Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[EX/QFX] Troubleshoot external BGP session stuck in ACTIVE state

0

0

Article ID: KB33843 KB Last Updated: 08 Apr 2019Version: 1.0
Summary:

This article will guide in troubleshooting external BGP sessions not established and stuck in ACTIVE stated after BGP is configured.

Symptoms:

For this example, we will use the following topology:



Assuming that the ISP neighbor router is correctly configured, you configure your router. After configuring the BGP group, the external session is not yet established. The current state is ACTIVE:

{master:0}
root@SW1> show bgp summary
Groups: 1 Peers: 1 Down peers: 1
Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
inet.0
                       0          0          0          0          0          0
Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.0.2             101          0          2       0       0       12:37 Active




{master:0}
root@SW1> show bgp neighbor
Peer: 192.168.0.2 AS 101       Local: 192.168.0.1 AS 100
  Type: External    State: Active         Flags: <>
  Last State: Idle          Last Event: Start
  Last Error: None
  Options: <Preference PeerAS Refresh>
  Holdtime: 90 Preference: 170
  Number of flaps: 0
  Trace options:  all
  Trace file: /var/log/bgp_trace size 0 files 10
Cause:

BGP stuck in ACTIVE state. The possible reasons are:

  • TCP connection is initiated and it is in ACTIVE state, i.e. LISTENING state. It is waiting for the TCP connection to complete.
  • Peer address configured incorrectly on either router.
  • AS number configured incorrectly on either router.
  • BGP configuration error.
  • Network congestion.
  • Interface flapping.
Solution:
  1. Check peer's IP address configuration. Do you have point to point connectivity? Yes, continue to step 3 | No, continue to step 2

    [master:0]
    root@SW1> ping 192.168.0.2
    PING 192.168.0.2 (192.168.0.2): 56 data bytes
    64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=1.393 ms
    64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=1.256 ms
    64 bytes from 192.168.0.2: icmp_seq=2 ttl=64 time=1.224 ms
    ^C
    --- 192.168.0.2 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 1.224/1.291/1.393/0.073 ms
  2. Check the IP address being used on both sides of the BGP session, point to point connectivity is required. Check for errors or flaps on the physical interface. Once you are able to reach point to point connectivity, the state can change to ESTABLISHED if all configuration is correct or if also the peer Autonomous System ID is incorrect, the state can change to ACTIVE. If that is the case, proceed to step 3.

  3. Check the autonomous system ID configured on both sides to check if there is a peer-as mismatch. If you do not have access to the neighbor router, you can enable traceoptions to obtain the information.

    Enable traceoptions to check peer AS mismatch, if there is a Peer AS mismatch, a NOTIFICATION message will be generated on traceoptions log file with the details:

    {master:0}[edit]
    root@SW1# show protocols bgp
    traceoptions {
        file bgp_trace;
        flag all;
    }
    group EXTERNAL {
        type external;
        neighbor 192.168.0.2 {
            peer-as 101;
        }
    }


    Run the log file to check for NOTIFICATION messages:

