we had a couple of issues which I´d like to share with you:

- OSPFv2: Gracefull Failover did not work correctly:
The Grace-LSA packet, generated by the Firewall does not contain a TLV which includes the IP address of the Interface (as required by RFC3623) which cause the other Router to shut down the adjacencie with the Firewall which in turn causes a connectivity loss for a couple of seconds
We got a hotfix but not sure if this is now part of a Take

- OSPFv2 with MD5 enabled: looks like the Sequence Number is not synchronized between a Cluster which could cause the other routes to detect a "replay attack" after a failover
We did not raise a SR, so may be this problem still exists

In both cases the failover works but not as smooth as possible because the adjacencies have to be build up again. Depending on what you expect, these are minor issues.

- OSPFv3: core dump if the same VRIDs are used on multiple interfaces
(but may be this is rather a misconfiguration)

- OSPFv3: when the OPSF Area is of type stub or totally stub area, the Checkpoint will not accept the default route propagated by a router (we tested this with divers Cisco IOS version, FRRouting and Arisat vEOS)
It works if you are in a Checkpoint only environment. Other padding scheme for the Inter-Area-Prefix representing the default-route (::/0) in CP Gaia. CP Gaia adds 4-Byte of zeros. All other vendors doesn’t use padding at all for 0-bit long prefix
Severe bug, fixed with R80.40

@Matthias_Haas , thank you for this input. I was really hoping to get some feedback like this. Not that I wanted to hear it was not working as expected ;-D, but the potential issues for OSPF running on checkpoint. I´ll check if the fix for the first issue you mentioned is included in the current jumboHF.

OSPFv3 is not relevant for us right now.

HI Rick ,

First issue mention  is not related to CXL .

CXL operation is different from VRRP .

In CXL OSPF database is synced across CXL members so after failover we continue from the same point prior to the fail-over what will result in smooth fail-over .

Graceful restart restarter is not supported or needed on CXL , only  Graceful restart helper is supported to prevent outage if peer is in restart mode.

Issue described is in VRRP Graceful restart restarter.

I am not familiar with the second issue , MD5 crypto sequence is synced between CXL member so you can expect smooth fail-over .

Thanks

Roy

@Chris_Atkinson 

I just had a look to the release notes. Looks promising. Not what we are looking for right now (for the cluster i mean), but i´ll definitly keep the new ClusterXL mode and the Geo-Clustering in mind for the future