Hello,

I'll ty to describe my problem. 

Wa have 2 DataCenters, connected via Fibre, so that we have a Layer-2 Network.

Now we got a redundant Link to an external provider-network. A VS on our Checkpoint Firewall is the BGP Endpoint.

One Router of the provider is connected to VLAN901 in DC1 and the other one to VLAN902 in DC2.

Both Firewall Cluster-Members should be able to use both links for maximum redundancy.

So we created 2 BGP pairs on the firewall, one for VLAN901 and one for VLAN902.

Both sessions are working without problems.

As the traffic should use the shortest way we set a local preference on each VS for the local peer with the shortest distance.

Both members work as expected, but if we do a failover, we have an outage of more than 30 seconds (I didn't count it)

Have you got any advise to prevent the outage or to reduce it?

Thanks,

Jan

configuration:

DC1:

set bgp external remote-as 15763 on
set bgp external remote-as 15763 description xyz
set bgp external remote-as 15763 export-routemap "xyz_out" preference 10 on
set bgp external remote-as 15763 import-routemap "xyt_in" preference 10 on
set bgp external remote-as 15763 peer 10.255.9.33 on
set bgp external remote-as 15763 peer 10.255.9.37 on
set bgp external remote-as 15763 peer 10.255.9.37 aspath-prepend-count 5
set routemap xyz_in id 10 on
set routemap xyz_in id 10 allow
set routemap xyz_in id 10 match neighbor 10.255.9.33 on
set routemap xyz_in id 10 match prefix-list pf_xyz_in preference 10 on
set routemap xyz_in id 10 match protocol bgp
set routemap xyz_in id 10 action localpref 10
set routemap xyz_in id 20 on
set routemap xyz_in id 20 allow
set routemap xyz_in id 20 match neighbor 10.255.9.37 on
set routemap xyz_in id 20 match prefix-list pf_xyz_in preference 10 on
set routemap xyz_in id 20 match protocol bgp
set routemap xyz_in id 20 action localpref 5
set routemap xyz_out id 20 on
set routemap xyz_out id 20 allow
set routemap xyz_out id 20 match prefix-list pf_xyz_out preference 10 on
set routemap xyz_out id 20 match protocol direct
set prefix-list pf_xyz_in sequence-number 10 prefix 172.16.4.0/22 exact
set prefix-list pf_xyz_out sequence-number 10 prefix 10.255.9.36/30 exact
set prefix-list pf_xyz_out sequence-number 20 prefix 10.255.9.32/30 exact
set prefix-list pf_xyz_out sequence-number 30 prefix 172.16.3.0/24 exact

DC2:
set bgp external remote-as 15763 on
set bgp external remote-as 15763 description xyz
set bgp external remote-as 15763 export-routemap "xyz_out" preference 10 on
set bgp external remote-as 15763 import-routemap "xyz_in" preference 10 on
set bgp external remote-as 15763 peer 10.255.9.33 on
set bgp external remote-as 15763 peer 10.255.9.33 aspath-prepend-count 5
set bgp external remote-as 15763 peer 10.255.9.37 on
set routemap xyz_in id 10 on
set routemap xyz_in id 10 allow
set routemap xyz_in id 10 match neighbor 10.255.9.37 on
set routemap xyz_in id 10 match prefix-list pf_xyz_in preference 10 on
set routemap xyz_in id 10 match protocol bgp
set routemap xyz_in id 10 action localpref 10
set routemap xyz_in id 20 on
set routemap xyz_in id 20 allow
set routemap xyz_in id 20 match neighbor 10.255.9.33 on
set routemap xyz_in id 20 match prefix-list pf_xyz_in preference 10 on
set routemap xyz_in id 20 match protocol bgp
set routemap xyz_in id 20 action localpref 5
set routemap xyz_out id 20 on
set routemap xyz_out id 20 allow
set routemap xyz_out id 20 match prefix-list pf_xyz_out preference 10 on
set routemap xyz_out id 20 match protocol direct
set prefix-list pf_xyz_in sequence-number 10 prefix 172.16.4.0/22 exact
set prefix-list pf_xyz_out sequence-number 10 prefix 10.255.9.36/30 exact
set prefix-list pf_xyz_out sequence-number 20 prefix 10.255.9.32/30 exact
set prefix-list pf_xyz_out sequence-number 30 prefix 172.16.3.0/24 exact