BGPCCNA 200-301

eBGP Neighbor Not Forming — TCP Session Failing

Presenting Symptom

The eBGP neighbor session remains in the 'Idle' or 'Active' state and never transitions to 'Established'.

Network Context

Two routers, R1 (AS 65001) and R2 (AS 65002), are directly connected via a serial link (10.0.0.0/30). R1 has IP 10.0.0.1/30, R2 has IP 10.0.0.2/30. Both run IOS 15.x. This is a small branch office scenario with a single eBGP peering to the ISP. The engineer has configured BGP but the session does not come up.

Diagnostic Steps

Check BGP neighbor status

show ip bgp summary

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.0.0.2        4        65002       0       0        1    0    0 never    Idle

If the neighbor is in Idle or Active state, BGP is not establishing a TCP session. Normal state is Established with a non-zero Up/Down time.

Verify IP connectivity to the neighbor

ping 10.0.0.2 source 10.0.0.1

!!!!!

If ping fails, there is a Layer 3 connectivity issue. If ping succeeds, the problem is likely at the TCP or BGP layer.

Check if BGP is listening on TCP port 179

show tcp brief all | include 179

TEN0/0/0         10.0.0.1:179         10.0.0.2:11001     ESTAB

If no output, BGP is not listening. Check 'router bgp' configuration and ensure the neighbor is specified. If output shows LISTEN, BGP is ready but the remote end may not be initiating.

Check BGP configuration for the neighbor

show running-config | section router bgp

router bgp 65001
 bgp log-neighbor-changes
 neighbor 10.0.0.2 remote-as 65002

Verify the neighbor IP and remote AS are correct. Common mistakes: wrong remote AS, missing neighbor statement, or using an incorrect IP address.

Root Cause

The eBGP neighbor is not forming because the remote AS number configured on R1 does not match the actual AS of R2. R1 is configured with remote-as 65002, but R2 is actually in AS 65003. This mismatch causes BGP to reject the TCP connection attempt, leaving the session in Idle state.

Resolution

Correct the remote AS on R1 to match R2's actual AS. On R1: ``` router bgp 65001 no neighbor 10.0.0.2 remote-as 65002 neighbor 10.0.0.2 remote-as 65003 ``` Alternatively, if R2's AS is correct, adjust R2's configuration accordingly.

Verification

After correction, run: ``` show ip bgp summary ``` Expected output: ``` Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 10.0.0.2 4 65003 5 7 1 0 0 00:01:23 2 ``` The state should be Established with a non-zero Up/Down time and prefixes received.

Prevention

1. Always verify the remote AS number with the peer administrator before configuring BGP. 2. Use BGP authentication to ensure only authorized peers form sessions. 3. Implement BGP logging (bgp log-neighbor-changes) to track session state changes.

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you must identify why an eBGP session is not forming. The exam tests your ability to interpret 'show ip bgp summary' output and identify AS number mismatch as a common cause. Key fact: eBGP requires the remote AS to match the peer's configured AS; otherwise, the session stays in Idle or Active.

Exam Tips

Memorize the BGP neighbor states: Idle, Connect, Active, OpenSent, OpenConfirm, Established. Idle/Active often indicates a TCP or configuration issue.

The most common CCNA BGP troubleshooting scenario is AS number mismatch or missing neighbor statement.

Know that 'show ip bgp summary' is the first command to check BGP neighbor status.

Commands Used in This Scenario

ping [ip]

The ping command sends ICMP echo requests to a destination IP address to test network connectivity and measure round-trip time.

show ip bgp summary

Displays a summary of the BGP neighbor status and prefix counts, used to quickly verify BGP peering and routing table health.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions