Knowledge Search


×
 

[ScreenOS] OSPF and/or BGP in NSRP cluster

  [KB5858] Show Article Properties


Summary:

This article describes the behavior of OSPF or BGP in an NSRP environment.

Symptoms:

Environment:

  • Open Shortest Path First (OSPF)
  • Border Gateway Protocol (BGP)
  • Active-Passive, Active/Passive
  • OSPF on the passive or backup unit
  • BGP on the passive or backup unit
Solution:

When running OSPF and/or BGP using NSRP Active-Active or VSD-less configurations, each device can maintain peers. 

In Active/Passive, by default, the dynamic routes do not sync to the backup device. During the failover, the backup device will need to establish the peering with the neighbors. Once established, the routes will propagate and traffic can be forwarded.

With ScreenOS 6.0 and later, the dynamic routes can sync to the backup device. During a failover, the backup device will be able to keep forwarding traffic using the routes, and no sessions should get dropped.

The command to enable this is:

set/unset nsrp rto-mirror route threshold <threshold number, 30-300>

The threshold is the holddown time to keep the routes synchronized in the backup device once it takes over as the master. The threshold chosen should balance between allowing enough time to ensure the backup is able to establish its peers once it takes over as master and having them expire in time to not conflict with any potential route changes made from the live peers.

Note: The sync of runtime objects must already be enabled to use the above command. Use the following command to enable RTO synchronization:

set nsrp rto-mirror sync

Note: To manually sync the routes from the peer, use the following command:

exec nsrp sync rto route from peer

Related KB for dynamic routing considerations: KB11197 - What is the minimum configuration I need to get an NSRP cluster working in VSD-less env?

Related Links: