Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] OSPF/BGP Neighbor is lost after upgrading one node of a cluster but not another

0

0

Article ID: KB28524 KB Last Updated: 27 May 2016Version: 2.0
Summary:

When upgrading one node of a cluster but not another, the OSPF/BGP neighborship can be lost. This article explains why this happens, and offers a workaround.

Symptoms:

An administrator often upgrades the backup node in a cluster and tests connectivity by designating it as master. In this case, one of the nodes in the cluster will be running on an older version of the software and the other will be running on the upgraded version. It is often observed that after the upgraded node is promoted as master, the OSPF/BGP neighborship is lost.

The most commonly observed conditions are:

  • The BGP neighbor goes into pendstart state when one node of the cluster is upgraded

  • BGP neighborship fluctuates

  • OSPF state was flapping between init and Ex_start.

  • OSPF state is stuck in Ex_start state
Cause:

Due to dissimilar versions (different mainline releases), the cluster nodes were not able to read the NSRP messages.

Solution:

It is not recommended to test an NSRP cluster when nodes are running on different versions. Administrators should upgrade both nodes to the same version before testing.

However, if it is still necessary to be tested, try the following:

  1. If Route Mirror route is set, try disabling it on both the members of the NSRP cluster. The command to disable route sync is as follows: 

     unset nsrp rto-mirror route

    If the issue still persists, go to step 2.


  2. First set the NSRP state of the node with the older  version to ineligible. This is to avoid split brain.

  3. set nsrp vsd-group id 0 mode ineligible

    Then disable the HA interfaces (control and data) on any of the NSRP member.

Note: The moment the HA interface is disabled and no NSRP messages are forwarded between either node, OSPF/BGP neighborship is established and stable.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search