BGP issue with Azure Active Active Tunnel

blason · September 2, 2022, 11:33am

Hi Team,

Pertaining to my other thread; I am facing this issue with BGP and Azure tunnel. I have attached my diagram herewith and my setup is as below.

I have vyos 1.2.8 and two ISPs terminated on it -
1.2.3.4 with VTI2 (169.254.21.9)
5.6.7.8 with VTI4 (169.254.21.13)

So now I have tunnels configured with Azure
1.2.3.4 [169.254.21.9] <==> 9.9.10.10[169.254.21.1]
5.6.7.8 [169.254.21.13] <==> 7.7.7.7 [169.254.22.1]

My local AS is 65506 and remote AS is 65515
My Vyos Subnet is 192.168.40.0/23
And Remote subnet is 10.11.44.0/22

Now issue what we noticed here is - from vyos end I advertised 192.168.40.0/23

set protocols bgp 65506 address-family ipv4-unicast network 192.168.40.0/23

However when I see routes advertised from Azure end or received routes

show ip bgp neighbors 169.254.21.1 received-routes
Default local pref 100, local AS 65506
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.0.0/16      169.254.21.1                           0 65515 i
***> 10.11.44.0/22    169.254.21.1                           0 65515 i**

While for other Peer

show ip bgp neighbors 169.254.22.1 received-routes
Default local pref 100, local AS 65506
Status codes:  s suppressed, d damped, h history, * valid, > best, = multipath,
               i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes:  i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.1.0.0/16      169.254.22.1                           0 65515 i
*> 10.11.44.0/22    169.254.22.1                           0 65515 65515 65515 65515 i
*> 192.168.40.0/23  169.254.22.1             0             0 65515 65506 i

If notice here 192.168.40.0/23 which is my subnet getting advertised by Azure and is sending it to me. Even If I look at the path its been received via 65515 which is Azure and then mine. This is pretty surprising and Azure if receiving with igp.

Hence wanted to know even if I am advertising the routes in Global BGP; how can I ensure that routes are being advertised to both my neighbors?
And if not how would I advertise with specific neighbor like cisco?

Hence my issue is if 169.254.21.1 goes down my traffic stops completely and I suspect is; since 192.168.40.0/23 is being learned from azure; Azure it not sending the traffic back.

Can someone please help me on this issue?

matthewr · September 3, 2022, 5:37pm

The command:-

show ip bgp neighbors 169.254.21.1 advertised-routes

will show what is being advertised to Azure over EBGP.

roedie · September 3, 2022, 8:07pm

Silly question maybe, but does 169.254.22.1 know the route back to 169.254.21.13?

It could be that 169.254.21.13 sends its data over vti4 but 169.254.22.1 sends it back over vti2 somehow.

blason · September 4, 2022, 2:41am

Nah - it knows the path.

Refer to this discussion which I opened on cisco forum from BGP perspective though.

I am still not able to figure it out the issue.

blason · September 4, 2022, 1:09pm

Hi Team,

Issue is resolved. I made the below changes

set policy prefix-list LocalSubnets rule 10 action permit
set policy prefix-list LocalSubnets rule 10 prefix 192.168.40.0/23
set policy route-map Out rule 10 action permit
set policy route-map Out rule 10 match ip address prefix-list LocalSubnets
set protocols bgp 65506 neighbor 169.254.22.1 address-family ipv4-unicast route-map export Out

system · September 6, 2022, 1:10pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.