Troubleshooting BGP Neighbor States

-

Troubleshooting BGP Neighbor Relationships

1 Example: - Troubleshoot Directly connected EBGP neighbors



In this scenario two routers are creating EBGP session with directly connected Interface IP.

Let verify configuration;

R1
Router1#show run | section router bgp
router bgp 65001
bgp log-neighbor-changes
neighbor 192.168.10.2 remote-as 65002
 
R2
Router2#show  run | section router bgp
router bgp 65002
bgp log-neighbor-changes
neighbor 192.168.10.1 remote-as 65001

Now run “show ip bgp summary” to check BGP memory use, and displays BGP neighbors and the state of communication.


Router1#show ip bgp summary
BGP router identifier 10.10.10.1, local AS number 65001
BGP table version is 1, main routing table version 1
 
Neighbor        V       AS       MsgRcvd   MsgSent   TblVer   InQ   OutQ Up/Down   State/PfxRcd
192.168.10.2    4      65002       0                  0              1      0         0       00:00:16      Active

 As we have seen Router 1 showing Active state, that mean it trying to Active.

 Router2#show ip bgp summary
BGP router identifier 20.20.20.1, local AS number 65002
BGP table version is 1, main routing table version 1

Neighbor          V           AS     MsgRcvd   MsgSent   TblVer  InQ  OutQ  Up/Down   State/PfxRcd
192.168.10.1    4         65001         0              0              1         0        0      00:04:34        Idle
 

As we have seen Router2 showing idle state, that mean how to reach its neighbor.

 When two EBGP directly connected routers don’t form Neighbor relationship, then it cloud be following reasons;

  ·  Layer2 connectivity issue (like, Interface is down)
      -Use “Show ip interface brief” command to check.

  ·     Layer 3 connectivity issue (Wrong IP configured)
      -Use Ping command to check.

 ·        Wrong Neighbor IP is configured in BGP configuration.
     -Both router will show idle state, you can check “show ip bgp summary”.

 ·         Wrong Neighbor AS is configured in BGP configuration.
     -Router will receive BGP Notification Message.

Now let’s verify the connectivity between routers,

Router1#ping 192.168.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 As we have seen that Ping is not responding, so check configured Interfaces of both routers,

 Router1#show ip int brief
Interface                  IP-Address         OK?     Method      Status                        Protocol
FastEthernet0/0        192.168.10.1    YES     manual        up                              down
 
Router2#show ip int brief
Interface                  IP-Address         OK?     Method    Status                          Protocol
FastEthernet0/0        192.168.10.2    YES     manual     administratively down    down
 
In our case, we have seen Router2 interface is down, so use “no shutdown” to bring up the interface.
Router2(config)#int FastEthernet 0/0
Router2(config-if)#no shutdown
 
Now we can see Neighbor relationship is up.
Router1#
Apr 29 08:48:42.562: %BGP-5-ADJCHANGE: neighbor 192.168.10.2 Up
 
Router1#show ip bgp summary
BGP router identifier 10.10.10.1, local AS number 65001
BGP table version is 1, main routing table version 1
Neighbor           V           AS     MsgRcvd    MsgSent   TblVer   InQ OutQ Up/Down  State/PfxRcd
192.168.10.2    4           65002       4                 4              1        0      0     00:00:31         0


Troubleshoot Non-Directly connected eBGP neighbors

In this scenario, we will discuss on how to troubleshoot Non-Directly eBGP Neighbors.

As show in above diagram, two Routers need to form eBGP session with Loopback Interfaces.

Now, let’s verify the configuration;

R1
Router1#show run | section router bgp
Router bgp 65001
bgp log-neighbor-changes
Neighbor 20.20.20.1 remote-as 65002
 
R2
Router1#show run | section router bgp
Router bgp 65002
bgp log-neighbor-changes
Neighbor 10.10.10.1 remote-as 65001
 
Next, we issue command “show ip bgp summary” to verify BGP memory usage, BGP neighbors and the state of communication.
 
Router1#show ip bgp summary
BGP router identifier 10.10.10.1, local AS number 65001
BGP table version is 1, main routing table version 1
 
Neighbor        V           AS             MsgRcvd MsgSent   TblVer   InQ   OutQ   Up/Down    State/PfxRcd
20.20.20.1      4         65002              0             0                  1           0       0              never          Idle
 
Router2#show ip bgp summary
BGP router identifier 20.20.20.1, local AS number 65002
BGP table version is 1, main routing table version 1
 
Neighbor        V           AS           MsgRcvd    MsgSent   TblVer   InQ   OutQ    Up/Down    State/PfxRcd
10.10.10.1      4        65001               0                  0            1            0         0           never               Idle
 
As per output of the Both Routers, showing as “idle” state. So it cloud be following reason that  we have to check;
·         Do we have route for Non-Directly connected neighbor Interface IP which we are going to use for neighbor session?
·         By default, eBGP router use TTL value 1, that mean eBGP neighbors should be directly connected, but in our case neighbors are Non-Directly, so we need to change TTL values by using “ebgp-multihop” command.
·         By default, BGP router use outgoing Interface IP address to make TCP session, so if we are going to use any other interface (like: In our example is Loopback 0) instead for outgoing interface to make neighbor relationship, then we need to specify Interface by using of Command “update-source”.        
   -To display all TCP transactions start of session, session errors use command “debug ip tcp transactions
·         Check if any ACL is block TCP port 179.
 
