 | ||
 R60-HFA4: lost ospf and static routes after changing interface speed | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2006-10-24 | |||
| |||
 R60-HFA4: lost ospf and static routes after changing interface speed Hello Last weekend we had a strange issue. We had upgraded our firewalls to R60 HFA-4 and then proceeded to change the speed of the interfaces to auto. We did this by going to the standby node of the cluster (all SPLAT machines running clusterXL and ospf) and using "eth_set ethX autoneg" and then changing it on the cisco switches. All went well until we changed the interface connecting the firewalls to the backbone on which they talk ospf to each other and the routers (not my design). When I did this I lost connectivity to the firewall from the management station. When I regained access via the active node of the cluster it turned out that all ospf routes were gone. But stranger still: even the static route which I had added towards the management station as a backup in case the ospf failed was gone. It was still there in /etc/sysconfig/netconf.C but not listed anymore in 'netstat -rn', nor did routing work. In the end we had to reboot the firewall to regain the routing. This is not improving our confidence in using ospf on the SPLAT's. Did anymore have similar issues?  |
| 2006-10-24 | |||
| |||
| Re: R60-HFA4: lost ospf and static routes after changing interface speed Just wondering, but did the interface come back up after you changed it? This behaviour sounds to me exactly like if the interface was down - it would then not be able to participate in OSPF, and all routes out that interface would be removed from the routing table. I doubt it was an OSPF issue at all. Did you check that interface, see if OSPF traffic was being received? Also, a bit of an odd choice to change all interfaces to auto, usually it's the other way round. Are those ports set to portfast? |
| 2006-10-24 | ||||
| ||||
| Re: R60-HFA4: lost ospf and static routes after changing interface speed Quote:
Quote:
Quote:
Quote:
|
| 2006-10-25 | |||
| |||
| Re: R60-HFA4: lost ospf and static routes after changing interface speed Thanks for the extra information. I still think that that interface did not come back up properly on the firewall side, and so it was not processing traffic. That would explain the missing static route. Given that you had a missing static route too, I don't think that you should be worried about your confidence in OSPF on SPLAT - the issue is at a lower level than that. I suspect it didn't deal properly with the negotiation change, but on reboot it did sort itself out, which is why you could access it again. Did you do any troubleshooting on that interface before rebooting it? |
| 2006-10-25 | |||
| |||
| Re: R60-HFA4: lost ospf and static routes after changing interface speed Quote:
I should have also done a 'cpwd_admin list' but as we were under severe time pressure I just decided to reboot the node. |
| 2006-10-25 | |||
| |||
| Re: R60-HFA4: lost ospf and static routes after changing interface speed A good course of action, getting onto the active, and trying to get across from there. Which interface was it that you pinged from the active - was it the one that had problems, or another one? cpwd_admin list probably wouldn't have shed much light on the situation. I might have been more inclined to look at the ifconfig output for that interface, and maybe ethtool <interface>. |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
