Formation of a neighbor relationship among the BGP peer routers is the first step to set up eBGP among routers belonging to different ASs or iBGPs among routers belonging to the same AS. A neighbor relationship is formed when there is successful communication at port TCP 179 between the BGP peer routers. Look at an example as shown in Figure 11.3 to troubleshoot the problem of an unsuccessful neighbor relationship.
Figure 11.3: A BGP network depicting a neighbor relationship problem.
Figure 11.3 shows routers A1 and C1 belonging to AS5555 and AS6666, respectively, which are connected via parallel serial links. These routers are eBGP peers and require establishment of a successful neighbor relationship to exchange routing updates among the ASs.
In Figure 11.3, the neighbor relationship is not established between A1 and C1, as ascertained from these commands:
A1#show ip bgp summary A1#show ip bgp neighbor C1#show ip bgp summary C1#show ip bgp neighbor
To troubleshoot the neighbor relationship problem in BGP:
Check the configuration for both A1 and C1 to ascertain whether the neighbors have been defined correctly. Check both the neighbor IP addresses and AS numbers. Configure these commands on A1:
router bgp 5555 neighbor 192.168.11.1 remote-as 6666 Configure these command on C1: router bgp 6666 neighbor 192.168.1.1 remote-as 6666
Load balance the two neighbors connected over parallel serial links by configuring these commands:
At A1:
router bgp 5555 neighbor 192.168.11.1 remote-as 6666 neighbor 192.168.11.1 ebgp-multihop 2 neighbor 192.168.11.1 update-source Loopback0
At C1:
router bgp 6666 neighbor 192.168.1.1 remote-as 6666 neighbor 192.168.1.1 ebgp-multihop neighbor 192.168.1.1 update-source Loopback0
An ebgp multihop is mandatory, because the neighbors are loopback interfaces and not connected directly. Also, the update source is mandatory in these cases. These commands are not required in the case of directly connected neighbors.
Check the neighbor reachability if the commands are already present. Listing 11.13 shows the output of the command to check neighbor reachability.
Listing 11.13 Checking Neighbor Reachability
A1#ping 192.168.11.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 202.54.9.1, timeout is 2 seconds: .... Success rate is 0 percent (0/5) C1#ping 192.168.11.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 202.54.9.1, timeout is 2 seconds: .... Success rate is 0 percent (0/5)
As per the observation, ping is unsuccessful.
Check the route to BGP peers at both routers, using the commands:
A1#show ip route 192.168.11.1 % Network not in table C1#show ip route 192.168.1.1 % Network not in table
There is no route available. In A1 and C1, configure the command:
A1(config)#ip route 192.168.11.1 255.255.255.255 Serial 0/0 A1(config)#ip route 192.168.11.1 255.255.255.255 Serial1/0 C1(config)#ip route 192.168.1.1 255.255.255.255 Serial 0/0 C1(config)#ip route 192.168.1.1 255.255.255.255 Serial1/0
Check the presence of any access list in the interfaces in both A1 and C1 if ping is unsuccessful. Listing 11.14 shows the output of the show ip int serial 0/0 command.
Listing 11.14 Output of show ip int serial 0/0 Command
A1#show ip int serial 0/0 Serial0 is up, line protocol is up Internet address is 192.168.15.1/30 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is disabled Multicast reserved groups joined: 224.0.0.10 Outgoing access list is 101 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are never sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is enabled IP Flow switching is disabled IP Feature Fast switching turbo vector IP multicast fast switching is enabled IP multicast distributed fast switching is disabled IP route-cache flags are Fast Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled RTP/IP header compression is disabled Probe proxy name replies are disabled Policy routing is disabled Network address translation is disabled WCCP Redirect outbound is disabled WCCP Redirect exclude is disabled BGP Policy Mapping is disabled
An outbound access list applied at serial 0/0 is access list 101. Let us check the contents of the same. Listing 11.15 shows the output of the show access-list 101 command.
Listing 11.15 Output of show access-list 101 Command
A1#show access-list 101 Extended IP access list 101 0 deny tcp any any eq 179 (500 matches) 20 deny udp any any eq 179 30 permit ip any any (724 matches)
The access list has statements that deny all packets with the port number 179 to move out of serial 0/0.
A successful neighbor relationship can be established by either removing the access list from the interface or suitably modifying this list.
Check the physical link status and quality, and rectify the error, if there is no access list.