- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-08-2017 04:35 PM
I have couple of bgp established on the firewall. Confiugured new one to AWS ,tunnel comes up but Bgp is flapping.
System logs.
BGP peer session enters established starte,peer ip:169.254.32.1
BGP peer session left established state,peer ip: 169.254.32.1.
02-08-2017 07:43 PM
My side of tunnel is 169.250.32.2 and aws is 169.250.32.1. tunnel.100 is 169.250.32.2/30. Since aws doesnt add any routes
they want me to send them a default route. my default route is a public ip of the firewall.
In theory i want to adversite to them via bgp - send everything to 169.250.32.1 just across the tunnel and then it can be routed as i have all the routes on the firewall.
02-12-2017 06:00 AM
On the peer flapping, in all likelyhood you are losing the IPSEC tunnel causing the flap. So check for the reason that the tunnel is not stable in the logs.
On routing, this requires more thought on the needs. Why do your resources in AWS need a default route?
Are you providing internet access for your AWS resources via your PA firewall?
If not, then you likely do not need a default up this tunnel. Instead just advertise the resources on your network that the AWS resources need to access.
If you do need the default route to AWS, your peer should be eBGP and when it does re-advertise your local default route it would re-write the next hop to be itself, your side of the AWS peering. Thus the traffic would come to your AWS peer from the AWS resources.
 
					
				
				
			
		
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!

