Skip to main content
nsantin
nsantin
New Member
December 18, 2016
Question

Lost access over BGP when upgrading from 5.2.3 -> 5.2.10

  • December 18, 2016
  • 1 reply
  • 5377 views

Hi, 

We tried to upgrade a cluster of FGT100D's from 5.2.3 to 5.2.10 (by going .5,.7,.9 then .10)

Everything went well, minus the fact I lost all inbound traffic over BGP. Both of my neighbours were up and established and everything looked fine when I ran diag commands (I didn't have time to packet trace due to prod down).

When I downgraded back to 5.2.3 everything came back alive. I didn't try any version in between, rather stick with the devil I know until I sort this out.

 

So wondering if there have been significant changes to BGP or routing between these versions. I suspect it may be an access list, or my use of a Loopback interface. Here is my relevant config, any input would be really appreciated!

 

I did read about changes to using ge and le in access lists in 5.2.4 but that doesn't seem to be my issue, but it has be thinking I have a problem with my access lists

 

 

config router bgp

     set as 12345      set router-id 1.1.1.1      set log-neighbour-changes enable      config neighbor           edit "ISP1"                set distribute-list-out "BGP-Out"                set remote-as 22222                set send-community6 disable                set keep-alive-timer 20                set holdtime-timer 60                set weight 300                set password ENC <XXX>           next           edit "ISP2"                set capability-graceful-restart enable                set distribute-list-out "BGP-Out"                set prefix-list-in "PREFIX-ISP2"                set remote-as 33333                set send-community6 disable                set keep-alive-timer 20                set holdtime-timer 60                set weight 300           next      end      config network           edit 1                set prefix 1.1.1.0 255.255.255.0           next      end end config router access-list      edit "BGP-Out"           config rule                edit 1                     set prefix 1.1.1.0 255.255.255.0                     set exact-match enable                next                edit 2                     set action deny                     set exact-match disable                next           end      next end

config router prefix-list      edit "PREFIX-ISP2"           config rule                edit 1                     set prefix 0.0.0.0 0.0.0.0                     unset ge                     unset le                next                edit 2                     set action deny                     set prefix any                     unset ge                     unset le                next      end next end

config system interface      edit "BGP-Loop"           set vdom "root"           set ip 1.1.1.1 255.255.255.0           set allowaccess ping           set type loopback           set snmp-index 8      next end

 

1 reply

Rafael_Rosseto
Rafael_Rosseto
New Member
December 27, 2016

Hello,

 

I'm having the same, but after upgrade 5.2.3 to 5.4.3.

 

I can see a lot of routes in my routing table, but looks like my route is not being propagated.

 

When I got back to 5.2.3 everthing works fine again. Looks like something at version 5.4.3.

MikePruett
MikePruett
New Member
December 28, 2016

You should step the firmware up one version at a time (5.2.3 to 5.2.5) and see how it does....test things out......then do the same thing again a few days later. Rinse and repeat until you find the version that proves to be the culprit.

Rafael_Rosseto
Rafael_Rosseto
New Member
December 28, 2016

Actually we found a route map out, was causing the issue, so we take out and everthing is ok now.

 

Something about 5.4 version, because I tried to downgrade 5.4.2 and still the same. Now running in version 5.4.3.

Terms & ConditionsAccessibility statement