Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dragnipur
New Contributor

BGP instability on IPSEC tunnel

Hello,

we are running a SDWAN infrastructure with one Hub and several spoke. All sites are equipped with 60E clusters running 6.2.3.

On one of my spoke I have a strange behavior.

each 3 min I have this error in router events logs:

BGP: %BGP-5-ADJCHANGE: neighbor 192.168.88.254 Down BGP Notification FSM-ERR

followed by

BGP: %BGP-5-ADJCHANGE: neighbor 192.168.88.254 Up

The problem is that during this event all connexions from spoke to hub are shut during roughly 30 sec

 

any idea ?

 

6 REPLIES 6
emnoc
Esteemed Contributor III

Fix the issue that's breaking the ipsec-tunnel connection or adjust the timers, but 30sec is normal for a new BGP new open to come around.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Dragnipur

I found the solution. The tunnel was totaly fine. With a static route I had no connectivity loss.

The solution was to remove some routes announced from the hub site, which seemed to mess with bgp neighbor association...

emnoc
Esteemed Contributor III

TIP: Do you have any max-prefixes received settings, that would always reset the BGP connections.

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
staniel87

Dragnipur wrote:

I found the solution. The tunnel was totaly fine. With a static route I had no connectivity loss.

The solution was to remove some routes announced from the hub site, which seemed to mess with bgp neighbor association...

Hi, can you elaborate and provide little more details on how you manage to solve this issue. We are experiencing similar problem but cant figure it out.

 

Thanks.

acsmith

I'm having this same problem. anyone have additional information? 

Toshi_Esumi
Esteemed Contributor III

That could happen when some MTU issues exist over the tunnel and BGP table advertised by the hub is larger than the size that can pass through.

Labels
Top Kudoed Authors