Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
551552553554555556557558559560
530
<FirewallB> debugging bfd event
<FirewallB> debugging bgp bfd
<FirewallB> terminal monitor
<FirewallB> terminal debugging
%Nov 5 11:42:24:172 2009 RouterC BFD/5/BFD_CHANGE_FSM:
Sess[3.0.2.2/3.0.1.1,13/17,GE1/1,Ctrl], Sta: UP->DOWN, Diag: 1
%Nov 5 11:42:24:172 2009 RouterC BGP/5/BGP_STATE_CHANGED: 3.0.1.1 state is changed
from ESTABLISHED to IDLE.
*Nov 5 11:42:24:187 2009 RouterC RM/6/RMDEBUG: BGP_BFD: Recv BFD DOWN msg, Src IP
3.0.2.2, Dst IP 3.0.1.1, Instance ID 0.
*Nov 5 11:42:24:187 2009 RouterC RM/6/RMDEBUG: BGP_BFD: Reset BGP session 3.0.1.1
for BFD session down.
*Nov 5 11:42:24:187 2009 RouterC RM/6/RMDEBUG: BGP_BFD: Send DELETE msg to BFD,
Connection type DIRECT, Src IP 3.0.2.2, Dst IP 3.0.1.1, Instance ID 0.
The output shows that Firewall B can quickly detect the link failure.
# Display route 1.1.1.0/24 on Firewall B.
<FirewallB> display ip routing-table 1.1.1.0 24 verbose
Routing Table : Public
Summary Count : 1
Destination: 1.1.1.0/24
Protocol: BGP Process ID: 0
Preference: 0 Cost: 100
NextHop: 2.0.1.1 Interface: GigabitEthernet1/2
BkNextHop: 0.0.0.0 BkInterface:
RelyNextHop: 2.0.2.1 Neighbor : 2.0.1.1
Tunnel ID: 0x0 Label: NULL
State: Active Adv Age: 00h09m54s
Tag: 0
The output shows that Firewall B communicates with network 1.1.1.0/24 through the path Fireall
B<—>Router B<—>Firewall A.
186B
Troubleshooting BGP
1541BSymptom
Display BGP peer information by using the display bgp peer command. The state of the connection to a
peer cannot become established.
1542BAnalysis
To become BGP peers, any two routers must establish a TCP session using port 179 and exchange Open
messages successfully.
1543BSolution
1. Use the display current-configuration command to verify that the peer's AS number is correct.
2. Use the display bgp peer command to verify that the peer's IP address is correct.
3. If a loopback interface is used, verify that the loopback interface is specified with the peer
connect-interface command.
4. If the peer is a non-direct EBGP peer, verify that the peer ebgp-max-hop command is configured.