|
The message: 'Outgoing [RIB] Withdraw: Can't find route x.x.x.x/y' can start showing up on the network, and it is an indication of an issue as it is vivid from the message: route(s) were withdrawn.
The cause of this issue is often due to the timer (usually too tight), but it can happen in different places.
Causes and fix:
1)HA environment with gratuitous ARP number tweaked and possibly the gratuitous ARP interval timer is also tweaked to a 'too tight value'.
Example of config that could cause this issue:
# config system ha
set arps 15 <----- Number of gratuitous ARPs (1 - 60). Lower to reduce traffic. Higher to reduce failover time.
set arps-interval 1 <----- Time between gratuitous ARPs (1 - 20 sec). Lower to reduce failover time. Higher to reduce traffic.
end
The fix is to unset these two settings so the default will kick in, or try another value.
The default value:
set arps 5
set arps-interval 8
2) In an environment with NSF (nonstop forwarding)/graceful restart configured with a third-party device (e.g Cisco router), there are BGP timers tweaked, or graceful restart timers tweaked.
This issue could happen.
During log collection, it is possible to notice that the FortiGate is not setting the 'restart flag' to ON during a graceful restart.
Below is a sample of such a config. The fix is to change the timer values till it works or just unset them, so the default kicks in.
# config router bgp
set keepalive-timer 5 <-----
set holdtime-timer 15 <-----
set graceful-restart enable
config neighbor
edit ...
set capability-graceful-restart enable
...
.
.
set graceful-update-delay 1 <-----
3) Traditional BGP environment with route redistribution permitted from either static or other IGPs into BGP and BGP core operating timer has been tweaked (tightening).
The below settings witnessed such an issue.
Change the timer value or revert to BGP default.
# config router bgp
set as 65500
set keepalive-timer 1 <-----
set holdtime-timer 3 <-----
|
