08-23-2013 03:20 AM - edited 03-04-2019 08:51 PM
I have the following connectivity:
CE - CIG IPSEC tunnel which is up and i can hop across from Cig to CE.
BGP neighbor relationship betwenn CE and CIG resets every 3 minutes. I have tried bouncing the tunnel and clearing down to the crypto etc but nothing works. Get the following in the logs:
Help please???
08-23-2013 04:22 AM
I could possibly be going down the wrong path here, but I see a lot of ZBFW logs. Does the address 199.189.112.134 correlate to the other side in any way?
HTH,
John
*** Please rate all useful posts ***
08-23-2013 06:03 AM - edited 03-17-2024 02:16 AM
Hello,
Is it possible you haven't allowed bgp updates to flow or be initiated both ways, as by default the ZBFW inspect command is performing stateful inspection and maintains a state table, whereas ZBFW Pass command is classful - meaning it doesn't keep state table and is unidirectional.
Additionally make sure you are not advertising the src/dest of the tunnel over the ipsec tunnel itself, or the bgp peer address via the transit network of the ispec tunnel
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
08-24-2013 01:02 PM
Hi,
Pls allow tcp 179 port in the fw & check once
Br/Subhojit
08-24-2013 07:45 PM
Hello Mark,
BGP session flapping every 3 minutes is usually associated with a MTU issue along the path between the CE & the CIG devices. To resolve this issue quickly I would propose the below action plan.
Action Plan:-
=============
Remove path mtu discovery under BGP on both CE & CIG devices.
***********Plz do rate this post if you found it helpful*************************
Thanks & Regards,
Vignesh R P
08-24-2013 07:49 PM
Hello Mark,
"no bgp transport path-mtu-discovery" is the command to disable PMTU Discovery under the #router bgp
***********Plz do rate this post if you found it helpful*************************
Thanks & Regards,
Vignesh R P
10-12-2023 08:12 PM
As mentioned by @jvig , its interface MTU for me as well. eBGP was setup on sub-interface of Bundle-Ether (ex: BE333.999). MTU of Bundle-Ether(BE333) was 9216 and the sub-interface of Bundle-Ether (BE333.999)was 9220. The eBGP worked immediately after I changed the Bundle-Ether sub-interface(BE333.999) to 9216 (matching main interface).
Thanks everyone.
03-15-2024 11:22 AM
Recently we experienced same issue where P2P IP connectivity was not stable (dropping ping in between) and BGP dropping every 3 minutes.
We found the subnet mask was configured wrong on CE router with /28 instead of /30. after fixing it, ping and BGP was stable.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: