- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
05-09-2019 08:17 AM
Hi All,
I have an issue with maintening a BGP Establish connection. Essentially the setup is the Palo Alto to two peers to allow for resilience if one BGP peer fails. If one peer is established it stays stable. If I enable the path to the second peer and disable the path to the first peer it remains established and stable. When I enable both BGP paths to establish at both peers at the same time they establish without any problems but then eventually randonmly recycle with a routed-bgp-peer-left established error, re-establishing seconds later.
I have adjusted the Multihop, prepend AS and seperated the peers into seperate peer groups but the issue persists.
Any ideas?
Regards
Adrian
I have it set up and when I peer with
05-09-2019 12:13 PM
1. Do the MTU settings on both ends match?
2. Is this iBGP or eBGP (all have same AS or different)?
3. Are these 2 connections on the same or different subnets?
4. Are these direct/p2p connections or routed through another network?
5. Are you using another IGP like OSPF and pointing to Loopback interfaces?
05-10-2019 12:25 AM
Hi Jeremy,
Yes, MTU matches both ends. Individually the sessions stay up, it's only when I have BGP established to the two peers from the Palo Alto. It mainly affects one path with more hops but occassionally the other path drops.
It is an eBGP configuration.
The connections are on a /29 subnet and not different subnets.
They are connected to the router via VRFs, one router is local, the other in another datacentre.
Our routing is entirely eBGP internal and external (2 BGP sessions).
As I said, this works and routes well. It is only when I enable the 2nd peer so we have that BGP resilience that I see this peering drop. Both peering sessions individually are stable if the other is down.
Regards
Adrian
05-16-2019 01:46 PM
I know this is just a shot in the dark, but is ECMP enabled? I don't think this would cause this kind of issue.
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/networking/bgp/configure-bgp#
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!