1.a. Directly Connected External BGP Neighbors Not Coming Up—Cause: Layer 2 Is Down, Preventing Communication with Directly Connected BGP Neighbor
verification: show ip bgp summary
show ip bgp neighbors a.b.c.d
ping a.b.c.d
show interface
- will show what is the state of neighbor relationship between the 2 router.
This might be because of cable issues or a hardware problem.
Layer 2 encapsulation failure can also cause IP connectivity to break. Layer 2 encapsulation failure can occur because of corruption in the ARP table in case of Ethernet or an incorrect DLCI–VPI/VCI mapping in cases of Frame Relay and ATM, respectively. Fixing these should enable basic IP connectivity, and the BGP neighbor relationship should initialize.
Solution: verify the cable connection, encapsulation.
1.b Directly Connected External BGP Neighbors Not Coming Up—Cause: Incorrect Neighbor IP Address in BGP Configuration.
Misconfiguration of the neighbor address is a fairly common mistake, and it can be caught with visual inspection of the configuration. However, in a large IP network, this might not be a trivial task.
verification: debug ip bgp
solution: correct neighbor address should be configured, also wrong AS can cause the neighbor relationship to fail.
2. Nondirectly connected external BGP neighbors not initializing
2.a Nondirectly Connected External BGP Neighbors Not Coming Up—Cause: Route to the Nondirectly Connected Peer Address Is Missing from the Routing Table
When BGP tries to peer the neighbor relationship with IP addresses that are not directly connected, the IP routing table must have the route to that IP address.
verification: show ip bgp summary
show ip bgp neighbors a.b.c.dping a.b.c.d
show ip route
Solution:
BGP relies on an IP routing table to reach a peer address. It is irrelevant how the route to the peer address is learned, as long as the route is present in the routing table. Using a static route is a common practice. A simple rule of thumb is that R1 and R2 must have most specific routes for each other's loopback addresses through any other protocol other than BGP.
2.b Nondirectly Connected External BGP Neighbors Not Coming Up—Cause: ebgp-multihop Command Is Missing in BGP Configuration.
By default, in Cisco IOS Software, BGP packets sent to an external BGP neighbor have their IP Time To Live (TTL) set to 1. If an EBGP neighbor is not directly connected, the first device in the path will drop BGP packets with TTL equal to 1 to that EBGP neighbor.
verification: show ip bgp summary
show ip bgp neighbors a.b.c.dSolution: Use the ebgp-multihop command to increase the IP TTL value to the desired number
neighbor a.b.c.d ebgp-multihop x
By default in Cisco IOS Software, the source of the BGP packet is the outgoing interface IP address as taken from the routing table.
In BGP, the neighbor's IP address must be statically defined in configuration. If an EBGP speaker does not receive a BGP update from a IP source that is identical to what it has configured, it rejects that update. The update-source command in BGP changes the source address of the IP packet. Instead of picking the outgoing interface as a source IP address, BGP packets will be sourced with the interface IP address configured with the update-source command.
verification: show ip route - to verify the outgoing interface.Solution:
Correct update source interface must be configured on both ends of the router.
The update-source command ensures that the source address is the correct interface, which the other router expects.
3. Internal BGP neighbors not initializing
3.a. The route to the nondirectly connected IBGP neighbor address is missing. (same solution as above)
3.b The update-source interface command is missing in BGP configuration. (same solution as above)
4. BGP neighbors (external and internal) not initializing
4.a BGP Neighbors (External and Internal) Not Coming Up—Cause: Interface Access List Blocking BGP Packets
Interface access list/filters are another common cause of BGP neighbor activation problems. If an interface access list unintentionally blocks TCP packets that carry BGP protocol packets, the BGP neighbor will not come up.
verification: show access-list
Solution:
An interface access list must permit the BGP port (TCP port 179) explicitly or implicitly to allow neighbor relationships.
example:
access-list 101 deny udp any any
access-list 101 permit tcp any any eq bgp
access-list 101 permit ip any any
No comments:
Post a Comment