Solved: bgp adjacency problem

MihalyBotlik9094 · ‎07-22-2020

Hi all,

I have configured a bgp

on router CE:

router bgp 800
bgp router-id 8.8.8.8
address-family ipv4 vrf db-bku
redistribute ospf 2 match internal
neighbor 83.0.0.3 remote-as 100
neighbor 83.0.0.3 activate
"neighbor 83.0.0.3 update-source loopback2"
"neighbor 83.0.0.3 disable-connected-check"
"neighbor 83.0.0.3 ebgp-multihop 2"
network 8.8.2.0 mask 255.255.255.0
exit

address-family ipv4 vrf db-sus-itbf-video
redistribute ospf 1 match internal
neighbor 38.0.0.3 remote-as 100
neighbor 38.0.0.3 activate
"neighbor 38.0.0.3 update-source loopback1"
"neighbor 38.0.0.8 disable-connected-check"
"neighbor 38.0.0.3 ebgp-multihop 2"
network 8.8.1.0 mask 255.255.255.0

on the PE:

router bgp 100
bgp router-id 3.3.3.3
address-family ipv4 vrf db-bku
neighbor 83.0.0.8 remote-as 800
neighbor 83.0.0.8 activate
"neighbor 83.0.0.8 update-source loopback2"
"neighbor 83.0.0.8 disable-connected-check"
"neighbor 83.0.0.8 ebgp-multihop 2"
network 3.3.2.0 mask 255.255.255.0
exit
address-family ipv4 vrf db-sus-itbf-video
neighbor 38.0.0.8 remote-as 800
neighbor 38.0.0.8 activate
"neighbor 38.0.0.8 update-source loopback1"
"neighbor 38.0.0.8 disable-connected-check"
"neighbor 38.0.0.8 ebgp-multihop 2"
network 3.3.1.0 mask 255.255.255.0

but error message on the CE:

*Jul 22 20:10:31.908: BGP: 38.0.0.3 Active open failed - no route to peer, open active delayed 12288ms (35000ms max, 60% jitter

on the PE:

*Jul 22 20:08:12.236: BGP: 83.0.0.8 Active open failed - tcb is not available, open active delayed 12288ms (35000ms max, 60% jitter)

*Jul 22 08:50:22.642: BGP: nbr db-bku 83.0.0.8 Active open failed - open timer running

Have you any idea whats worng with the configuration?

Many thanks in advance

Mihaly

Giuseppe Larosa · ‎07-28-2020

Hello @MihalyBotlik9094 ,

on CE node:

ip route vrf db-sus-itbf-video 3.3.1.3 255.255.255.255 38.0.0.3??

no you need

ip route vrf db-sus-itbf-video 3.3.1.3 255.255.255.255 83.0.0.3

based on your configuration attached in previous post the common subnet is 83.0.0.0

For this reason the CE complains of a missing route to BGP endpoint the next-hop is wrong

>> ul 28 20:29:57.564: BGP: 3.3.1.3 Active open failed - no route to peer, open active delayed 6144ms (35000ms max, 60% jitter)
*Jul 28 20:29:57.568: BGP: 3.3.2.3 Active open failed - no route to peer, open active delayed 12288ms (35000ms max, 60% jitter)

final note : you have two VRFs between PE and CE you need to buiild the eBGP session on the same VRF.

Hope to help

Giuseppe

View solution in original post

Georg Pauwen · ‎07-22-2020

Hello,

check if both routers can ping each other, and if the loopback interfaces are reachable. If you use the loopback interfaces as update sources, you need to advertise the loopback networks.

Better yet, post the full running configs of both routers...

MihalyBotlik9094 · ‎07-23-2020

Hi Georg,

in the attachement you see the configs.

Many thanks

Regards

Mihaly

Georg Pauwen · ‎07-23-2020

Hello,

on the CE router, the BGP update source is a loopback interface configured on another device (the switch). I don't think you will get this to work, the question is: what is the reason/requirement for that design ? Why not simply configure a loopback on the router ?

MihalyBotlik9094 · ‎07-23-2020

Hi Georg,

I wanted practice the bgp/vrf config from this:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/15-02SG/configuration/guide/config/vrf.html

I took the config from this website.

