Re: BGP neighbor establishment

pollok.st · ‎07-03-2012

I am replacing an old 2600 out of support BGP router with a 3954 running 15.1(4)M3 using the same config on both routers. The old config and IOS works fine, but with the new router I can not establish an eBGP neighbor relationship, iBGP is fine. I am wondering if it has something to do with MTR.

Here is the event debug, can any one see what might be the issue ? Regards Stuart

Jun 30 11:59:46.650 CEST: BGP: 62.12.4.8 active went from Idle to Active

Jun 30 11:59:46.650 CEST: BGP: 62.12.4.8 open active, local address 194.104.184.252

Jun 30 11:59:46.658 CEST: BGP: 62.12.4.8 open failed: Connection refused by remote host

Jun 30 11:59:46.658 CEST: BGP: 62.12.4.8 Active open failed - tcb is not available, open active delayed 11264ms (35000ms max, 60% jitter)

Jun 30 11:59:46.658 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) act Reset (Active open failed).

Jun 30 11:59:46.658 CEST: BGP: tbl IPv4 Unicast:base Service reset requests

Jun 30 11:59:46.658 CEST: BGP: tbl IPv4 Multicast:base Service reset requests

Jun 30 11:59:46.658 CEST: BGP: 62.12.4.8 active went from Active to Idle

Jun 30 11:59:46.658 CEST: BGP: nbr global 62.12.4.8 Active open failed - open timer running

Jun 30 11:59:57.914 CEST: BGP: 62.12.4.8 active went from Idle to Active

Jun 30 11:59:57.914 CEST: BGP: 62.12.4.8 open active, local address 194.104.184.252

Jun 30 11:59:57.922 CEST: BGP: 62.12.4.8 open failed: Connection refused by remote host

Jun 30 11:59:57.922 CEST: BGP: 62.12.4.8 Active open failed - tcb is not available, open active delayed 9216ms (35000ms max, 60% jitter)

Jun 30 11:59:57.922 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Reset (Active open failed).

Jun 30 11:59:57.922 CEST: BGP: tbl IPv4 Unicast:base Service reset requests

Jun 30 11:59:57.922 CEST: BGP: tbl IPv4 Multicast:base Service reset requests

Jun 30 11:59:57.922 CEST: BGP: 62.12.4.8 active went from Active to Idle

Jun 30 11:59:57.922 CEST: BGP: nbr global 62.12.4.8 Active open failed - open timer running

Jun 30 12:00:02.830 CEST: BGP: Regular scanner timer event

Jun 30 12:00:02.830 CEST: BGP: Performing BGP general scanning

Jun 30 12:00:02.830 CEST: BGP: topo global:IPv4 Unicast:base Scanning routing tables

Jun 30 12:00:02.830 CEST: BGP: tbl IPv4 Unicast:base Performing BGP Nexthop scanning for general scan

Jun 30 12:00:02.830 CEST: BGP(0): Future scanner version: 19933, current scanner version: 19932

Jun 30 12:00:02.830 CEST: BGP: topo global:IPv4 Multicast:base Scanning routing tables

Jun 30 12:00:02.830 CEST: BGP: tbl IPv4 Multicast:base Performing BGP Nexthop scanning for general scan

Jun 30 12:00:02.830 CEST: BGP(6): Future scanner version: 19942, current scanner version: 19941

Jun 30 12:00:07.130 CEST: BGP: 62.12.4.8 active went from Idle to Active

Jun 30 12:00:07.130 CEST: BGP: 62.12.4.8 open active, local address 194.104.184.252

Jun 30 12:00:07.138 CEST: BGP: 62.12.4.8 open failed: Connection refused by remote host

Jun 30 12:00:07.138 CEST: BGP: 62.12.4.8 Active open failed - tcb is not available, open active delayed 10240ms (35000ms max, 60% jitter)

Jun 30 12:00:07.138 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) act Reset (Active open failed).

Jun 30 12:00:07.138 CEST: BGP: tbl IPv4 Unicast:base Service reset requests

Jun 30 12:00:07.138 CEST: BGP: tbl IPv4 Multicast:base Service reset requests

Jun 30 12:00:07.138 CEST: BGP: 62.12.4.8 active went from Active to Idle

Jun 30 12:00:07.138 CEST: BGP: nbr global 62.12.4.8 Active open failed - open timer running

Jun 30 12:00:17.370 CEST: BGP: 62.12.4.8 active went from Idle to Active

Jun 30 12:00:17.370 CEST: BGP: 62.12.4.8 open active, local address 194.104.184.252

Jun 30 12:00:17.378 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Adding topology IPv4 Unicast:base

Jun 30 12:00:17.378 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Send OPEN

Jun 30 12:00:17.378 CEST: BGP: 62.12.4.8 active went from Active to OpenSent

Jun 30 12:00:17.378 CEST: BGP: 62.12.4.8 active sending OPEN, version 4, my as: 25077, holdtime 24 seconds, ID C268B8FC

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive open to 194.104.184.252

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive went from Idle to Connect

Jun 30 12:00:26.238 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) pas Setting open delay timer to 8 seconds.

