When establishing BGP sessions between two nodes, there is one more thing worth noting.
Let's remove previous configuration and start from scratch.
R1:
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#no router bgp 65104
R4:
R4#conf t Enter configuration commands, one per line. End with CNTL/Z. R4(config)#no router bgp 65104
Let's rebuild this iBGP peering between R1 and R4, but incorrectly this time.
First, on R1:
R1(config)#router bgp 65104 R1(config-router)#neighbor 172.16.14.4 remote-as 65104 R1(config-router)#end R1#
So far, so good. But now, R4's configuration is going to teach us a lesson.
R4(config)#router bgp 65104 R4(config-router)#neighbor 172.16.104.1 remote-as 65104 R4(config-router)#end R4#
This is not working. iBGP Session is not getting established. What is wrong here?
First debug shows this:
R4#debug ip tcp transactions TCP special event debugging is on R4#u all Reserved port 0 in Transport Port Agent for TCP IP type 0 TCP: connection attempt to port 179 TCP: sending RST, seq 0, ack 1549513988 TCP: sent RST to 172.16.14.1:47137 from 172.16.14.4:179 Released port 0 in Transport Port Agent for TCP IP type 0 delay 240000 TCP0: state was LISTEN -> CLOSED [0 -> UNKNOWN(0)] TCB 0xF3E55AD0 destroyed R4#u all R4#
R4 is sending TCP RST. But why? It is configured to run BGP AS 65104 after all!
Let's tear R1's configuration apart.
The router process is configured to be AS 65401. So is the AS number on R4. All in order here.
R1 configuration contains the 'neighbor 172.16.14.4 remote-as 65401'. This means, that R1 is going to try to establish iBGP session with R4. Since R1 has two interfaces towards R4, it is going to use the one that routing table uses as best path towards 172.16.14.4. Here it is:
R1#show ip route 172.16.14.4 Routing entry for 172.16.14.0/24 Known via "connected", distance 0, metric 0 (connected, via interface) Routing Descriptor Blocks: * directly connected, via Ethernet0/0.14 Route metric is 0, traffic share count is 1 R1#
In order to send TCP SYN R1 will use its Ethernet0/0.14 to reach 172.16.14.4. It is going to source this request with IP address found on this interface: 172.16.14.1.
A temporary ACL and debug ip packet detail (use in lab only), are going to help see what is going on.
R4(config)#access-list 101 permit ip host 172.16.14.1 any R4(config)#access-list 101 permit ip host 172.16.14.4 any R4(config)#
This ACL will be used in the debug.
R4#debug ip packet detail 101 IP packet debugging is on (detailed) for access list 101 R4# IP: s=172.16.14.1 (Ethernet0/0.14), d=172.16.14.4, len 44, input feature TCP src=41155, dst=179, seq=702428119, ack=0, win=16384 SYN, MCI Check(88), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE FIBipv4-packet-proc: route packet from Ethernet0/0.14 src 172.16.14.1 dst 172.16.14.4 FIBfwd-proc: Default:172.16.14.4/32 receive entry FIBipv4-packet-proc: packet routing failed IP: tableid=0, s=172.16.14.1 (Ethernet0/0.14), d=172.16.14.4 (Ethernet0/0.14), routed via RIB IP: s=172.16.14.1 (Ethernet0/0.14), d=172.16.14.4 (Ethernet0/0.14), len 44, rcvd 3 TCP src=41155, dst=179, seq=702428119, ack=0, win=16384 SYN IP: s=172.16.14.1 (Ethernet0/0.14), d=172.16.14.4 R4#, len 44, stop process pak for forus packet TCP src=41155, dst=179, seq=702428119, ack=0, win=16384 SYN FIBipv4-packet-proc: route packet from (local) src 172.16.14.4 dst 172.16.14.1 FIBfwd-proc: packet routed by adj to Ethernet0/0.14 172.16.14.1 FIBipv4-packet-proc: packet routing succeeded IP: s=172.16.14.4 (local), d=172.16.14.1 (Ethernet0/0.14), len 40, sending TCP src=179, dst=41155, seq=0, ack=702428120, win=0 ACK RST IP: s=172.16.14.4 (local), d=172.16.14.1 (Ethernet0/0.14), len 40, sending full packet TCP src=179, dst=41155, seq=0, ack=702428120, win=0 ACK RST R4#u all All possible debugging has been turned off R4#
Clearly R4 does not like the request sent by R1.
The reason is that R4 BGP configuration has the following line:
R4(config)#router bgp 65104
R4(config-router)#neighbor 172.16.104.1 remote-as 65104
R4(config-router)#end
R4#
R4 will try to establish the TCP (BGP) session with R1 using its outgoing interface Ethernet0/0.104.
It expects to receive TCP SYN from R1 with the source IP address 172.16.104.1, not currently seen 172.16.14.1. Establishing session fails on both routers due to the neighbor IP address misconfiguration.
Conclusion
BGP neighbor IP address configured must match IP address of the incoming TCP SYN (port 179) from the peer. If not here's what we see:R1#show ip bgp summary BGP router identifier 10.1.1.1, local AS number 65104 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 172.16.14.4 4 65104 0 0 1 0 0 never Idle R1# R4#show ip bgp summary BGP router identifier 10.4.4.4, local AS number 65104 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 172.16.104.1 4 65104 0 0 1 0 0 never Idle R4#
Remove the configuration from this (and previous lab). Up next, eBGP session.
