Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

TCP FIN affects TCP protocol during soft reboot of primary FPC in Virtual Chassis

0

0

Article ID: KB37383 KB Last Updated: 11 Oct 2021Version: 1.0
Summary:

When a manual reboot is triggered, the system closes all daemons including RPD, DCD, PFE, etc. Closing of daemons is issued whenever the reboot command kicks in.

Closing of the DCD process leads to bringing interfaces down.

Closing of RPD leads to generation of TCP FIN packet. When the FIN packet is generated, then it is marked to be sent to the peer device. If the egress interface is still up, then TCP FIN is sent to the peer device, bringing down protocols based out of TCP session (for e.g. BGP). If Interface is already brought down, then TCP FIN is not sent to the peer device, thereby maintaining the session.

Interface being up is a more common scenario during this time when FIN packet is sent to the peer, leading to the closing of BGP session. In a rare scenario, FIN packet is not sent out and the new primary takes over control. BGP session remains intact. So the primary reboot is not a valid scenario as far as BGP connectivity is considered.

This is the expected behavior and Juniper recommends performing a primary role switchover followed by a manual reboot for CLI based manual reboot.

Solution:

BGP session flaps whenever the primary member is rebooted due to FIN sent to terminate the TCP session.

  1. When a user triggers manual reboot, the system closes all daemons, including RPD one by one. Closing of RPD leads to generation of TCP FIN packet. When the FIN packet is generated, there could be two cases:
    1. Interface is still up.
      OR
    2. Interface goes down. Interface being up is a more common scenario during this time. FIN packet is sent to the peer leading to closing of BGP session. This explains why does the BGP session is terminated.
  2. In case of primary role switchover, software does not send TCP FIN packet out, so BGP session does not flap at all.
  3. In case of power cycle/power cable pull, software does not send TCP FIN and sessions stay intact.
  4. Primary reboot is not a valid scenario as far as BGP connectivity is considered.


The recommendation is to perform a switchover followed by a manual reboot of the backup FPC for continuous connectivity. In case of ISSU, switchover is also done prior to reboot for seamless transition.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search