I am setting up some new OSPF adjacencies between my PA and a pair of Dell switches. Should I be using BFD? Will BFD make things better or worse? What I currently do is set LACP in HA passive state. OSPF graceful failover is configured on my switches and on firewall (which is default). I am using default grace period of 120 seconds. My OSPF hello timers are set to 1 second, and dead time to 10 seconds. I have found that if my dead timer is at 5 seconds or so, that OSPF would completely drop from my switch, which is certainly not desirable. In this configuration, a planned failover usually results in 1 dropped ping. In this environment, is BFD useful? I haven't found information relating BFD and PA active/passive deployments. My concern is that a failover will cause BFD to go down, which will then cause OSPF to drop and there goes my graceful restart. 😞 I don't know, maybe if I used longer BFD timers I can make it work. Anyone know what BFD timers would survice a graceful failover? In this setup, my PA has an adjacency with each redundant switch. It would be nice to detect the switch being down with BFD before my OSPF dead timer expires. I can't do interface down detection because of of the use of AE interface going to both switches. Maybe it is possible to only have OSPF on the PAN to subscribe to BFD? That way PAN can quickly withdraw routes to a dead switch before OSPF timers expire, but a PAN failover won't cause issues for the switches. Thank you!
... View more
