My BGP session is down or does not have a connection over the Direct Connect link. How can I troubleshoot this?

Sometimes the Border Gateway Protocol (BGP) session does not establish a connection over the AWS Direct Connect link, or is in an Idle state. This article provides troubleshooting steps if your BPG session is down, or going from an established to idle state over Direct Connect.

Note: For BGP session connection issues over VPN, see My virtual interface BGP status is down in the AWS console. What should I do?

If your BGP session is not coming up, check the following:

Check the Direct Connect link status

To bring the BGP session up, the physical Direct Connect link must be up, and there must be connectivity between the BGP peer IPs on both your end and AWS. If the physical connection is down, or there is no connectivity between the BGP peers, see My virtual interface BGP status is down in the AWS console. What should I do?

Check the BGP configuration on your Direct Connect router and verify the configuration on the Direct Connect router

  1. IP addresses of the local and remote BGP peers, local and remote BGP Autonomous System Numbers (ASN), and the BGP MD5 password must be configured with the downloaded Direct Connect configuration file from the AWS Direct Connect console.
  2. Verify that the Direct Connect router or any device is not blocking ingress or egress from TCP port 179 and other appropriate ephemeral ports.
  3. BGP peers cannot be more than one hop away from each other. EBGP Multi-hop is disabled on the AWS end.

Check the Public Direct Connect VIF

Verify that the BGP peer IPs fall in the CIDR range that has been approved by AWS. If the BGP peer IPs are not approved, the BGP session will not come up. For more information, see AWS Direct Connect FAQs.

Debug and Packet Captures

If you require additional troubleshooting, collect these logs from your router for additional troubleshooting.

  • BGP and CP debugs
  • BGP logs
  • Packet captures for traffic between the BGP peer IPs

If your BGP session is going from established to Idle state, check the following:

  1. For a private Direct Connect VIF, if you see the BGP session going from established to idle state, verify the number of routes that you are advertising over the BGP session. You can advertise up to 100 routes over the BGP session. If the number of routes advertised over the BGP session goes above 100, the BGP session will go to Idle state.
  2. If you have more than 100 networks in your on-premises network, you can advertise a default route over the BGP session.
  3. You can summarize the routes so that the number of advertised routes are less than 100.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center.

Published: 2018-01-23