Troubleshooting Transit Gateway Connections
To Troubleshoot Transit Gateway Connections:
-
Go to Aviatrix CoPilot > Diagnostics > Cloud Routes.
-
Check IPsec Tunnel: For BGP learned routes, select the BGP Info tab, find the gateway, and check if the IPsec tunnel is in Up state. If it is not, select the Gateway Routes tab, find the gateway, and click the Gateway Diagnostics icon on the right. Since all BGP sessions run inside IPsec tunnel, this is the first thing you should check.
-
Check BGP Session: For BGP learned routes, check if BGP session is established. Go to the BGP Info tab, expand the gateway, and make sure the BGP session is in Established State. If it is not, go to the Gateway Routes tab, find the gateway, and click the Gateway Diagnostics icon on the right. Select the transit gateway, run commands, such as "show ip bgp".
Other ways to troubleshoot:
-
Check Route Database For all routes, check if the CoPilot see all the learned routes from TGW, BGP, Transit Peering, and Static.
-
Check Aviatrix Transit Gateway Programmed Routes Review gateway routes for Transit Gateways. Make sure the route you are looking for is in the table and has a next hop with metric 100 or lower.
-
Sync Routes If for any reason the Route Database on the Aviatrix Platform become inconsistent with the Aviatrix Transit Gateway route table, sync the routes to force program the routes on the gateway again.
If any of the above steps show failure, there is an error, please open a support ticket at Aviatrix Support Portal for more debugging assistance.
If all above steps succeed, the connectivity issue lies somewhere else. Check Spoke VPC/VNet route table and TGW route table if applicable.
If this is TGW based deployment, run an audit. Any missing routes in either VPC/VNet route table or TGW route table should be discovered.