Skip to main content
jsarah
Staff
jsarah
Staff
April 28, 2025

Technical Tip: BGP debug shows the error: ' Incoming conn z.z.z.z expected iif x from peer group but received from y'

  • April 28, 2025
  • 0 replies
  • 672 views
Description This article describes the meaning FortiGate debug message for BGP.
Scope FortiGate.
Solution

If the BGP between peers is not coming up, it is advised to collect BGP debug.

 

Refer to the following KB ARTICLE to collect BGP debug in FortiGate: Troubleshooting Tip: BGP debug shows the error 'Incorrect leftmost AS number'

 

When the BGP debug was collected. The following was observed as an Example:

 

saBGP: [NETWORK] Accept Thread: Incoming conn from host 10.11.11.13 (FD=27 VRF=0)
BGP: [NETWORK] Accept Thread: Incoming conn 10.11.11.13 expected iif 9 from peer group but received from 132

 

To identify which interface is with index numbers 9 and 132, use the command: 'diag ip addr list'.

 

Example of output of 'diag ip addr list':

 

iron-kvm04 # diag ip addr list
IP=10.5.205.33->10.5.205.33/255.255.192.0 index=3 devname=port1
IP=10.5.141.33->10.5.141.33/255.255.192.0 index=4 devname=port2
IP=10.40.13.33->10.40.13.33/255.255.192.0 index=9 devname=port3   <-----
IP=10.60.13.33->10.60.13.33/255.255.192.0 index=6 devname=port4
IP=10.80.13.33->10.80.13.33/255.255.192.0 index=132 devname=port5   <-----

 

 

On the BGP config:

 

config router bgp
    set as 64520
    set router-id 10.0.10.10
    set ibgp-multipath enable
        config neighbor
            edit "10.11.11.13"
                 set advertisement-interval 1
                 set link-down-failover enable
                 set soft-reconfiguration enable
                 set interface "port3"   <-----
                 set remote-as 64520
                 set connect-timer 1
                 set additional-path receive

             next
        end

    end

 

This has to be changed:

 

config router bgp
    set as 64520
    set router-id 10.0.10.10
    set ibgp-multipath enable
        config neighbor
            edit "10.11.11.13"
                 set advertisement-interval 1
                 set link-down-failover enable
                 set soft-reconfiguration enable
                 set interface "port5"        <-----
                 set remote-as 64520
                 set connect-timer 1
                 set additional-path receive

             next
        end

    end

 

 

After the change, the BGP should come up. This can be verified by the command 'get router info bgp summary'.

 

Related article:

Technical Tip: BGP soft reset to refresh BGP routing table without tearing down existing peering sessions
    Terms & ConditionsAccessibility statement