Got it

BGP Peers Cannot Be Established

Latest reply: Dec 19, 2018 07:35:36 407 2 8 0 0

The common causes of this type of faults are as follows:

·BGP packets fail to be forwarded.


·ACL filters TCP port 179.


The router IDs of the neighbors conflict.


The AS number of the neighbor is incorrect.


· The peer connect-interface command is not configured when a loopback interface is used to establish a neighbor relationship.


· The peer ebgp-max-hop command is not configured when a loopback interface is used to establish an EBGP peer relationship.


The ·peer valid-ttl-hops configuration is incorrect.


· Check whether the number of routes sent by the peer end exceeds the value specified by the peer route-limit command.


· The peer ignore command is configured on the peer end.


The address families on both ends do not match.


Troubleshooting:


Step 1 Run the ping command to check whether the BGP peer relationship can be pinged.

If the ping operation succeeds, there are reachable routes between BGP peers and the link transmission is normal.

Run the ping–a source-ip-address –s packetsize host command to check the connectivity between the two ends. Because the source address can be used to check whether the routes at both ends are normal, you can specify the ping bytes to check whether the packets are transmitted normally on the link.


If the ping operation fails, check whether the peer route exists in the routing tables of the two ends by referring to the troubleshooting procedure for the 19.2.6.1.1 Ping failure.


Step 2 Check whether the ACL is configured to disable port 179 of the TCP.

Run the display acl all command on both ends to check whether TCP port 179 is disabled.

<Huawei>display acl all
Total nonempty ACL number is 1
Advanced ACL 3001, 2 rules
Acl's step is 5
Rule 5 deny tcp source-port eq bgp
Rule 10 deny tcp destination-port eq bgp

If ACL 179 is disabled for TCP port 179, run the undo rule rule-id destination-port and undo rule rule-id source-port commands to cancel the configuration.


If no ACL is configured for TCP port 179, go to step 3.


Step 3 Check whether the router IDs of the neighbors conflict.

Run the display bgp peer command to check whether the router ID conflicts with each other. For example, if the IPv4 unicast neighbor relationship cannot be established, run the command. The following is an example of the command for displaying the router ID. In this example, the local router ID is 223.5.0.109.

<Huawei>display bgp peer
BGPlocal router ID: 223.5.0.109
Local AS number: 41976
Total number of peers: 12 Peers in established state: 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
8.9.0.8 4 100 1601 1443 0 23:21:56 Established 10000
9.10.0.10 4 200 1565 1799 0 23:15:30 Established 9999




If the router IDs conflict, run the router id command in the BGP view to change the router IDs. Generally, the IP address of the loopback interface is used as the local router ID.


If the router IDs do not conflict, go to step 4.


Step 4 Check whether the AS number of the neighbor is correctly configured.

Run the display bgp peer command on both ends to check whether the AS number of the peer is the peer AS number.

<Huawei>display bgp peer
BGP local router ID: 223.5.0.109
LocalAS number: 41976
Total number of peers: 12 Peers in established state: 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
8.9.0.8 4 100 1601 1443 0 23:21:56 Established 10000
9.10.0.10 4 200 1565 1799 0 23:15:30 Established 9999




If the AS number is incorrect, configure the AS number as the peer AS number.


If the AS number is correct, go to step 5.


Step 5 Check whether BGP configurations affect neighbor relationship establishment.

Run the displaycurrent-configuration configuration bgp command to check BGP configurations.

  • x
  • convention:

yiyi0519
Created Dec 19, 2018 07:34:50

if there have one firewall between the two BGP router, how to configure the security policy ?
View more
  • x
  • convention:

user_2915719
Created Dec 19, 2018 07:35:36

Good sharing, seems the ACL is the most easily get messy..
View more
  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.