BGP peering issues with Advanced Routing Engine in PAN-OS 10.2 and 11.0

Different symptoms may be seen due to this issue:

• After a "commit force", BGP peers experience a flap (temporary disconnect and reconnect)
• After a firewall reboot or a commit of any type, BGP peers permanently disconnect and become stuck in any of these status:

  • >show advanced-routing bgp peer status
    Logical Router: ROUTER_NAME
    ==============
    Peer Name:               PEER_NAME
    BGP State:               Idle
    Last Reset:              Waiting for Peer IPv6 LLA, 08:02:39 ago

  • >show advanced-routing bgp peer status
    Logical Router: ROUTER_NAME
    ==============
    Peer Name:               PEER_NAME
    BGP State:               Connect
    Last Reset:              Waiting for peer OPEN, 00:16:46 ago
    

  • >show advanced-routing bgp peer status
    Logical Router: ROUTER_NAME
    ==============
    Peer Name:               PEER_NAME
    BGP State:               Active
    Last Reset:              Waiting for NHT, 00:09:16 ago

• If the behavior described above is caused by this particular issue, then it should be resolved by re-creating a new BGP peer using the existing non-working BGP peer address: Network > Routing > Logical Routers > BGP > Peer Group > [Existing Peer Group] > Add new peer address
• If the behavior is NOT caused by this particular issue, then re-adding the BGP peer will not correct the issue.

• Palo Alto Networks Firewall
• PAN-OS 10.2 or 11.0
• Advanced Routing Engine enabled (Device > Setup > Management > General > Advanced Routing)

• These issues are fixed in PAN-OS 10.2.5+, 11.0.2+, and 11.1.0+
• As a workaround, after the issue is encountered if the BGP peer is stuck down, re-create a new BGP peer entry using the existing non-working BGP peer address: Network > Routing > Logical Routers > BGP > Peer Group > [Existing Peer Group] > Add new peer address