Hello community,
A few weeks ago we migrated the AWS vpn from static to BGP, and since then we have noticed that there are several Hold Timer Expired messages received “IP AWS”. I have checked physical cables, and connectivity and there are no problems. The problem is also not due to saturation because it occurs at night when there is no staff working.
What else could it be, or if anyone else has had this happen.
Solved! Go to Solution.
Hello, thank you for your comments.I found my error and it was because an asymmetric on BGP AS.
I had the same AS in 2 places.
Hello,
I would recommend to check whether there were HA fail-overs / IPsec tunnel went down around the same time (if applicable).
If you're experiencing Hold Timer Expired messages after migrating to BGP for AWS VPN, and physical connectivity seems fine with no saturation issues, it's worth investigating further. Check for any misconfigurations in BGP settings, such as mismatched timers or router IDs. Also, ensure that AWS VPN configurations align with your BGP setup. It's possible there could be issues with AWS infrastructure or routing policies causing the flapping. Consider reaching out to AWS support or consulting with networking experts for further assistance...
FWIW, I've seen this exact same issue last night and the night before to two separate AWS regions. Each time, both BGP sessions of an HA tunnel dropped for over a minute. There's no record of any AWS maintenance occurring during either event, but this is fairly suspicious.
Hello, thank you for your comments.I found my error and it was because an asymmetric on BGP AS.
I had the same AS in 2 places.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.