[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 446
  • Last Modified:

BGP - state of ISP2 is not "established"

We are attempting to establish a BGP connection with a second ISP (228) but we could not "establish" the connection.

Any answers as to why (see below config) the ASN 228 state is not "ESTABLISHED?"

ASN 127 is established and working fine.

# show ip route bgp

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          34.153.222.121  4024 bgp                  1          20

# show ip bgp summ
Peer Information

  Remote Address  Remote-AS Local-AS State         Admin Status
  --------------- --------- -------- ------------- ------------
  34.153.222.121  127     40710    Established   Start
  37.154.113.225  228       40710    Connect      Start

--------------------------------------------------------------------------------

HP procurve 3800 >>


; J9573A Configuration Editor; Created on release #KA.15.10.0009
; Ver #03:03.1f.ef:f0

module 1 type j9573x
no cdp run
ip routing
no ip source-route
interface 25
   name " CrossConnect-2T "
   exit
interface 26
   name " CrossConnect-2X "
   speed-duplex 1000-full
   exit
router bgp 40710
   enable
   bgp router-id 109.104.195.1
   network 109.104.135.0 255.255.255.0
   network 109.104.195.0 255.255.255.0
   network 109.104.196.0 255.255.255.0
   neighbor 34.153.222.121 remote-as 127
   neighbor 37.154.113.225 remote-as 228
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-2,6,16,25-26
   untagged 3-5,7-15,17-24
   ip address 199.199.199.1 255.255.255.0
   exit
vlan 3999
   name "DATA-Internet"
   untagged 1-2,6
   ip address 109.104.135.1 255.255.255.0
   ip address 109.104.195.1 255.255.255.0
   ip address 109.104.196.1 255.255.255.0
   exit
vlan 4024
   name "DATA-ISP-4024"
   untagged 25
   ip address 34.153.222.122 255.255.255.252
   exit
vlan 4047
   name "Data-ISP-4047"
   untagged 16,26
   ip address 37.154.113.226 255.255.255.252
   exit
no autorun

================================
ALL names, numbers and code has been changed to mask identity.
0
dts3909
Asked:
dts3909
  • 2
  • 2
1 Solution
 
Jan SpringerCommented:
debug ip bgp
debug ip tcp transaction
term mon

and optionally log to an external syslog server
0
 
pergrCommented:
Can you ping the IP address of the peer?

If IP connectivity is fine, it is typically a config error - any side has configured the wrong ASN or only one side has configured a password for authentication.
0
 
dts3909Author Commented:
We cannot ping directly.  Ping works through ISP#4024 around to ISP#4047 but not through direct connect to ISP#4047.

Config shows transceiver is linked and enabled.

ARP does not show direct attached ISP#4047 MAC address.

We even tried another transceiver on our side...we had same symptoms.

Can the procurve switch be linked and enabled at the layer-3 level but not layer-2?
0
 
pergrCommented:
You probably want to check the other end of that fiber.
Perhaps that ISP have a mix-up with ports at their end.
0
 
dts3909Author Commented:
Will check with ISP#4047 today and get back to forum after push-back.

UPDATE:  ISP#4047 was allowing only whitelisted MAC addresses.  Once the ISP tech#3 determined the block and then removed all the above BGP settings worked as planned.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now