network-bgp-diagnostics
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseNetwork BGP Diagnostics
网络BGP诊断
Use this skill when a BGP session is down, flapping, established with missing
routes, or advertising unexpected prefixes. The default workflow is read-only
evidence collection; policy and reset actions belong in a reviewed change
window.
当BGP会话中断、波动、已建立但缺少路由,或通告了意外前缀时,使用此Skill。默认工作流为只读证据收集;策略调整和重置操作应在经过审核的变更窗口期内执行。
When to Use
使用场景
- BGP neighbors are stuck in Idle, Connect, Active, OpenSent, or OpenConfirm.
- A session is Established but expected prefixes are missing.
- A route-map, prefix-list, max-prefix limit, or AS path policy may be filtering routes.
- You need before/after evidence for a BGP change.
- You are reviewing automation that parses BGP summary output.
- BGP邻居卡在Idle、Connect、Active、OpenSent或OpenConfirm状态。
- 会话已建立,但预期的前缀缺失。
- route-map、prefix-list、max-prefix限制或AS路径策略可能正在过滤路由。
- 需要为BGP变更收集变更前后的证据。
- 正在审核解析BGP摘要输出的自动化脚本。
Read-Only Triage Flow
只读排查流程
- Identify the exact neighbor, address family, VRF, and local/remote ASNs.
- Capture summary state and last reset reason.
- Prove reachability to the peer source address.
- Check route policy references before assuming transport failure.
- Compare advertised, received, and installed routes where the platform supports those commands.
text
show bgp summary
show bgp neighbors <peer>
show ip route <peer>
show tcp brief | include <peer>|:179
show logging | include BGP|<peer>
show running-config | section router bgp
show ip prefix-list
show route-mapUse platform-specific address-family commands when the device uses VRFs, IPv6,
VPNv4, or EVPN. Do not assume global IPv4 unicast.
- 确定确切的邻居、地址族、VRF以及本地/远程ASN。
- 捕获摘要状态和上次重置原因。
- 验证到对等方源地址的可达性。
- 在假设传输故障之前,检查路由策略引用。
- 在平台支持相关命令的情况下,对比已通告、已接收和已安装的路由。
text
show bgp summary
show bgp neighbors <peer>
show ip route <peer>
show tcp brief | include <peer>|:179
show logging | include BGP|<peer>
show running-config | section router bgp
show ip prefix-list
show route-map当设备使用VRF、IPv6、VPNv4或EVPN时,使用平台特定的地址族命令。不要默认使用全局IPv4单播。
State Interpretation
状态解读
| State | First checks |
|---|---|
| Established with prefix count | Route exchange is up; inspect policy and table selection |
| Established with zero prefixes | Check inbound policy, max-prefix, advertised routes, and AFI/SAFI |
| Active | TCP session is not completing; check routing, source, ACLs, and peer reachability |
| Connect | TCP connection is in progress; check path and remote listener |
| OpenSent/OpenConfirm | TCP works; check ASN, authentication, timers, capabilities, and logs |
| Idle | Neighbor may be disabled, missing config, blocked by policy, or backoff timer |
| 状态 | 首要检查项 |
|---|---|
| Established且有前缀计数 | 路由交换正常;检查策略和表选择 |
| Established但前缀数为0 | 检查入站策略、max-prefix、已通告路由以及AFI/SAFI |
| Active | TCP会话未完成;检查路由、源地址、ACL和对等方可达性 |
| Connect | TCP连接正在进行中;检查路径和远程监听器 |
| OpenSent/OpenConfirm | TCP正常;检查ASN、认证、计时器、能力和日志 |
| Idle | 邻居可能已禁用、配置缺失、被策略阻止或处于退避计时器状态 |
Transport Checks
传输层检查
text
ping <peer> source <local-source>
traceroute <peer> source <local-source>
show ip route <peer>
show bgp neighbors <peer> | include BGP state|Last reset|Local host|Foreign hostIf the peer is sourced from a loopback, confirm both directions route to the
loopback addresses and that the neighbor config uses the expected update source.
Avoid disabling ACLs or firewall policy as a diagnostic shortcut. Read hit
counters, logs, and path state first.
text
ping <peer> source <local-source>
traceroute <peer> source <local-source>
show ip route <peer>
show bgp neighbors <peer> | include BGP state|Last reset|Local host|Foreign host如果对等方源为环回接口,请确认双向路由均指向环回地址,且邻居配置使用了预期的更新源。
避免将禁用ACL或防火墙策略作为诊断捷径。应先查看命中计数器、日志和路径状态。
Route Policy Checks
路由策略检查
text
show bgp neighbors <peer> advertised-routes
show bgp neighbors <peer> routes
show ip prefix-list <name>
show route-map <name>
show bgp <prefix>Some platforms require additional configuration before is
available. Do not add that configuration during incident triage unless the
operator approves the change.
received-routestext
show bgp neighbors <peer> advertised-routes
show bgp neighbors <peer> routes
show ip prefix-list <name>
show route-map <name>
show bgp <prefix>部分平台需要额外配置才能获取输出。除非操作员批准变更,否则在事件排查期间不要添加该配置。
received-routesAS Path And Prefix Review
AS路径与前缀检查
text
show bgp regexp _65001_
show bgp regexp ^65001$
show bgp <prefix>
show bgp neighbors <peer> advertised-routes | include Network|Path|<prefix>Use AS-path regex carefully. matches AS 65001 as a token. Plain
can match longer ASNs or unrelated text.
