- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Lost access over BGP when upgrading from 5.2.3 -> 5.2.10
Hi,
We tried to upgrade a cluster of FGT100D's from 5.2.3 to 5.2.10 (by going .5,.7,.9 then .10)
Everything went well, minus the fact I lost all inbound traffic over BGP. Both of my neighbours were up and established and everything looked fine when I ran diag commands (I didn't have time to packet trace due to prod down).
When I downgraded back to 5.2.3 everything came back alive. I didn't try any version in between, rather stick with the devil I know until I sort this out.
So wondering if there have been significant changes to BGP or routing between these versions. I suspect it may be an access list, or my use of a Loopback interface. Here is my relevant config, any input would be really appreciated!
I did read about changes to using ge and le in access lists in 5.2.4 but that doesn't seem to be my issue, but it has be thinking I have a problem with my access lists
config router bgp
set as 12345 set router-id 1.1.1.1 set log-neighbour-changes enable config neighbor edit "ISP1" set distribute-list-out "BGP-Out" set remote-as 22222 set send-community6 disable set keep-alive-timer 20 set holdtime-timer 60 set weight 300 set password ENC <XXX> next edit "ISP2" set capability-graceful-restart enable set distribute-list-out "BGP-Out" set prefix-list-in "PREFIX-ISP2" set remote-as 33333 set send-community6 disable set keep-alive-timer 20 set holdtime-timer 60 set weight 300 next end config network edit 1 set prefix 1.1.1.0 255.255.255.0 next end end config router access-list edit "BGP-Out" config rule edit 1 set prefix 1.1.1.0 255.255.255.0 set exact-match enable next edit 2 set action deny set exact-match disable next end next end
config router prefix-list edit "PREFIX-ISP2" config rule edit 1 set prefix 0.0.0.0 0.0.0.0 unset ge unset le next edit 2 set action deny set prefix any unset ge unset le next end next end
config system interface edit "BGP-Loop" set vdom "root" set ip 1.1.1.1 255.255.255.0 set allowaccess ping set type loopback set snmp-index 8 next end
- Labels:
-
5.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
I'm having the same, but after upgrade 5.2.3 to 5.4.3.
I can see a lot of routes in my routing table, but looks like my route is not being propagated.
When I got back to 5.2.3 everthing works fine again. Looks like something at version 5.4.3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You should step the firmware up one version at a time (5.2.3 to 5.2.5) and see how it does....test things out......then do the same thing again a few days later. Rinse and repeat until you find the version that proves to be the culprit.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually we found a route map out, was causing the issue, so we take out and everthing is ok now.
Something about 5.4 version, because I tried to downgrade 5.4.2 and still the same. Now running in version 5.4.3.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually we found a route map out, was causing the issue, so we take out and everthing is ok now.
Something about 5.4 version, because I tried to downgrade 5.4.2 and still the same. Now running in version 5.4.3.