We have internet link in between site and head office with BGP configuration. VPN tunnel is configured with gr interface.
There is no issue observed for BGP tunnel. Based on below logs and config, please suggest what i need to do to fix the issue.(i.e. to increase/decrease bfd timer, flow control or something else)
Below are the logs observed under "show log messages"
Jun 15 09:17:31 fw-blr01 rpd: bgp_process_idled_flag_change:3404: NOTIFICATION sent to 10.71.17.18 (External AS 65377): code 6 (Cease) subcode 2 (Administratively Shutdown), Reason: Session down till BFD signals otherwise Jun 15 10:15:21 fw-blr01 bfdd: BFDD_TRAP_SHOP_STATE_DOWN: local discriminator: 4, new state: down, interface: gr-0/0/0.20, peer addr: 10.71.17.18
set protocols bgp group VPN-TUNNELBNGLR neighbor 10.71.17.27 bfd-liveness-detection minimum-interval 1000 set protocols bgp group VPN-TUNNELBNGLR neighbor 10.71.17.27 bfd-liveness-detection multiplier 3 set protocols bgp group VPN-TUNNELBNGLR neighbor 10.71.17.27 bfd-liveness-detection holddown-interval 1000
At site location SRX i can see flow control is "enable" but at head office location flow control is disable on WAN interface.
Good day! Can you please check the below and let us know the updates.
1. How frequently does the BGP tunnel flap. Is there a specific time inerval after which it goes down and comes back up? 2. Is the interface added to a trust zone on the SRX device? 3. Do you see any issues on the link between the peers? Any hardware issue? 4. Do you have any hold-times configured on the connecting interfaces? 5. Can you verify the output of the commands.
>> show bgp neighbor <neighbor_id> >> show bgp summary >>show interfaces gre statistics detail
You can check the debug output by enabling traceoptions for BGP and check for the logs at the time of the flap.