Jun 30 12:00:26.238 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) pas read request no-op

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcv message type 1, length (excl. header) 31

Jun 30 12:00:26.238 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) pas Receive OPEN

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcv OPEN, version 4, holdtime 180 seconds

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcv OPEN w/ OPTION parameter len: 21

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcvd OPEN w/ optional parameter type 2 (Capability) len 6

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has CAPABILITY code: 1, length 4

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has MP_EXT CAP for afi/safi: 1/1

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcvd OPEN w/ optional parameter type 2 (Capability) len 2

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has CAPABILITY code: 128, length 0

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has ROUTE-REFRESH capability(old) for all address-families

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcvd OPEN w/ optional parameter type 2 (Capability) len 2

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has CAPABILITY code: 2, length 0

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has ROUTE-REFRESH capability(new) for all address-families

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcvd OPEN w/ optional parameter type 2 (Capability) len 3

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has CAPABILITY code: 131, length 1

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive OPEN has MULTISESSION capability, without grouping

Jun 30 12:00:26.238 CEST: BGP: nbr global 62.12.4.8 neighbor does not have IPv4 MDT topology activated

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive rcvd OPEN w/ remote AS 286

Jun 30 12:00:26.238 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) pas topologies not available, in use by active session, try again

Jun 30 12:00:26.238 CEST: BGP: 62.12.4.8 passive went from Connect to Closing

Jun 30 12:00:26.238 CEST: BGP: ses global 62.12.4.8 (0x113758C:0) pas Send NOTIFICATION 2/8 (no supported AFI/SAFI) 3 bytes 000000 (suppress timer started)

Jun 30 12:00:30.682 CEST: BGP: 62.12.4.8 passive local error close after sending NOTIFICATION

Jun 30 12:00:30.682 CEST: BGP: tbl IPv4 Unicast:base Service reset requests

Jun 30 12:00:30.682 CEST: BGP: tbl IPv4 Multicast:base Service reset requests

Jun 30 12:00:30.682 CEST: BGP: 62.12.4.8 passive closing

Jun 30 12:00:30.682 CEST: BGP: 62.12.4.8 passive went from Closing to Idle

Jun 30 12:00:30.682 CEST: BGP: nbr global 62.12.4.8 Active open failed - can't get active topologies

Jun 30 12:00:41.946 CEST: %BGP-3-BGP_NO_REMOTE_READ: 62.12.4.8 connection timed out - has not accepted a message from us for 24000ms (hold time), 0 messages pending transmition.

Jun 30 12:00:41.946 CEST: BGP: 62.12.4.8 active went from OpenSent to Closing

Jun 30 12:00:41.946 CEST: %BGP-3-NOTIFICATION: sent to neighbor 62.12.4.8 active 4/0 (hold time expired) 0 bytes

Jun 30 12:00:41.946 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Send NOTIFICATION 4/0 (hold time expired) 0 bytes

Jun 30 12:00:41.946 CEST: BGP: 62.12.4.8 active local error close after sending NOTIFICATION

Jun 30 12:00:41.946 CEST: BGP: tbl IPv4 Unicast:base Service reset requests

Jun 30 12:00:41.946 CEST: BGP: tbl IPv4 Multicast:base Service reset requests

Jun 30 12:00:41.946 CEST: BGP: nbr_topo global 62.12.4.8 IPv4 Unicast:base (0x141F7784:0) NSF delete stale NSF not active

Jun 30 12:00:41.946 CEST: BGP: nbr_topo global 62.12.4.8 IPv4 Unicast:base (0x141F7784:0) NSF no stale paths state is NSF not active

Jun 30 12:00:41.946 CEST: BGP: nbr_topo global 62.12.4.8 IPv4 Unicast:base (0x141F7784:0) Resetting ALL counters.

Jun 30 12:00:41.946 CEST: BGP: 62.12.4.8 active closing

Jun 30 12:00:41.946 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Session close and reset neighbor 62.12.4.8 topostate

Jun 30 12:00:41.946 CEST: BGP: nbr_topo global 62.12.4.8 IPv4 Unicast:base (0x141F7784:0) Resetting ALL counters.

Jun 30 12:00:41.946 CEST: BGP: 62.12.4.8 active went from Closing to Idle

Jun 30 12:00:41.946 CEST: %BGP_SESSION-5-ADJCHANGE: neighbor 62.12.4.8 IPv4 Unicast topology base removed from session BGP Notification sent

Jun 30 12:00:41.946 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Removed topology IPv4 Unicast:base

Jun 30 12:00:41.946 CEST: BGP: ses global 62.12.4.8 (0x141F7784:0) act Removed last topology

Jun 30 12:00:41.946 CEST: BGP: nbr global 62.12.4.8 Open active delayed 12288ms (35000ms max, 60% jitter)

Jun 30 12:00:41.946 CEST: BGP: nbr global 62.12.4.8 Active open failed - open timer runningno debug all

smitesh kharecha · ‎07-03-2012

Hi Stuart,

Are you using update-source in you BGP config ?

