Static routes in the forwarding table (FIB) are not synchronised between HA peers in Active/Passive HA setup with Passive link state "Auto"

Static routes in the forwarding table (FIB) are not synchronised between HA peers in Active/Passive HA setup with Passive link state "Auto"

14952
Created On 07/11/20 10:49 AM - Last Modified 07/25/20 01:44 AM


Symptom


Static routes in the FIB (Forwarding table) are not synchronised between the Active and Passive nodes of HA.

Environment


Active/Passive HA
Passive link state setting  is 'Auto'
 PAN-OS versions : 8.1 
Affected hardware : PAN-3000 series, PA-5000 series firewall

Cause


  • As seen below, the FIB (Forwarding Table) of the passive HA node, has less number of routes which exclude the static routes and show only the dynamic protocol routes.
  • The full  Forwarding and Routing table tables of the Active and Passive HA nodes showing static/dynamic routes  not shown here for brevity.
 
  • Active HA node :
(active)> show routing fib

total virtual-router shown :              1

--------------------------------------------------------------------------------
virtual-router name: default
interfaces:

<interface list>

route table:
flags: u - up, h - host, g - gateway, e - ecmp, * - preferred path

maximum of fib entries for device:                 65536
maximum of IPv4 fib entries for device:            32768
maximum of IPv6 fib entries for device:            32768
number of fib entries for device:                  945
maximum of fib entries for this fib:               65536
number of fib entries for this fib:                945  <<<<<<<<<
number of fib entries shown:                       945
 
  • Passive HA node  :
  
(passive)> show routing fib

total virtual-router shown : 1 
-------------------------------------------------------------------------------- 
virtual-router name: default 
interfaces:            

<interface list>


route table:
flags: u - up, h - host, g - gateway, e - ecmp, * - preferred path

maximum of fib entries for device:                 65536
maximum of IPv4 fib entries for device:            32768
maximum of IPv6 fib entries for device:            32768
number of fib entries for device:                  220
maximum of fib entries for this fib:               65536
number of fib entries for this fib:                220  <<<<<<<<<<<
number of fib entries shown:                       220



 

  • The static routes are not synchronised because of the current design in Active-Passive HA state with "Passive link state" set to "Auto".
  • If the Routing and Forwarding table are reviewed, it can found that the forwarding table does not contain the static routes and only contains the dynamically learnt routes (OSPF, BGP,RIP etc).

Resolution


  • The static routes are not synchronised from Active to Passive HA nodes when the Passive link state is set to "Auto".
  • The static routes are synchronised only when the Passive link state is set to "Shutdown".
  • This is expected behaviour as per current design.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000008UmUCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language