Troubleshooting BGP Routes learning abnormally

Faults can be classified to the followingtypes based on whether abnormal routes are BGP routes originated by the localdevice:

1) Exception occur in learning of local BGProutes.

2) Exception occur in learning of neighborBGP routes.

Local BGP routes refer to routes importedto BGP by the network or the redistribute command. When a faultoccurs, the BGP routing table does not contain these routes. Routes advertisedto the local device by neighbors are also called dynamic routes. When a faultoccurs, the BGP routing table or the routing table does not contain theseroutes.

Possible Causes

1.Possible causes for an exceptionoccurring in learning of a local BGP route include that the routing table doesnot contain this route and that the route-map filters certain routes.

Faults occurring in neighbor route learningare classified into the following types based on  whether BGP neighbors are established:

2.Neighbor sessions are not normallyestablished. In this case, possible causes for the faults include incorrectconfigurations, network faults or other software faults.  

3.Neighbor sessions are normallyestablished. In this case, possible causes for the faults include that theneighbors do not advertise these routes, that certain attributes of the BGProutes advertised by the neighbors are abnormal (for example, the next hop isunreachable, router-IDs are in conflict, and AS path loops occur), and that theBGP routes are filtered or suppressed by certain configurations.

Troubleshooting Procedure

Step 1: Check the neighbor status.

Step 2: Check the route status.

Step 3: Collect information and contactruijie post-sale for support.

  Debugging operations cause risks (The worst case is to restartthe switch for recovery). Perform debugging only after informing customers ofthe risks and get them accepted. It is recommended debugging at low-trafficperiods (Be more cautious when dealing with core switches). If packet capturingis also required for troubleshooting, remember to collect information bydebugging and packet capturing at the same time.

Step1: Check the neighbor status.

1)    Run the show ip bgp neighbor A.B.C.D command to check the neighbor status.If "BGP state = Established" is displayed, it indicates that theneighbor is successfully established. See the following information:

                              

Relatedcommands:

showbgp ipv4 unicast neighbor

//Displaysthe IPv4 unicast neighbor and has the same effect as show ip bgp neighbor.

showbgp ipv6 unicast neighbor

//Displaysthe IPv6 unicast neighbor.

showbgp vpnv4 unicast all neighbor

//Displaysall VPN neighbors including PE neighbors of a public network and CE neighborsof a private VRF.

2) If the BGP neighbor fails to beestablished, continue locating the fault:

·        Check whether theconfigurations on the local and neighbor devices are correct.

The two ends must be configured with symmetric neighbor A.B.C.D remote-asas-number.

In addition, the remote-as number must be correct.

·        Check whether neighbor A.B.C.Dupdate-source needs to be configured:

Generally, update-source must be specified for IBGP neighbors.

Extremely, when multiple pairs of BGP neighbors are established betweentwo devices, update-source must be specified.

·        Ping the IP address of theneighbor device to check whether the network connection is normal (If theneighbor device is configured with update-source, ping the IP address of theneighbor device with the source).

If the neighbor device fails to be pinged, run the show ip/ipv6 route command on both devices to check whether thelocal device has a route that can reach the neighbor device.

·        If the neighbor device can besuccessfully pinged but the neighbor cannot be established, check whetherebgp-multihop needs to be configured for the neighbor device.

For non-directly-connected EBGP neighbors, ebgp-multihop must beconfigured.

·        Check whether the router ID ofthe neighbor device is in conflict. Run the show ip bgp summary command to display the local router ID.

·        Check whether the neighborconfigurations at both ends contain the IP address family.

3) If the neighbor is successfully established but no route can belearned, you need to further check whether the neighbor device supports the IPaddress family capability. Run the showip bgp neighbor command for checking:

A BGP neighbor can support multiple IP address families. Only whennegotiation about an IP address family capability succeeds, the routescorresponding to the IP address family can be learned. The negotiation resultsare as follows:

·        advertised: The local devicehas an activated capability but the neighbor device has no activatedcapability; therefore, the negotiation fails.

·        received: The local device hasno activated capability but the neighbor device has an activated capability;therefore, the negotiation fails.

·        advertised and received: Boththe local and neighbor devices have activated capabilities; therefore, thenegotiation succeeds.

Step2 : Check the route status.

