JNCIE-SP Notes on BGP Troubleshooting
General tips
- Get to know the diagram/topology. Mark it up: add notes and draw AS boundaries so that you don’t get your numbers mixed up.
- Read the requirements carefully and, as you are reading, start forming a list of requirements to validate.
- Traceoptions will probably take too long to be useful so if you can use show commands, the messages log, or “monitor traffic…” you are better off.
Getting Established - IBGP
- Check pings from all loopbacks, to all other loopbacks. Remember to specify the loopback address as the source or “set system default-address-selection”.
- Be prepared to troubleshoot the IGP and protocol-independent routing configs.
- For adjacency issues, check the messages log and grep on the host IP.
- Misconfigured authentication may cause problems.
Getting Established - EBGP
- As with IBGP, check pings and look in the messages log for entries matched against the peer address.
- Make sure multihop is configured where needed and supporting static routes are active.
- Prefix limits can make for problems staying established. These are logged in “messages”.
- Look for mismatched AS configurations.
Verifying Policy and Routing
- Hopefully you took good notes on which peers must be preferred over others because that will come in handy now.
- Use “show route receive-protocol bgp <neighbor_addr> all” to identify key routes that you can use to verify that prefixes are received and reachable from your whole network. Make sure you check against the requirements so that you don’t pick a route that is supposed to be filtered.
- Use “show route resolution unresolved” to deal with problems with unresolvable next-hops.
- Use “show route receive-protocol bgp <neighbor_addr> hidden” to verify that the policy is not filtering routes which should be permitted per the requirements.
- Verify that advertisements to customers are as expected:
* Summary Aggregates may need to be advertised, possibly with specific routes suppressed.
* a missing address-family configuration in BGP may mean that you are not advertising IPv6 when you need to. ditto IPv4.