BGP Connection Flapping

I have an IPSEC routed VTI tunnel between two pfSense devices. Site F is running pfSense CE 2.7.2 with frr 2.0.2_1, Site A is running pfSense Plus 24.03 with frr 2.0.2_3. I have frr BGP configured on both devices and they have each other as neighbors over the VTI tunnel. The problem I’m having is that packets flow fine for one minute, then it stops working for two minutes, then it works again for one minute, stops for two minutes, etc.

Site F is configured this way with 2 other sites with the same version of frr and things are rock solid. The configurations are all the same except for required differences (tunnel interface IPs, etc).

So my gut tells me that this a package incompatibility between 2.0.2_1 and 2.0.2_3 talking to each other but this really surprises me. I would not have expected this level of difficulty in getting the same protocol working across a small version change within the same router family.

Any thoughts?

I am working with Netgate support on this. Initially, it looks like setting State Policy: Floating States option on the port BGP(179) Pass rule on the IPSec interface seems to have solved it.

This change was made on the 24.03 box.

Related link:

This snippet from the 24.03 release notes seems to relate:

The default State Policy has been changed from Floating to Interface Bound for increased security. However, Interface Bound states may have issues in certain cases with IPsec VTI, Multi-WAN policy routing (route-to ), reply-to , as well as with High Availability state synchronization (pfsync) on non-identical hardware.