How can I troubleshoot BGP connection issues over Direct Connect?
My Border Gateway Protocol (BGP) session doesn't establish a connection over the AWS Direct Connect link, or it's in an idle state.
If your BGP session doesn't establish a connection or is in an idle state, then complete the following tasks.
Check the Direct Connect link status
To bring up the BGP session, the physical Direct Connect link must be up, and there must be connectivity between the BGP peer IP addresses. Connectivity between the BGP peer IP addresses must be on both your side and on the AWS side.
Review the configuration on your Direct Connect router
Configure the following with the downloaded Direct Connect configuration file from the Direct Connect console:
Local and remote BGP peers
Local and remote BGP Autonomous System Numbers (ASN)
BGP MD5 password
Verify that the Direct Connect router or any other device isn't blocking ingress or egress from TCP port 179 and other ephemeral ports.
Because external BGP (EBGP) multi-hop is turned off on the AWS end, BGP peers can't be more than one hop away from each other. Note: For a public virtual interface, verify that the BGP peer IP addresses are within the CIDR range that AWS approved. If the BGP peer IP addresses aren't approved, then the BGP session can't be established. For more information, see AWS Direct Connect FAQs.
Debug packet captures
To perform additional troubleshooting, review the following logs from your router:
BGP and TCP debugs
Packet captures for traffic between the BGP peer IP addresses
Check the BGP session if it changes from established to idle state
For private Direct Connect virtual interfaces, review the number of routes that you advertise over the BGP session. If you advertise more than 100 routes over the BGP session, then the BGP session goes into an idle state. Summarize the routes so that the number of advertised routes is less than or equal to 100. Or, advertise a default route over the BGP session to AWS.
If you have more than 100 networks in your on-premises network, then you can advertise a default route over the BGP session to AWS. Summarize the routes so that the number of advertised routes is less than 100.