Re: BGP Flapping between CSR & Juniper SRX

thetrainerx · ‎11-17-2017

Hello everyone,

Looking for some help with this odd issue. At our datacenter we are running a Juniper SRX and we are running 2xCisco CSR's running IOS-XE code. We have ipsec tunnels running from the srx to each of the csr's.

On csr1, bgp over the ipsec tunnel is up and running fine.

On csr2, the bgp session keeps flapping with Hold Time expired messages. The bgp configuration on both csrs is exactly the same. The session establishes and then just never receives a keepalive to keep the session alive.

The ipsec does not drop when the bgp session flaps. Also when the bgp session flaps I can still telnet to port 179 on the remote router.

Any idea what could be causing this?

thetrainerx · ‎11-17-2017

Some more info:

Seems like the srx is not sending any additional keepalive packets after the initial 2 keepalives when the session first gets established thus the hold timer expires and the session goes down.

Any thoughts as to why the srx would stop sending keepalives?

Harold Ritter · ‎11-17-2017

This is most probably an MTU issue. Please refer to the following document.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116377-troubleshoot-bgp-mtu.html

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Izac ICT · ‎08-09-2022

Hello @thetrainerx

I know this post is old but I'm also trying to configure VPN between Juniper and Cisco with BGP. Could you please share example config for Juniper VPN with BGP.

Thank you.

Isac