    {master:0}
    root@SW1> show log bgp_trace
    Jan 19 14:25:42.548223 BGP RECV 192.168.0.2+52531 -> 192.168.0.1+179
    Jan 19 14:25:42.548295 BGP RECV message type 1 (Open) length 63
    Jan 19 14:25:42.548322 BGP RECV version 4 as 200 holdtime 90 id 10.5.90.24 parmlen 34
    Jan 19 14:25:42.548344 BGP RECV MP capability AFI=1, SAFI=1
    Jan 19 14:25:42.548365 BGP RECV Refresh capability, code=128
    Jan 19 14:25:42.548384 BGP RECV Refresh capability, code=2
    Jan 19 14:25:42.550148 BGP RECV Restart capability, code=64, time=120, flags=
    Jan 19 14:25:42.550207 BGP RECV 4 Byte AS-Path capability (65), as_num 200
    Jan 19 14:25:42.550229 BGP RECV Unrecognized capability 71
    Jan 19 14:25:42.550315 BGP RECV Param data (2 bytes): 47 00
    Jan 19 14:25:42.550357 bgp_parse_4byte_aspath_cap():227 AS4-Peer (RECV): 4 byte AS capability received, AS 200
    Jan 19 14:25:42.550417 advertising graceful restart receiving-speaker-only capability to neighbor 192.168.0.2 (External AS 101)
    Jan 19 14:25:42.551981 bgp_4byte_aspath_add_cap():153 AS4-Peer 192.168.0.2 (External AS 101)(SEND): 4 byte AS capability added, AS 100
    Jan 19 14:25:42.552043
    Jan 19 14:25:42.552043 BGP SEND 192.168.0.1+179 -> 192.168.0.2+52531
    Jan 19 14:25:42.552080 BGP SEND message type 1 (Open) length 59
    Jan 19 14:25:42.552106 BGP SEND version 4 as 100 holdtime 90 id 10.85.240.14 parmlen 30
    Jan 19 14:25:42.552128 BGP SEND MP capability AFI=1, SAFI=1
    Jan 19 14:25:42.552149 BGP SEND Refresh capability, code=128
    Jan 19 14:25:42.552170 BGP SEND Refresh capability, code=2
    Jan 19 14:25:42.552192 BGP SEND Restart capability, code=64, time=120, flags=
    Jan 19 14:25:42.552215 BGP SEND 4 Byte AS-Path capability (65), as_num 100
    Jan 19 14:25:42.552239
    Jan 19 14:25:42.552239 BGP SEND 192.168.0.1+179 -> 192.168.0.2+52531
    Jan 19 14:25:42.552273 BGP SEND message type 3 (Notification) length 21
    Jan 19 14:25:42.552296 BGP SEND Notification code 2 (Open Message Error) subcode 2 (bad peer AS number)
    Jan 19 14:25:42.552407 bgp_pp_recv:3197: NOTIFICATION sent to 192.168.0.2+52531 (proto): code 2 (Open Message Error) subcode 2 (bad peer AS number), Reason: no group for 192.168.0.2+52531 (proto) from AS 200 found (peer as mismatch), dropping him

    Jan 19 14:25:42.553833 task_timer_delete: BGP_Proto.192.168.0.2+52531_OpenTimeOut <Touched>


    Traceoptions shows a notification message about an error in the autonomous system configuration, SW2 has 200 as the AS configured while the configuration in SW1 is peer-as 101 under the external BGP group hierarchy.

    Correct the peer-as and check the BGP session again:

    root@SW1# show protocols bgp
    group EXTERNAL {
        type external;
        neighbor 192.168.0.2 {
            peer-as 200;
        }
    }



    root@SW1> show bgp summary
    Groups: 1 Peers: 1 Down peers: 0
    Table          Tot Paths  Act Paths Suppressed    History Damp State    Pending
    inet.0
                           0          0          0          0          0          0
    Peer                     AS      InPkt     OutPkt    OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
    192.168.0.2             200          4          5       0       0        1:00 0/0/0/0              0/0/0/0

    {master:0}
    root@SW1> show bgp neighbor
    Peer: 192.168.0.2+179 AS 200   Local: 192.168.0.1+53809 AS 100
      Type: External    State: Established    Flags: <Sync>
      Last State: OpenConfirm   Last Event: RecvKeepAlive
      Last Error: None
      Options: <Preference PeerAS Refresh>
      Holdtime: 90 Preference: 170
      Number of flaps: 0
      Peer ID: 10.5.90.24      Local ID: 10.85.240.14      Active Holdtime: 90
      Keepalive Interval: 30         Group index: 0    Peer index: 0
      BFD: disabled, down
      Local Interface: ge-0/0/1.0
      NLRI for restart configured on peer: inet-unicast
      NLRI advertised by peer: inet-unicast
      NLRI for this session: inet-unicast
      Peer supports Refresh capability (2)
      Stale routes from peer are kept for: 300
      Peer does not support Restarter functionality
      NLRI that restart is negotiated for: inet-unicast
      NLRI of received end-of-rib markers: inet-unicast
      NLRI of all end-of-rib markers sent: inet-unicast
      Peer supports 4 byte AS extension (peer-as 200)
      Peer does not support Addpath
      Table inet.0 Bit: 10000
        RIB State: BGP restart is complete
        Send state: in sync
        Active prefixes:              0
        Received prefixes:            0
        Accepted prefixes:            0
        Suppressed due to damping:    0
        Advertised prefixes:          0
      Last traffic (seconds): Received 11   Sent 19   Checked 74
      Input messages:  Total 8      Updates 1       Refreshes 0     Octets 156
      Output messages: Total 8      Updates 0       Refreshes 0     Octets 215
      Output Queue[0]: 0

     
  4. Now the session is established with the external BGP peer.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search