GRE Tunnel Keeps Crashing with BGP Filter

MasterVM · September 11, 2025, 10:33am

Hello Guys ,

im having a issue regarding my BGP via GRE Tunnel everytime i set BGP IN and BGP Out Filters it sends and acccept traffic but it keeps Reconnecting each time

BGP-IN Filter :
accept

BGP Out Filter :
if (afi ipv4 and dst == 80.240.86.0/24) {accept} else {reject}

Could anyone please help me to set the correct BGP Filters in and out for this IP Range : 80.240.86.0/24

Thanks..

BartoszP · September 11, 2025, 10:36am

Hi,

Could you post exported bgp filters from the router?

MasterVM · September 11, 2025, 10:56am

Yes here :

/routing filter rule
add chain=bgp-in comment=bgp-in disabled=no rule=accept
add chain=bgp-out comment=bgp-out disabled=no rule="if (afi ipv4 and dst == 80.240.86.0/24) {accept} else {reject}"

BartoszP · September 11, 2025, 11:12am

What are the peers? Your routers?
Do you do eBGP or iBGP?
What routes you want to distribute?
Were you want to distribute routes to?

MasterVM · September 11, 2025, 11:23am

;;; Static
0 As 0.0.0.0/0 10.0.0.xx 1
DAc 10.0.0.0/24 WAN 0
DAc xxxxxxxx/24 HOME 0
DAc xxxxxxxx/24 HOME 0
;;; Static
1 As 80.240.86.0/24 1
DAc 80.240.86.252/30 WAN 0

i do eBGP via GRE Tunnel

pe1chl · September 11, 2025, 12:25pm

Normally this is caused by the GRE traffic (address of the GRE tunnel) being inadvertently routed via an entry received via BGP itself.
You need to add a static route for your GRE peer.

savage · September 11, 2025, 12:46pm

You need a filter. You are more than likely advertising 80.240.86.0/24, which means 80.240.86.252/30 becomes unreachable, and hence the tunnel drops.

Need to do a bit better there...

MasterVM · September 11, 2025, 12:52pm

Okay could you help me writing the Filters please ?

MasterVM · September 11, 2025, 12:53pm

It worked for some minutes and it dropped again , what distance should i set for GRE Tunnel Gateway ?

savage · September 11, 2025, 1:04pm

It will continue to drop.

You can't route 80.240.86.0/24 over a tunnel, when 80.240.86.252/30 is used to establish the connection to the tunnel.

On the remote side, route 80.240.86.252/30 statically to your wan, and ensure that you don't redistribute that via BGP either.

MasterVM · September 11, 2025, 1:05pm

The 80.240.86.252/30 is subdivided from /24 and its not the main Route for WAN its the 10.0.0.xx/24 Network , the only problem im having is after i add the BGP Filters the GRE Tunnel crashes so

savage · September 11, 2025, 1:07pm

well then provide the full config of both sides and stop obscuring information which you think may, or may not, be relavent.

then we can look at the configuration, and provide you with a clear, and consice awnser.

MasterVM · September 11, 2025, 1:11pm

dude just stay away from my topic there are lot of more people that are friendly an helpful so just bye