Troubleshooting BGP Peering Failures with 'Expected if xx from peer group but received from yy' Error

pdhillon · ‎09-20-2023

Description

This article describes how to troubleshoot scenarios where BGP peering fails to establish, and the BGP debug logs indicate an error message such as 'Expected if xx from peer group but received from yy.

Scope

FortiGate.

Solution

When establishing a BGP peering connection over the tunnel, it is failing to come online.

The IP addresses 169.254.116.1 and 169.254.116.2 have been assigned to the tunnel interfaces on both FG1 and FG2.

When packet sniffing is enabled on the FortiGate, there is bidirectional traffic:

169.254.116.1<FG1>---TEST-----<FG2>169.254.116.2

023-09-20 10:45:58.781621 Test in 169.254.116.1.13989 -> 169.254.116.2.179: syn 1626232121
2023-09-20 10:45:58.781645 Test out 169.254.116.2.179 -> 169.254.116.1.13989: syn 3828700932 ack 1626232122
2023-09-20 10:45:58.807656 Test in 169.254.116.1.13989 -> 169.254.116.2.179: ack 3828700933
2023-09-20 10:45:58.807770 Test out 169.254.116.2.179 -> 169.254.116.1.13989: fin 3828700933 ack 1626232122
2023-09-20 10:45:58.807939 Test in 169.254.116.1.13989 -> 169.254.116.2.179: psh 1626232122 ack 3828700933
2023-09-20 10:45:58.807948 Test out 169.254.116.2.179 -> 169.254.116.1.13989: rst 3828700933
2023-09-20 10:45:58.846569 Test in 169.254.116.1.13989 -> 169.254.116.2.179: ack 3828700934
2023-09-20 10:45:58.846579 Test out 169.254.116.2.179 -> 169.254.116.1.13989: rst 3828700934

In the BGP debugs, error '169.254.116.1 expected iif 11 from peer group but received from 47' is noticed:

BGP: [NETWORK] Accept Thread: Incoming conn 169.254.116.1 expected iif 11 from peer group but received from 47
BGP: [RIB] Scanning BGP Network Routes...
BGP: bgp_ipc_server_accept:508 create ipc_handler=0x7f1095283400 for sock=26
BGP: bgp_ih_on_read:434 request type=4 len=24 vfid=0 start=0 count=4294967295 flags=0x1
BGP: bgp_ih_on_read:485 response type=4 len=300 vfid=0 start=0 count=3 flags=0x1 total=3 ret=308
BGP: bgp_ih_on_close:8 delete ipc_handler=0x7f1095283400 for sock=26
BGP: bgp_ipc_server_accept:508 create ipc_handler=0x7f1095283400 for sock=26
BGP: bgp_ih_on_read:434 request type=5 len=24 vfid=0 start=0 count=0 flags=0x1
BGP: bgp_ih_on_read:485 response type=5 len=68 vfid=0 start=0 count=1 flags=0x1 total=1 ret=76
BGP: bgp_ih_on_close:8 delete ipc_handler=0x7f1095283400 for sock=26
BGP: [NETWORK] Accept Thread: Incoming conn from host 169.254.116.1 (FD=26 VRF=0)
BGP: [NETWORK] Accept Thread: Incoming conn 169.254.116.1 expected iif 11 from peer group but received from 47
BGP: [RIB] Scanning BGP RIB...

After reviewing the configuration, the incorrect interface was specified within the BGP configuration.

This error message indicates that packets were received on the 'Test' interface (index=47) instead of the expected 'port5' (index=11) as defined in our configuration.

Config router bgp
set as 65400
set router-id 169.254.116.2
set keepalive-timer 10
set holdtime-timer 30
set scan-time 30
remote-as 65004
next
edit "169.254.116.1"
set capability-default-originate enable
set interface "port5" <----- Index=11.
set remote-as 65555
next
end

di ip add list will show index for interfaces:

Mainfirewall # diagnose ip address list
IP=10.9.10.83->10.9.10.83/255.255.240.0 index=11 devname=port5
IP=1169.254.116.2->169.254.116.2/255.255.255.0 index=47 devname=Test

Once the below config is removed, BGP neighborship is up across the tunnel:

next
edit "169.254.116.1"
set capability-default-originate enable
set interface "port5" <----- After removing config neighborship will come up.
set remote-as 65555
next
end