Issues establishing more than 2 BGP sessions
Chris Stein
bksteiny at gmail.com
Sun Nov 12 15:54:20 CET 2017
Thanks for the suggestion, Vincent. I am using VTI interfaces for this,
similar to what’s documented on the strongswan page.
After reading your blog, I gave each tunnel a different mark value, which
seemed to do the trick. I’m going to monitor the status of this throughout
the day, but after making that change, all of my tunnels have been able to
establish a BGP session.
Thanks again for the help. Nice blog post, by the way.
On Sun, Nov 12, 2017 at 03:52 Vincent Bernat <bernat at luffy.cx> wrote:
> ❦ 11 novembre 2017 23:44 -0600, Chris Stein <bksteiny at gmail.com> :
>
> > Individually, bird is able to establish a session on both tunnels at
> every
> > remote VPC, so I know that works. Occasionally, I have noticed that
> > established connections will disconnect with a “Hold timer expired”.
> > There’s something I’m missing/overlooking in the config to allow all
> > sessions to be active.
>
> I think BIRD is receiving a remote route that would replace the route
> used to reach the neighbor. Are you using route-based tunnels (with VTI
> interfaces)? If yes, "ip route show" output would help to
> understand. Otherwise, "ip xfrm policy" would help.
>
> If you want a working setup similar to yours (a tad more complex since
> it involves multiple routing tables), here is one:
>
> https://vincent.bernat.im/en/blog/2017-route-based-vpn
> --
> Use self-identifying input. Allow defaults. Echo both on output.
> - The Elements of Programming Style (Kernighan & Plauger)
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20171112/bda7c3d7/attachment.html>
More information about the Bird-users
mailing list