>
    INC_SC_PRIMARY_WAN_BGP_DOWN
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Access
    3. Prisma Access Incidents and Alerts Reference Guide
    4. Prisma Access Incidents
    5. INC_SC_PRIMARY_WAN_BGP_DOWN
    Download PDF
    Prisma Access

    INC_SC_PRIMARY_WAN_BGP_DOWN

    Table of Contents

    INC_SC_PRIMARY_WAN_BGP_DOWN

    Learn about the INC_SC_PRIMARY_WAN_BGP_DOWN incident.

    Synopsis

    The primary WAN BGP for the service connection is down.
    Incident Code—INC_SC_PRIMARY_WAN_BGP_DOWN
    Severity—Warning

    Required License

    Prisma Access

    Details
    Raise condition
    The tunnel's BGP peer is down for at least 10 minutes.
    Clear condition
    The tunnel's BGP peer is up for at least 8 minutes.

    Correlated Alerts

    • AL_SC_PRIMARY_WAN_BGP_DOWN
    • AL_SC_PRIMARY_WAN_BGP_FLAP

    Remediation

    1. Confirm whether the IPSec tunnel is active or not. If the tunnel is up but BGP is still down, proceed to next step 2. If the IPSec tunnel is down, proceed to step 4.
    2. Perform a ping from your machine to the SC's BGP peer to confirm whether it fails. If the ping fails, go to step 3. If the ping succeeds, proceed to step 4.
    3. Perform traceroute to the BGP peer to see whether traceroute is failing within your network. If it is, work with your network team to resolve the connectivity issue. If traceroute is failing outside of your network, contact your ISP. If it is still not resolved, open a case with Palo Alto Networks Customer Support Portal and provide all of the above information.
    4. Review for any resource utilization issues on the device where this tunnel terminates. If there are any in-path devices prior to the terminating device, review there as well.
    5. Perform ping and traceroute to review for any latency inconsistencies or packet loss between the site and the Prisma Access location. Contact your ISP if there is packet loss. If there is no packet loss or results are inconclusive:
      1. Isolate some test traffic and perform packet captures.
      2. Check for any TCPs that are out of order, lost segments, or retransmission, which might indicate packet loss through the tunnel.
      3. If you observe these issues, take packet captures of the ESP traffic, so you can check the public IP addresses between the Prisma Access location service IP address and the remote VPN peer IP address.
      4. Review for gaps in the ESP sequence numbers, which indicates in-path packet loss, or out-of-order ESP sequence numbers, which indicate reordering by a network device in the path.
    6. If there are other network devices in the path prior to the terminating device, perform steps a through d to help isolate the problematic network device.
    7. If you still can't resolve this issue, contact Palo Alto Networks Customer Support Portal.

    © 2024 Palo Alto Networks, Inc. All rights reserved.