Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How to troubleshoot a down Connect Peer?

0

I encountered an issue with my Cloud WAN Connect peer for a core network that uses Tunnel-less connect; it went down. On the other side of the connection (the third-party appliance), I initially observed a “Hold time expire” event. After deleting the connect peer, I recreated it, and this time, the connection status on the third-party appliance shows as "connected." However, on the AWS side, the peer remains down. I have TCP port 179 allowed on the third-party appliance.

Is there any way to debug the BGP session from the AWS side?

Topics
Networking & Content Delivery
Tags
AWS Cloud WAN
Language
English
asked a year ago399 views
2 Answers
0

To troubleshoot a down Connect Peer in your AWS Cloud WAN setup, especially when using Tunnel-less connect, you can follow these steps:

  1. Verify BGP configuration: Ensure that your BGP local Autonomous System Number (ASN) and Amazon's ASN are configured correctly on both sides of the connection.

  2. Check peer IP addresses: Confirm that the peer IPs for both sides of the BGP peering session are configured correctly.

  3. Examine MD5 authentication: If you're using MD5 authentication, verify that the key is configured correctly and matches exactly on both sides. Be careful to check for any extra spaces or characters.

  4. Review prefix limits: Ensure you're not advertising more than the allowed number of prefixes. While the exact limit for Cloud WAN Connect peers isn't specified in the provided sources, it's a good practice to check this.

  5. Firewall rules: You've already allowed TCP port 179, which is good. Also ensure that any high-numbered ephemeral TCP ports are not blocked, as these are necessary for BGP to establish a TCP connection between the peers.

  6. Check BGP logs: If possible, examine the BGP logs on your third-party appliance for any errors or warning messages that might provide more insight into the issue.

  7. Verify route propagation: If the BGP session appears to be up on the third-party appliance but down on the AWS side, check if routes are being properly advertised and propagated.

  8. Use AWS support tools: While there isn't a direct way to debug the BGP session from the AWS side mentioned in the provided information, you may want to contact AWS Support for additional troubleshooting steps or to see if they can provide more detailed diagnostics from their end.

  9. Consider using AWS networking tools: Although not specifically mentioned for Cloud WAN, tools like Reachability Analyzer might be helpful in identifying networking issues between your on-premises network and AWS.

If after going through these steps the issue persists, it would be advisable to open a case with AWS Support for further assistance, as they may have additional tools or insights to help diagnose the problem from the AWS side.
Sources
Troubleshooting AWS Direct Connect - AWS Direct Connect
Troubleshoot a VPC peering connection - Amazon Virtual Private Cloud

answered a year ago
0

Hi,

You may want to read this documentation to debug the BGP aspects of your connection: https://docs.aws.amazon.com/vpn/latest/s2svpn/Generic_Troubleshooting.html

This KC article may also be useful: https://repost.aws/articles/ARIKYhXEYyQQqtO2ulKERrbw/bgp-negotiation-over-aws-site-to-site-vpn-and-direct-connect-troubleshooting-strategies-for-efficient-networking

Best,

Didier

EXPERT
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content