3 switches connected on the same VLAN/subnet are trying to establish BGP session.

So, imagine a CD-A 1.1.1.2/24 and CD-B 1.1.1.3/24 trying to peer with SW1 IP 1.1.1.1/24

cd-a

neighbor 1.1.1.1 remote-as 1

cd-b

neighbor 1.1.1.1 remote-as 1

sw1

neighbor 1.1.1.2 remote-as 2

neighbor 1.1.1.3 remote-as 2

If I shutdown cd-a, then b establish BGP, if I shut cd-b then cd-a establishes it.

Those are directly connected , so no point in using the update-source.

help!

They all connect to another L2 switch yes. But they CD-A and CD-B have a L3 connection between them. So there should be no L2 loop to block via SPT.

Also, Ive seen a debug ip pac det in the switch and apparently it only rejects the connection.

After the first FYN TO 179 it replies with a ACK, RST.

16:08:35.118 BRST: IP: s=10.21.4.229 (GigabitEthernet3/5), d=10.21.4.226, len 40, rcvd 2

Jan 26 16:08:35.118 BRST: TCP src=179, dst=11158, seq=0, ack=965412976, win=0 ACK RST

Jan 26 16:08:35.118 BRST: IP: s=10.21.4.229 (GigabitEthernet3/5), d=10.21.4.226, len 40, stop process pak for forus packet

Jan 26 16:08:35.118 BRST: TCP src=179, dst=11158, seq=0, ack=965412976, win=0 ACK

Im still waiting to get a more info on this problem, as Im helping a friend.

But thanks for all your help.

I was just wondering if someone have seen something similar.

When you have to shutdown 1 bgp peer to get the other established.

Hello Vlad,

there are some rules about what side should use the well-known port (TCP 179).

I wonder if in your case switch1 resets the connection because in its opinion the well known port should be on its side.

or if there is a chance that both CD-A and CD-B will use the same BGP router-id.

the rule is the highest ip address on loopbacks before physical interfaces (the same as OSPF rules)

An the same router cannot have two ip addresses on the same LAN segment

you can check this with

sh ip bgp summary

on CD-A and CD-B

Hope to help

Giuseppe

Hello Giuseppe,

thanks for the reply.

But unfortunately am afraid didnt understood.

Each CD and sw in that LAN segment has its own IP address.

Also if the router id was equal I would expect to see something similar to:

*Mar 1 00:07:33.747: %BGP-3-NOTIFICATION: sent to neighbor 10.0.0.1 2/3 (BGP identifier wrong) 4 bytes 01010101

rc# FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF 002D 0104 0001 00B4 0101 0101 1002 0601 0400 0100 0102 0280 0002 0202 00

Any other suggestion is appreciated.

Vladimir,

Not if the RID was the same on cd-a and cd-b as they do not establish a neighbor relationship between themselves but only to the switch.

Regards