If a BGP neighbor is normal but no route is learned, there are twopossible causes: a) The BGP route fails to be learned; b) The BGP route islearned but fails to be calculated.

1) Check whether the BGP route is available in the routing table byrunning the show ip bgp A.B.C.Dcommand.

Relatedcommands:

show bgp ipv4 unicast A.B.C.D

Displaysthe IPv4 unicast route and has the same effect as show ip bgp A.B.C.D.

show bgp ipv6 unicast X:X::X::X/XX

Displaysthe IPv6 unicast route.

show bgp vpnv4 unicast all A.B.C.D

Displaysthe VPN route, as well as the VPNv4 route of a public network and the route ofa private VRF.

2) If the BGP route exists but isunavailable in the routing table, it indicates that the route fails to be calculated.See the following information:

"inaccessible" indicates that thenext-hop of the route is inaccessible. Such a BGP route cannot be calculated.

Youneed to check whether a valid IGP route to the next hop is available, forexample, a route shown in the preceding figure. Run the show ip route 3.3.3.3 command for checking.

3) If the BGP route does not exist, itindicates that no route is learned from the neighbor. You need to repeat theoperation in step 2 on the peer device to check whether the route is availableon the neighbor device.

If theroute is also unavailable on the neighbor device, you need to further locatethe fault upward.

4) Enable debugging to check whether thelocal device receives a route advertisement packet from the neighbor device.

debug ip bgp update in, debug ip bgp warn:enables debugging.

clear ip bgp peer-ip soft in: soft resets a BGP session to enablethe neighbor to advertise the route again.

Related commands:

clear bgp ipv4 unicast A.B.C.D soft in

Softrestarts the ingress route of the IPv4 unicast neighbor and has the same effectas clear ip bgp A.B.C.D soft in.

clear bgp ipv6 unicast X:X::X::X soft in

Softrestarts the ingress route of the IPv6 unicast neighbor.

clear bgp vpnv4 unicast A.B.C.D soft in

Softresets the ingress route of the VPNv4 neighbor.

If thelocal device receives this route, check the route filtering information: "Peer-IP-incoming/outgoing[RIB] Update: Prefix A.B.C.D/32 denied due to Reason". Where, Reason is a string, which can be:

a)    “attrcomon check fail”

Indicatesthat an invalid field is found in packet decoding and the route is filtered.For such an error, more information will be displayed to show the invalidfield, for example:

i)       "%s-%s [DECODE] Attr OrigID:OrigID(%r) same as Self, Ignoring UPDATE..." The route Originate-id is thelocal device, and a routing loop occurs.

ii)      "%s-%s [DECODE] Attr Cluster: mycluster-id in the cluster-list" The route cluster-id includes the localdevice and a routing loop occurs.

iii)     "%s-%s [DECODE] Update: InvalidNexthop: %r" The next hop of the route is an invalid IP address or is aninterface IP address of the local device.

b)    “MPLS VPN/BGP implicit inbound filter”

Indicatesthat the RT attribute of the L3VPN or L2VPN fails to be matched. You need to checkwhether the import route-target configuration of the local VRF or VFI iscorrect.

c)    “as-pathcontains our own AS”

Indicatesthat an AS-PATH loop occurs.

d)    “filter”

Indicatesthat the route is filtered by the ingress policy. You need to check the ingressfiltering policies of the neighbor, including filter-list, prefix-list, anddistribute-list.

e)    “route-map”

Indicatesthat the route is filtered by the route-map in configuration. You need to checkthe route map configuration.

f)     “non-connectednext-hop”

Indicatesthat the next hop of the IPv4 route received from the directly-connected EBGPneighbor is not a directly-connected interface. You need to check the networkconfigurations.

g)    “maxprefix overflow”

Indicatethat the route received from the neighbor exceeds the max limitation, whichcauses overflow. You need to check the neighbor configuration and the receivedroute entry (show ip bgp summary) to check whether overflow occurs.

h)    “address-familyoverflow”

Indicatesthat the total capacity of the routing table in the IP address family isabnormal. You need to check the maximum-prefix configuration in the BGP addressfamily.

5) If the local device does not receive theroute update message in the previous step, it indicates that the neighbordevice does not advertise the route. You need to perform debugging on theneighbor device.

