Solved

BGP - state of ISP2 is not "established"

Posted on 2013-11-11
5
422 Views
Last Modified: 2013-11-14
We are attempting to establish a BGP connection with a second ISP (228) but we could not "establish" the connection.

Any answers as to why (see below config) the ASN 228 state is not "ESTABLISHED?"

ASN 127 is established and working fine.

# show ip route bgp

                                IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          34.153.222.121  4024 bgp                  1          20

# show ip bgp summ
Peer Information

  Remote Address  Remote-AS Local-AS State         Admin Status
  --------------- --------- -------- ------------- ------------
  34.153.222.121  127     40710    Established   Start
  37.154.113.225  228       40710    Connect      Start

--------------------------------------------------------------------------------

HP procurve 3800 >>


; J9573A Configuration Editor; Created on release #KA.15.10.0009
; Ver #03:03.1f.ef:f0

module 1 type j9573x
no cdp run
ip routing
no ip source-route
interface 25
   name " CrossConnect-2T "
   exit
interface 26
   name " CrossConnect-2X "
   speed-duplex 1000-full
   exit
router bgp 40710
   enable
   bgp router-id 109.104.195.1
   network 109.104.135.0 255.255.255.0
   network 109.104.195.0 255.255.255.0
   network 109.104.196.0 255.255.255.0
   neighbor 34.153.222.121 remote-as 127
   neighbor 37.154.113.225 remote-as 228
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1-2,6,16,25-26
   untagged 3-5,7-15,17-24
   ip address 199.199.199.1 255.255.255.0
   exit
vlan 3999
   name "DATA-Internet"
   untagged 1-2,6
   ip address 109.104.135.1 255.255.255.0
   ip address 109.104.195.1 255.255.255.0
   ip address 109.104.196.1 255.255.255.0
   exit
vlan 4024
   name "DATA-ISP-4024"
   untagged 25
   ip address 34.153.222.122 255.255.255.252
   exit
vlan 4047
   name "Data-ISP-4047"
   untagged 16,26
   ip address 37.154.113.226 255.255.255.252
   exit
no autorun

================================
ALL names, numbers and code has been changed to mask identity.
0
Comment
Question by:dts3909
  • 2
  • 2
5 Comments
 
LVL 28

Expert Comment

by:Jan Springer
Comment Utility
debug ip bgp
debug ip tcp transaction
term mon

and optionally log to an external syslog server
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
Can you ping the IP address of the peer?

If IP connectivity is fine, it is typically a config error - any side has configured the wrong ASN or only one side has configured a password for authentication.
0
 

Author Comment

by:dts3909
Comment Utility
We cannot ping directly.  Ping works through ISP#4024 around to ISP#4047 but not through direct connect to ISP#4047.

Config shows transceiver is linked and enabled.

ARP does not show direct attached ISP#4047 MAC address.

We even tried another transceiver on our side...we had same symptoms.

Can the procurve switch be linked and enabled at the layer-3 level but not layer-2?
0
 
LVL 17

Accepted Solution

by:
pergr earned 500 total points
Comment Utility
You probably want to check the other end of that fiber.
Perhaps that ISP have a mix-up with ports at their end.
0
 

Author Comment

by:dts3909
Comment Utility
Will check with ISP#4047 today and get back to forum after push-back.

UPDATE:  ISP#4047 was allowing only whitelisted MAC addresses.  Once the ISP tech#3 determined the block and then removed all the above BGP settings worked as planned.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now