How can I troubleshoot BGP connection issues over Direct Connect?
Last updated: 2021-12-17
My Border Gateway Protocol (BGP) session doesn't establish a connection over the AWS Direct Connect link, or it's in an Idle state. How can I troubleshoot this?
If your BGP session doesn't come up, then check the following:
Check the Direct Connect link status
To bring up the BGP session, the physical Direct Connect link must be up, and there must be connectivity between the BGP peer IPs on both your end and the AWS end. If the physical connection is down, or there is no connectivity between the BGP peers, then see My virtual interface BGP status is down in the AWS Management Console. What should I do?
Check and verify the configuration on your Direct Connect router
- The IP addresses of the local and remote BGP peers, local and remote BGP Autonomous System Numbers (ASN), and the BGP MD5 password must be configured with the downloaded Direct Connect configuration file from the Direct Connect console.
- Verify that the Direct Connect router or any other device is not blocking ingress or egress from TCP port 179 and other appropriate ephemeral ports.
- BGP peers can't be more than one hop away from each other because external BGP (EBGP) multi-hop is disabled on the AWS end.
Note: For a public virtual interface (VIF), verify that the BGP peer IPs fall in the CIDR range that's approved by AWS. If the BGP peer IPs aren't approved, then the BGP session can't be established. For more information, see AWS Direct Connect FAQs.
Debug packet captures
To perform additional troubleshooting, collect these logs from your router for further analysis.
- BGP and TCP debugs
- BGP logs
- Packet captures for traffic between the BGP peer IPs
Check the BGP session if it changes from established to idle state
- For private Direct Connect VIFs, verify the number of routes that you're advertising over the BGP session. If you're advertising more than 100 routes over the BGP session, then the BGP session goes into an idle state. Summarize the routes so that the number of advertised routes is less than 100, or advertise a default route over the BGP session to AWS.
- If you have more than 100 networks in your on-premises network, then you can advertise a default route over the BGP session to AWS.
- You can summarize the routes so that the number of advertised routes is less than 100.