Re: BGP not coming up

ashu-aggarwal-160 · ‎04-01-2020

I am looking for some guidance related to bgp configuration, We currently have two routers which are using the same AS number to build neighbor with the headend router via ipsec tunnel built over broad band link.

I see the bgp is up only for one of the router and other is not coming up.Please suggest if the above scenario will work.

Francesco Molino · ‎04-01-2020

Hi

Can you share a quick drawing how your setup is please?
You said 1 end is up but not the other? This is weird.
First you need to make sure both end are reachable from both sites. Then see if you can access the other end from 1 site doing a telnet on port 179 of remote IP. You should see the tcp socket open, if not then you have a filter acl preventing that.

Sharing your design and your config will help to point out where the issue is.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Cristian Matei · ‎04-01-2020

Hi,

1. Are both IPSec tunnels up and running?

2. Are the BGP peering addresses routable over the IPsec tunnel and member of the encryption domain?

3. Have you properly configured iBGP, with neighbour and/or update-source? For BGP over IPsec, update-source may be required, otherwise traffic may be initiated with the exit interface IP address which may not be part of the encryption domain

4. Is this BGP peering traffic excluded from any NAT configured on any of the gateways?

5. Do you have any VPN filters attached to your VPN tunnel?

6. On the BGP peering which is not functional, assuming you know based on your config, on which IP addresses should the peering run, can you simulate that TCP connection over port 179 via telnet from one router to the other?

Confirm/infirm the above by looking again at the configs, more carefully.

Regards,

Cristian Matei.

ashu-aggarwal-160 · ‎04-09-2020

Thank you all for your inputs, There was a static route issue on our headend ipsec firewall which seems to fixed the issue.