This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

BGP failover not working as expected

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

BGP failover not working as expected

MayurLaddha4545
L1 Bithead

‎12-10-2023 09:56 PM

Hi

 

Our PA 220 is running 2 eBGP's  with 2 CE (WAN) routers.

Those 2 CE routers will run eBGP with respective ISP's. 

 

We control the routing through Local preference. 

 

Routes learned via primary CE 1 has LP of 500

Routes learned via secondary CE 2 has LP of 250

 

What happened was BGP went down between CE 1 and ISP.

BGP didn't go down between CE 1 and our PA 220.

As a result PA 220 was still sending traffic to CE1 

Ideally the routes coming in from CE1 should have disappeared and routes coming from CE2 in local RIB table with LP 250 should have been preferred but that didn't work.

 

When I exported the logs at the duration of outage when BGP was down for almost 35 mins, traffic was always taking CE1 path.

 

Anyone experienced this and can share some insights to fix this, thanks 

0 Likes Likes
5 REPLIES 5

rmfalconer
L5 Sessionator

‎12-11-2023 10:45 AM

Why do you need to include the PAs in BGP? If the routers are handling BGP, just point a default on the PAs toward a VRRP address on the routers and let them handle BGP.

When the ISP was down on CE1, what did it's routing table have in it?  You'll probably need to do a controlled outage to work through why it wasn't working.

0 Likes Likes

MayurLaddha4545
L1 Bithead
In response to rmfalconer

‎12-11-2023 02:42 PM

We don't use static routing in our network so this solution does not suits us. thanks

0 Likes Likes

rmfalconer
L5 Sessionator
In response to MayurLaddha4545

‎12-11-2023 02:51 PM

To get any more info, you'll likely need to bring down one of the ISPs to see what the routing tables look like on each router and why traffic still goes through CE1.

Do you have ibgp between the CE routers? 

What routes do you take from each ISP? 

0 Likes Likes

MayurLaddha4545
L1 Bithead
In response to rmfalconer

‎12-11-2023 02:55 PM

We are looking at that solution to build iBGP but even with this design failover should have worked.

As both CE 1 and 2 advertise default routes and some specific network routes to us.

We manipulate them via Local Preference as mentioned in original post. 

0 Likes Likes

rmfalconer
L5 Sessionator
In response to MayurLaddha4545

‎12-11-2023 05:09 PM

Do you see the expected entries in the routing table on the PA?

0 Likes Likes
  • 672 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks