07-27-2009 06:19 AM - edited 07-27-2009 06:21 AM
I've setup a firewall cluster with the following caracteristics:
- ScreenOS 6.1r5
- cluster in Active/Passive NSRP mode with route synch
- All interface are in the same OSPF area
- In receive OSPF external type 1& 2 (E1, E2) route + intra area route (O)
- Initially Master firewall know all route O,E1,E2
- Initially Backup firewallknow all route (backup) Ob, E1b, E2b
Now the problem
1. Master firewall failover to backup firewall (because of a router reboot)
2. Backup Firewall come master, used backup route until it learn istelf all route (as expected)
3. The old master is now backup. it will never learn again the OSPF external route (E1,E2), but "O" route a correctely learned
Have I missed something into my configuration?
Thank you in advance for your help
Solved! Go to Solution.
07-28-2009 11:13 AM
Did you have below commands in both firewalls?
set nsrp rto-mirror sync
set nsrp rto-mirror route
I think you are hitting a known issue, "Backup NSRP firewall loses synced OSPF routes".
This is planned to be fixed in 6.10r7 but you can also open a case to provide a patch if needed.
07-29-2009 12:46 AM - edited 07-29-2009 12:49 AM
Thank you for your answer.
In fact the "set nsrp rto-mirror route" resync all route from the Master firewall. I d'ont find the KB or isse than you speak about : "Backup NSRP firewall loses synced OSPF routes".
I just found the this : http://kb.juniper.net/index?page=content&id=KB9885&actp=search&searchid=1248853180800 , but I don't use the untrust-vr.
Can you provide me a link ?
07-29-2009 05:02 AM
You were totally right. I've opened I case and JTAC provide me a patch.
Thank you very much.
For poeple with the same issue: open a case with the known issue "438794" " NSRP Backup firewall loses sync'ed OSPF routes" to obtain the needed patch.