BGP (Border Gateway Protocol) is a protocol for exchanging routing information between gateway hosts (each with its own router) in a network of autonomous systems. BGP is often the protocol used between gateway hosts on the Internet. The routing table contains a list of known routers, the addresses they can reach, and a cost metric associated with the path to each router so that the best available route is chosen.
Hosts using BGP communicate using the Transmission Control Protocol (TCP) and send updated router table information only when one host has detected a change. Only the affected part of the routing table is sent. BGP-4, the latest version, lets administrators configure cost metrics based on policy statements. (BGP-4 is sometimes called BGP4, without the hyphen.)
BGP is very security-focused — for example, all adjacent routers have to be configured manually — and decent BGP implementations provide a rich set of route filters to allow ISPs to defend their networks and control what they advertise to their competitors.
Before jumping into BGP troubleshooting, you have to identify the source of the connectivity problem you’re debugging — usually, you suspect that BGP might be involved if one of your customers reports limited or no internet connectivity beyond your network.
Perform a traceroute from a workstation on the problematic local area network (LAN). If the trace reaches the first BGP-speaking router — or, even better, if it gets beyond the edge of your network — you’re probably dealing with a BGP issue. Otherwise, check whether the BGP-speaking router advertises a default route into your network — without a default route, other routers in your network cannot reach the internet destinations.
If you don’t have access to a LAN-attached workstation, you can perform the traceroute from the customer-premises router, but you have to ensure the source IP address used in the traceroute packets is the router’s LAN address.
BGP has to establish a TCP session between adjacent BGP routers before they can exchange routes. The first check is thus the status of the BGP sessions between the routers.
The BGP neighbors are configured manually, and the two most probable configuration errors are:
- Neighbor IP address mismatch: The destination IP address configured on one BGP neighbor has to match the source IP address — or the IP address of the directly connected interface — configured on the other.
- AS number mismatch: The neighbor AS number configured on one side of the BGP session has to match the actual BGP AS number used by the neighbor.
You could also have a problem with packet filters deployed on the BGP-speaking router. These filters have to allow packets to and from TCP port 179.
If your users want to receive traffic from the internet, the IP prefix assigned to your network must be visible throughout the internet. To get there, three steps are needed:
- Your BGP router must insert your IP prefix into its BGP table.
- The IP prefix must be advertised to its BGP neighbors.
- The IP prefix must be propagated throughout the internet.
Is the route inserted into BGP? Most routing protocols automatically insert directly connected IP subnets into their routing tables or databases. Due to security requirements, BGP is an exception. It will originate an IP prefix only if it’s manually configured to do so — for example, Cisco routers use the network statement to configure advertised IP prefixes. Another option is route redistribution, which is highly discouraged in the internet environment.
Furthermore, to avoid attracting unroutable traffic, BGP will announce a configured IP prefix only if there’s a matching route in the IP routing table. You could generate the matching IP route through route summarization, but it’s usually best to configure a static route pointing to a null interface — or its equivalent.
To check whether your IP prefix is in your BGP routing table, use a BGP show command — for example, show ip bgp prefix mask on a Cisco router.
Is the route advertised to your neighbors? By default, all IP prefixes residing in the BGP table are announced to all BGP neighbors. Owing to security and routing policy requirements, the default behavior is usually modified with a set of output and input filters. If you have applied output filters toward your BGP neighbors, you have to check whether these filters allow your IP prefix to be propagated to the external BGP neighbors. The command to display routes advertised to a BGP neighbor on a Cisco router is: show ip bgp neighbor ip-address advertised.
Is the route visible throughout the internet? Even if you have successfully announced your IP prefix to your BGP neighbors, it might still not be propagated throughout the internet. It’s hard to figure out exactly what is propagated beyond the boundaries of your network. The tools that can help you are called BGP looking glasses. Using these tools, you can inspect BGP tables at various points throughout the internet and check whether your IP prefix has made it to those destinations.
A few factors could cause your IP prefix to be blocked somewhere in the internet. The most common one is BGP route flap dampening: If an IP prefix flaps, or disappears and reappears, too often in a short period of time — for example, if you clear your BGP sessions or change your BGP configuration — the prefix gets blocked for an extended period of time (by default, up to an hour). If your IP prefix is dampened, there’s nothing you can do except wait it out. You could also have an invalid, or missing, entry in IP routing registries, or there may be inbound filters at one of the upstream ISPs. In all of these cases, it’s best if your upstream ISP can help you resolve the problem — which is, at this point, beyond the scope of technical BGP troubleshooting.
For more on BGP troubleshooting, see this.