Hi, I use a few AWS AMI instances of VyOS for IPSec and BGP to other AWS VPCs, on prem routers etc. Usually everything is rock solid. I noticed recently after rebooting one of these instances, that some of the BGP session did not reconnect after a reboot. Rebooting again once or twice seems to resolves the issue. The config remains unchanged. During this situation, the BGP neighbor is in a connect state but it never reconnects and the remote peer is not reachable via ping (it usually is). The tunnel is up and phase 1 and 2 established. I cannot figure out what could be causing this issue. Can it be that during startup some components are staring our of order or something along those lines? The other issue is that the logs don’t indicate anything (system syslog global facility protocols level ‘debug’). Any ideas what the cause could be or how to enable more verbose logging to shed some light on this issue? Config example below:
ethernet eth0 {
address dhcp
duplex auto
hw-id 02:d7:0d:b9:93:22
smp_affinity auto
speed auto
}
vti vti1 {
address 169.254.10.42/30"
mtu 1436
}
protocols {
bgp 65010 {
neighbor 169.254.10.41 {
prefix-list {
import FILTER-PERMITTED-NETWORKS
}
remote-as 9059
soft-reconfiguration {
inbound
}
timers {
holdtime 30
keepalive 10
}
vpn {
ipsec {
esp-group AWS {
compression disable
lifetime 3600
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group AWS {
dead-peer-detection {
action restart
interval 15
timeout 30
}
ikev2-reauth no
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
ipsec-interfaces {
interface eth0
}
site-to-site {
peer 32.22.2.7 {
authentication {
mode pre-shared-secret
pre-shared-secret ****************
}
connection-type initiate
ike-group AWS
ikev2-reauth inherit
local-address 172.16.120.4
vti {
bind vti1
esp-group AWS
}
}
Thanks