02-08-2024 01:30 PM
Hi guys, I have this issue for a long time now. We have two pair of FTDs in HA in two different DCs. We have VTIs setup in both HA pairs going to each remote site. This case have been with Cisco TAC for a long time and we still not get to the real problem. What could cause all BGP neightbors to reset at the same time. I'm thinking a hardware problem or BGP table just flaps randomly. I'm happy to share any outputs or config. Also two of the VTIs are going to Azure.
02-09-2024 08:10 AM
To say something we at least need topology diagram, configuration fragment with BGP and tunnel interfaces in place (replace all public IPs there with something like 192.0.2.x or x.1.2.3) and syslog from the time of the flap to understand whether BGP flaps on its own or IPSec tunnel flap brings down BGP.
02-10-2024 03:37 PM
We would need more information on how your VTI and BGP is setup, and preferably provide the configuration for review.
The times when I have seen similar issues is when BGP is advertising the public interface IP to the remote side over the VTI tunnel. So, be sure that you are filtering out the public IP from being advertised via BGP.
02-11-2024 02:44 AM
The VTI tunnel is down when and only when the tunnel source is down and/or tunnel destination is not reachable.
Your case maybe related to routing issue' that the tunnel destination reachable via tunnel itself (via bgp)
So check prefix learn from bgp and tunnel destination' there is overlapping in supernet ?
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide