Verifying and Troubleshooting BGP
You can verify BGP operation using show EXEC commands, including the following:
-
show ip bgp— Displays entries in the BGP topology database (BGP table). Specify a network number to get more specific information about a particular network.
-
show ip bgp rib-failure— Displays BGP routes that were not installed in the routing information base (RIB), and the reason that they were not installed.
-
show ip bgp neighbors— Displays detailed information about the TCP and BGP connections to neighbors.
-
show ip bgp summary— Displays the status of all BGP connections.
Use the show ip bgp ? command on a router to see other BGP show commands.
debug commands display events as they happen on the router. For BGP, the debug ip bgp privileged EXEC command has many options, including the following:
| Caution | Use caution when executing debug commands because they may consume a lot of router resources and could cause problems in a busy production network. Debugging output takes priority over other network traffic. Too much debug output may severely reduce the performance of the router or even render it unusable in the worst case. |
The following sections provide sample output for some of these commands.
show ip bgp Command Output Example
Use the show ip bgp command to display the BGP topology database (the BGP table).
Example 6-19 is a sample output for the show ip bgp command. The status codes are shown at the beginning of each line of output, and the origin codes are shown at the end of each line. In this output, most of the rows have an asterisk (*) in the first column. This means that the next-hop address (in the fifth column) is valid. Remember, for BGP the next-hop address is not always on a router that is directly connected to this router. Other options for the first column are as follows:
-
An s indicates that the specified routes are suppressed (usually because routes have been summarized and only the summarized route is being sent).
-
A d, for dampening, indicates that the route is being dampened (penalized) for going up and down too often. Although the route might be up right now, it is not advertised until the penalty has expired.
-
An h, for history, indicates that the route is unavailable and is probably down. Historic information about the route exists, but a best route does not exist.
-
An r, for RIB failure, indicates that the route was not installed in the RIB. The reason that the route is not installed can be displayed using the show ip bgp rib-failure command, as described in the next section.
-
An S, for stale, indicates that the route is stale. (This is used in a nonstop forwarding-aware router.)
Example 6-19: show ip bgp Command Output
RouterA#show ip bgp
BGP table version is 14, local router ID is 172.31.11.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r
RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 10.1.0.0/24 0.0.0.0 0 32768 i
* i 10.1.0.2 0 100 0 i
*> 10.1.1.0/24 0.0.0.0 0 32768 i
*>i10.1.2.0/24 10.1.0.2 0 100 0 i
*> 10.97.97.0/24 172.31.1.3 0 64998 64997 i
* 172.31.11.4 0 64999 64997 i
* i 172.31.11.4 0 100 0 64999 64997 i
*> 10.254.0.0/24 172.31.1.3 0 0 64998 i
* 172.31.11.4 0 64999 64998 i
* i 172.31.1.3 0 100 0 64998 i
r> 172.31.1.0/24 172.31.1.3 0 0 64998 i
r 172.31.11.4 0 64999 64998 i
r i 172.31.1.3 0 100 0 64998 i
*> 172.31.2.0/24 172.31.1.3 0 0 64998 i
A greater-than sign (>) in the second column indicates the best path for a route selected by BGP. This route is offered to the IP routing table.
The third column is either blank or has an i in it. If it is blank, BGP learned that route from an external peer. If it has an i, an IBGP neighbor advertised this route to this router.
The fourth column lists the networks that the router learned.
The fifth column lists all the next-hop addresses for each route. This next-hop address column might contain 0.0.0.0, which signifies that this router originated the route.
The next three columns list three BGP path attributes associated with the path: metric (MED), local preference, and weight.
The column with the “Path” header may contain a sequence of autonomous systems in the path. From left to right, the first autonomous system listed is the adjacent autonomous system from which this network was learned. The last number (the rightmost autonomous system number) is this network’s originating autonomous system. The autonomous system numbers between these two represent the exact path that a packet takes back to the originating autonomous system. If the path column is blank, the route is from the current autonomous system.
