|
If the BGP between peers is not coming up, it is advised to collect BGP debug.
Refer to the following KB ARTICLE to collect BGP debug in FortiGate: Troubleshooting Tip: BGP debug shows the error 'Incorrect leftmost AS number'
When the BGP debug was collected. The following was observed as an Example:
saBGP: [NETWORK] Accept Thread: Incoming conn from host 10.11.11.13 (FD=27 VRF=0)
BGP: [NETWORK] Accept Thread: Incoming conn 10.11.11.13 expected iif 9 from peer group but received from 132
To identify which interface is with index numbers 9 and 132, use the command: 'diag ip addr list'.
Example of output of 'diag ip addr list':
iron-kvm04 # diag ip addr list
IP=10.5.205.33->10.5.205.33/255.255.192.0 index=3 devname=port1
IP=10.5.141.33->10.5.141.33/255.255.192.0 index=4 devname=port2
IP=10.40.13.33->10.40.13.33/255.255.192.0 index=9 devname=port3 <-----
IP=10.60.13.33->10.60.13.33/255.255.192.0 index=6 devname=port4
IP=10.80.13.33->10.80.13.33/255.255.192.0 index=132 devname=port5 <-----
On the BGP config:
config router bgp
set as 64520
set router-id 10.0.10.10
set ibgp-multipath enable
config neighbor
edit "10.11.11.13"
set advertisement-interval 1
set link-down-failover enable
set soft-reconfiguration enable
set interface "port3" <-----
set remote-as 64520
set connect-timer 1
set additional-path receive
next
end
end
This has to be changed:
config router bgp
set as 64520
set router-id 10.0.10.10
set ibgp-multipath enable
config neighbor
edit "10.11.11.13"
set advertisement-interval 1
set link-down-failover enable
set soft-reconfiguration enable
set interface "port5" <-----
set remote-as 64520
set connect-timer 1
set additional-path receive
next
end
end
After the change, the BGP should come up. This can be verified by the command 'get router info bgp summary'.
Related article:
Technical Tip: BGP soft reset to refresh BGP routing table without tearing down existing peering ses... |
