Hello,
we are running a SDWAN infrastructure with one Hub and several spoke. All sites are equipped with 60E clusters running 6.2.3.
On one of my spoke I have a strange behavior.
each 3 min I have this error in router events logs:
BGP: %BGP-5-ADJCHANGE: neighbor 192.168.88.254 Down BGP Notification FSM-ERR
followed by
BGP: %BGP-5-ADJCHANGE: neighbor 192.168.88.254 Up
The problem is that during this event all connexions from spoke to hub are shut during roughly 30 sec
any idea ?
Fix the issue that's breaking the ipsec-tunnel connection or adjust the timers, but 30sec is normal for a new BGP new open to come around.
Ken Felix
PCNSE
NSE
StrongSwan
I found the solution. The tunnel was totaly fine. With a static route I had no connectivity loss.
The solution was to remove some routes announced from the hub site, which seemed to mess with bgp neighbor association...
TIP: Do you have any max-prefixes received settings, that would always reset the BGP connections.
Ken Felix
PCNSE
NSE
StrongSwan
Dragnipur wrote:I found the solution. The tunnel was totaly fine. With a static route I had no connectivity loss.
The solution was to remove some routes announced from the hub site, which seemed to mess with bgp neighbor association...
Hi, can you elaborate and provide little more details on how you manage to solve this issue. We are experiencing similar problem but cant figure it out.
Thanks.
I'm having this same problem. anyone have additional information?
That could happen when some MTU issues exist over the tunnel and BGP table advertised by the hub is larger than the size that can pass through.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.