So let’s first verify route for Neighbor loopback Interface IP on both routers;
 
Router1#show ip route
C        192.168.10.0/30 is directly connected, Ethernet0/0
C        10.10.10.0/24 is directly connected, Loopback0
 
Router2#Show ip route
C        192.168.10.0/30 is directly connected, Ethernet0/0
C        20.20.20.0/24 is directly connected, Loopback0
 
As per output Both routers only know directly connected Interface, and both don’t have route for Neighbor Loopback.
 
Step1:  Set static route or either we can use Dynamic routing for loopback Interfaces reachability.
 
Router1(config)#ip route 20.20.20.0 255.255.255.0 192.168.10.2
Router2(config)#ip route 10.10.10.0 255.255.255.0 192.168.10.1
 
Let’s verify loopback interfaces reachability;
Router1#ping 20.20.20.1 source  loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/4/6 ms
 
As per output, now both routers have loopback interface reachability.
 
Step2: Increase eBGP TTL value, because Neighbors are not using directly connected interface IP.
 
Router2(config)#router BGP 65002
Router2(config-router)#neighbor 10.10.10.1 ebgp-multihop 2
 
Router2(config)#router BGP 65002
Router2(config-router)#neighbor 10.10.10.1 ebgp-multihop 2
 
We have set ebgp-multihop 2, let debug;
Router1#debug ip tcp transactions
May  1 13:26:20.837: Reserved port 0 in Transport Port Agent for TCP IP type 0
May  1 13:26:20.837: TCP: connection attempt to port 179
May  1 13:26:20.837: TCP: sending RST, seq 0, ack 2895227812
May  1 13:26:20.837: TCP: sent RST to 192.168.10.2:51878 from 10.10.10.1:179
May  1 13:26:20.839: Released port 0 in Transport Port Agent for TCP IP type 0 delay 240000
May  1 13:26:20.839: TCP0: state was LISTEN -> CLOSED [0 -> UNKNOWN(0)]
May  1 13:26:20.905: TCB 0xA2A3E5E0 destroyed
 
As per output, we can see Router2 send TCP session using source IP of outgoing interface F0/0, so let the interface change it.
 
Step3: Lets change eBGP source interface to make TCP session.
Router1(config-router)#neighbor 20.20.20.1 update-source loopback 0
 
Router2(config-router)#neighbor 10.10.10.1 update-source loopback 0
 
Now we can see BGP session is up;
Router1#
%BGP-5-ADJCHANGE: neighbor 20.20.20.1 Up
 
Router2#
%BGP-5-ADJCHANGE: neighbor 10.10.10.1 Up
 
Step4: Check if any ACL is block TCP port 179, and disable it.
 Routerx#show access-list

 

 

 

Comments

Post a Comment

Popular posts from this blog

BGP Dynamic Peering

-
Image
  As we know, configuring the BGP neighbor is not too difficult, but when we are going to configure 100 Number of neighbors, then it cloud be tedious. So to minimize this configuration we have BGP peer Group, in which we can group the BGP Neighbors who are sharing the same outbound polices, either the BGP Neighborship is  iBGP  or  eBGP . But the first we need to manually configure 100 Peer and then add to the peer group. So the problem is still not resolved. Let’s verify BGP peer Group configuration 1 Example : Configuration step of  iBGP  Peer Group. 2 Example:  Configuration step of  eBGP  peer Group. With the Dynamic BGP peering feature, BGP router dynamically establish peering with group of remote neighbor that are configured using a range of IP addresses and BGP peer group. In the Dynamic BGP peering, BGP peer tries to establish a BGP neighborship, if the neighbor router initiate TCP session because Dynamic BGP peer configuration router...
Read more

BGP Neighbor States

-
Image
  BGP is designed for handle large amount of routing information and Complex Networks, BGP enable routers create TCP connection with neighbor that is called BGP Peers. BGP neighbors are manually configured, when we configure BGP neighbor, it goes through different stages before it reaches the desired state (Established State).   BGP Session goes through following stages: 1)      Idle state : In this state, BGP enable router detects start event (start event occur when we configure new neighbor or reset already established neighbor peering), and tries to initiates a TCP connection to the BGP peer, and also listening new BGP peer router, who tries to establish new connection. If successful, BGP state changes to connect state, if any error cause in this state, BGP router again back to the idle state, the ConnectRetryTime is set to 60 secs, and re-initiate connection when decrement to zero. Further failure results doubling ConnectRetryTime in the length from previous...
Read more

MBGP vs BGP

-
  MBGP vs BGP Currently BGP is running in version 4, which has been published in 2006 (RFC 4271). By default, BGPv4 only supports IPv4 unicast prefixes, But BGP can do much more than carrying IPv4 prefixes only. RFC 4760 Multiprotocol extensions for BGPv4 was written in order to enhance the capacity of carrying routing related information other than carrying ipv4 only.     Multiprotocol Extensions for BGPv4 added some new attributes. ·          Multiprotocol Reachable NLRI (MP_REACH_NLRI): It carry set of reachable destination with next-hop information. ·          Multiprotocol Unreachable NLRI (MP_UNREACH_NLRI): It carry set of unreachable destinations.   Note: - “MP_REACH_NLRI” and “MP_UNREACH_NLRI” are optional and Non-transitive attribute, because of this if neighbor doesn’t support the multiprotocol capabilities, it will just ignore information carried in these attributes and will...
Read more