github.com/cilium/cilium@v1.16.2/Documentation/network/bgp-control-plane/bgp-control-plane-troubleshooting.rst (about) 1 .. only:: not (epub or latex or html) 2 3 WARNING: You are looking at unreleased Cilium documentation. 4 Please use the official rendered version released here: 5 https://docs.cilium.io 6 7 .. _bgp_control_plane_troubeshooting: 8 9 BGP Control Plane Troubleshooting Guide 10 ======================================= 11 12 This document enumerates typical troubles and their solutions when configuring the BGP 13 Control Plane. 14 15 Even though CiliumBGPPeeringPolicy was applied, BGP peering is not established 16 ---------------------------------------------------------------------------------- 17 18 Check if the target Node is correctly selected by the 19 ``nodeSelector`` of the ``CiliumBGPPeeringPolicy``. The easiest way to do 20 this is to use the ``cilium bgp peers`` command: 21 22 .. code:: bash 23 24 $ cilium bgp peers 25 Node Local AS Peer AS Peer Address Session State Uptime Family Received Advertised 26 node0 65001 65000 10.0.1.1 active 0s ipv4/unicast 0 0 27 ipv6/unicast 0 0 28 29 If the Node is selected correctly, even if the session is not 30 established, the name of the Node and the BGP state will be displayed. 31 If nothing is displayed, there may be an error in the ``nodeSelector``. 32 If the Node is correctly selected, but the state does not become 33 established, check the settings of both Cilium and the target peer. 34 35 Node is selected by CiliumBGPPeeringPolicy, but BGP peer is not established 36 --------------------------------------------------------------------------- 37 38 You can identify the cause by referring to the logs of your peer router 39 or Cilium. The errors logged by the BGP Control Plane have a field 40 named ``subsys=bgp-control-plane``, which can be used to filter 41 logs for errors specific to BGP Control Plane: 42 43 .. code:: bash 44 45 $ kubectl -n <your namespace> <cilium pod running on the target node> logs | grep bgp-control-plane 46 ... 47 level=warning msg="sent notification" Data="as number mismatch expected 65003, received 65000" Key=10.0.1.1 Topic=Peer asn=65001 component=gobgp.BgpServerInstance subsys=bgp-control-plane 48 49 In the example above, it can be seen that the BGP session was not 50 established because there was a mismatch between the configured 51 ``peerASN`` and the actual ASN of the peer. 52 53 There could be various reasons why BGP peering is not established, such as a 54 mismatch in BGP capability or an incorrect Peer IP address. BGP layer errors 55 are likely to appear in the logs, but there are cases where low-level errors, 56 such as lack of connectivity to the Peer IP or when an eBGP peer is more than 1 57 hop away, may not be reflected in the logs. In such cases, using tools like 58 ``WireShark`` or ``tcpdump`` can be effective. 59 60 The existing BGP session went down immediately after applying the new CiliumBGPPeeringPolicy 61 -------------------------------------------------------------------------------------------- 62 63 A node may be selected by multiple ``CiliumBGPPeeringPolicy`` objects based on 64 the configured ``nodeSelector`` fields. If multiple policies are applied, the 65 BGP control plane will clear all pre-existing state configured on the node. 66 First, rollback the last applied ``CiliumBGPPeeringPolicy`` and check the logs 67 of the node where the BGP session went down. If multiple policies were applied, 68 there should be logs indicating this: 69 70 .. code:: bash 71 72 level=error msg="Policy selection failed" component=Controller.Reconcile error="more then one CiliumBGPPeeringPolicy applies to this node, please ensure only a single Policy matches this node's labels" subsys=bgp-control-plane 73 74 If you find logs like this, please review the configuration of ``nodeSelector`` 75 and make sure that each node only has one associated 76 ``CiliumBGPPeeringPolicy``.