Lab 01 — BGP Troubleshooting

Topology

R1 (AS 65001) ----- R2 (AS 65002) ----- R3 (AS 65002) ----- R4 (AS 65003)
Lo: 1.1.1.1         Lo: 2.2.2.2          Lo: 3.3.3.3         Lo: 4.4.4.4
                          \---- iBGP ----/

R1-R2 link: 10.12.12.0/24
R2-R3 link: 10.23.23.0/24
R3-R4 link: 10.34.34.0/24

Goal

From R1, ping 4.4.4.4 source 1.1.1.1 succeeds. All BGP sessions Established. Every loopback in every BGP table.

Setup

• Import the YAML into CML and start all four nodes.
• Wait ~90 seconds for IOSv to finish booting (look for SYS-5-RESTART on each console).
• Open consoles to R1, R2, R3, and R4 — keep all four visible if you can.

Reconnaissance

Gather data first — don't fix anything yet.

• On every router, run show ip bgp summary. Note which sessions are Established and which aren't. Record the State/PfxRcd column for each neighbor.
• On every router, run show ip bgp. Expected end state: every router has 1.1.1.1/32, 2.2.2.2/32, 3.3.3.3/32, 4.4.4.4/32.
• From R1: ping 4.4.4.4 source 1.1.1.1. Expect failure — confirm baseline.

Fix the Broken Sessions

• Investigate the R1 ↔ R2 session. Check show ip bgp neighbors 10.12.12.2 on R1 and the matching command on R2. Compare remote-as on both sides.
• Fix whatever you find. Re-run show ip bgp summary until the session shows a numeric PfxRcd value (not Idle/Active/OpenSent).
• Investigate the R3 ↔ R4 session. Check the logs on both routers (show logging | include BGP) for clues — auth failures show up clearly here. Look at show running-config | section bgp on both.
• Fix the auth issue. Confirm session establishes. Use clear ip bgp 10.34.34.4 soft if needed to nudge it.

Fix the Missing Prefixes

• On R2, check show ip bgp 2.2.2.2. If absent, look at show running-config | include network under BGP. Investigate the mask. Fix it.
• On R4, check show ip bgp 4.4.4.4. If absent, look at R4's BGP config. Add the missing piece.
• After each fix, re-check show ip bgp on all four routers.

Fix the Silent Reachability Problem

• On R2, run show ip bgp 4.4.4.4. The route should be there now — but check the next-hop. Is it reachable? Run show ip route <next-hop>.
• If next-hop is unreachable, the fix goes on R3 (the iBGP advertiser). Add the appropriate neighbor command.
• After the fix, on R2: show ip bgp 4.4.4.4 should now show a > (best path) and a reachable next-hop.

Final Verification

• From R1: ping 4.4.4.4 source 1.1.1.1 — should succeed.
• From R4: ping 1.1.1.1 source 4.4.4.4 — should succeed.
• From every router: show ip bgp should list all four loopbacks, each with a valid best path (> symbol).
• From every router: show ip bgp summary — every session should show a numeric PfxRcd.

Stretch Tasks (optional)

• Save the fixed configs (copy run start on each) and export the lab.
• Reload R3 only — observe convergence behavior on the other routers using debug ip bgp updates.
• Add a fifth deliberate bug yourself, hand the lab to someone else, and see if they can find it.

Order You'll Typically Discover Them

1. show ip bgp summary on R1 — R2 session down → bug #1.
2. After fix, R1's loopback now shows in R2's table, but R2's own loopback doesn't → bug #2.
3. R3-R4 session also down on R3 → bug #4 (check show ip bgp neighbors 10.34.34.4 for auth errors).
4. Even after R3-R4 is up, no R4 prefix appears → bug #5.
5. Finally, R2 sees 4.4.4.4 but it's marked inaccessible / not best → bug #3.

Bug List (Spoiler)

Verification Command Reference

BGP session state

show ip bgp summary
show ip bgp neighbors
show ip bgp neighbors <neighbor-ip>
show ip bgp neighbors <neighbor-ip> advertised-routes
show ip bgp neighbors <neighbor-ip> received-routes
show ip bgp neighbors <neighbor-ip> routes

received-routes requires neighbor X soft-reconfiguration inbound to be configured first. routes works without it and shows what was accepted after policy.

BGP table and prefixes

show ip bgp
show ip bgp <prefix>
show ip bgp <prefix> longer-prefixes
show ip bgp regexp <as-regex>
show ip route bgp

Connectivity and underlay

show ip route
show ip route <next-hop-ip>
show ip interface brief
show cdp neighbors
ping <ip> source <loopback-ip-or-interface>
traceroute <ip> source <loopback-ip-or-interface>

Logging and debugs

show logging
show logging | include BGP
debug ip bgp                          ! verbose, only briefly
debug ip bgp updates
debug ip bgp <neighbor-ip> updates
undebug all                           ! u all — turn it ALL off

Forcing a refresh after a config change

clear ip bgp *                        ! hard reset — disruptive
clear ip bgp <neighbor-ip>             ! hard reset for one neighbor
clear ip bgp <neighbor-ip> soft        ! soft, no session reset
clear ip bgp <neighbor-ip> soft in
clear ip bgp <neighbor-ip> soft out

Basic Config Command Reference

Enter config mode and BGP process

configure terminal
router bgp <local-AS>
 bgp log-neighbor-changes
 no synchronization
 no auto-summary

Define a neighbor

neighbor <ip> remote-as <as-number>
neighbor <ip> description <text>
neighbor <ip> password <string>            ! MD5 auth, case-sensitive
neighbor <ip> update-source Loopback0      ! source from loopback
neighbor <ip> ebgp-multihop <ttl>          ! eBGP across non-direct links
neighbor <ip> next-hop-self                ! rewrite next-hop on iBGP
neighbor <ip> shutdown                     ! disable without removing
no neighbor <ip> shutdown                  ! re-enable

Advertise prefixes

network <prefix> mask <mask>               ! the route MUST exist in RIB first
network 1.1.1.1 mask 255.255.255.255
network 10.0.0.0 mask 255.255.255.0

Remove or replace a misconfigured line

no neighbor 10.12.12.2 remote-as 65003     ! remove the wrong AS
neighbor 10.12.12.2 remote-as 65002        ! re-add with correct AS

no neighbor 10.34.34.4 password CISCO      ! remove wrong password
neighbor 10.34.34.4 password cisco         ! add correct (case-sensitive)

Save the config

end
copy running-config startup-config
! or shorthand:
wr

Common Symptoms — Quick Lookup