This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Scott_Paisley
Advisor
‎2023-09-09 12:41 AM
Jump to solution

OSPF on NSX

We have OSPF running successfully on a number of hardware clusters connected to hardware switches. We are trying to run OSPF now on a cluster of virtual gateways in a VMware environment running NSX-T. As soon as we add an OSPF interface on the cluster Routed on the standby gateway fails and ClusterXL marks the member as down.

Anybody else seen or fixed this?

0 Kudos
1 Solution

Accepted Solutions
Scott_Paisley
Advisor
‎2023-09-11 07:31 AM
In response to the_rock
Jump to solution

We got it working. Details here for reference.

To recap, 3 clusters running in an ESX environment using NSX-T for the networking.

Each cluster configured as a separate cloning group so the configurations match.

On 2 of the 3 clusters, when we enable OSPF on a single interface, the standby cluster member fails with a ROUTED PNOTE.

The 'fix' was to break the cloning groups, reboot each member, reconfigure OSPF on each individual box, then enable the cloning group again. Now all 3 clusters are happy, although somehow the OSPF interface moved on one of the clusters

View solution in original post

8 Replies
Chris_Atkinson
Employee Employee
Employee
‎2023-09-09 02:35 AM
Jump to solution

Are you saying the issue doesn't resolve when the configuration is set consistently on both cluster members and with which Version/Jumbo?

CCSM R77/R80/ELITE
0 Kudos
Scott_Paisley
Advisor
‎2023-09-09 04:52 AM
In response to Chris_Atkinson
Jump to solution

R81.10 Jumbo 109

The gateways are in a cloning group so the configuration is consistemt across the gateways. Enabling OSPF on both gateways instantly disables ROUTED on the standby.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-09-09 06:59 AM
In response to Scott_Paisley
Jump to solution

What does /var/log/messages and /var/log/routed* have to say when this occurs?

0 Kudos
Scott_Paisley
Advisor
‎2023-09-09 07:05 AM
In response to PhoneBoy
Jump to solution

messages

Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: instance name is [default]
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: Configuration changed from localhost by user admin by the service rmbserver
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: finalize: routed conf file is [/etc/routed0.conf]
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: finalize: routed instance is [default]
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: moving /etc/cprd_syntax_test_default to /etc/routed0.conf
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: Using routed pid 15436 for 'default'
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 routed[13470]: [routed] NOTICE: task_reconfigure re-initializing from /etc/routed.conf
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 routed[13470]: [routed] NOTICE: parse_instance_only: my_instance_id -1 parsing instance default
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 routed[13470]: [routed] NOTICE: task_reconfigure reinitializing done
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: admin localhost t +routed:instance:default:ospf2:instance:default:area:0.0.0.0:interface:eth5 t
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: admin localhost t +routed:instance:default:ospf2:instance:default:interface:eth5:area 0.0.0.0
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: admin localhost t +routed:instance:default:ospf2:instance:default:area:0.0.0.0:interface:eth5:priority 1
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: admin localhost t +routed:instance:default:ospf2:instance:default:area:0.0.0.0:interface:eth5:auth:null t
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 xpand[10207]: admin localhost t +routed:instance:default:ospf2:instance:default:area:0.0.0.0:interface:eth5:authtype null
Sep 9 15:01:44 2023 EU-AZ-EDC-WAN-CKP-02 fwk: CLUS-211700-1: Remote member 2 (state STANDBY -> DOWN) | Reason: ROUTED PNOTE

 

routed_messages

Sep 9 15:01:45.956161 [routed] ERROR: OSPF2 instance default OspfInterfaceUp(4656): not starting protocol on interface 172.25.48.35(eth5)

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-09-09 08:09 AM
In response to Scott_Paisley
Jump to solution

Is IPV6/RD enabled on this cluster (sk102369)?

CCSM R77/R80/ELITE
0 Kudos
Scott_Paisley
Advisor
‎2023-09-09 08:53 AM
In response to Chris_Atkinson
Jump to solution

IPv6 is not enabled

Router Discovery is not enabled

0 Kudos
the_rock
Legend
Legend
‎2023-09-09 11:08 AM
In response to Scott_Paisley
Jump to solution

If I were you, I would call TAC and see if you can do remote session, or at least provide further files/debugs for investigation. I had never seen issue like this myself before, either with OSPF or BGP.

Andy

0 Kudos
Scott_Paisley
Advisor
‎2023-09-11 07:31 AM
In response to the_rock
Jump to solution

We got it working. Details here for reference.

To recap, 3 clusters running in an ESX environment using NSX-T for the networking.

Each cluster configured as a separate cloning group so the configurations match.

On 2 of the 3 clusters, when we enable OSPF on a single interface, the standby cluster member fails with a ROUTED PNOTE.

The 'fix' was to break the cloning groups, reboot each member, reconfigure OSPF on each individual box, then enable the cloning group again. Now all 3 clusters are happy, although somehow the OSPF interface moved on one of the clusters

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top