Can you share following information.

sh run | sec bgp.

Edit: Also, just confirm that no firewall or access-list is blocking port 179.

Regards,

Smitesh

pollok.st · ‎07-03-2012

The orignal config was not using update-source but I did try it with update-source

194.104.184.252 (the loopback) and the above was the debug.

I also tried with the router ID removed.

The ACL is removed and there is no F/W in front.

router bgp 25077

bgp router-id 194.104.184.1

no bgp fast-external-fallover

bgp cluster-id 3261643005

bgp log-neighbor-changes

network 193.176.46.0

network 194.104.160.0 mask 255.255.240.0

network 194.104.175.0

timers bgp 8 24

neighbor 62.12.4.8 remote-as 286

neighbor 62.12.4.8 description -= KPN AS286 BGP Speaker =-

neighbor 62.12.4.8 password 7

neighbor 62.12.4.8 ebgp-multihop 10

neighbor 62.12.4.8 update-source Loopback1

neighbor 62.12.4.8 version 4

neighbor 62.12.4.8 send-community

neighbor 62.12.4.8 distribute-list 5 in

neighbor 62.12.4.8 filter-list 1 in

neighbor 194.104.175.231 remote-as 25077

neighbor 194.104.175.231 description -= BGP4 with ValkIOS =-

neighbor 194.104.175.231 password 7

neighbor 194.104.175.231 next-hop-self

neighbor 194.104.175.231 filter-list 3 in

neighbor 194.104.175.231 filter-list 33 out

ip bgp-community new-format

ip as-path access-list 1 permit ^286_[0-9]*_[0-9]*$

ip as-path access-list 3 permit ^$

ip as-path access-list 33 permit ^$

milan.kulik · ‎07-04-2012

Hi,

IMHO, the eBGP neighbor does not care too much about your BGP router ID.

But the update source address is important!

As it was not configured on your old router, it was using the IP address of the interface nearest to the neighbor, I believe.

Possibly you are using a different connection now or a different IP address on the interface?

The easiest way would be asking the guys administering the neighbor router: "Which IP address for my neighbor is configured on your router?"

If this does not help, you can also ask them: "Why are you refusing my BGP session?"

Sometimes asking your colleague a "stupid" question saves you hours of your time :-)

HTH,

Milan

ameya_oke · ‎07-04-2012

Hi Stuart,

Instead of beating around the bush, I would recommend you to setup a confcall with your BGP Neighbour's Admin and remove entire BGP config from both ends.

Check if you can ping 62.12.4.8 and telnet the peer on 179 port.

Once that is done, Reconfigure the routers with only below commands.

router bgp 25077

neighbor 62.12.4.8 remote-as 286

neighbor 62.12.4.8 ebgp-multihop 10

neighbor 62.12.4.8 update-source Loopback1

neighbor 62.12.4.8 version 4

Just basic command(no password and no rocket science) to get the neighbourship going.

Once neighbourship is live you can start adding complexity.

Warm Regards,

Ameya Oke

pollok.st · ‎07-23-2012

Thanks guys.

I forced the router to peer via one of our other internet feeds and it worked first time.

So it looks like the ATM link is the problem. The working link uses an ATM 1A E3 and the none working one uses a ATM 1A T3/E3 card.

I think I will open a new question as the none working one looks ok, framing is corect etc and it is TXing and RXing.

Regards Stuart

SlawomirBabicz · ‎08-10-2013

Jun 30 11:59:57.922 CEST: BGP: 62.12.4.8 Active open failed - tcb is not available, open active delayed 9216ms (35000ms max, 60% jitter)

This line says that TCP cannot establish connection, so that is why this whole process is failing to begin with.

Cheers.

jamesbond · ‎08-03-2019

Thank you very much Milan ... I had the same problem and I knew update-source is needed but I had forgotten.

AND .. Thank you very much for the advice about asking stupid questions to your colleague. lol

girish_p1 · ‎09-21-2017

Hi Smithesh,

It just worked for me. But I want to know why it was happening. I had a different topology but in my topology the routers were running OSPF and the loopback add were also advertised and were reachable from each router still the BGP never came up but when I configured the update-source it came up. What was the reason.

Harold Ritter · ‎09-21-2017

Without the update-source command, the session will be established using the IP address of the physical interface between the two routers. This will fail since the other router is configured to only accept TCP sessions coming from the loopback interface IP address of it's neighbor.

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

tigerpaws · ‎04-23-2018

Test

abdelnasser · ‎02-12-2020

Good answer.

abdelnasser · ‎02-12-2020

eBGP does not need the command 'update-source' as they have to be directly connected. So, please remove update-source command. You might need this command in iBGP update and if you manage that router as it alwyas up, unless the router itself is down.