Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] OSPF and/or BGP in NSRP cluster



Article ID: KB5858 KB Last Updated: 14 Oct 2015Version: 8.0

This article describes the behavior of OSPF or BGP in an NSRP environment.



  • Open Shortest Path First (OSPF)
  • Border Gateway Protocol (BGP)
  • Active-Passive, Active/Passive
  • OSPF on the passive or backup unit
  • BGP on the passive or backup unit

When running OSPF and/or BGP using NSRP Active-Active or VSD-less configurations, each device can maintain peers. 

In Active/Passive, by default, the dynamic routes do not sync to the backup device. During the failover, the backup device will need to establish the peering with the neighbors. Once established, the routes will propagate and traffic can be forwarded.

With ScreenOS 6.0 and later, the dynamic routes can sync to the backup device. During a failover, the backup device will be able to keep forwarding traffic using the routes, and no sessions should get dropped.

The command to enable this is:

set/unset nsrp rto-mirror route threshold <threshold number, 30-300>

The threshold is the holddown time to keep the routes synchronized in the backup device once it takes over as the primary. The threshold chosen should balance between allowing enough time to ensure the backup is able to establish its peers once it takes over as primary and having them expire in time to not conflict with any potential route changes made from the live peers.

Note: The sync of runtime objects must already be enabled to use the above command. Use the following command to enable RTO synchronization:

set nsrp rto-mirror sync

Note: To manually sync the routes from the peer, use the following command:

exec nsrp sync rto route from peer

Related KB for dynamic routing considerations: KB11197 - What is the minimum configuration I need to get an NSRP cluster working in VSD-less env?

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search