This message was posted by a user wishing to remain anonymous
Good morning, I have a bit of a doozy.
I am trying to establish a route-based VPN connection between an SRX 300 and an SRX 345. They're configured almost identically, and the IPSec VPN link works great with static routing. When I switch to external BGP, I get almost no traffic, and BGP resets every 90 seconds when the hold timer runs out.
The BGP trace log indicates keepalive messages are being sent properly, but most do no arrive to either side, which is why the hold timer is expiring.
I've tried setting MSS and MTU values with no effect. I have found some error messages in the log that I am having trouble deciphering. These errors are identical on both sides. I feel like I'm missing something pretty basic. Could someone point me in the right direction?
Error 1:
Sep 21 08:55:20.073832 bgp_rt_send_message:1826: 10.199.64.5 (External AS 1): sent 61 bytes, out updates 1
Sep 21 08:55:20.073867 bgp_output_thrashold_reached: 10.199.64.5 (External AS 1): rtt 0x40c8000 id 0x1000000, change count 0, bgp thrashold 5000
Sep 21 08:55:20.073903 bgp_rt_send_v4_flush:2219: 10.199.64.5 (External AS 1): Flushed, len=0, status=0x0, updates 166, updates_bnp 166, tokens=0
Sep 21 08:55:20.073932 bgp_send_flush:1178: send proc: Flushed, type=1, status=0x0
Sep 21 08:55:20.073961 bgp_group_send_msg_done:2635: group external-peers type External: Reset/released group send msg bld area
Sep 21 08:55:20.073988 bgp_send_handle_error:1523: group external-peers type External: Flush type=GROUPP, status=0x0, num_tokens=0
Sep 21 08:55:20.074014 bgp_send_handle_error:1627: group external-peers type External: Flush type=GROUPP, status=0x0, Return status=0x20, num_tokens=0 - exit
Sep 21 08:55:20.074049 bgp_rt_send_common: 2970: send proc: Exited mrtop loop - flushed status=0x20
Sep 21 08:55:20.074075 rt send common: END, status=0x20, visits=1, grtosdenied=0
Sep 21 08:55:20.074098 bgp_group_send_msg_done:2635: group external-peers type External: Reset/released group send msg bld area
Error 2 (keepalive behavior, follwed by error and reset:
Sep 21 08:55:20.279700 bgp_handle_update:4766: 10.199.64.5 (External AS 1) received one update: 68 octets 10 routes
Sep 21 08:55:20.279820 bgp_handle_update:4766: 10.199.64.5 (External AS 1) received one update: 4 octets 0 routes
Sep 21 08:55:45.283039 99-220-BGP_1.10.199.64.5: BGP SEND 10.199.64.6+179 -> 10.199.64.5+50986 {bgp-io}
Sep 21 08:55:45.283138 99-220-BGP_1.10.199.64.5: BGP SEND message type 4 (Keepalive) length 19 {bgp-io}
Sep 21 08:56:11.307068 99-220-BGP_1.10.199.64.5: BGP SEND 10.199.64.6+179 -> 10.199.64.5+50986 {bgp-io}
Sep 21 08:56:11.307166 99-220-BGP_1.10.199.64.5: BGP SEND message type 4 (Keepalive) length 19 {bgp-io}
Sep 21 08:56:41.006884 99-220-BGP_1.10.199.64.5: BGP SEND 10.199.64.6+179 -> 10.199.64.5+50986 {bgp-io}
Sep 21 08:56:41.006982 99-220-BGP_1.10.199.64.5: BGP SEND message type 4 (Keepalive) length 19 {bgp-io}
Sep 21 08:56:50.277401 {bgp-io} th-99-220-BGP_1.10.199.64.5: Recv heartbeat timer expired @bgp-io
Sep 21 08:56:50.277718 BGP_IO_ERROR_CLOSE_SESSION: BGP peer 10.199.64.5 (External AS 1): Error event Operation timed out(60) for I/O session - closing it (instance master)
Sep 21 08:56:50.278189 BGP_1.10.199.64.5: send proc: send via threaded I/O
Sep 21 08:56:50.278208 sending 21 bytes
Sep 21 08:56:50.278239
Sep 21 08:56:50.278239 BGP SEND 10.199.64.6+179 -> 10.199.64.5+50986
Sep 21 08:56:50.278270 BGP SEND message type 3 (Notification) length 21
Sep 21 08:56:50.278355 wrote 21 bytes to I/O queue
Sep 21 08:56:50.278390 finished number of messages 1, write qidx 0 rc 1
Sep 21 08:56:50.278423 bgp_send_deactivate:3466: 10.199.64.5 (External AS 1) ,flags=0x1: removed from active list
Sep 21 08:56:50.281621 bgp_rt_unsync_all:409: 10.199.64.5 (External AS 1): entered v4nsync 1
Sep 21 08:56:50.281694 bgp_oq_ready_enqueue:147: group external-peers type External: called for ribix 1, inserted node on thread
Sep 21 08:56:50.281733 bgp_rt_unsync_all:422: 10.199.64.5 (External AS 1): end v4nsync 0
Sep 21 08:56:52.337676 advertising graceful restart receiving-speaker-only capability to neighbor 10.199.64.5 (External AS 1)
Sep 21 08:56:52.337767 advertising LLGR receiving-speaker-only capability to neighbor 10.199.64.5 (External AS 1)
Sep 21 08:56:52.337814 BGP_1.10.199.64.5: send proc: sending 63 bytes
Relevant BGP Configuration:
policy-options {
policy-statement send-direct {
term 1 {
from protocol direct;
then accept;
}
}
}
protocols {
bgp {
group external-peers {
type external;
export send-direct;
peer-as 1;
neighbor 10.199.64.5;
}
}
Thank you!