| Description | This article describes how to troubleshoot BGP neighborship failure in one scenario. |
| Scope |
FortiGate. |
| Solution |
In this scenario, two FortiGates are trying to establish BGP with their loop-back IP address.
(loop back)FGT1---------FGT2(loop back)
However, they are not able to establish BGP connection.
Troubleshooting: The main requirements of establishing BGP neighborship with loop back IP address are:
It is necessary to change the default behavior.
Network Diagram:
Loopback (FGT1)port1------------port1(FGT2) Loopback
Case-1: BGP connection from one peer will initiate to other peer on port 179, on the other peer, it is necessary to define a firewall policy between port1 and loop back IP address, so that traffic can reach the loop back interface. In the same way, it is necessary to define a firewall policy between port1 and loop back interface on FGT1 as well.
Case-2: Lets consider in FGT1, '12.0.0.1(neighbors loop back IP address)' has been defined as the neighbor and in FGT2 '11.0.0.1(FGT1 loop back IP)' has been defined as neighbor.
In this scenario, FGT1 will expect connection from FGT2 from '12.0.0.1' source IP, at the same time FGT2 will expect connection from FGT1 from '11.0.0.1' source IP.
When configuring the neighbor, it is necessary to define the source IP, as shown below screenshot:
FGT1 screenshot:
FGT2 screenshot:
Defining this setting BGP connection will actually initiate from this source IP address.
Case-3: BGP neighborship will only be established if the neighbor is next hop.
To change this default behavior, it is necessary to enable multihop option.It is possible to execute the below commands for the same:
connfig router bgp config neighbor edit 12.0.0.1 <-----12.0.0.1 is neighbor IP. set ebgp-enforce-multihop enable set ebgp-multihop-ttl 5 <----- 5 means the number of hops connection should pass to reach the other hop. end
Note. Define this setting in both neighbors if the peer is not next hop. |
