Troubleshoot BGP routes and route selection

This guide is for troubleshooting issues related to BGP routes, including routeselection, route propagation, and route metrics.

For additional troubleshooting information, see the following:

IPv6 BGP session is established but does not exchange IPv4 routes

  1. Verify that the VLAN attachment or HA VPN gateway has therequired stack type ofIPV4_IPV6. If the stack type is incorrect for the VLANattachment, modify the VLAN attachment. For an HA VPNgateway, recreate the HA VPN gateway and its tunnels.

  2. Ensure that your Cloud Router is configured properly. Run thefollowing command:

    gcloud compute routers describe ROUTER-NAME

    In the output, check the following values:

    • bgpPeers.enableIpv4 istrue
    • bgpPeers.ipv4NexthopAddress andbgpPeers.peerIpv4NexthopAddress arepresent

Some on-premises IPv4 or IPv6 prefixes aren't reachable

If you are experiencing traffic loss, ping errors, or other problems whenattempting to reach on-premises IPv4 or IPv6 destinations that are withinprefixes learned by Cloud Router, there are a variety of possiblecauses.

Check for inactive custom learned routes

If you are unable to reach an on-premises destination using a configured customlearned route, do the following:

  • Check that the route is configured properly on the BGP session.
  • Check that the BGP session is up.
  • Check that the on-premises router is filtering some learned routes.

For more information, seeCheck the status of custom learnedroutes.

Check for filtered learned routes

To see if a route is filtered, run the following command:

gcloudcomputeroutersget-statusROUTER_NAME\--region=REGION

Replace the following:

  • ROUTER_NAME: the name of your Cloud Router.
  • REGION: the region that your Cloud Routeris located in.

The output is similar to the following; look for therouteStatus set toactive:

kind:compute#routerStatusResponseresult:bestRoutesForRouter:-asPaths:-asLists:-65200pathSegmentType:AS_SEQUENCEcreationTimestamp:'2024-03-22T13:57:15.533-07:00'destRange:10.128.0.0/20kind:compute#routenetwork:https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/VPC_NAMEnextHopIp:169.254.73.246nextHopVpnTunnel:https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAMEpriority:100routeStatus:ACTIVErouteType:BGPbgpPeerStatus:-advertisedRoutes:-destRange:10.128.0.0/20kind:compute#routenetwork:https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/aneta-vpcnextHopIp:169.254.73.245nextHopVpnTunnel:https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAMEpriority:100routeType:BGPenableIpv6:falseipAddress:169.254.73.245linkedVpnTunnel:https://www.googleapis.com/compute/v1/projects/PROJECT/regions/REGION/vpnTunnels/VPN_NAMEmd5AuthEnabled:falsename:aneta-bgpnumLearnedRoutes:1peerIpAddress:169.254.73.246state:Establishedstatus:UPuptime:10 hours, 11 minutes, 0 secondsuptimeSeconds:'36660'network:https://www.googleapis.com/compute/v1/projects/PROJECT/global/networks/VPC_NAME

ThebestRoutesForRouter.routeStatus value displaysACTIVE for an activeroute, andDROPPED for a filtered route.

Check quotas and limits

Check that your Cloud Routers haven't exceeded thequotas for learned routes. To view the number oflearned routes for a Cloud Router, view itsstatus.

For information about the quotas, related log messages, and metrics, and how toresolve issues, see the following table.

TopicGuidance
About the quotasSeeCloud Router quotas andLearned route example.
LogsWhen you exceed either of these quotas, you see an error message in Cloud Logging. For information about how to create an advanced query to view this message, see the relatedquery in the logging documentation for Cloud Router.
Metrics

You can also use the following metrics to understand your current quota availability and usage. These metrics are prepended withrouter.googleapis.com/dynamic_routes/learned_routes/:

  • used_unique_destinations

    Number of unique destinations that are in use in this VPC network. If global dynamic routing is enabled, this metric shows both global and regional usage.

  • unique_destinations_limit

    Number of unique destinations that are allowed to advertise in this VPC network. If global dynamic routing is enabled, this metric shows both global and regional quotas.

  • any_dropped_unique_destinations

    Indicates whether this VPC network has any destinations dropped due to exceeding one or both of the route quotas.

These metrics are available through thegce_network_region monitored resource. For more information about Cloud Router metrics and how to view them, see theMetrics section in Viewing logs and metrics.

Resolving issues

You can do the following to resolve route quota issues. In situations where the number of routes exceeds the available quota by a large amount, it makes sense to do both:

  • Configure your on-premises routers to summarize the routes that you export so that those routes advertise fewer destinations (CIDRs).
  • Contact Support. Support can work with you to increase quotas.

Learned routes (routes from an on-premises network) aren't propagated to other VPC networks

A single Cloud Router can't re-advertise routes learned from one BGPpeer to other BGP peers, including to Cloud Routers in otherVPC networks.

For example, in the following hub and spoke topology, Cloud Routercannot support route advertisement between multiple VPC networks.

Cloud Router hub and spoke.
Cloud Router hub and spoke (click to enlarge).

In this case, there isn't an iBGP session between Cloud Routers thatshare the same VPC network, and Cloud Router onlyadvertises VPC subnets and custom configured routes.Cloud Router doesn't advertise dynamic routes from theVPC network.

To review recommendations for network topologies in Google Cloud, seeBest practices and reference architectures for VPCdesign.

In addition, to build and manage hub and spoke topologies in Google Cloud,you can useNetwork Connectivity Center.

IPv6 traffic isn't being routed

If you are experiencing difficulty connecting to IPv6 hosts, do the following:

  1. Verify that IPv4 routes are being correctly advertised. By checking IPv4traffic first, you can rule out general network issues. If IPv4 routes arenot being advertised, perform the general troubleshooting procedures listedin this document.

  2. Inspectfirewall rules to ensure that you areallowing IPv6 traffic between your VPC network and youron-premises network.

  3. Determine whether you have exceeded your available quota for learnedroutes. If you have exceeded your quota for learned routes, IPv6 prefixesare dropped before IPv4 prefixes. SeeCheck quotas and limits.

  4. Verify that all components that require IPv6 configuration have beenconfigured correctly.

    • The VPC subnet is configured to use theIPV4_IPV6 stacktype.

    • The VPC subnet has--ipv6-access-type set toINTERNAL.

    • The Compute Engine VMs on the subnet are configured with IPv6addresses.

    • The HA VPN gateway or the VLAN attachment forDedicated Interconnect is configured to use theIPV4_IPV6 stack type.

    • The BGP session is enabled to advertise IPv6 routes and the next-hop isan IPv6 address.

Cloud Router doesn't return ICMPv6 ping responses

ICMPv6ping isn't supported for Cloud Router BGP addresses. To testlayer 3 connectivity for Cloud Router BGP addresses, use ICMPv4ping.

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-02-19 UTC.