BGP Peering Issue

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BGP Peering Issue

L1 Bithead

I have a PA connected to my upstream provider exactly how it is with the same provider at two other locations, but I cannot for the life of me get BGP to establish. I've got a case open, but they're being hilarious slow and only responding with canned redundant questions and management is getting impatient.

 

Is there a way to turn on debugging with these to tell me what the hell is going on? I'm using eBGP, no multi-hop (direct connection), Peer is configured correctly, verified matched ASN's with my provider. I see packets coming and going on 179 between me and my PER, but thats all I see, there is nothing in the System, Configuration or Traffic Logs. 

6 REPLIES 6

Cyber Elite
Cyber Elite

For testing, create a policy that looks for all BGP traffic in the zone you have BGP configured (I'm assuming untrust). This should capture all the traffic for BGP and hopefully get you the answers.

 

Also check your runtime stast for the virtual router, Network->Virtual Router->More Runtime Stats (its a column, dont open the virtual router).

 

Hope this helps.

I've got a profile for it already, and I'm seeing two way traffic on destination port 179, PCAP's aren't matching though for whatever reason. 

 

The Runtime Stats are showing me slowly incrementing "Status Flap Counts", but I'm not seeing any incoming or outgoing messages.

 

Security on this is pretty basic. The BGP peer is on my "MPLS" zone which is wide open to my trusted zones with no NATs. 

Since you have double checked your settings.  I would get the provider on the phone and demand an engineer to work with you. I've been given th erun around with ISP's too many times and have been provided too much incorrect info to not be hesitant about calling them and working directly with an engineer.

The engineer for my provider has been more helpful than PA has at this point.

 

I should mention, this was a working BGP relationship before we cut it over from a Cisco ISR to a PA-500. All settings have been verified while I was on the phone with them, there is no authentication. 

Then I would hammer PAN support and make them give you an engineer to work with. Call you sales or sales engineer if support is not cooperating. If you ask me, its a critical issues since its a network down status.

L3 Networker

What version of code are you running?

I had some odd issues with BGP where the GUI looked like it was configured correctly but there were several lines missing when I examined the CLI. 

The problems I had were a little different than you have described but it might be worth looking at.

  • 8188 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!