Page 1 of 1
ASA 8.4 EIGRP neighbor flap
Posted: Sun Mar 04, 2018 10:01 am
by NitrousOxyde
Comrades,
I'm running 2x ASA 8.4.2 in EVE in active/standby mode, and have configured some EIGRP peerings on the interfaces. These peerings are dropped nearly every minute
. I have provided 8G for VM, and 1G for each ASA
In reality, ASA should not evidiently drop peerings so frequently
Any ideas, why should this happen? While debugging, I can see peer termination message coming from ASA side
Re: ASA 8.4 EIGRP neighbor flap
Posted: Tue Mar 06, 2018 12:50 am
by Uldis (UD)
i believe it is switch issue which between your ASA and router.
Some bad IOL switches made such issues
Try change switch IOS or router IOS as well
and ASA 8.4, max what it need is 2048M not more
UD
Re: ASA 8.4 EIGRP neighbor flap
Posted: Tue Mar 06, 2018 2:44 pm
by NitrousOxyde
Hi,
ASA is directly connected to switches and routers, with which it is peering via EIGRP(no L2 between ASA and other elements)
Same IOL works perfectly in other topologies
Should I increase ASA's memory from 1G to 2G?
Re: ASA 8.4 EIGRP neighbor flap
Posted: Sat Apr 21, 2018 3:05 pm
by badgerdog
Did you ever get this problem solved? I too have the same issue (see my post:
viewtopic.php?p=8793#p8793 ). Mine works fine when I build the lab on my EVE-NG ESXi host, but when I build the same lab on my EVE-NG that runs in VMWare workstation, both my eigrp and ospf on the ASA keep losing neighbor connections. I have the problem with both the 8.4 and 9.15 ASA images, increasing the ASA RAM and trying other IOL router images don't help. Because it works fine on the ESXi host but not on the VMWare workstaion, I'm suspecting it to be an EVE problem.
Re: ASA 8.4 EIGRP neighbor flap
Posted: Sat Apr 21, 2018 7:17 pm
by Uldis (UD)
well, tough to answer, but just did lab
Did one investigation,
True ASA 8.4.2 and 9.1.5 internal clock ticking approximately 3 times slower that real clock.. Prticular image glitch.
What I did in my lab below, on ASA interface facing to routers, e0 I setup 6 times faster hello timer..
That did trick
interface e0
hello-interval eigrp 20 5
or even
hello-interval eigrp 20 1
command is invisible, but staibility in EIGRP it did... FUNNY, but cheating stupid ASA clock this did a job:)
laptop Lenovo X1, i7, 8GB RAM
EVE VM x4vCPU assigend for EVE, and 4GB RAM,
VM Ware workstation 14
ASA 9.1.5 with 2G RAM
IOL L3 15.4.2T
SW IOL IRON 15.2 from aug 09/2017
Re: ASA 8.4 EIGRP neighbor flap
Posted: Sun Apr 22, 2018 4:46 pm
by badgerdog
Thanks for that info, I'll give it a try. I'm just stumped as to why I only have this problem on ASA image when it runs on my EVE VMware workstation, but I don't have the problem when I run the same ASA image on my EVE ESXi host.
Re: ASA 8.4 EIGRP neighbor flap
Posted: Sun Apr 22, 2018 6:22 pm
by Uldis (UD)
no clue mate, but definitely ASA image issue
Re: ASA 8.4 EIGRP neighbor flap
Posted: Thu Apr 26, 2018 1:17 pm
by votive
@NitrousOxyde - Since you already have everything doc'd, can you share the lab in the share section?
I'll give a go.
Re: ASA 8.4 EIGRP neighbor flap
Posted: Thu Apr 26, 2018 3:37 pm
by Uldis (UD)
Did you see what i wrote above regardin ASA config what I addedd to ASA interface...
interface e0
hello-interval eigrp 20 5
or even
hello-interval eigrp 20 1