I have an EBGP neighbor thats gets stuck on openconfirm on one end and opensent on the other end, its running over a L2 WAN link.
The neighbour is seen as directly connected, port 179 is open and I can ping accross without any MTU issues. BGP source interface is set on both ends. There's no fancy configs, just standard EBGP.
Any ideas on what else could possibly cause this. Seems to be the WAN provider network but its odd that its a L2 link and connectivity is in place but BGP not establishing
In the OPENSENT and OPENCONFIRM states, the two peers are exchanging preliminary packets in order to establish their BGP session. If the exchanges are successful, the peers will enter the ESTABLISHED state. The peers must continue to exchange periodic KEEPALIVE packets to remain in the established state, unless the negotiated hold time is 0.
OpenSent State: BGP FSM listens for an Open message from its peer.
Once the message has been received, the router checks the validity of the Open message.
If there is an error it is because one of the fields in the Open message doesn’t match between the peers, e.g., BGP version mismatch, MD5 password mismatch, the peering router expects a different My AS, etc. The router then sends a Notification message to the peer indicating why the error occurred.
If there is no error, a Keepalive message is sent, various timers are set and the state is changed to OpenConfirm.
OpenConfirm State: The peer is listening for a Keepalive message from its peer.
If a Keepalive message is received and no timer has expired before reception of the Keepalive, BGP transitions to the Established state.
If a timer expires before a Keepalive message is received, or if an error condition occurs, the router transitions back to the Idle state
Following things to be checked;
1- Show tec brief all to see if we have tcp connection state.
2- Make sure you are using the correct ip address and autonomous sytem respectively on both the ends.
3- As you mentioned you are able to ping the neighbor ip address, does the bgp form neighbors directly (i.e I mean without source other inteface)?
If you are using other interface for example loopback to form neigbor , I belive you are using update source loopback0 command?
4- Troubleshooting BGP neighbors link:
*Plz rate all usefull posts.
I also found that if you have the ttl-security feature enabled, the BGP connection does not move to Established state. Just in case someone has that configured and runs into this issue.
router bgp 123
Had this issue some time back.
If memory serves me correct, mine was linked to an issue on the Point to point link, the telco made some changes to resolve it.
I had the same issue with a BGP session stuck on openconfirm and the ttl-security under neighbor configuration did the work - it moved to Established (after clearing the BGP session).
Do you have ebgp-multihop and update-soruce commands configured?
any interface acl blocking, is the config correct for both ends of the peering?
Please don't forget to rate any posts that have been helpful.
i faced the same issue, after hours of searching and troubleshooting i found out that at one side of the interface i used /30 mask and on other side /24.
after fixing this everything was fine and BGP neighbors went to Established state.