we had a couple of issues which I´d like to share with you:
- OSPFv2: Gracefull Failover did not work correctly:
The Grace-LSA packet, generated by the Firewall does not contain a TLV which includes the IP address of the Interface (as required by RFC3623) which cause the other Router to shut down the adjacencie with the Firewall which in turn causes a connectivity loss for a couple of seconds
We got a hotfix but not sure if this is now part of a Take
- OSPFv2 with MD5 enabled: looks like the Sequence Number is not synchronized between a Cluster which could cause the other routes to detect a "replay attack" after a failover
We did not raise a SR, so may be this problem still exists
In both cases the failover works but not as smooth as possible because the adjacencies have to be build up again. Depending on what you expect, these are minor issues.
- OSPFv3: core dump if the same VRIDs are used on multiple interfaces
(but may be this is rather a misconfiguration)
- OSPFv3: when the OPSF Area is of type stub or totally stub area, the Checkpoint will not accept the default route propagated by a router (we tested this with divers Cisco IOS version, FRRouting and Arisat vEOS)
It works if you are in a Checkpoint only environment. Other padding scheme for the Inter-Area-Prefix representing the default-route (::/0) in CP Gaia. CP Gaia adds 4-Byte of zeros. All other vendors doesn’t use padding at all for 0-bit long prefix
Severe bug, fixed with R80.40