multiple BGP path issue on AWS direct connect

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2018 12:50 PM - edited 03-08-2019 03:27 PM
This is out current setup and everything working great!!! here, now i want backup link for AWS so i have request for one more secondary link and terminated on Cisco ASA
on Port-channel1.8
interface.
asa/pri/act# sh run int po1.8
!
interface Port-channel1.8
description ### AWS-DX-2 ###
vlan 8
nameif aws_dx_2
security-level 0
ip address 169.254.8.1 255.255.255.248 standby 169.254.8.3
asa/pri/act# sh run int po1.9
!
interface Port-channel1.9
description ### AWS-DX-1 ###
vlan 9
nameif aws_dx
security-level 0
ip address 169.254.9.1 255.255.255.248 standby 169.254.9.3
This is my BGP config
router bgp 65501
bgp log-neighbor-changes
timers bgp 10 30 0
address-family ipv4 unicast
neighbor 169.254.8.2 remote-as 7224
neighbor 169.254.8.2 password *****
neighbor 169.254.8.2 activate
neighbor 169.254.9.2 remote-as 7224
neighbor 169.254.9.2 password *****
neighbor 169.254.9.2 activate
network 10.10.0.0 mask 255.255.0.0
network 10.20.0.0 mask 255.255.0.0
network 10.30.0.0 mask 255.255.0.0
distribute-list ACL-BGP-IN in
no auto-summary
no synchronization
exit-address-family
!
So far so good till here in BGP summery
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.8.2 4 7224 76 61 15 0 0 00:10:49 4
169.254.9.2 4 7224 286 225 15 0 0 00:41:45 4
Now problem start here, from my LAN i can't ping AWS any instance.
If i go ahead and shutdown one of link then my LAN hosts can ping AWS instance, I am trying to create redendency here and somehow its not working, Did i miss something here?
As soon as i do following it works..
neighbor 169.254.8.2 shutdown
I heard we shouldn't use 169.254/16
in local-link, do you think that could be the issue here?
- Labels:
-
Other Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-22-2018 01:27 PM
I see 4 prefixes over both BGP connections. I have seen this before with 2 DXs or a DX and a VPN with AWS that cause a loop. Open a ticket with AWS and have them flush their tables. Also, Are the layer-2 switches above the firewall stacked?
HTH
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-04-2018 08:11 PM
I have found something interesting, AS_PATH prepending not working one "169.254.8.2" peer but it does working on 169.254.9.2 peer, as soon as i put route-map prepending on "169.254.9.2" peer my failover started working..
Do you think AWS not honor prepending on one of peer?
