topic Re: BGP establish state flapping. in General Topics

BGP establish state flapping.

inderjit21 — Thu, 09 Feb 2017 00:35:43 GMT

I have couple of bgp established on the firewall. Confiugured new one to AWS ,tunnel comes up but Bgp is flapping.

System logs.

BGP peer session enters established starte,peer ip:169.254.32.1

BGP peer session left established state,peer ip: 169.254.32.1.

Re: BGP establish state flapping.

inderjit21 — Thu, 09 Feb 2017 03:43:18 GMT

My side of tunnel is 169.250.32.2 and aws is 169.250.32.1. tunnel.100 is 169.250.32.2/30. Since aws doesnt add any routes

they want me to send them a default route. my default route is a public ip of the firewall.

In theory i want to adversite to them via bgp - send everything to 169.250.32.1 just across the tunnel and then it can be routed as i have all the routes on the firewall.

Re: BGP establish state flapping.

pulukas — Sun, 12 Feb 2017 14:00:08 GMT

On the peer flapping, in all likelyhood you are losing the IPSEC tunnel causing the flap. So check for the reason that the tunnel is not stable in the logs.

On routing, this requires more thought on the needs. Why do your resources in AWS need a default route?

Are you providing internet access for your AWS resources via your PA firewall?

If not, then you likely do not need a default up this tunnel. Instead just advertise the resources on your network that the AWS resources need to access.

If you do need the default route to AWS, your peer should be eBGP and when it does re-advertise your local default route it would re-write the next hop to be itself, your side of the AWS peering. Thus the traffic would come to your AWS peer from the AWS resources.