Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6508
Views
15
Helpful
6
Replies

show tcp brief and BGP connection

Go to solution
mahesh18
Level 6
Level 6

‎05-08-2019 07:13 PM

When i run command 

 

show tcp brief all 

 

Sometimes I see all 4 BGP nei as established and also show listening

is this normal behaviour?

 

why it show as both established and listening?

 

 

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-08-2019 11:14 PM

No need to worrried about that, if you have concern related to BGP you need to look at BGP process.

show ip bgp summary

 

TCP handshake always happends all the time its life time process.

 

L0ok at RFC reference :

 

A connection progresses through a series of states during its

  lifetime.  The states are:  LISTEN, SYN-SENT, SYN-RECEIVED,

  ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK,

  TIME-WAIT, and the fictional state CLOSED.  CLOSED is fictional

  because it represents the state when there is no TCB, and therefore,

  no connection.  Briefly the meanings of the states are:

 

    LISTEN - represents waiting for a connection request from any remote

    TCP and port.

 

    SYN-SENT - represents waiting for a matching connection request

    after having sent a connection request.

 

    SYN-RECEIVED - represents waiting for a confirming connection

    request acknowledgment after having both received and sent a

    connection request.

 

   ESTABLISHED - represents an open connection, data received can be

    delivered to the user.  The normal state for the data transfer phase

    of the connection.

 

    FIN-WAIT-1 - represents waiting for a connection termination request

    from the remote TCP, or an acknowledgment of the connection

    termination request previously sent.

 

    FIN-WAIT-2 - represents waiting for a connection termination request

    from the remote TCP.

 

    CLOSE-WAIT - represents waiting for a connection termination request

    from the local user.

 

    CLOSING - represents waiting for a connection termination request

    acknowledgment from the remote TCP.

 

    LAST-ACK - represents waiting for an acknowledgment of the

    connection termination request previously sent to the remote TCP

    (which includes an acknowledgment of its connection termination

    request).

 

    TIME-WAIT - represents waiting for enough time to pass to be sure

    the remote TCP received the acknowledgment of its connection

    termination request.

 

    CLOSED - represents no connection state at all.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-09-2019 03:21 AM

Hello Mahesh,

when we configure BGP neighbors actually both sides attempt to setup a TCP session to well known TCP port 179.

However, only one of these two is actually used and goes to established state. The choice depends on BGP AS number and BGP router-ids of the two peers.

I think this might be the root cause of what you see.

 

Hope to help

Giuseppe

 

View solution in original post

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-09-2019 07:15 AM

Hello Mahesh,

to understand who is acting as the "server" in the TCP session established we have to look at the TCP port: the side using the well known TCP 179 is the server side and the session has been started by the other side using an high number TCP port (not fixed value an ephemereal port).

A router can be server for one eBGP session and "client" for another BGP session at the same time.

 

Hope to help

Giuseppe

 

 

 

 

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-08-2019 11:14 PM

No need to worrried about that, if you have concern related to BGP you need to look at BGP process.

show ip bgp summary

 

TCP handshake always happends all the time its life time process.

 

L0ok at RFC reference :

 

A connection progresses through a series of states during its

  lifetime.  The states are:  LISTEN, SYN-SENT, SYN-RECEIVED,

  ESTABLISHED, FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK,

  TIME-WAIT, and the fictional state CLOSED.  CLOSED is fictional

  because it represents the state when there is no TCB, and therefore,

  no connection.  Briefly the meanings of the states are:

 

    LISTEN - represents waiting for a connection request from any remote

    TCP and port.

 

    SYN-SENT - represents waiting for a matching connection request

    after having sent a connection request.

 

    SYN-RECEIVED - represents waiting for a confirming connection

    request acknowledgment after having both received and sent a

    connection request.

 

   ESTABLISHED - represents an open connection, data received can be

    delivered to the user.  The normal state for the data transfer phase

    of the connection.

 

    FIN-WAIT-1 - represents waiting for a connection termination request

    from the remote TCP, or an acknowledgment of the connection

    termination request previously sent.

 

    FIN-WAIT-2 - represents waiting for a connection termination request

    from the remote TCP.

 

    CLOSE-WAIT - represents waiting for a connection termination request

    from the local user.

 

    CLOSING - represents waiting for a connection termination request

    acknowledgment from the remote TCP.

 

    LAST-ACK - represents waiting for an acknowledgment of the

    connection termination request previously sent to the remote TCP

    (which includes an acknowledgment of its connection termination

    request).

 

    TIME-WAIT - represents waiting for enough time to pass to be sure

    the remote TCP received the acknowledgment of its connection

    termination request.

 

    CLOSED - represents no connection state at all.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-09-2019 03:21 AM

Hello Mahesh,

when we configure BGP neighbors actually both sides attempt to setup a TCP session to well known TCP port 179.

However, only one of these two is actually used and goes to established state. The choice depends on BGP AS number and BGP router-ids of the two peers.

I think this might be the root cause of what you see.

 

Hope to help

Giuseppe

 

Go to solution
mahesh18
Level 6
Level 6
In response to Giuseppe Larosa

‎05-09-2019 05:48 AM

Many Thanks for great explanation.

That clears the air

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Giuseppe Larosa

‎05-09-2019 06:18 AM

one follow up question how can we tell which side got success in establishing neighbourship?

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to mahesh18

‎05-09-2019 07:15 AM

Hello Mahesh,

to understand who is acting as the "server" in the TCP session established we have to look at the TCP port: the side using the well known TCP 179 is the server side and the session has been started by the other side using an high number TCP port (not fixed value an ephemereal port).

A router can be server for one eBGP session and "client" for another BGP session at the same time.

 

Hope to help

Giuseppe

 

 

 

 

Go to solution
mahesh18
Level 6
Level 6
In response to Giuseppe Larosa

‎05-09-2019 05:55 PM

Many thanks for great explanation !!!

Much appreciated.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card