The last column signifies how this route was entered into BGP on the original router (the origin attribute). If the last column has an i in it, the original router probably used a network command to introduce this network into BGP. The character e signifies that the original router learned this network from EGP, which is the historic predecessor to BGP. A question mark (?) signifies that the original BGP process cannot absolutely verify this network’s availability because it is redistributed from an IGP into the BGP process.
show ip bgp rib-failure Command Output Example
Use the show ip bgp rib-failure command to display BGP routes that were not installed in the RIB, and the reason that they were not installed. In Example 6-20 the displayed routes were not installed because a route or routes with a better administrative distance already existed in the RIB.
Example 6-20: show ip bgp rib-failure Command Output
RouterA#show ip bgp rib-failure
Network Next Hop RIB-failure RIB-NH Matches
172.31.1.0/24 172.31.1.3 Higher admin distance n/a
172.31.11.0/24 172.31.11.4 Higher admin distance n/a
show ip bgp summary Command Output Example
The show ip bgp summary command is one way to verify the BGP neighbor relationship. Example 6-21 presents sample output from this command. Here are some of the highlights:
-
BGP router identifier— IP address that all other BGP speakers recognize as representing this router.
-
BGP table version— Increases in increments when the BGP table changes.
-
Main routing table version— Last version of BGP database that was injected into the main routing table.
-
Neighbor— The IP address, used in the neighbor statement, with which this router is setting up a relationship.
-
Version (V)— The version of BGP this router is running with the listed neighbor.
-
AS— The listed neighbor’s autonomous system number.
-
Messages received (MsgRcvd)— The number of BGP messages received from this neighbor.
-
Messages sent (MsgSent)— The number of BGP messages sent to this neighbor.
-
TblVer— The last version of the BGP table that was sent to this neighbor.
-
In queue (InQ)— The number of messages from this neighbor that are waiting to be processed.
-
Out queue (OutQ)— The number of messages queued and waiting to be sent to this neighbor. TCP flow control prevents this router from overwhelming a neighbor with a large update.
-
Up/down— The length of time this neighbor has been in the current BGP state (established, active, or idle).
-
State— The current state of the BGP session: active, idle, open sent, open confirm, or idle (admin). The admin state is new to Cisco IOS Software Release 12.0; it indicates that the neighbor is administratively shut down. This state is created by using the neighbor ip-address shutdown router configuration command. (Neighbor states are discussed in more detail in the “Understanding and Troubleshooting BGP Neighbor States” section, later in this chapter.) Note that if the session is in the established state, a state is not displayed. Instead, a number representing the PfxRcd is displayed, as described next.
| Note | If the State field of the show ip bgp summary command indicates active, the router is attempting to create a TCP connection to this neighbor. |
-
Prefix received (PfxRcd)— When the session is in the established state, this value represents the number of BGP network entries received from this neighbor.
Example 6-21: show ip bgp summary Command Output
RouterA#show ip bgp summary
BGP router identifier 10.1.1.1, local AS number 65001
BGP table version is 124, main routing table version 124
9 network entries using 1053 bytes of memory
22 path entries using 1144 bytes of memory
12/5 BGP path/bestpath attribute entries using 1488 bytes of memory
6 BGP AS-PATH entries using 144 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 3829 total bytes of memory
BGP activity 58/49 prefixes, 72/50 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.0.2 4 65001 11 11 124 0 0 00:02:28 8
172.31.1. 3 4 64998 21 18 124 0 0 00:01:13 6
172.31.11. 4 4 64999 11 10 124 0 0 00:01:11 6
debug ip bgp updates Command Output Example
Example 6-22 shows partial output from the debug ip bgp updates command on Router A after the clear ip bgp command is issued to clear BGP sessions with its IBGP neighbor 10.1.0.2.
Example 6-22: debug ip bgp updates Command Output
RouterA#debug ip bgp updates
Mobile router debugging is on for address family: IPv4 Unicast
RouterA#clear ip bgp 10.1.0.2
After the neighbor adjacency is reestablished, Router A creates and sends updates to 10.1.0.2. The first update highlighted in the example, 10.1.1.0/24, next 10.1.0.1, is an update about network 10.1.1.0/24, with a next hop of 10.1.0.1, which is Router A’s address. The second update highlighted in the example, 10.97.97.0/24, next 172.31.11.4, is an update about network 10.97.97.0/24, with a next hop of 172.31.11.4, which is the address of one of Router A’s EBGP neighbors. The EBGP next-hop address is being carried into IBGP.
