Troubleshoot BGP routes and route selection
This guide is for troubleshooting issues related to BGP routes, including route selection, route propagation, and route metrics.
For additional troubleshooting information, see the following:
IPv6 BGP session is established but does not exchange IPv4 routes
- Verify that the VLAN attachment or HA VPN gateway has the required stack type of - IPV4_IPV6. If the stack type is incorrect for the VLAN attachment, modify the VLAN attachment. For an HA VPN gateway, recreate the HA VPN gateway and its tunnels.
- Ensure that your Cloud Router is configured properly. Run the following command: - gcloud compute routers describe ROUTER-NAME- In the output, check the following values: - bgpPeers.enableIpv4is- true
- bgpPeers.ipv4NexthopAddressand- bgpPeers.peerIpv4NexthopAddressare present
 
Some on-premises IPv4 or IPv6 prefixes aren't reachable
If you are experiencing traffic loss, ping errors, or other problems when attempting to reach on-premises IPv4 or IPv6 destinations that are within prefixes learned by Cloud Router, there are a variety of possible causes.
Check for inactive custom learned routes
If you are unable to reach an on-premises destination using a configured custom learned route, do the following:
- Check that the route is configured properly on the BGP session.
- Check that the BGP session is up.
- Check that the on-premises router is filtering some learned routes.
For more information, see Check the status of custom learned routes.
Check for filtered learned routes
To see if a route is filtered, run the following command:
gcloud compute routers get-status ROUTER_NAME \
    --region=REGION
Replace the following:
- ROUTER_NAME: the name of your Cloud Router.
- REGION: the region that your Cloud Router is located in.
The output is similar to the following; look for the routeStatus set to
active:
kind: compute#routerStatusResponse
result:
  bestRoutesForRouter:
  - asPaths:
    - asLists:
      - 65200
      pathSegmentType: AS_SEQUENCE
    creationTimestamp: '2024-03-22T13:57:15.533-07:00'
    destRange: 10.128.0.0/20
    kind: compute#route
    network: https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/VPC_NAME
    nextHopIp: 169.254.73.246
    nextHopVpnTunnel: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAME
    priority: 100
    routeStatus: ACTIVE
    routeType: BGP
  bgpPeerStatus:
  - advertisedRoutes:
    - destRange: 10.128.0.0/20
      kind: compute#route
      network: https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/aneta-vpc
      nextHopIp: 169.254.73.245
      nextHopVpnTunnel: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAME
      priority: 100
      routeType: BGP
    enableIpv6: false
    ipAddress: 169.254.73.245
    linkedVpnTunnel: https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAME
    md5AuthEnabled: false
    name: aneta-bgp
    numLearnedRoutes: 1
    peerIpAddress: 169.254.73.246
    state: Established
    status: UP
    uptime: 10 hours, 11 minutes, 0 seconds
    uptimeSeconds: '36660'
  network: https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/VPC_NAME
The bestRoutesForRouter.routeStatus value displays ACTIVE for an active
route, and DROPPED for a filtered route.
Check quotas and limits
Check that your Cloud Routers haven't exceeded the quotas for learned routes. To view the number of learned routes for a Cloud Router, view its status.
For information about the quotas, related log messages, and metrics, and how to resolve issues, see the following table.
| Topic | Guidance | 
|---|---|
| About the quotas | See Cloud Router quotas and Learned route example. | 
| Logs | When you exceed either of these quotas, you see an error message in Cloud Logging. For information about how to create an advanced query to view this message, see the related query in the logging documentation for Cloud Router. | 
| Metrics | You can also use the following metrics to understand your current
      quota availability and usage. These metrics are prepended with
       
 These metrics are available through the  | 
| Resolving issues | You can do the following to resolve route quota issues. In situations where the number of routes exceeds the available quota by a large amount, it makes sense to do both: 
 | 
Learned routes (routes from an on-premises network) aren't propagated to other VPC networks
A single Cloud Router can't re-advertise routes learned from one BGP peer to other BGP peers, including to Cloud Routers in other VPC networks.
For example, in the following hub and spoke topology, Cloud Router cannot support route advertisement between multiple VPC networks.
In this case, there isn't an iBGP session between Cloud Routers that share the same VPC network, and Cloud Router only advertises VPC subnets and custom configured routes. Cloud Router doesn't advertise dynamic routes from the VPC network.
To review recommendations for network topologies in Google Cloud, see Best practices and reference architectures for VPC design.
In addition, to build and manage hub and spoke topologies in Google Cloud, you can use Network Connectivity Center.
IPv6 traffic isn't being routed
If you are experiencing difficulty connecting to IPv6 hosts, do the following:
- Verify that IPv4 routes are being correctly advertised. By checking IPv4 traffic first, you can rule out general network issues. If IPv4 routes are not being advertised, perform the general troubleshooting procedures listed in this document. 
- Inspect firewall rules to ensure that you are allowing IPv6 traffic between your VPC network and your on-premises network. 
- Determine whether you have exceeded your available quota for learned routes. If you have exceeded your quota for learned routes, IPv6 prefixes are dropped before IPv4 prefixes. See Check quotas and limits. 
- Verify that all components that require IPv6 configuration have been configured correctly. - The VPC subnet is configured to use the - IPV4_IPV6stack type.
- The VPC subnet has - --ipv6-access-typeset to- INTERNAL.
- The Compute Engine VMs on the subnet are configured with IPv6 addresses. 
- The HA VPN gateway or the VLAN attachment for Dedicated Interconnect is configured to use the - IPV4_IPV6stack type.
- The BGP session is enabled to advertise IPv6 routes and the next-hop is an IPv6 address. - To view Cloud Router status and routes, see View Cloud Router status and routes. 
- To view BGP session configuration, see View BGP session configuration. 
 
 
Cloud Router doesn't return ICMPv6 ping responses
ICMPv6 ping isn't supported for Cloud Router BGP addresses. To test
layer 3 connectivity for Cloud Router BGP addresses, use ICMPv4 ping.
What's next
- For more information about how to use Cloud Logging to monitor Cloud Router, see View logs and metrics. 
- For additional support, see Getting support. 
- For information about BGP session states, see BGP session states. 
- For information about diagnostic messages and session states related to Bidirectional Forwarding Detection (BFD), see BFD diagnostic messages and session states. 
- For issues related to using Cloud Router with Router appliance, see Troubleshooting Router appliance in the Network Connectivity Center documentation.