OSPF neighbor count

Neville_Kuo · ‎2018-05-25

Dear all:

Is there anyone who ever managed over 200 OSPF neighbors and 6 ares before? It's not difficult with Juniper/Cisco or other vendors but what about Check Point?

The customer is using Juniper SSG5200(HA) and doing OSPF over ipsec(Route based VPN) with 200 Juniper SSG350M(2 wan links) for 10 years(Built by me.), if I want to replace with Check Point, can central vpn termination point can handle so many vpn tunnels and OSPF neighbors? I'm afraid of routeD crashes sometimes, that's a nightmare for this kind of network scope.

I know customer can have better choice but I'm wondering can I do the same thing with CP5600(HA) and SMB models like CP1490(For branches)?

XBensemhoun · ‎2018-05-26

I assume your question could be divided on two points:

- OSPF ability; I assume yes; you can check on sk95968‌ OSPF on Gaia general document and on its related documentations and solutions

- VPN in large environment: will you try Multiple Entry Point (MEP)? If so, look at the dedicated section of the VPN admin guide of your version.

Neville_Kuo · ‎2018-05-27

Hi:

Actually I'ved tried large number of ospf neighbors and neighbors status start random dropping after over 60 neighbor counts(About 2 years ago with R77.30), that's why I doubt Check Point's routeD stability, and MEP is not what customer need since customer's dual wan should be Active/Active mode.

But still thanks for your replay, hope R80.10 or later version can be better.

XBensemhoun · ‎2018-05-28

So we need to wait concrete feebadck from Check Point: Dameon Welch Abernathy‌ could you help us on this?

PhoneBoy · ‎2018-05-28

We've made a number of stability improvements in routed over the last two years, including situations where there are a large number of OSPF neighbors.

I believe most of these fixes were rolled into R80.10 as some of these fixes were available in R77.30 as well.