Router A later receives updates from 10.1.0.2. The update highlighted in the example contains a path to two networks, 10.1.2.0/24 and 10.1.0.0/24.
Understanding and Troubleshooting BGP Neighbor States
After the TCP handshake is complete, the BGP application tries to set up a session with the neighbor. BGP is a state machine that takes a router through the following states with its neighbors:
-
Idle— The router is searching the routing table to see whether a route exists to reach the neighbor.
-
Connect— The router found a route to the neighbor and has completed the three-way TCP handshake.
-
Open sent— An open message was sent, with the parameters for the BGP session.
-
Open confirm— The router received agreement on the parameters for establishing a session.
Alternatively, the router goes into active state if there is no response to the open message.
After you enter the neighbor command, BGP starts in the idle state, and the BGP process checks that it has a route to the IP address listed. BGP should be in the idle state for only a few seconds. However, if BGP does not find a route to the neighboring IP address, it stays in the idle state. If it finds a route, it goes to the connect state when the TCP handshaking synchronize acknowledge (SYN ACK) packet returns (when the TCP three-way handshake is complete). After the TCP connection is set up, the BGP process creates a BGP open message and sends it to the neighbor. After BGP dispatches this open message, the BGP peering session changes to the open sent state. If there is no response for 5 seconds, the state changes to the active state. If a response does come back in a timely manner, BGP goes to the open confirm state and starts scanning (evaluating) the routing table for the paths to send to the neighbor. When these paths have been found, BGP then goes to the established state and begins routing between the neighbors.
The BGP state is shown in the last column of the show ip bgp summary command output.
| Note | You can observe the states that two BGP routers are going through to establish a session using debug commands. In Cisco IOS Software Release 12.4, you can use the debug ip bgp ipv4 unicast command (or the debug bgp ipv4 unicast events command) to see this process. In earlier IOS releases, only the debug ip bgp events command was available to provide similar output. |
Idle State Troubleshooting
The idle state indicates that the router does not know how to reach the IP address listed in the neighbor statement. The router is idle for one of the following reasons:
-
It is waiting for a static route to that IP address or network to be configured.
-
It is waiting for the local routing protocol (IGP) to learn about this network through an advertisement from another router.
The most common reason for the idle state is that the neighbor is not announcing the IP address or network that the neighbor statement of the router is pointing to. Check the following two conditions to troubleshoot this problem:
Active State Troubleshooting
If the router is in the active state, this means that it has found the IP address in the neighbor statement and has created and sent out a BGP open packet but has not received a response (an open confirm packet) back from the neighbor.
One common cause of this is when the neighbor does not have a return route to the source IP address. Ensure that the source IP address or network of the packets is advertised into the local routing protocol (IGP) on the neighboring router.
Another common problem associated with the active state is when a BGP router attempts to peer with another BGP router that does not have a neighbor statement peering back at the first router, or the other router is peering with the wrong IP address on the first router. Check to ensure that the other router has a neighbor statement peering at the correct address of the router that is in the active state.
If the state toggles between idle and active, the autonomous system numbers might be misconfigured. You see the following console message at the router with the wrong autonomous system number configured in the neighbor statement:
At the remote router, you see the following message:
Established State
The desired state for a neighbor relationship is the established state. This state means that both routers agree to exchange BGP updates with one another and routing has begun. As mentioned, if the state column in the show ip bgp summary command output is blank or has a number in it, BGP is in the established state, and the number shown is the number of routes that have been learned from this neighbor.
Use the show ip bgp neighbors command to display information about the BGP connections to neighbors. In Example 6-23, the BGP state is established, which means that the neighbors have established a TCP connection and the two peers have agreed to use BGP to communicate.
Example 6-23: show ip bgp neighbors Command Output
RouterA#show ip bgp neighbors
BGP neighbor is 172.31.1.3, remote AS 64998, external link
BGP version 4, remote router ID 172.31.2.3
BGP state = Established, up for 00:19:10
Last read 00:00:10, last write 00:00:10, hold time is 180, keepalive interval
is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received(old & new)
Address family IPv4 Unicast: advertised and received
Message statistics:
InQ depth is 0
OutQ depth is 0
Sent Rcvd
Opens: 7 7
Notifications: 0 0
Updates: 13 38
No comments:
Post a Comment