BGP Peers not flipping back over after primary outage

Stuart Haire 1 Reputation point
2022-07-20T11:55:05.727+00:00

Hi,
I have a Virtual Network Gateway with two connections that are configured and connected successfully with two ISPs in my office.
I have configured these that if my primary ISP (Virgin) goes down it will automatically fail over to my secondary (BT).
222689-image.png

This works successfully, however when my primary ISP comes back up, my VPN drops completely and my BPG peers show as connecting to the primary and connected to the secondary and thus not working.
This is an example of how they are in a working state;
222690-image.png

So after the primary drops the 172.16.12.1 address shows as connected and the 172.16.11.1 address shows as connecting and they stay like this even after the primary comes back up and this causes me to have no connection at all until I reset the gateway (sometimes twice)

Any suggestions as to how to resolve this?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,393 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,159 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. risolis 8,701 Reputation points
    2022-07-24T07:17:16.627+00:00

    Hello @Stuart Haire

    Thank you for your post.

    I appreciate the great info given from anonymous user-MSFT and I just wanted to add an observation to this issue : )

    First, I do not get understand why on the first screenshot is shown like this:

    224072-image.png

    But the second picture is showing different IP allocation for BGP peering as shown below:

    224092-image.png

    All IP allocation are not the same if we compare it....

    Then, I am wondering if you were setting up this case scenario as ACTIVE/ACTIVE VPN GW or which settings were used for this.

    Is this a normal IPsec tunnels set up along with BGP or is this VWAN environment set up?

    Furthermore, if both tunnels are UP/UP but one of the BGP peering is not coming up, I am wondering if the FW placed on-premises is using BGP Dampening so, you can take a look at the BGP history logs.

    Also, this brought my attention since there could be network congestion or packet drops along the way as shown below:

    224042-image.png

    Finally, you should review the BGP hold-timer value in order to see if there is timer mismatch that cause this BGP peering works as intended.

    I hope this was useful for you to get a better picture of this : )

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  2. risolis 8,701 Reputation points
    2022-07-24T07:22:28.553+00:00

    if there is timer mismatch that cause this BGP peering does work as intended.

    Correcting this : )

    Cheers!