04-24-2019 01:36 AM
Hi all,
I have a doubt regarding the synchronization of BGP routes learnt by the active firewall.
Reviewing the BGP route informationin in the active node with the following commands:
> show routing protocol bgp loc-rib
> show routing protocol bgp rib-out
BGP seems is working fine in the active firewall, as the firewall has routes in his loc-rib table and advertise routes in his rib-out table.
But reviewing the same BGP information in the passive firewall, nothing is shown in loc-rib table and rib-out table.
As I can see HA A/P synchronizes the following runtime information:
- Session Table
- Neighbor discovery (ND) table
- MAC table
System runtime information synchronization: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/high-availability/reference-ha-synchroniza...
But what about BGP routing information?
This is the expected behavior? BGP routing information is not synchronized between HA active/passive?
Should BGP routing information be synchronized between HA active/passive peers?
Any help is really appreciated as I'm not sure what is expected.
Thanks!
Alberto
03-27-2024 03:24 PM
Hi,
BGP route are not synced between A/P HA pair. After fail over the routing process starts on the passive unit and a new neighbor relationship is established between the new active fw (after failover) with the peers.
You can use BFD which will help upstream and downstream devices to continue using the previous route table while the new BGP connection is re-established with the new HA peer and not cause disruptions.
Hope the above helps.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
