Hi Josh, You are correct - the routing protocols will reconverge and the routing table will be rebuilt on the management plane, but the forwarding table on the data plane is sync'd between A/P HA units. This allows Graceful Restart to work - even though the routing table is being rebuilt, the forwarding table is still correct so any packets sent to the firewall will still be correctly forwarded during that time. It looks like Nick was saying the same thing in a different way. Graceful Restart basically signals the management planes (or routing engines) of the routers/firewalls to ignore the reconvergence and keep sending packets to the neighbor for a certain period of time. Since they both support Graceful Restart, they both know the forwarding tables are still capable of forwarding packets correctly during the short time it takes for the protocol to set up. This really works best on routers or firewalls that have separate management and data planes like all of the PA-series. Basically the routing protocol daemons (OSPF, BGP, RIP, etc.) run on the management plane and build the routing table there. Think of the management plane as a regular Linux workstation. This is also where all redistribution of routes between protocols and route filtering happens. The routing table is then copied to the data plane where the physical next-hop for each destination is recorded. This new table is called the forwarding table and is how the hardware makes fast packet-by-packet forwarding decisions. The forwarding table is refreshed from the routing table regularly. The data plane is not like a regular Linux workstation, but contains a lot of custom silicon for fast handling of data packets. This is where the hardware offload for packet processing happens, though some software handling of packets also happens in the data plane. No packets are ever forwarded through the management plane. I believe Graceful Restart is configured by default for BGP on the PA-series. Hope that helps. Cheers, Kelly
... View more