Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How do I troubleshoot BGP connection issues over VPN?

Lesedauer: 3 Minute

My BGP session can't establish a connection or is in an idle state over my VPN tunnel. How can I troubleshoot this?

Resolution

To troubleshoot BGP connection issues over VPN, check the following:

Check the underlying VPN connection

For BGP-based VPN connections, the BGP session can be established only if the VPN tunnel is up. If the VPN tunnel is down or flapping, then you experience issues with establishing the BGP session. Verify that the VPN is up and stable. If the VPN isn't coming up or it isn't stable, see the following:

Check the BGP configuration on your customer gateway device

The IP addresses of the local and remote BGP peers must be configured with the downloaded VPN configuration file from the VPC console.
The local and remote BGP Autonomous System Numbers (ASN) must be configured with the downloaded VPN configuration file from the VPC console.
If the configuration settings are correct, then ping the remote BGP peer IP from your local BGP peer IP to verify the connectivity between BGP peers.
Be sure that the BGP peers are directly connected to each other. External BGP (EBGP) multi-hop is turned off on AWS.

Note: If your BGP session is flapping between active and connect states, verify that TCP port 179 and other relevant ephemeral ports are not blocked.

Debugs and packet captures

If the BGP configuration on the customer gateway is verified and the pings between the BGP peer IPs are working, then collect this information from the customer gateway device for further analysis:

BGP and TCP debugs
BGP logs
Packet captures for traffic between the BGP peer IPs

Check if the BGP session is going from established to idle states

For VPN on a VGW, if you see the BGP session going from established to idle state, then verify the number of routes that you are advertising over the BGP session. You can advertise up to 100 routes over the BGP session. If the number of routes advertised over the BGP session is more than 100, then the BGP session goes to the idle state.

To resolve this, do one of the following:

Advertise a default route to route to AWS, or summarize the routes so that the number of routes received is fewer than 100.

-or-

You can migrate your VPN connection to a transit gateway as transit gateway supports 1,000 routes advertised from a customer gateway.

For more information, see Site-to-Site VPN quotas.

Related information

How can I troubleshoot BGP connection issues over Direct Connect?

Amazon VPC FAQs

Themen

Vernetzung & Bereitstellung von Inhalten

Relevanter Inhalt

Wie überwache ich mein Transit-Gateway und Site-to-Site-VPN auf einem Transit-Gateway mit Network Manager?
AWS OFFICIALAktualisiert vor 7 Monaten
Wie lösche oder beende ich einen VPN-Client-Endpunkt oder Verbindung auf AWS Client VPN?
AWS OFFICIALAktualisiert vor 6 Monaten
Wie lade ich AWS-Site-to-Site-VPN-Beispielkonfigurationsdateien herunter?
AWS OFFICIALAktualisiert vor 8 Monaten
Ich habe ein Direct-Connect-Gateway mit primärer Verbindung und einer Backup-VPN-Verbindung. Warum priorisiert der Datenverkehr die Backup-Verbindung?
AWS OFFICIALAktualisiert vor 8 Monaten