Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jose_Rivera
Participant

AWS BGP Graceful Restart

Does anyone know if AWS supports the BGP "Graceful restart" option?

We have an issue similar to:

https://community.checkpoint.com/t5/General-Topics/R80-20-Gaia-ClusterXL-HA-BGP-Routing-Causes-Outag...

where we have an on-prem ClusterXL GW's uplinked to AWS Direct Connect, and failovers cause a brief outage. 

Also, what is the harm in enabling without first confirming if supported/enabled on the peer?

0 Kudos
3 Replies
Alisson_Lima
Contributor

Hi Jose,

Graceful Restart is a important configuration when BGP protocol is configured in cluster enviroments. I didn't find any documents with a limitation and if I'm not wrong, the document provided by AWS when you are creating a VPN has a recommendation about enable Graceful Restart on Check Point gateway.

I don't see any problem if you enable Graceful Restart. Are you using VTIs interfaces? Could you confirm that are you have 3 IP's for each point-to-point configured on cluster? 

Regards,

Alisson Lima
Compugraf

 

0 Kudos
Jose_Rivera
Participant

Yes, we are using VTI's for VPN tunnels and VLAN interfaces for Direct Connect. Both with /29's so we can get all three IP addresses setup. Traffic flow is fine and we just have that hiccup during failovers. Traffic flow does resume.

Also, the configuration download AWS offers does not seem to mention graceful restart. Just DPD and MSS as recommendations. I do see the AWS configuration download option now offers R80.10+ (in addition to the original R77.10+ option), but still no graceful restart mentioned.

We just wanted to avoid a change window if we know if will cause other issues by enabling. Thanks.

 

0 Kudos
abihsot__
Advisor

Hi there,

Have you enabled graceful restart on checkpoint side? Did it helped?

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events