Regards

Mihaly

paul driver · ‎07-22-2020

Hello
You've disabled the verification check that bgp does to verify a directly connect ebgp peer (disable-connected-check) so ebgp multihop isn't used however you are also using vrf so your ebgp peer ip addressing needs to be reachable from those loopback interfaces?
Lastly dont use default routes to try an establish bgp peering, it wont work

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MihalyBotlik9094 · ‎07-23-2020

Hello Paul,

I am sendig you the full configuration too.

Many thanks

Regards

Mihaly

paul driver · ‎07-23-2020

Hello

those two rtrs don’t seem to have any igp connectivity between each other so they can peer successfully via their respective loopbsvk interfaces

Can you confirm this?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

MihalyBotlik9094 · ‎07-26-2020

Hello,

yes, unfortunately sh ip bgp nei does not show any connection between the routers.

Kind regards

Mihaly

Giuseppe Larosa · ‎07-23-2020

Hello @MihalyBotlik9094 ,

your configuration is not correct

The PE loopback2 address is not the address that is configured on the CE node

If you configure neighbor x.x.x.x update-source loop2 on the PE the other device must configure as BGP endpoint the IP address of the loopback2 interface and not the IP address in the common PE-CE link.

on CE node you need also:

ip route vrf <vrf-name> <Pe2-loopback2> 255.255.255.255 80.0.0.3

The same is valid reversed on the PE node:

ip route vrf <vrf-name> <CE-loopback> 255.255.255.255 80.0.0.8

fix the BGP configuration and add the static routes and the eBGP on loopbacks should reach the established state.

Hope to help

Giuseppe

MihalyBotlik9094 · ‎07-26-2020

Hello Guiseppe,

so as I mentioned I copied the config from the cisco website, I don`t kwon, how can I fix the bgp config. Can you please write it?

These config lines were not in the originalconfig, I found these on different sites, while searching the solution, can be removed?

"neighbor 83.0.0.8 update-source loopback2"
"neighbor 83.0.0.8 disable-connected-check"
"neighbor 83.0.0.8 ebgp-multihop 2"

Many thanks

Mihaly

Giuseppe Larosa · ‎07-27-2020

Hello @MihalyBotlik9094 ,

you need to choice between:

a) ebgp session on directly connected interfaces BGP endpoints will be 83.0.0.3 (PE) and 83.0.0.8 ( CE side)

no additional commands are needed and this will work

b) eBGP session on loopbacks using the direct link in subnet 83.0.0.0/24.

How to configure this is explained in my previous post in this thread:

You will need static routes in VRF to reach the BGP endpoint on the other device that is a loopback

In this case you will remove the lines you have hightlighted

router bgp <your-AS>

address-family ipv4 vrf <VRF-name>

no neighbor 83.0.0.8 update-source loop2

no neighbor 83.0.0.8 disable-connected-check

no neighbor 83.0.0.8 ebgp-multiphop 2

! then you remove the neighbor completely

no neighbor 83.0.0.8 remote-as <CE-AS-number>

! at this point you add the statements for the loopbacks in the same context af vrf <VRF-name>:

neighbor <CE-loopback> remote-as <CE-AS-number>

neighbor <CE-loopback> update-source-loop2

neighbor <CE-loopback>ebgp-multihop 2

You will do the opposite on the CE node swapping the addresses of the loopbacks.

BGP is different the IGP like OSPF or EIGRP you need to manually configure the neighbors and they must match on both devices.

For the loopbacks you need to configure additional static routes and the additional commands to allow eBGP between not directly connected endpoints.

BGP uses a TCP connection where one side uses the well known BGP port 179.

You need to ensure IP connectivity between BGP endpoints and you need to understand the effects of commands like neighbor update-source.

Hope to help

Giuseppe

MihalyBotlik9094 · ‎07-28-2020

Hello Giuseppe,

so I have adjusted the config on the routers:

PE:
bgp part:
router bgp 100
address-family ipv4 vrf db-bku
no neighbor 83.0.0.8 update-source loop2
no neighbor 83.0.0.8 disable-connected-check
no neighbor 83.0.0.8 ebgp-multihop 2

no neighbor 83.0.0.8 remote-as 800

neighbor 8.8.2.8 remote-as 800
neighbor 8.8.2.8 update-source loopback2
neighbor 8.8.2.8 ebgp-multihop 2
exit

address-family ipv4 vrf db-sus-itbf-video
no neighbor 38.0.0.8 update-source loopback2
no neighbor 38.0.0.8 disable-connected-check
no neighbor 38.0.0.8 ebgp-multihop 2
no neighbor 38.0.0.8 remote-as 800

neighbor 8.8.1.8 remote-as 800
neighbor 8.8.1.8 update-source loopback1
neighbor 8.8.1.8 ebgp-multihop 2
end