_65001_65001text
show bgp regexp _65001_
show bgp regexp ^65001$
show bgp <prefix>
show bgp neighbors <peer> advertised-routes | include Network|Path|<prefix>谨慎使用AS路径正则表达式。匹配作为独立标记的AS 65001。纯可能匹配更长的ASN或无关文本。
_65001_65001Parser Pattern
解析器模式
python
import re
from typing import Any
BGP_SUMMARY_RE = re.compile(
r"^(?P<neighbor>\d{1,3}(?:\.\d{1,3}){3})\s+"
r"(?P<version>\d+)\s+"
r"(?P<remote_as>\d+)\s+"
r"(?P<msg_rcvd>\d+)\s+"
r"(?P<msg_sent>\d+)\s+"
r"(?P<table_version>\d+)\s+"
r"(?P<input_queue>\d+)\s+"
r"(?P<output_queue>\d+)\s+"
r"(?P<uptime>\S+)\s+"
r"(?P<state_or_prefixes>\S+)$",
re.M,
)
def parse_bgp_summary(raw: str) -> list[dict[str, Any]]:
rows = []
for match in BGP_SUMMARY_RE.finditer(raw):
state_or_prefixes = match.group("state_or_prefixes")
if state_or_prefixes.isdigit():
state = "Established"
prefixes_received = int(state_or_prefixes)
else:
state = state_or_prefixes
prefixes_received = None
rows.append({
"neighbor": match.group("neighbor"),
"remote_as": int(match.group("remote_as")),
"state": state,
"prefixes_received": prefixes_received,
"uptime": match.group("uptime"),
})
return rowsPrefer structured parser output when available, but store raw output with the
incident record because BGP summary formats vary by platform and address family.
python
import re
from typing import Any
BGP_SUMMARY_RE = re.compile(
r"^(?P<neighbor>\d{1,3}(?:\.\d{1,3}){3})\s+"
r"(?P<version>\d+)\s+"
r"(?P<remote_as>\d+)\s+"
r"(?P<msg_rcvd>\d+)\s+"
r"(?P<msg_sent>\d+)\s+"
r"(?P<table_version>\d+)\s+"
r"(?P<input_queue>\d+)\s+"
r"(?P<output_queue>\d+)\s+"
r"(?P<uptime>\S+)\s+"
r"(?P<state_or_prefixes>\S+)$",
re.M,
)
def parse_bgp_summary(raw: str) -> list[dict[str, Any]]:
rows = []
for match in BGP_SUMMARY_RE.finditer(raw):
state_or_prefixes = match.group("state_or_prefixes")
if state_or_prefixes.isdigit():
state = "Established"
prefixes_received = int(state_or_prefixes)
else:
state = state_or_prefixes
prefixes_received = None
rows.append({
"neighbor": match.group("neighbor"),
"remote_as": int(match.group("remote_as")),
"state": state,
"prefixes_received": prefixes_received,
"uptime": match.group("uptime"),
})
return rows优先使用结构化解析器输出,但需将原始输出与事件记录一起存储,因为不同平台和地址族的BGP摘要格式存在差异。
Change-Window Only
仅在变更窗口期执行的操作
These actions can affect routing and should not be suggested as automatic
diagnostics:
- Clearing a BGP session.
- Changing neighbor authentication, timers, update source, route-maps, or prefix-lists.
- Enabling additional received-route storage.
- Relaxing firewall, ACL, or control-plane policy.
If a reset is approved, prefer the least disruptive soft or route-refresh option
supported by the platform and document exactly why it is safe.
以下操作可能影响路由,不应作为自动诊断建议:
- 清除BGP会话。
- 修改邻居认证、计时器、更新源、route-map或prefix-list。
- 启用额外的已接收路由存储。
- 放宽防火墙、ACL或控制平面策略。
如果重置操作获得批准,请优先选择平台支持的最低破坏性软重置或路由刷新选项,并准确记录其安全性的原因。
Anti-Patterns
反模式
- Assuming always means the remote side is down.
Active - Ignoring VRF, address family, or update-source differences.
- Using broad AS-path regex without token boundaries.
- Hard-resetting a peer before reading last reset reason and logs.
- Treating missing output as proof that no routes arrived.
received-routes
- 假设状态总是意味着远程端故障。
Active - 忽略VRF、地址族或更新源的差异。
- 使用无标记边界的宽泛AS路径正则表达式。
- 在查看上次重置原因和日志之前硬重置对等方。
- 将输出缺失视为无路由到达的证据。
received-routes
See Also
另请参阅
- Skill:
cisco-ios-patterns - Skill:
network-config-validation - Skill:
network-interface-health
- Skill:
cisco-ios-patterns - Skill:
network-config-validation - Skill:
network-interface-health