BGP Neighbor Relationship | Cisco IP Routing Protocols: Trouble Shooting Techniques (Charles River Media Networking/Security)

Formation of a neighbor relationship among the BGP peer routers is the first step to set up eBGP among routers belonging to different ASs or iBGPs among routers belonging to the same AS. A neighbor relationship is formed when there is successful communication at port TCP 179 between the BGP peer routers. Look at an example as shown in Figure 11.3 to troubleshoot the problem of an unsuccessful neighbor relationship.

click to expand
Figure 11.3: A BGP network depicting a neighbor relationship problem.

Figure 11.3 shows routers A1 and C1 belonging to AS5555 and AS6666, respectively, which are connected via parallel serial links. These routers are eBGP peers and require establishment of a successful neighbor relationship to exchange routing updates among the ASs.

In Figure 11.3, the neighbor relationship is not established between A1 and C1, as ascertained from these commands:

A1#show ip bgp summary  A1#show ip bgp neighbor C1#show ip bgp summary  C1#show ip bgp neighbor

To troubleshoot the neighbor relationship problem in BGP:

Check the configuration for both A1 and C1 to ascertain whether the neighbors have been defined correctly. Check both the neighbor IP addresses and AS numbers. Configure these commands on A1:
```
router bgp 5555 neighbor 192.168.11.1 remote-as 6666 Configure these command on C1: router bgp 6666 neighbor 192.168.1.1 remote-as 6666
```
Load balance the two neighbors connected over parallel serial links by configuring these commands:

At A1:
```
router bgp 5555 neighbor 192.168.11.1 remote-as 6666 neighbor 192.168.11.1 ebgp-multihop 2 neighbor 192.168.11.1 update-source Loopback0
```
At C1:
```
router bgp 6666 neighbor 192.168.1.1 remote-as 6666 neighbor 192.168.1.1 ebgp-multihop neighbor 192.168.1.1 update-source Loopback0
```
An ebgp multihop is mandatory, because the neighbors are loopback interfaces and not connected directly. Also, the update source is mandatory in these cases. These commands are not required in the case of directly connected neighbors.

Check the neighbor reachability if the commands are already present. Listing 11.13 shows the output of the command to check neighbor reachability.

Listing 11.13 Checking Neighbor Reachability

A1#ping 192.168.11.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 202.54.9.1, timeout is 2 seconds: .... Success rate is 0 percent (0/5) C1#ping 192.168.11.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 202.54.9.1, timeout is 2 seconds: .... Success rate is 0 percent (0/5)

As per the observation, ping is unsuccessful.

Check the route to BGP peers at both routers, using the commands:

A1#show ip route 192.168.11.1 % Network not in table     C1#show ip route 192.168.1.1 % Network not in table

There is no route available. In A1 and C1, configure the command:

A1(config)#ip route 192.168.11.1 255.255.255.255 Serial 0/0 A1(config)#ip route 192.168.11.1 255.255.255.255 Serial1/0 C1(config)#ip route 192.168.1.1 255.255.255.255 Serial 0/0 C1(config)#ip route 192.168.1.1 255.255.255.255 Serial1/0

Check the presence of any access list in the interfaces in both A1 and C1 if ping is unsuccessful. Listing 11.14 shows the output of the show ip int serial 0/0 command.

Listing 11.14 Output of show ip int serial 0/0 Command

A1#show ip int serial 0/0 Serial0 is up, line protocol is up   Internet address is 192.168.15.1/30   Broadcast address is 255.255.255.255   Address determined by non-volatile memory   MTU is 1500 bytes   Helper address is not set   Directed broadcast forwarding is disabled   Multicast reserved groups joined: 224.0.0.10   Outgoing access list is 101   Inbound  access list is not set   Proxy ARP is enabled   Security level is default   Split horizon is enabled   ICMP redirects are never sent   ICMP unreachables are always sent   ICMP mask replies are never sent   IP fast switching is enabled   IP fast switching on the same interface is enabled   IP Flow switching is disabled   IP Feature Fast switching turbo vector   IP multicast fast switching is enabled   IP multicast distributed fast switching is disabled   IP route-cache flags are Fast   Router Discovery is disabled   IP output packet accounting is disabled   IP access violation accounting is disabled   TCP/IP header compression is disabled   RTP/IP header compression is disabled   Probe proxy name replies are disabled   Policy routing is disabled   Network address translation is disabled   WCCP Redirect outbound is disabled   WCCP Redirect exclude is disabled   BGP Policy Mapping is disabled

An outbound access list applied at serial 0/0 is access list 101. Let us check the contents of the same. Listing 11.15 shows the output of the show access-list 101 command.

Listing 11.15 Output of show access-list 101 Command

A1#show access-list 101 Extended IP access list 101 0 deny tcp any any eq 179 (500 matches)   20 deny udp any any eq 179   30 permit ip any any (724 matches)

The access list has statements that deny all packets with the port number 179 to move out of serial 0/0.

A successful neighbor relationship can be established by either removing the access list from the interface or suitably modifying this list.

Check the physical link status and quality, and rectify the error, if there is no access list.