Static route part
conf t
ip route vrf db-bku 8.8.2.8 255.255.255.255 83.0.0.8 -??

ip route vrf db-sus-itbf-video 8.8.1.8 255.255.255.255 38.0.0.8 -??

CE:
bgp part:
router bgp 800
address-family ipv4 vrf db-bku
no neighbor 83.0.0.3 update-source loop2
no neighbor 83.0.0.3 disable-connected-check
no neighbor 83.0.0.3 ebgp-multihop 2
no neighbor 83.0.0.3 remote-as 100

neighbor 3.3.2.3 remote-as 100
neighbor 3.3.2.3 update-source loopback2
neighbor 3.3.2.3 ebgp-multihop 2
exit

address-family ipv4 vrf db-sus-itbf-video
no neighbor 38.0.0.3 update-source loop2
no neighbor 38.0.0.3 disable-connected-check
no neighbor 38.0.0.3 ebgp-multihop 2
no neighbor 38.0.0.3 remote-as 100

neighbor 3.3.1.3 remote-as 100
neighbor 3.3.1.3 update-source loopback1
neighbor 3.3.1.3 ebgp-multihop 2
end

global:
ip route vrf db-bku 3.3.2.3 255.255.255.255 83.0.0.3??

ip route vrf db-sus-itbf-video 3.3.1.3 255.255.255.255 38.0.0.3??

error messages on CE

*Jul 28 20:29:57.564: BGP: 3.3.1.3 Active open failed - no route to peer, open active delayed 6144ms (35000ms max, 60% jitter)
*Jul 28 20:29:57.568: BGP: 3.3.2.3 Active open failed - no route to peer, open active delayed 12288ms (35000ms max, 60% jitter)

error messages on PE

*Jul 28 20:35:19.515: BGP: 8.8.2.8 active went from Active to Idle
*Jul 28 20:35:19.516: BGP: nbr db-bku 8.8.2.8 Active open failed - open timer running
*Jul 28 20:35:19.517: BGP: nbr db-bku 8.8.2.8 Active open failed - open timer running

*Jul 28 20:35:13.246: BGP: nbr db-sus-itbf-video 8.8.1.8 Active open failed - open timer running
*Jul 28 20:35:13.247: BGP: nbr db-sus-itbf-video 8.8.1.8 Active open failed - open timer running

Jul 28 20:35:54.400: BGP: 8.8.1.8 Active open failed - tcb is not available, open active delayed 9216ms (35000ms max, 60% jitter)
*Jul 28 20:35:57.462: BGP: 8.8.2.8 open failed: Connection timed out; remote host not responding
*Jul 28 20:35:57.463: BGP: 8.8.2.8 Active open failed - tcb is not available, open active delayed 10240ms (35000ms max, 60% jitter)

in the attachement you find a picture from the topology

Many thanks

Mihaly

Giuseppe Larosa · ‎07-28-2020

Hello @MihalyBotlik9094 ,

on CE node:

ip route vrf db-sus-itbf-video 3.3.1.3 255.255.255.255 38.0.0.3??

no you need

ip route vrf db-sus-itbf-video 3.3.1.3 255.255.255.255 83.0.0.3

based on your configuration attached in previous post the common subnet is 83.0.0.0

For this reason the CE complains of a missing route to BGP endpoint the next-hop is wrong

>> ul 28 20:29:57.564: BGP: 3.3.1.3 Active open failed - no route to peer, open active delayed 6144ms (35000ms max, 60% jitter)
*Jul 28 20:29:57.568: BGP: 3.3.2.3 Active open failed - no route to peer, open active delayed 12288ms (35000ms max, 60% jitter)

final note : you have two VRFs between PE and CE you need to buiild the eBGP session on the same VRF.

Hope to help

Giuseppe

MihalyBotlik9094 · ‎09-09-2020

Hello all,

many thanks for your help in this case!

Mihaly