BGP Flapping

mansart · ‎07-29-2016

Hello,

I have not configuration problem, i have just a BGP question.

We have several sites interconnected with VPN IPSEC. We used eBGP for routing between all these sites.

Last week, we experience a VPN flapping due to DPD dysfunction (during 10 hours) on a site(site A).

I disabled DPD for recovering VPN stability. The BGP peering with this site has been reestablished.

Althought BGP peering was OK, and site A prefix was learned on all sites, the others sites doesn’t announced theirs prefix to site A. I have to wait 3 or 5 hours before the others sites reannouce their prefix.

I think it’s a BGP protection against flapping route but dampening is disabled on all my Fortigate.

The workaround is to configure a temporary static route until learning the prefix.

Have you got an idea on how to force the fortigate to annonce their prefix even after long period of flapping.

Thanks in advance.

Mike

mansart · ‎01-04-2017

Hi,

No one has an idea about this issue?

Thanks,

Mike

Jzhang_FTNT · ‎01-25-2017

No other mechanism except damping to suppress bgp advertisement. How did you advertise the route to its peer? by network? or by redistribute? might be the route is not active locally cause not advertise.

emnoc · ‎01-26-2017

Q: what cause it to re-announce the prefix after 3/5 hours?

Q: do you have topology map of the bgp eBGP peers

Q: is the prefix carried over IPSEC ? if yes, if you reset and clear the vpn tunnels does it NOT resend the BGP prefix?

Q: if you execute a router flush for BGP does it NOT resend the prefix ?

PCNSE

NSE

StrongSwan