Sunday, July 8, 2018

BFD on IPSEC tunnels to AWS

Hi,

I have two IPSEC tunnels from my SRX firewall that is connected to two different ISPs (with static routing)

If one of my ISPs goes down I'd like BGP to switch to the other path quicker so I was thinking I'd enable BFD on my SRX, no problem in configuring.

However my bfd session(s) never goes up:

x@loophole> show bfd session Detect Transmit Address State Interface Time Interval Multiplier 169.254.20.69 Down st0.1 0.000 1.000 3 169.254.23.37 Down st0.2 0.000 1.000 3 2 sessions, 2 clients Cumulative transmit rate 2.0 pps, cumulative receive rate 0.0 pps 

My st interfaces allows bfd packets to flow, not sure if I'd have to do something on the AWS side of things, or if this is even supported? We do BFD on our Direct Connect links but there we obviously have physical interfaces and not IPSEC tunnels.



No comments:

Post a Comment