Hello there-

 

I’m hoping to get guidance/feedback from you all on whether or not what I’m trying to do it possible, and if it is possible, what am I doing incorrectly.

 

My goal is to make this a transit VPC for handling routes between multiple remote regions (and clouds). I’m testing with 4 VPCs (A, B, C, and D), each with a different ASN. VPC B is acting as my transit VPC, which is where bird and strongswan are running. VPCs A, C, and D are acting as the remote regions, and each has a VPN connection back to B. IPSec is up and working as expected, but routing is giving me some trouble. Each VPN has 2 tunnels, so I’m currently trying to establish 6 BGP sessions, however, only 2 sessions will establish at a time. The other sessions are in a “Start” state. Eventually, one of the established connections will drop and may reestablish, or, one of the other tunnels will establish a BGP connection.

 

I have tried multiple bird configurations, but all roads lead back only 2 established BGP sessions. I thought this example might be what I need, but it also did not work: https://gitlab.labs.nic.cz/labs/bird/wikis/Simple_route_server Individually, bird is able to establish a session on both tunnels at every remote VPC, so I know that works. Occasionally, I have noticed that established connections will disconnect with a “Hold timer expired”. There’s something I’m missing/overlooking in the config to allow all sessions to be active.

 

Below is the most basic config I have used. Thanks in advance for your help.

 

log "/var/log/bird.log" all;

debug protocols all;

 

router id 172.41.1.117;

 

protocol kernel {

  scan time 10;

  export all;

  import all;

}

 

protocol device {

  scan time 10;

}

 

template bgp aws {

  local as 65000;

  hold time 30;

  export all;

  import all;

  direct;

} 

 

protocol bgp ATUN0 from aws {

  neighbor 169.254.xxx.xxx as 7224;

}

 

protocol bgp ATUN1 from aws {

  neighbor 169.254.xxx.xxx as 7224;

}

 

protocol bgp CTUN0 from aws {

  neighbor 169.254.xxx.xxx as 65100;

}

 

protocol bgp CTUN1 from aws {

  neighbor 169.254.xxx.xxx as 65100;

}

 

protocol bgp DTUN0 from aws {

  neighbor 169.254.xxx.xxx as 65200;

}

 

protocol bgp DTUN1 from aws {

  neighbor 169.254.xxx.xxx as 65200;

}