BGP: Error code = Hold Timer Expired
66116
Created On 09/20/22 02:35 AM - Last Modified 04/23/25 19:00 PM
Symptom
- BGP connection will be closed, and if it happens too often, it leads to a flapping connection.
- Log will be generated in routed.log (less mp-log routed.log) which is similar to...
**** EXCEPTION 0x4102 - 71 (0000) **** T:002c3662 F:00000020 qbnmsnd2.c 167 :at 10:53:51, 6 December 2022 (326534161 ms) A NOTIFICATION message is being sent to a neighbor due to an unexpected problem. NM entity index = 2 Local address = 192.168.10.1 Local port = 0 Remote address = 192.168.10.3 Remote port = 0 Scope ID = 0 Remote AS number = 534 Remote BGP ID = 0XC0A80D01 Error code = Hold Timer Expired (4) Error subcode = Unspecific (0)
- Log will be generated from Monitor > Logs > System will be similar to...
Environment
- Palo Alto Networks Firewalls.
- BGP Routing protocol configured.
Cause
As per RFC 4271:
If a system does not receive successive KEEPALIVE, UPDATE, and/or NOTIFICATION messages within the period specified in the Hold Time field of the OPEN message, then the NOTIFICATION message with the Hold Timer Expired Error Code is sent and the BGP connection is closed.
Resolution
- In your Network Bandwidth monitoring tool (ex., PRTG, WhatUp, Nagios, etc.), correlate the obtained time and see if the bit rate of the interface concerning the issue had a flat/leveled-off trend in the graph. If yes, this confirms that we need more bandwidth to support the current requirement and escalate to the service provider if the SLA isn't being met.
- To prevent the issue, increase the Keep Alive Interval and Hold time values.
- Navigate to GUI: Network > Virtual Routers > (click on the VR ) > BGP > Peer Group > (click on the Peer) > Connection Options
- Click on OK thrice and commit the configuration
It's recommended to have the value of the Hold time be three times the Keep Alive Interval.
Additional Information
If increasing the timer values doesn't address the issue, Refer How to troubleshoot flapping BGP neighbor