This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Disabling Graceful restart for OSPF

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Disabling Graceful restart for OSPF

Go to solution
sahithyan.subbu
L3 Networker

‎12-16-2019 03:20 AM

Hi team,

 

When performing a failover in our office we completely lose connectivity in or out. When troubleshooting we noticed we could not see the OSPF peer on the router or firewall. Looking through the system logs I notice:
routed-OSPF-stopped-graceful-restart description: OSPF stopped graceful restart. Protocol: OSPFv2. Exit reason: time out

the router ospf settings are:
router ospf 64800
router-id 1.1.1.1
redistribute static subnets
redistribute bgp 64800.2007 subnets route-map rm-default-rfc1918-net
passive-interface default
no passive-interface GigabitEthernet0/0/2.101
no passive-interface GigabitEthernet0/0/2.102
network 10.24.255.244 0.0.0.0 area 0
network 10.24.255.252 0.0.0.0 area 0
default-information originate
distribute-list prefix pfx-filter-from-Palo in GigabitEthernet0/0/2.101
distribute-list prefix pfx-filter-from-Palo in GigabitEthernet0/0/2.102

I wanted to ask about graceful restart. This is set on the firewalls. With this is it a case of waiting for the routes to time out before they move across?

If we unchecked the boxes, will it cause any issues? will failover be instant?

 

Thanks & regards

Sahithyan S

 

Thanks & Regards,
Sahithyan S
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
jeremy.larsen
L4 Transporter
In response to sahithyan.subbu

‎01-02-2020 07:31 AM - edited ‎01-02-2020 07:51 AM

BFD can really help with floating static routes but I probably wouldn't use if in conjunction with OSPF.  I think I see what's happening here.  Do you have HA Passive Link State set to Auto?  This keeps the passive member's physical interface up.  Setting this to "Disabled" may be causing your issue.  Also, if you are using LACP you will need to enable "LACP Pre-Negotiation" to accomplish the same thing for bonded ethernet links.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5ZCAS

Set the Passive link state to "Auto". Auto setting will bring the interfaces on the passive firewall to UP physical state, the interface will not pass any data traffic.  This facilitates faster failover times.

 

View solution in original post

9 REPLIES 9

Go to solution
S.Cantwell
Cyber Elite
Cyber Elite

‎12-16-2019 09:35 AM

Graceful restart allows a routing device undergoing a restart to inform its adjacent neighbors and peers of its condition. During a graceful restart, the restarting device and its neighbors continue forwarding packets without disrupting network performance. Because neighboring devices assist in the restart (these neighbors are called helper routers), the restarting device can quickly resume full operation without recalculating algorithms.

 

When a device enabled for OSPF graceful restart restarts, it retains routes learned before the restart in its forwarding table. The device does not allow new OSPF link-state advertisements (LSAs) to update the routing table. This device continues to forward traffic to other OSPF neighbors (or helper routers), and sends only a limited number of LSAs during the restart period. To reestablish OSPF adjacencies with neighbors, the restarting device must send a grace LSA to all neighbors. In response, the helper routers enter helper mode (the ability to assist a neighboring device attempting a graceful restart) and send an acknowledgment back to the restarting device. If there are no topology changes, the helper routers continue to advertise LSAs as if the restarting device had remained in continuous OSPF operation.

Help the community: Like helpful comments and mark solutions
0 Likes Likes

Go to solution
jeremy.larsen
L4 Transporter
In response to S.Cantwell

‎12-17-2019 07:48 AM

Is this Active/Active or Active/Passive.  Big difference in operation when using dynamic routing protocols.

0 Likes Likes

Go to solution
sahithyan.subbu
L3 Networker
In response to jeremy.larsen

‎01-01-2020 07:37 AM

Thanks for the reply.

It is Active/Passive.

Thanks & Regards,
Sahithyan S
0 Likes Likes

Go to solution
sahithyan.subbu
L3 Networker
In response to S.Cantwell

‎01-01-2020 07:40 AM

Thanks for the knowledge sharing.

Fast failover can be achieved using a Bidirectional Forwarding Detection (BFD). Am i Right ?

Thanks & Regards,
Sahithyan S
0 Likes Likes

Go to solution
jeremy.larsen
L4 Transporter
In response to sahithyan.subbu

‎01-02-2020 07:31 AM - edited ‎01-02-2020 07:51 AM

BFD can really help with floating static routes but I probably wouldn't use if in conjunction with OSPF.  I think I see what's happening here.  Do you have HA Passive Link State set to Auto?  This keeps the passive member's physical interface up.  Setting this to "Disabled" may be causing your issue.  Also, if you are using LACP you will need to enable "LACP Pre-Negotiation" to accomplish the same thing for bonded ethernet links.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5ZCAS

Set the Passive link state to "Auto". Auto setting will bring the interfaces on the passive firewall to UP physical state, the interface will not pass any data traffic.  This facilitates faster failover times.

 

Go to solution
sahithyan.subbu
L3 Networker
In response to jeremy.larsen

‎01-02-2020 08:41 PM

Thank you for the knowledge sharing.

Thanks & Regards,
Sahithyan S
0 Likes Likes

Go to solution
jeremy.larsen
L4 Transporter
In response to sahithyan.subbu

‎01-03-2020 05:53 AM

Did this solve the problem Sahithyan?

0 Likes Likes

Go to solution
sahithyan.subbu
L3 Networker
In response to jeremy.larsen

‎01-06-2020 04:31 AM

Yes, It Did. !  🙂

Thanks & Regards,
Sahithyan S
0 Likes Likes

Go to solution
jeremy.larsen
L4 Transporter
In response to sahithyan.subbu

‎01-06-2020 06:22 AM

Fantastic!  Glad to help.

0 Likes Likes
  • 1 accepted solution
  • 8711 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks