Graceful Restart timer for seamless failover

Graceful Restart timer for seamless failover

32799
Created On 04/29/19 11:48 AM - Last Modified 05/01/19 08:05 AM


Symptom


Traffic disruption during failover due to route re convergence after graceful timer expired.
Following best practices:
https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5ZCAS

 


Environment


Active/Passive setup with Passive interface mode set to Auto and following setting for timer:
Graceful Restart
===============
Enable Graceful Restart: enabled
Enable Helper Mode: enabled
Enable Strict LSA Checking: enabled
Grace Period (sec):120
Max Neighbor Restart Time (sec):140
 


Cause


Neighboring devices are not responding to Grace LSAs sent by the restarting device( PA-Active unit).
Graceful restart timer expires with reason: Timeout ( 120 secs) 
2019/01/21 23:33:20 info routing defaul routed- 0 OSPF stopped graceful restart. Protocol: OSPFv2. Exit reason: time out
Once the timer expires, OSPF adjacency goes down, followed by Route reconvergence.
2019/01/21 23:31:59 high routing defaul routed- 0 OSPF adjacency with neighbor has gone down. interface ae5.54, neighbor 
 


Resolution


The neighbors must be configured to run in Graceful Restart helper mode.

Additional Information


FIREWALL AS A RESTARTING DEVICE:
************************************************
If the firewall will be down for a short period of time or is unavailable for short intervals, it sends Grace LSAs to its OSPF neighbors. The neighbors must be configured to run in Graceful Restart helper mode. In helper mode, the neighbor receives Grace LSAs informing it that the firewall will perform a graceful restart within a specified period of time defined as the Grace Period. During the grace period, the neighbor continues to forward routes through the firewall and to send LSAs that announce routes through the firewall. If the firewall resumes operation before expiration of the grace period, traffic forwarding will continue as before without network disruption. If the firewall does not resume operation after the grace period has expired, the neighbors will exit helper mode and resume normal operation, which will involve re configuring the routing table to bypass the firewall.


Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kcSArticleDetail?id=kA10g000000PLqQ&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkcSArticleDetail

Choose Language