dropped nearly every minute :shock: . I have provided 8G for VM, and 1G for each ASA

In reality, ASA should not evidiently drop peerings so frequently :?

Any ideas, why should this happen? While debugging, I can see peer termination message coming from ASA side
CCIE R&S #59198
JNCIP-SP, JNCIP-ENT

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: ASA 8.4 EIGRP neighbor flap

Post by Uldis (UD) » Tue Mar 06, 2018 12:50 am

i believe it is switch issue which between your ASA and router.
Some bad IOL switches made such issues
Try change switch IOS or router IOS as well
and ASA 8.4, max what it need is 2048M not more

UD

User avatar
NitrousOxyde
Posts: 59
Joined: Sun Oct 15, 2017 4:54 pm
Location: Baku

Re: ASA 8.4 EIGRP neighbor flap

Post by NitrousOxyde » Tue Mar 06, 2018 2:44 pm

Hi,

ASA is directly connected to switches and routers, with which it is peering via EIGRP(no L2 between ASA and other elements)

Same IOL works perfectly in other topologies

Should I increase ASA's memory from 1G to 2G?
CCIE R&S #59198
JNCIP-SP, JNCIP-ENT

badgerdog
Posts: 41
Joined: Tue Apr 11, 2017 2:03 am

Re: ASA 8.4 EIGRP neighbor flap

Post by badgerdog » Sat Apr 21, 2018 3:05 pm

Did you ever get this problem solved? I too have the same issue (see my post: viewtopic.php?p=8793#p8793 ). Mine works fine when I build the lab on my EVE-NG ESXi host, but when I build the same lab on my EVE-NG that runs in VMWare workstation, both my eigrp and ospf on the ASA keep losing neighbor connections. I have the problem with both the 8.4 and 9.15 ASA images, increasing the ASA RAM and trying other IOL router images don't help. Because it works fine on the ESXi host but not on the VMWare workstaion, I'm suspecting it to be an EVE problem.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: ASA 8.4 EIGRP neighbor flap

Post by Uldis (UD) » Sat Apr 21, 2018 7:17 pm

well, tough to answer, but just did lab
Did one investigation,
True ASA 8.4.2 and 9.1.5 internal clock ticking approximately 3 times slower that real clock.. Prticular image glitch.

What I did in my lab below, on ASA interface facing to routers, e0 I setup 6 times faster hello timer..
That did trick :)

interface e0
hello-interval eigrp 20 5
or even
hello-interval eigrp 20 1

command is invisible, but staibility in EIGRP it did... FUNNY, but cheating stupid ASA clock this did a job:)

laptop Lenovo X1, i7, 8GB RAM

EVE VM x4vCPU assigend for EVE, and 4GB RAM,
VM Ware workstation 14

ASA 9.1.5 with 2G RAM
IOL L3 15.4.2T
SW IOL IRON 15.2 from aug 09/2017
You do not have the required permissions to view the files attached to this post.

badgerdog
Posts: 41
Joined: Tue Apr 11, 2017 2:03 am

Re: ASA 8.4 EIGRP neighbor flap

Post by badgerdog » Sun Apr 22, 2018 4:46 pm

Thanks for that info, I'll give it a try. I'm just stumped as to why I only have this problem on ASA image when it runs on my EVE VMware workstation, but I don't have the problem when I run the same ASA image on my EVE ESXi host.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: ASA 8.4 EIGRP neighbor flap

Post by Uldis (UD) » Sun Apr 22, 2018 6:22 pm

no clue mate, but definitely ASA image issue

votive
Posts: 20
Joined: Sat May 13, 2017 6:52 pm

Re: ASA 8.4 EIGRP neighbor flap

Post by votive » Thu Apr 26, 2018 1:17 pm

@NitrousOxyde - Since you already have everything doc'd, can you share the lab in the share section?

I'll give a go.

Uldis (UD)
Posts: 5067
Joined: Wed Mar 15, 2017 4:44 pm
Location: London
Contact:

Re: ASA 8.4 EIGRP neighbor flap

Post by Uldis (UD) » Thu Apr 26, 2018 3:37 pm

Did you see what i wrote above regardin ASA config what I addedd to ASA interface...


interface e0
hello-interval eigrp 20 5
or even
hello-interval eigrp 20 1

Post Reply