1. Run theshow command to check the routestatus, such as show ip bgp A.B.C.D.

a)      "(inaccessible)": indicates thatthe route calculation fails. You need to check whether the next hop calculationof the route fails.

b)      "(suppressed due to dampening)":indicates that the local device is enabled with the dampening function and theroute is suppressed by flapping. You need to check whether the network flapsall the time.

c)      Check the community attributes of theroute and check whether attributes that suppress route advertisement such asNo_Export, Local_AS and NO_Advertise are included.

Relatedcommands:

show bgp ipv4 unicast A.B.C.D

Displaysthe IPv4 unicast route and has the same effect as show ip bgp A.B.C.D.

show bgp ipv6 unicast X:X::X::X/XX

Displaysthe IPv6 unicast route.

show bgp vpnv4 unicast all A.B.C.D

Displaysthe VPN route, as well as the VPNv4 route of a public network and the route ofa private VRF.

2. Check whether a route aggregation isconfigured and whether the route aggregation carries the summary-only option. If yes, the route will be normally suppressed.To enable the neighbor device to learn the route, you need to cancel the summary-only parameter or configureunsuppress-map for this neighbor on the local device.

You can also run the show ip bgp command to display the route suppressed by the summary-only parameter, which ismarked with "s" at the front. (This show command can be used in only a few routing states).

3. If the previous two steps can determinethat the route is not suppressed, you need to debug other causes forsuppression of the route advertisement.

debug ip bgp update out

debug ip bgp filter

debug ip bgp warn

Enablethe preceding debugging functions.

4. clear ip bgp peer-ip soft out

Softresets the BGP session and advertises the route to the neighbor again.

Relatedcommands:

clear bgp ipv4 unicast A.B.C.D soft out

Softrestarts the egress route of the IPv4 unicast neighbor and has the same effectas clear ip bgp A.B.C.D soft out.

clear bgp ipv6 unicast X:X::X::X soft out

Softrestarts the egress route of the IPv6 unicast neighbor.

clear bgp vpnv4 unicast A.B.C.D soft out

Softresets the egress route of the VPNv4 neighbor.

Determine the cause for route advertisement failureaccording to the debugging information as follows:

a)      "%s-%s [RIB] Announce Check: %OOriginator-ID is same as Remote Router-ID"

TheOriginate-ID of the route is the same as the neighbor device and the route loopis suppressed.

b)      "%s-%s [RIB] Announce Check: %Osite-of-origin is same as peer site"

The SOOattribute of the route is the same as the neighbor device and the route loop issuppressed.

c)      "%s-%s [RIB] Announce Check: %O isdenied by out filter"

Theroute is filtered by the egress policy. You need to check the neighborconfigurations, including filter-list, prefix-list, and distribute-list.

d)      "%s-%s [RIB] Announce Check: %O Noannouncement since AS %u is in AS Path"

A loopis detected along the AS-PATH.

e)      "%s-%s [RIB] Announce Check: %O isdenied by unsuppress-map"

A routein the suppress state is successfully matched by the unsuppress-mapconfiguration of the neighbor.

f)      "%s-%s [RIB] Announce Check: %O isdenied by out routemap"

Theroute is filtered by the route-map out configuration. You need to check theroute-map configuration.

Step4. Fault Information Collection

Collectlog information (pay attention to the time switch and the time accuracy) forfault analysis.

[Devicedebugging information, configuration, hardware and software versions, devicelogs and operation logs]

Collecting basic information

show version

show version slots

show run

show log

show ip interface brief

show interface status

show interface counter sum   

show interface counter  rate

show interfaces counters errors

show interfaces counters

show arp counter

show arp

show arp detail

show mac-address-table

show mac-address-table counter

show ip route

show ip route count

show memory

dir

show vlan

show cpu

show cpu-protect mb

show cpu-protect

show cpu-protect slot X (For switches S7600, S8600 and S12000, CPPstatistics information should be collected twice for each line card.)

show spanning-tree

show spanning-tree summary

Collecting BGP information.

show ip bgp neighbor A.B.C.D

show bgp ipv4 unicast neighbor

show bgp ipv6 unicast neighbor

show bgp vpnv4 unicast all neighbor

show ip bgp summary

show ip/ipv6 route

show bgp ipv4 unicast A.B.C.D

show bgp ipv6 unicast X:X::X::X/XX

show bgp vpnv4 unicast all A.B.C.D