listed and checks the local routing table for a route to this address. At this point, BGP is in the idle state. If BGP does not find a route to the IP address, it stays in the idle state. If it finds a route, it goes into the connect state when the TCP handshaking synchronize acknowledge (SYN ACK) packet returns. After the TCP connection has finished, BGP creates a BGP open packet and sends it to the neighbor. Once BGP dispatches this open packet, the BGP peering session changes to the open sent state. If there is no response for 5 seconds, the state changes to the active state. If a response does come back in a timely manner, BGP goes to the open confirm state and starts scanning (evaluating) the routing table for the paths to send to the neighbor. When those paths are found, BGP goes to the established state and begins routing between the neighbors. You can use the debug command to observe the states that two BGP routers go through during session establishment. In Cisco IOS Software Release 12.4, you use the debug ip bgp ipv4 unicast command. In earlier Cisco IOS releases, the debug ip bgp events command gave similar output. Note
Debugging uses up router resources and should be turned on only when necessary.
Interactive Media Activity Drag and Drop: BGP Neighbor Negotiations Upon completion of this activity, the student will be able to understand the BGP process for establishing neighbor relationships.
Content 6.4 Advanced BGP Configuration and Verification 6.4.2 BGP Established and Idle States The idle state indicates that the router does not know how to reach the IP address that is listed in the neighbor statement. The router may be idle due to one of the following scenarios: The most common reason for a router to enter the idle state is that the neighbor is not announcing the IP address or network that the neighbor statement of the router is pointing to. Check these two conditions first to correct this problem: The established state is the desired state for the neighbor relationship. This state means that both routers have agreed to exchange BGP updates with one another and routing has begun. Use the show ip bgp neighbors command to display information about the BGP connections to neighbors. In Figure , the BGP state is established, which means that the neighbors have established a TCP connection and the two peers have agreed to use BGP to communicate.
Content 6.4 Advanced BGP Configuration and Verification 6.4.3 BGP Active State Troubleshooting If the router is in the active state, it has found the IP address in the neighbor statement and has created and sent out a BGP open packet. However, the router has not received a response (open confirm packet) back. One common problem in this case is that the neighbor may not have a return route to the source IP address. Ensure that the source IP address or network of the packets has been announced to the local routing protocol (IGP). Another common problem associated with the active state occurs when a BGP router attempts to peer with another BGP router that does not have a neighbor statement peering back at the first router, or when the other router is peering with the wrong IP address on the first router. Check to ensure that the other router has a neighbor statement peering at the correct address of the router that is in the active state. If the state toggles between idle and active state, one of the most common problems is a misconfiguration of the autonomous system number. Figure displays the console message generated at the router with the wrong remote autonomous system number configured in the neighbor statement.
Content 6.4 Advanced BGP Configuration and Verification 6.4.4 Configuring a Peer Group In BGP, neighboring routers are often configured with the same update policies. For example, the neighboring routers may have the same filtering applied. On Cisco routers, neighboring routers with the same update policies can be grouped into peer groups to simplify configuration and to make updating more efficient and improve performance. Members of the peer group inherit all the configuration options of the peer group. You can configure the router to override these options for some members if these options affect inbound advertisements but not outbound updates. Peer groups are more efficient because updates are generated only once per peer group rather than repetitiously for each neighboring router. The generated update is replicated for each neighbor that is part of the internal peer group. Peer groups save processing time in generating the updates for all IBGP neighbors. The peer group name is local to the router on which it is configured, and it is not passed to any other router. Peer groups make the router configuration easier to read and manage. Use the neighbor peer-group-name peer-group command to create a peer group and define the name for linking similar neighboring routers together. Use the neighbor ip-address peer-group peer-group-name command to link the address of a neighboring router to a specific peer group name. A neighboring router can be part of only one peer group. This command allows you to enter the peer group name instead of entering the IP address in other commands, for example, to link a policy to the group of neighboring routers. You must enter the neighbor peer-group-name peer-group command before the router will accept this command. Note
Recent releases of Cisco IOS software contain a BGP Dynamic Update Peer-Groups Using Peer Templates feature to dynamically optimize update groups of neighbors for shared outbound policies. More information on this feature can be found on Cisco.com.
Content 6.4 Advanced BGP Configuration and Verification 6.4.5 Configuring a Peer Group Example In Figure , AS 65100 has four routers running IBGP. All these IBGP neighbors are peering with each other using the loopback 0 interface of each, and are using the IP address of their loopback 0 interface as the source IP address for all BGP packets. Each router is using one of its own IP addresses as the next-hop address for each network advertised through BGP. These are outbound policies. In addition, router C has an outbound distribution list associated with each IBGP neighbor. This outbound filter performs the same function as the distribute-list command that you use for internal routing protocols. However, it is linked to a specific neighbor for use with BGP. The ISP behind router C may be announcing RFC 1918 private address space to router C. Router C does not want to pass these networks to other routers running BGP in AS 65100. To accomplish this goal, access list 20 might look like the following: access-list 20 deny 10.0.0.0 0.255.255.255
access-list 20 deny 172.16.0.0 0.31.255.255
access-list 20 deny 192.168.0.0 0.0.255.255
access-list 20 permit any Notice the configuration of router C when it is not using a peer group. All IBGP neighbors have the outbound distribute list link to them individually. If router C receives a change from AS 65101, it must generate an individual update for each IBGP neighbor and run each update against distribute list 20. If router C has a large number of IBGP neighbors, the processing power needed to inform the IBGP neighbors of the changes in AS 65101 could be extensive. The figure also shows the configuration on router C when it is using a peer group called “internal.” The