PDA

View Full Version : BGP session not starting (R75.10 + Splat)



nric0
2012-04-04, 11:35
I have started to setup 2 x SG12600 appliances with Splat and R75.10.
I have enabled Splat PRO to allow dynamic routing.

Both appliances have been configured with some basic BGP configuration which is similar on both devices.

On one node I see an Establised BGP session towards the router that is configured as a neighbour.

The same setups fails to run a session on the second appliance. The neighbour stays in "NoState" and no BGP listener seems to be running on that node ("netstat -an " | grep 179").
The routing demon (gated) is running and I see no specific error in logging. Somehow this BGP instance fails to start a peering sessions.

How can I troubleshoot this issue?

Any help will be greatly appreciated.

bmolnar
2012-04-04, 15:39
I'm assuming your two SG12600 appliances are set up in a HA cluster? If so, this is expected. BGP peering will only be done from the active node in a high-availability cluster.

nric0
2012-04-05, 02:00
Wel... they are set as a "cluster" in Smart-1, but not as a ClusterXL. I want to use VRRP.
You would suggest that if the setup fails over, the other node would start a BGP session?

bmolnar
2012-04-05, 11:31
Wel... they are set as a "cluster" in Smart-1, but not as a ClusterXL. I want to use VRRP.
You would suggest that if the setup fails over, the other node would start a BGP session?
Yes, that's how it works under a ClusterXL cluster at least. If the set up fails over, the new 'active' FW member will establish BGP sessions. I thought VRRP only worked on IPSO and not under SPLAT.

vermaelen
2012-04-05, 16:46
I thought VRRP only worked on IPSO and not under SPLAT.

When Gaia comes out ( is announced for R75.40 ), you can choose beween ClusterXL and VRRP.

nric0
2012-05-21, 04:19
Just to update this case:
I switched to ClusterXL for clustering and noticed the same behaviour. From older documentation (for R65) we found that this is standard behaviour. The standby node will keep it's BGP processes down. I have configured the cluster address as the BGP peer address.

Failover and BGP setup is pretty swift and within 10 seconds.