New Member

Question

BGP and HA cluster

Forum|Forum|5 years ago
January 28, 2021
3 replies
11060 views

Hello,

I have HA cluster Active-Passive, and I i configured the BGP

When I change their roles, we have a downtime of 2-3 minutes. I found:

https://kb.fortinet.com/kb/documentLink.do?externalID=FD31743

But I have:

get router info bgp neighbors x.x.x.x

For address family: IPv4 Unicast BGP table version 3, neighbor version 2 Index 1, Offset 0, Mask 0x2 AF-dependant capabilities: Community attribute sent to this neighbor (both) 2 accepted prefixes 5 announced prefixes

emnoc

New Member

You have a few options.

1> does the upstream bgp-peer support bfd ? if yes , you can see if they will do bfd with you.

https://socpuppet.blogspot.com/2019/10/bfd-fortiagte-and-junos-firewalls.html

Make sure to disable capability for graceful restart for that bgp-neighbor for ipv4/6 or whatever AFI you're supporting

config neighbor edit "2001:db8:88::2"

set capability-graceful-restart disable set capability-graceful-restart6 disable

end

2> or reduce the bgp-keep alive timers

config neighbor edit "2001:db8:88::2"

set keep-alive-timer 5 set holdtime-timer 15

end

BFD is quicker but you might see higher loads and some ISP upstreams will not do BFD to customer bgp-peers

Ken Felix

AndersenAuthor

New Member

BFD enable

Toshi_Esumi

SuperUser

Do you have "set session-pickup enable" in HA config?

emnoc

New Member

OP, I would also see if the upstream device received the graceful restart NOTIFICATION if you're failing over the FGT. There might be an issue where the notification was not sent from the FGT. And are you on the most updated fortiOS versions for you major release?

Ken Felix

AndersenAuthor

New Member

I use special fortiOS for my country

On base FortiOS 5.4.1

AndersenAuthor

New Member

Problem solved.

FG (global) # show system ha config system ha set route-ttl 190 end

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded