Troubleshooting BGP peering on Azure ExpressRoute

kaickaic 0 Reputation points

I have set up an ExpressRoute connection with private peering on Azure. Despite enabling and provisioning peering, BGP between the on-prem CE router and the Azure ASN 12076 is down. However, I am able to ping between the CE and PE IP address, and ARP can see the CE MAC address. Do I need to create a gateway or take any other steps to establish BGP peering?

Azure ExpressRoute
Azure ExpressRoute
An Azure service that provides private connections between Azure datacenters and infrastructure, either on premises or in a colocation environment.
271 questions
{count} votes

1 answer

Sort by: Most helpful
  1. GitaraniSharma-MSFT 42,636 Reputation points Microsoft Employee

    Hello @kaickaic ,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I'll repost your solution in case you'd like to "Accept" the answer.


    I understand that you've set up an Azure ExpressRoute connection with private peering and even after enabling and provisioning the peering, BGP between the on-prem CE router and the Azure ASN 12076 is down.

    What we tried:

    I requested you to validate your configuration as mentioned in the below Azure ExpressRoute troubleshooting doc,

    If the state of an eBGP peering between an MSEE and a CE/PE-MSEE is Active or Idle, check if the assigned primary and secondary peer subnets match the configuration on the linked CE/PE-MSEE. Also check if the correct VlanId, AzureASN, and PeerASN values are used on MSEEs, and if these values map to the ones used on the linked CE/PE-MSEE. If MD5 hashing is chosen, the shared key should be the same on MSEE and CE/PE-MSEE pairs. If you need to change any of these configurations on an MSEE router, see Create and modify routing for an ExpressRoute circuit.


    You validated the configuration and confirmed that all is correct.

    On the Cisco router, we checked the result of show ip bgp summary and it was showing BGP state as Idle, and up/down=never.

    I advised you to validate the below configurations again:

    Could you please check the below details:

    BFP (Bidirectional Forwarding Detection) configuration:

    Cisco interface configuration to use eBGP and advertise routes to Microsoft:

    If shared key/MD5 hashing configured, the shared key should be the same on MSEE and CE/PE-MSEE pairs.

    NOTE: The limit is a maximum of 25 alphanumeric characters. Special characters aren't supported.


    I've also seen instances where customer configured BGP with the same ASN in local and remote BGP peers. From the customer configuration, the remote peer ASN must be Azure's 12076 ASN. Requested you to validate the ASN configuration again.

    You came back with an update saying that you teared down the existing ExpressRoute setup and rebuilt them in a new Virtual WAN environment, using the same transit IP and it connected right away.


    Rebuilding the ExpressRoute setup within Virtual WAN with the same transit IP and configurations fixed the issue. The ExpressRoute BGP is now UP and connected.

    If you have any other questions or are still running into more issues, please let me know.

    Thank you again for your time and patience throughout this issue.

    Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.

    0 comments No comments