BGP Peering Issue

Created: May 21, 2019 14:18:05Latest reply: May 24, 2019 08:36:21 641 12 0 0
  Rewarded Hi-coins: 0 (problem resolved)

Hi All,


Any help on this issue would be appreciated.


Trying to BGP Huawei Router pair to a Palo Alto Firewall Pair. One Router/Firewall is located in one data centre, the other in another data centre. They are linked by a layer eVPN tunnel.


BGP on Firewall is configured and establishes to the local router in the same data centre for both instances. I need to establish BGP connectivity from the firewall to the router in the other data centre. When I enable the path, BGP flaps on that path forcing BGP to reconnect practically every minute or less. One firewall of the pair is active and needs to pair to the two routers. The routers peer to the single firewall address. If the solution fails over to the other data centre, the same should occur to the opposite firewall. The passive firewall interfaces remain down when in passive state.


Checking the router BGP logs I get the following:

Date/Time : 2019-05-21 05:21+00:00
State : Down
Error Code : 4(Hold Timer Expired)
Error Subcode : 0(UnSpecific)
Notification : Send Notification

I have checked the BGP configuration - all okay. I have checked the MTU settings on the firewall interface and the BGP Peer router interface and both are set to 1500 bytes. The route between them is layer 2 so i believe this shouldn't impact anything.


BFD has been disabled on the firewall.


Any suggestions to resolving this?


As said, any help is appreciated.


Regards


Adrian

  • x
  • convention:

All Answers
chenhui
chenhui Admin Created May 23, 2019 11:11:47 Helpful(0) Helpful(0)

@southside hi!

I think you can check the source IP address which are used when establishing the EBGP peer.

If the route to this source IP address is learned from the other low priority route protocol, when these routes learned from the new higher priority route protocol, the previous route will be deleted from the routing-table and then the EBGP peer will go down because the routes are gone.
  • x
  • convention:

southside
southside Created May 24, 2019 08:29:02 Helpful(0) Helpful(0)

Hi All,

Thanks for the help. I resolved the issue after a lot of investigation and trial & error. Everything was correct on configuration as I expected, the issue was with the layer 2 EVPN link. Although some traffic using the link was okay such as the firewall HA links, the BGP across this link was causing major issues. I decided to create a new link and added the first BGP peering session across the link and it remained stable for hours. I added the second BGP peering session across the new link and it started flapping immediately, each is within it's own vlan and this is strecthed across the EVPN to the other site.

The solution is to have an EVPN link per vlan. Having done this, the BGP remains stable as expected.

Regards

Adrian
  • x
  • convention:

chenhui
chenhui Admin Created May 24, 2019 08:36:21 Helpful(0) Helpful(0)

Posted by southside at 2019-05-24 08:29 Hi All,Thanks for the help. I resolved the issue after a lot of investigation and trial & error. Eve ...
maybe you can write out the troubleshooting process and share it with us if you'd like to.BGP Peering Issue-2945625-1
  • x
  • convention:

12
Back to list

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login