This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Subsecond failover with active/passive firewalls running dynamic routing possible?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Subsecond failover with active/passive firewalls running dynamic routing possible?

Go to solution
jmurphy
L2 Linker

‎03-14-2016 06:31 AM - edited ‎03-14-2016 06:33 AM

Has anyone been able to successfully get subsecond failovers to work with active/passive firewalls running dynamic routing protocols such as BGP or OSPF?  In our lab testing, it appears we can get the firewall to failover instantly, but then it takes BGP a few seconds to drop/re-establish.  Our next testing will be OSPF to see if that helps speed it up any.  But then we'd have to redistribute those routes into BGP (our core) which might introduce a few second gap.  So far testing failovers (manual failovers via the gui), while running BGP and pinging peer behind the FW, we drop several pings.  With static routes in place, the failover seems to happen quick enough that no pings drop.  

 

I've searched about every article on this site and tried about all the suggestions for faster failover, bgp timers, etc.

 

On another note, would going active/active help this scenario?  The only main reason (other than link failures, firewall failures, etc.) I'd expect a failover would be for a firewall upgrade/maintenance.  Granted that will be done during a maintenance window if possible.  But we have some "custom" applications that might go offline and fail to our DR site if they loose connectivity for very long.

 

Thanks

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
licenselu
L4 Transporter

‎03-14-2016 07:56 AM

Hello,

 

For OSPF, just enabled graceful restart !!

PS: enable this feature also on the neighbor device.

 

Graceful restart is also available for BGP but I have never tested it !!

 

Regards,

 

HA

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
licenselu
L4 Transporter

‎03-14-2016 07:56 AM

Hello,

 

For OSPF, just enabled graceful restart !!

PS: enable this feature also on the neighbor device.

 

Graceful restart is also available for BGP but I have never tested it !!

 

Regards,

 

HA

0 Likes Likes
  • 1 accepted solution
  • 2961 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks