BGP Troubleshooting

Scenario 1: BGP Neighborship Not Established with Peer

There are several reasons a router might not establish a neighborship with its peer. This is an important topic for interviews as well.

Possible Issues:

1. Peer IP address is not reachable.

2. Port 179 is blocked by a firewall or access list.

3. Incorrect BGP configuration, such as incorrect address configuration end-to-end.

4. TTL = 1 for eBGP neighbor. eBGP-multihop peer address, local AS or remote AS number, incorrect authentication/MD5 password, or incorrect update-source loopback.

5. Static route is missing for loopback, or hop is not configured.

6. MD5 authentication password has a space or duplicate router IDs between BGP neighbors.

Solutions:

• Ensure BGP local and remote AS configuration is correct.

• Ensure MD5 authentication password is correct on both sides, without spaces.

• Verify the update-source loopback and eBGP-multihop settings.

• Make sure port 179 is allowed on both ends via access lists and that firewalls are not blocking it.

Debugging Commands:

• debug ip bgp

• debug ip tcp transaction

Scenario 2: BGP Neighbor Ship is Flapping and Getting Reset

Possible Causes:

1. Mismatched keep-alive timers.

2. MTU mismatch.

3. Hellos stuck in the OutQ behind update packets.

4. Remote router continually rebooting (typically in a 3-5 minute BGP peering cycle).

5. Remote router BGP process is unstable or restarting.

6. Traffic shaping or rate-limiting issues.

7. MTU incorrectly set on links, or PMTU discovery is disabled on the router.

8. Output drops on the interface or congestion in the queue.

9. High CPU utilization or CPU spikes on the router.

Solutions:

• Ensure the same keep-alive time is configured on both routers.

• Ensure the MTU is the same on both sides and test the MTU (e.g., ping with the DF bit set).

• If the MTU mismatch cannot be fixed, use path MTU discovery to resolve it.

Scenario 3: Router Not Installing Routes in RIB and Ignoring Routes

Possible Causes:

1. Paths marked as not synchronized in the show ip bgp longer-prefixes output.

2. Paths for which the NEXT_HOP is inaccessible.

3. Paths from an external BGP (eBGP) neighbor if the local AS appears in the AS_PATH.

4. The bgp enforce-first-as feature is enabled, and the UPDATE does not contain the AS of the neighbor as the first AS in the AS_SEQUENCE.

5. Paths marked as (received-only) in the show ip bgp longer-prefixes output.

Solutions:

• Ensure there is an Interior Gateway Protocol (IGP) route to the NEXT_HOP associated with the path.

Scenario 4: Router Not Installing Routes in BGP Table and Not Advertising Route to Another BGP Peer

Possible Causes:

1. No router in the global routing table for the network command configured in BGP.

2. No matching route in the BGP table for the aggregate command configured in BGP.

3. The same router ID in routes coming from the Router Reflector in the Originator ID attribute.

4. The same router ID in routes coming from the Router Reflector from the same cluster ID.

Solutions:

1. Ensure there is a matching route in the routing table.

2. Ensure no filter is discarding the route.