This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
‎2025-11-16 05:38 PM

Tech Tip - Dynamic Routing: Router-ID

Background:

The Router ID concept is used by both the OSPF and BGP protocols.
The Router ID is different to the process ID or autonomous system number. The Router ID uniquely identifies the router within the autonomous system. Commonly with traditional routing vendors devices this might be aligned to an IP address of a Loopback interface since those don't go down.

To ensure stable operation of dynamic routing protocols in GAiA OS configure the Router ID explicitly, rather than relying on the default (automatic) setting. Setting the Router ID prevents the ID from changing if the default interface used for the router ID goes down. Incorrectly set Router ID values can also cause unexpected behavior during cluster failovers.

 

Important:

  • Do not use the IP addresses 0.0.0.0 or 127.X.Y.Z as the Router ID value.
  • In a cluster, you must configure the Router ID to one of the Cluster Virtual IP addresses (VIP).
  • In a Cluster, you must configure all the Cluster Members in the same way.

 

Note changing the Router ID retroactively in GAiA OS is cumbersome, typically requires removal and reconfiguration of much of the routing protocol configuration.

An alternate process leveraging internal dbset commands is available via TAC / ATAM to help workaround this if required.

 

OSPF Router ID:

sk183316: "No Global Router ID configured" error when configuring OSPF peers in Gaia OS after an upg...

Check Point R82 Advanced Routing Admin Guide - OSPF Configuring Router-ID

 

BGP Router ID:

sk183315: "No Global Router ID configured" error when configuring BGP peers in Gaia OS after an upgr...

Check Point R82 Advanced Routing Admin Guide - BGP Configuring in Gaia Portal BGP Global Settings

 

CCSM R77/R80/ELITE
Labels
9 Replies
the_rock
MVP Platinum
MVP Platinum
‎2025-11-16 06:21 PM

Definitely great tip Chris. I had seen people make mistake with this ID, though it would seem its pretty straight forward from the documentation : - )

Best,
Andy
0 Kudos
CheckPointerXL
Advisor
Advisor
Sunday

Never understood why binding router id with an interface ip

router id is just a label, i've configured most scenario with ip on 169.254.x.y

most important setting is to not leave automatic configuration to not have problems with future interface decomissioning

any relevant story about bgp/ospf problems caused by an ip not binded with a cluster ip?

the story about to have a real interface up seems to be not relevant for cp

0 Kudos
Chris_Atkinson
MVP Platinum CHKP MVP Platinum CHKP
MVP Platinum CHKP
Sunday
In response to CheckPointerXL

In the networking world it typically came from using a loopback that was also reachable for troubleshooting purposes (not a requirement).

Have certainly seen cluster members with different/separate values incorrectly configured creating issues.

Here the VIP provides consistency from a cluster perspective and is a local point of reference that has some logic to it.

 

 

CCSM R77/R80/ELITE
0 Kudos
the_rock
MVP Platinum
MVP Platinum
Sunday
In response to CheckPointerXL

From the BGP guide:

The Router ID uniquely identifies the router in the autonomous system.

The BGP and OSPF protocols use the router ID.

the_rock_0-1765719116997.png

 

 >

Best Practice - Set the Router ID rather than rely on the default setting. This prevents changes in the Router ID if the interface used for the router ID goes down. Use an address on a loopback interface that is not the loopback address 127.0.0.1 (configure an additional Loopback interface and assign an IP address to it from 128.0.0.x / 24 subnet - see the R81 Gaia Administration Guide).
the_rock_1-1765719116998.png

 

Note - In a cluster

the_rock_2-1765719116998.gif

 

, you must select a router ID and make sure that it is the same on all cluster members.

Range: Dotted-quad.([0-255].[0-255].[0-255].[0-255]). Do not use 0.0.0.0

Default: The interface address of one of the local interfaces.

 

 

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_Gaia_Advanced_Routing_AdminGuide/T...

Best,
Andy
0 Kudos
hoze99
Explorer
Monday
In response to the_rock

The documentation doesn't say that the router id needs to be the IP address assigned to a cluster interface. It does say that it needs to be the same on all cluster members.

0 Kudos
the_rock
MVP Platinum
MVP Platinum
Monday
In response to hoze99

True, but does say this...

Cluster ID for Route Reflectors

The cluster ID used for route reflection.

The default cluster ID is the router ID.
Best,
Andy
0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
Tuesday
In response to CheckPointerXL

OSPF and BGP require a router ID, the IDs must be different on systems expected to be able to peer (so can't default to some constant value), the ID is a 32-bit number, IP numbers are 32-bit, so most things just use an IP number on an interface if you don't specifically set an ID. Since that's the default state, it got tossed into a ton of old documentation, which gets cargo-culted around.

What really matters is the router ID MUST be the same on all members of a cluster, and you MUST enable graceful restart on all members unless you're okay with outages when the cluster fails over.

(1)
the_rock
MVP Platinum
MVP Platinum
Tuesday
In response to Bob_Zimmerman

Yes and yes!

Best,
Andy
0 Kudos
_Val_
Admin
Admin
Monday

Please report for MVP points if not done yet, @Chris_Atkinson 

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events