OSPF Graceful Restart with VRRP in R77.30 and above
OSPF Graceful Restart with VRRP is the new feature added in R77.30.
OSPF Graceful Restart works in two modes:
This article describes only the restarter functionality.
The helper mode is supported in both VRRP and ClusterXL solutions.
Restarter functionality is needed to signal neighboring routers that Check Point Security Gateway / cluster member is restarting and that it can still forward data packets. This helps neighboring routers to keep Check Point Security Gateway / cluster member in forwarding path.
- When configuring OSPF Graceful Restart with VRRP, fast cluster failovers/failbacks can still lead to traffic outage. Therefore, it is recommended to use non-prempt mode in VRRP. This happens because the VRRP Backup members have no information about OSPF routes as VRRP Master member has not completed the restart operations yet.
- Users must wait for all OSPF routes to synchronize to VRRP Backup members before performing a cluster failover/failback.
VRRP prempt (default) mode: When using VRRP with preempt (default) mode, users must make sure to not failback before OSPF Graceful Restart is finished on the VRRP Master member.
If users perform a failover by disconnecting a network cable from a VRRP interface, then user must not reconnect the cable before OSPF Graceful Restart is finished. Otherwise, traffic outages are expected because an immediate failback will happen to a VRRP Backup member, which does not have any OSPF routing state.
To avoid this situation, use the non-prempt mode in VRRP.
- OSPF Graceful Restart with VRRP is supported only for complete failovers. Meaning, user must avoid Active/Active state on VRRP interfaces.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.
- 00263386 , 00266252 , 01528113