INC_RN_ECMP_BGP_DOWN
Focus
Focus
Prisma Access

INC_RN_ECMP_BGP_DOWN

Table of Contents

INC_RN_ECMP_BGP_DOWN

Learn about the INC_RN_ECMP_TUNNEL_DOWN incident.

Synopsis

The ECMP tunnel <tunnel-name> for the remote network is down.
Incident Code—INC_RN_ECMP_TUNNEL_DOWN
Severity—Warning
For details about incident severity, see Incidents Distribution Over Time in Incidents and Alerts Overview.

Required License

Prisma Access

Details

Raise condition
The tunnel's BGP peer has been down for at least 10 minutes.
Clear condition
The tunnel's BGP peer has been up for at least 8 minutes.

Remediation

  1. Check the BGP configuration on the remote devices to ensure that the neighbor IP addresses, AS numbers, and other configuration parameters match.
  2. Ensure that the VPN tunnel is up and that the internet connectivity of both sites is stable. If the VPN tunnel isn't stable or the Internet connection is unreliable, contact your ISP to troubleshoot the connection issues.
  3. Verify the status of BGP peering, and verify that the neighbor is in the ethe established state. If not, note the status and error message (if any).
  4. Ensure that the two BGP peers can reach each other over the VPN tunnel. You can use ping or traceroute for this step. If the tunnel is up but you can't ping the peer, confirm that routing is in place for the peering to establish as expected.
  5. Take a packet capture. This could be helpful to identify any issues with the BGP messages exchanged or to verify whether BGP messages are traversing the VPN tunnel as expected. Capture traffic on the appropriate interface and filter for BGP traffic (TCP port 179).
  6. Check the remote device logs for any BGP-related messages. Look for any errors or subcodes that might provide a reason for the down event.
  7. If you still can't resolve this issue, contact Palo Alto Networks Customer Support Portal.