https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215288#M35529 <P>I think it will be blackheld even with Graceful Restart enabled.&nbsp;<BR />Graceful Restart only helps when next-hop points to the VIP. This is the way we are doing.<BR />But if standby node uses its own physical IP, a blackhold will occur during the failover.</P><P>Right ?</P> Mon, 27 May 2024 08:00:07 GMT Gongya_Yu 2024-05-27T08:00:07Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215265#M35524 <P>Cluster member A with physical IP 192.168.1.1/24<BR />Cluster member B with physical IP 192.168.1.2/24<BR /><BR />Member A with the following for export</P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 on</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 allow</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 match network 0.0.0.0/0 exact</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 match protocol static</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000"><SPAN>set routemap default id 100 action nexthop ip </SPAN><SPAN>192.168.1.1</SPAN></FONT></P><P>&nbsp;</P><P>Member B with the following for export</P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 on</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 allow</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 match network 0.0.0.0/0 exact</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000">set routemap default id 100 match protocol static</FONT></P><P><FONT face="courier new,courier" size="3" color="#000000"><SPAN>set routemap default id 100 action nexthop ip </SPAN><SPAN>192.168.1.2</SPAN></FONT></P><P>&nbsp;</P><P><FONT face="courier new,courier" size="3" color="#000000"><SPAN>When Cluster fails over, a blackhold will occur, right ?<BR /></SPAN></FONT></P><P><FONT face="courier new,courier" size="3" color="#000000"><SPAN>Reason:</SPAN></FONT></P><P><FONT face="courier new,courier" size="3" color="#000000"><SPAN>Before failover, member B does not have BGP peering, just synced with Member A for all the routes which points 192.168.1.1 as next-hop. When failover occurs and before member B establishes BGP relationship and advertises new next-hop (192.168.1.2), a blackhold occurs.<BR /><BR />Am I right ??</SPAN></FONT></P><P>&nbsp;</P> Mon, 27 May 2024 02:08:43 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215265#M35524 Gongya_Yu 2024-05-27T02:08:43Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215266#M35525 <P>When setting up dynamic routing on a CP cluster, all peers must use the cluster interface VIP to peer with and route to. Routing/peering to individual gateway IPs is not supported. Hence the configuration on each cluster member must be identical.&nbsp;</P> <P>Tip: configure the router-id to a cluster VIP before configuring BGP, again identical across the cluster.</P> Mon, 27 May 2024 02:13:30 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215266#M35525 emmap 2024-05-27T02:13:30Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215270#M35526 <P>Yes, without BGP Graceful Restart and/or BFD features enabled, once failover occurs, there is short outage for BGP during re-establishment of peering from new member. It is described within&nbsp;<SPAN><A href="https://support.checkpoint.com/results/sk/sk175923" target="_blank" rel="noopener">sk175923</A>.</SPAN></P> <P>Best practise is to enable <A href="https://support.checkpoint.com/results/sk/sk100499" target="_blank" rel="noopener">BGP Graceful Restart (sk100499)</A>&nbsp;and/or <SPAN>Bidirectional Forwarding Detection (BFD) with cBIT detection (<A href="https://support.checkpoint.com/results/sk/sk175923" target="_blank" rel="noopener">sk175923</A>)&nbsp;</SPAN>to mitigate this problem.</P> Mon, 27 May 2024 05:45:03 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215270#M35526 JozkoMrkvicka 2024-05-27T05:45:03Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215288#M35529 <P>I think it will be blackheld even with Graceful Restart enabled.&nbsp;<BR />Graceful Restart only helps when next-hop points to the VIP. This is the way we are doing.<BR />But if standby node uses its own physical IP, a blackhold will occur during the failover.</P><P>Right ?</P> Mon, 27 May 2024 08:00:07 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215288#M35529 Gongya_Yu 2024-05-27T08:00:07Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215298#M35530 <P>thanks so much for clarification !!</P> Mon, 27 May 2024 09:36:02 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215298#M35530 Gongya_Yu 2024-05-27T09:36:02Z https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215414#M35553 <P>BGP should be configured to use VIP in cluster. You should also use the same VIP as router-id. Config for BGP within all cluster members should be the same.</P> <P>I also dont get what is the goal here. You want to propagate only default IPv4 static route ? What is config for BGP peers (show configuration bgp) ?</P> <P>You should use preference statement within routemaps to specify where to use routemap with "default" name.</P> Tue, 28 May 2024 19:32:17 GMT https://community.checkpoint.com/t5/General-Topics/CP-Cluster-bgp-question/m-p/215414#M35553 JozkoMrkvicka 2024-05-28T19:32:17Z