I got a TAC with PA opened for this one but wanted to ask the community if you've experience this one. The problem is when the PBF kicks in (disabled primary circuit) the primary circuit traffic immediately fails over to the backup ISP. I've adjusted the fail-over monitoring profile interval's and the threshold but neither seem to have an affect. Its basically working like a floating static route which I'm wanting to avoid. The plan is when the primary circuit is unavailable to wait and fail-over at a specified time - 100 sec interval would be fine. This is how I understand it:
"A monitoring profile allows the user to specify the threshold number of heartbeats to determine whether the IP address is reachable" then take the action specified - wait to recover or fail-over.
Anything I'm missing or suggestions?
How are you doing the failover testing? Are you pulling the link or killing the interface on the connected switch? If that's how you're testing, the failover will be immediate because the link is effectively dead. There's no hold timer because the routes are immediately removed from the route table.
If you're monitoriting a remote IP, try denying that IP with an upstream firewall or ACL, or by blocking your primary ISPs public interface address from your monitor server. This should induce the failure in a way that would mimic an outage on the ISP side without actually updating the route table immediately.
If you are already doing it the 2nd way above, then I would expect it to work using the hold timer you've configured. Anything other than that would probably be best troubleshot with a support case. You can also take a look at your routing tables with "show routing route" on the firewall's CLI.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!