BGP establish state flapping.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BGP establish state flapping.

L3 Networker

I have couple of bgp established on the firewall. Confiugured new one to AWS ,tunnel comes up but Bgp is flapping.

System logs.

BGP peer session enters established starte,peer ip:169.254.32.1

BGP peer session left established state,peer ip: 169.254.32.1.

 

 

2 REPLIES 2

L3 Networker

My side of tunnel is 169.250.32.2 and aws is 169.250.32.1. tunnel.100 is 169.250.32.2/30. Since aws doesnt add any routes

they want me to send them a default route. my default route is a public ip of the firewall.

In theory i want to adversite to them via bgp - send everything to 169.250.32.1 just across the tunnel and then it can be routed as i have all the routes on the firewall.

On the peer flapping, in all likelyhood you are losing the IPSEC tunnel causing the flap.  So check for the reason that the tunnel is not stable in the logs.

 

On routing, this requires more thought on the needs.  Why do your resources in AWS need a default route?  

Are you providing internet access for your AWS resources via your PA firewall?

If not, then you likely do not need a default up this tunnel.  Instead just advertise the resources on your network that the AWS resources need to access.

 

If you do need the default route to AWS, your peer should be eBGP and when it does re-advertise your local default route it would re-write the next hop to be itself, your side of the AWS peering.  Thus the traffic would come to your AWS peer from the AWS resources.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 10050 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!