SRX

 View Only
last person joined: 11 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

Active-Active VPN Tunnels with BGP

  • 1.  Active-Active VPN Tunnels with BGP

    Posted 03-08-2023 08:55
    Edited by Roelf Zomerman 03-08-2023 09:10

    Hi everyone, 

    I'm trying to setup active-active tunnels to Azure from a Single SRX... and make those work with BGP. For now,

    I have the 2 tunnels (st0.8 and st0.9) and added the static routes to the other side for BGP (static route 172.16.10.228 / 172.16.10.229)  - but on Azure side I only have 1 Local Network Gateway (my public IP + 172.16.5.1 as the BGP peer IP).  - so I cannot create multiple entries for other BGP peerings.. 

    In the on-premises I used 172.16.5.1 as the BGP Local-address to be used by both tunnels

    I see both VPN tunnels connect...  but one of the BGP comm's is not coming online at all .. it stays in Connect mode (229) - and when the tunnel fails over to the 2nd gateway / VPN tunnel I loose all connectivity as BGP is dropped as well. 


    Any idea why it would not work? in my routing options I use:

            route 172.16.10.228/32 next-hop st0.8;

            route 172.16.10.229/32 next-hop st0.9;

    But perhaps its the return route? Would I need to create 2 different BGP local-addresses and use those?


    And on this topic, some other vendors use APIPA BGP IP addresses - how would that work in Juniper and could that resolve it ? 
    ------------------------------
    Roelf Zomerman
    ------------------------------