Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1360
Views
0
Helpful
2
Replies

multiple BGP path issue on AWS direct connect

satish.txt1
Level 3
Level 3

‎06-22-2018 12:50 PM - edited ‎03-08-2019 03:27 PM

Screen Shot 2018-06-11 at 9.29.17 PM.png

 

This is out current setup and everything working great!!! here, now i want backup link for AWS so i have request for one more secondary link and terminated on Cisco ASA on Port-channel1.8interface.

asa/pri/act# sh run int po1.8
!
interface Port-channel1.8
 description ### AWS-DX-2 ###
 vlan 8
 nameif aws_dx_2
 security-level 0
 ip address 169.254.8.1 255.255.255.248 standby 169.254.8.3

asa/pri/act# sh run int po1.9
!
interface Port-channel1.9
 description ### AWS-DX-1 ###
 vlan 9
 nameif aws_dx
 security-level 0
 ip address 169.254.9.1 255.255.255.248 standby 169.254.9.3

This is my BGP config

router bgp 65501
 bgp log-neighbor-changes
 timers bgp 10 30 0
 address-family ipv4 unicast
  neighbor 169.254.8.2 remote-as 7224
  neighbor 169.254.8.2 password *****
  neighbor 169.254.8.2 activate
  neighbor 169.254.9.2 remote-as 7224
  neighbor 169.254.9.2 password *****
  neighbor 169.254.9.2 activate
  network 10.10.0.0 mask 255.255.0.0
  network 10.20.0.0 mask 255.255.0.0
  network 10.30.0.0 mask 255.255.0.0
  distribute-list ACL-BGP-IN in
  no auto-summary
  no synchronization
 exit-address-family
!

So far so good till here in BGP summery

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
169.254.8.2     4         7224 76      61            15    0    0 00:10:49  4
169.254.9.2     4         7224 286     225           15    0    0 00:41:45  4

Now problem start here, from my LAN i can't ping AWS any instance.

If i go ahead and shutdown one of link then my LAN hosts can ping AWS instance, I am trying to create redendency here and somehow its not working, Did i miss something here?

As soon as i do following it works..

neighbor 169.254.8.2 shutdown

I heard we shouldn't use 169.254/16 in local-link, do you think that could be the issue here?

Labels:
0 Helpful
2 Replies 2

Reza Sharifi
Hall of Fame
Hall of Fame

‎06-22-2018 01:27 PM

I see 4 prefixes over both BGP connections. I have seen this before with 2 DXs or a DX and a VPN with AWS that cause a loop. Open a ticket with AWS and have them flush their tables. Also, Are the layer-2 switches above the firewall stacked? 

HTH

0 Helpful

satish.txt1
Level 3
Level 3
In response to Reza Sharifi

‎07-04-2018 08:11 PM

Thanks Raze,

I have found something interesting, AS_PATH prepending not working one "169.254.8.2" peer but it does working on 169.254.9.2 peer, as soon as i put route-map prepending on "169.254.9.2" peer my failover started working..

Do you think AWS not honor prepending on one of peer?
0 Helpful
Customers Also Viewed These Support Documents