This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

BFP with OSPF graceful restart causing outages during failover

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BFP with OSPF graceful restart causing outages during failover

Carracido
L3 Networker

‎08-01-2025 04:58 AM

Dear community!

 

In a active/passive configuration with OSPF graceful restart and BFD enabled, when we do failover we experience a downtime 1 minute after the failover and it takes about 10 seconds to be fixed.

Checking the logs it looks like the firewall builds the new BFD sessions with the core switch, but after 1 minute after the failover the FW rejects the BFD sessions and rebuild them.

-> Is this a normal behavior??

 

Fortinet recommends not to use graceful restart with BFD for both OSPF and BGP.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-BFD-with-Graceful-Restart-on-FortiGate/ta-...


Palo Alto only recommends not to use it with BGP but I couldn´t find any reference to OSPF:

https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/bfd/bfd-overview/bfd-for-dynam...

 

Regards!

0 Likes Likes
1 REPLY 1

kiwi
Community Team Member

‎08-04-2025 04:49 AM

Hi @Carracido ,

 

The conflict between Graceful Restart (GR) and Bidirectional Forwarding Detection (BFD) is an architectural issue that applies to any dynamic routing protocol. It is not specific to OSPF or BGP.

 

 

The problem arises during an HA failover or any event that causes a brief disruption. BFD, being extremely fast, will detect the disruption and tear down the session with the peer device. This rapid action from BFD overrides the slower process of Graceful Restart. This can lead to the routing tables being flushed and an extended outage, exactly as you described

 

 

In summary, the problem is not tied to the specific routing protocol (OSPF, BGP, etc.) but rather to the conflicting nature of BFD and GR. They are designed for different types of failures, and when both are active, BFD's speed typically overrides GR's grace period, leading to the kind of extended downtime you are seeing.

 

Hope this helps,

-Kim.

LIVEcommunity team member, CISSP
Cheers,
Kiwi
Please help out other users and “Accept as Solution” if a post helps solve your problem !

Read more about how and why to accept solutions.
0 Likes Likes
  • 457 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks