Re: R81.10 and BGP - Page 2

pce17 · ‎2022-03-13

I have upgraded from R80.20 to R81.10 . I currently have 2 eBGP peers and 1 iBGP peer.

When switching from active to standby the (old active) now standby cluster member goes into down status briefly. ROUTED on the now standby member uses high (CPU 65% one cpu) for over 60 minutes.

Status so far,

- lots of debugs and cpinfo

- Checkpoint TAC's (ticket open 2 weeks) solution was to remove graceful restart which on causes all connections to be dropped and high CPU. I will continue to work with TAC .

FYI (In R80.20 the cluster lost all connections for 30 seconds when going from active to standby. Checkpoint said the solution was to turn on graceful restart. I turned on graceful restart and it resolved the dropping of all connections for 30 seconds in R80.20.)

But now Checkpoint TAC claims removing graceful restart will fix the issue.

Is anyone else using iBGP and R81.10? DO you have any ideas

Leo

the_rock · ‎2022-03-31

Yes, I can get in touch with them, but its super secure environment, so I cant promise you that I can get info you need, but I am happy to ask. Send the list of questions you have, those are free of charge : - )

pce17 · ‎2022-03-31

Just one question (see below)

My peer 4.53.NNNN is an iBGP peer due to one the the IP subnets I am advertising.
The ISP requires the connection to be internal BGP. It has around 400,000 active iBGP routes

PeerID AS Routes ActRts State InUpds OutUpds Uptime
12.122.NNNNNN 7018 47175 40470 Established 15114 3 07:48:53
50.220.NNNNNN 7922 7233 5126 Established 1952 3 07:49:01
4.53.NNNNNNN 21970 409641 393466 Established 138907 2 07:48:57

The capabilities are
Peer Capabilities IPv4 Unicast,Route Refresh,Cisco Route Refresh,Graceful Restart,4-Byte AS Extension,Enhanced Route Refresh
Our Capabilities IPv4 Unicast,Route Refresh,Graceful Restart,4-Byte AS Extension,Enhanced Route Refresh

How is this different from your configuration?

the_rock · ‎2022-03-31

I will ask...I might not answer till next week, but if I do, I will let you know.

pce17 · ‎2022-06-06

My ROUTED is still crashing after many months of sending logs and CPInfo's to Checkpoint. This is not a good situation. Does anyone have any ideas?

the_rock · ‎2022-06-06

I really have nothing else to add, Im so sorry : - (. I would try contact your SE to see if they can engage R&D about it.

pce17 · ‎2022-06-06

All Checkpoint TAC has done is collect logs, crash dumps and CPInfo.

I need help, is anyone else using iBGP and R81.10? Do you have any ideas

Chris_Atkinson · ‎2022-06-06

Are the Router IDs of both members configured the same and how is the initial failover being triggered?

Upon failover the new active member works as expected and there is no traffic impact or there is a disruption in addition to the standby member CPU behavior?

Can you share a topology diagram that highlights why the volume of iBGP routes is needed - is there only a single cluster / internet egress point?

It's unclear if there is only a single iBGP peer why the full table is needed here... are other paths to the internet accessible via the WAN/MPLS internally?

CCSM R77/R80/ELITE

Vladimir · ‎2022-06-06

1. Are you using ClusterXL or VRRP?

2. Do your BGP peers have /32 static routes for corresponding interfaces of the cluster members via cluster's VIPs?

Are you a member of CheckMates?

R81.10 and BGP