Hi All,
I am facing a strange issue whereby the BGP session is established successfully with fw02 after failover but are unable to get advertised BGP Routes from SDWAN VeloCloud. Both CheckPoint firewalls are enabled with graceful restart options.
BGP session and routes are working good when fw01 is the active member.
Below is my topology:
Cisco Nexus (AS X)<---> CheckPoint Cluster(AS X) <----> SDWAN VeloCloud (AS Y)
After searching the /var/log/routed.log , There are some lines showing that CP GAIA OS is not supporting some capabilites of BGP,
Please refer to log below:
Sep 6 11:05:30.940081 bgp_get_open(3073): peer 10.25.x.x+21144 (proto) has provided 4 Byte AS 6xxxx
Sep 6 11:05:30.940081 bgp_get_open: peer 10.25.x.x+21144 (proto) received unrecognized capability 69. Ignoring capability 69
Sep 6 11:05:30.940081 bgp_get_open: peer 10.25.x.x+21144 (proto) received unrecognized capability 73. Ignoring capability 73
Sep 6 11:05:30.940081 bgp_pp_recv: Receiving OPEN from peer 10.25.x.x +15501 [eBGP AS 6xxxx] in ESTABLISHED state, entering Graceful Restart Helper mode
Sep 6 11:05:30.940081 bgp_event: peer 10.25.x.x+15501 [eBGP AS 6xxxx] old state Established event RecvOpen new state Idle
Sep 6 11:05:30.940081 bgp_graceful_restart_close_stale_connection: Peer 10.25.x.x+15501 [eBGP AS 6xxxx] does not support non-stop forwarding for any AFI/SAFI, remove all routes from him
CHANGE X.X.X.X /31 gw 10.25.x.x BGP
pref 170/- metric /100 bond2.43 <Ext|Delete|Gateway> as 6xxxx
CHANGE X.X.X.X /24 gw 10.25.x.x BGP
pref 170/- metric /100 bond2.43 <Ext|Delete|Gateway> as 6xxxx
CHANGE X.X.X.X /32 gw 10.25.x.x BGP
It is resolved by disabled the graceful restart feature in fw02 only. So I having fw01 (enabled graceful restart) and fw02(disabled graceful restart).
Hope someone enlighten on why it is still working at fw01 even this fw is enabled with graceful restart options?
FW version is R80.40 with jhf take 102.
Thanks