Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
38854
Views
19
Helpful
8
Replies

BGP stuck on openconfirm opensent

Ahmed Dockrat
Level 1
Level 1

‎05-28-2013 03:02 AM - edited ‎03-04-2019 08:01 PM

Hi


I have an EBGP neighbor thats gets stuck on openconfirm on one end and opensent on the other end, its running over a L2 WAN link.

The neighbour is seen as directly connected, port 179 is open and I can ping accross without any MTU issues. BGP source interface is set on both ends. There's no fancy configs, just standard EBGP.

Any ideas on what else could possibly cause this. Seems to be the WAN provider network but its odd that its a L2 link and connectivity is in place but BGP not establishing

Thanks

1 person had this problem
Labels:
0 Helpful
8 Replies 8

InayathUlla Sharieff
Cisco Employee
Cisco Employee

‎05-28-2013 04:15 AM

Hi Ahmed,

In the OPENSENT and OPENCONFIRM states, the two peers are exchanging preliminary packets in order to establish their BGP session. If the exchanges are successful, the peers will enter the ESTABLISHED state. The peers must continue to exchange periodic KEEPALIVE packets to remain in the established state, unless the negotiated hold time is 0.

OpenSent State: BGP FSM listens for an Open message from its peer.
Once the message has been received, the router checks the validity of the Open message.
If there is an error it is because one of the fields in the Open message doesn’t match between the peers, e.g., BGP version mismatch, MD5 password mismatch, the peering router expects a different My AS, etc. The router then sends a Notification message to the peer indicating why the error occurred.
If there is no error, a Keepalive message is sent, various timers are set and the state is changed to OpenConfirm.

OpenConfirm State: The peer is listening for a Keepalive message from its peer.
If a Keepalive message is received and no timer has expired before reception of the Keepalive, BGP transitions to the Established state.
If a timer expires before a Keepalive message is received, or if an error condition occurs, the router transitions back to the Idle state


Following things to be checked;

1- Show tec brief all to see if we have tcp connection state.

2- Make sure you are using the correct ip address and autonomous sytem respectively on both the ends.

3- As you mentioned you are able to ping the neighbor ip address, does the bgp form neighbors directly (i.e I mean without source other inteface)?
If you are using other interface for example loopback to form neigbor , I belive you are using update source loopback0 command?

4- Troubleshooting BGP neighbors link:

http://meetings.ripe.net/ripe-44/presentations/ripe44-eof-bgp.pdf

http://www.informit.com/library/content.aspx?b=CCIE_Practical_Studies_II&seqNum=89


HTH
REgards
Inayath

*Plz rate all usefull posts.

Petter Bruland
Level 1
Level 1
In response to InayathUlla Sharieff

‎07-06-2016 08:01 AM

I also found that if you have the ttl-security feature enabled, the BGP connection does not move to Established state. Just in case someone has that configured and runs into this issue.

router bgp 123

   neighbor 10.0.0.1

     ttl-security

-Petter

Arun baskar S
Level 1
Level 1
In response to Petter Bruland

‎07-20-2016 11:15 PM

Same issue I faced , after adding the command ttl-security under neighbour bgp Established from OPEN-CONFIRM state. But how it works?

 

0 Helpful

Ahmed Dockrat
Level 1
Level 1
In response to Arun baskar S

‎07-13-2017 12:00 PM

Had this issue some time back.

If memory serves me correct, mine was linked to an issue on the Point to point link, the telco made some changes to resolve it.

0 Helpful

Zivnoah76
Level 1
Level 1
In response to Petter Bruland

‎08-15-2017 01:19 AM

I had the same issue with a BGP session stuck on openconfirm and the ttl-security under neighbor configuration did the work - it moved to Established (after clearing the BGP session).

Thanks,

Ziv

0 Helpful

paul driver
VIP
VIP

‎05-28-2013 04:57 AM

Hello

Do you have ebgp-multihop and update-soruce commands configured?

any interface acl blocking, is the config correct for both ends of the peering?

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

mohammadnouman86
Level 1
Level 1

‎07-13-2016 11:18 AM

Hi,

i faced the same issue, after hours of searching and troubleshooting i found out that at one side of the interface i used /30 mask and on other side /24.

after fixing this everything was fine and BGP neighbors went to Established state.

mandarkulkarni1
Level 1
Level 1
In response to mohammadnouman86

‎07-02-2017 11:23 AM

Great thanks for your post I too had same issue :)

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card