2.4.2 BGP working correctly?



  • We have a HA setup in one data center running 2.26.
    We are using BGP with no problems.

    In the new data center we are running another HA setup running 2.4.2.

    We have 2 connections, we are using CARP and BGP.

    The weird thing we are dealing with is that when we tell the primary firewall to disable CARP BOTH firewalls are closing the session so it takes a very long time to fail over.

    This is what the provider sent me.
    Dec 18 10:50:46 CST: %BGP-SW2-5-NBR_RESET: Neighbor 64.9.133.26 reset (Peer closed the session) Dec 18 10:50:46 CST: %BGP-SW2-5-NBR_RESET: Neighbor 64.9.133.18 reset (Peer closed the session) Dec 18 10:50:46 CST: %BGP-SW2-3-NOTIFICATION: received from neighbor
    64.9.133.26 6/2 (Administrative Shutdown) 0 bytes Dec 18 10:50:46 CST: %BGP-SW2-3-NOTIFICATION: received from neighbor
    64.9.133.18 6/2 (Administrative Shutdown) 0 bytes Dec 18 10:50:46 CST: %BGP-SW2-5-ADJCHANGE: neighbor 64.9.133.18 Down Peer closed the session Dec 18 10:50:46 CST: %BGP_SESSION-SW2-5-ADJCHANGE: neighbor
    64.9.133.18 IPv4 Unicast topology base removed from session  Peer closed the session Dec 18 10:50:46 CST: %BGP-SW2-5-ADJCHANGE: neighbor 64.9.133.26 Down Peer closed the session Dec 18 10:50:46 CST: %BGP_SESSION-SW2-5-ADJCHANGE: neighbor
    64.9.133.26 IPv4 Unicast topology base removed from session  Peer closed the session

    Is it possible this is a bug or do I have something screwed up.  This is also the same setup where we see 2-8ms on the dashboard gateway screens but when you ping the gateways from the firewall or laptop its sub 1ms.

    Our BGP config.

    This file was created by the package manager. Do not edit!

    AS 18599
    fib-update yes
    holdtime 20
    listen on 0.0.0.0
    network 168.245.135.0/24
    neighbor 64.9.133.17 {
    descr "WAN1 BGP"
    remote-as 3900
    local-address 64.9.133.18
    set nexthop self
    }
    neighbor 64.9.133.25 {
    descr "WAN2 BGP"
    remote-as 3900
    local-address 64.9.133.26
    set nexthop self
    set prepend-self 2
    }
    deny from any
    deny to any
    allow from 64.9.133.17
    allow to 64.9.133.17
    allow from 64.9.133.25
    allow to 64.9.133.25



  • Its confirmed its not working correctly.

    Recommendation is to use FRR instead of OpengBGP package.

    Now how to configure FRR?
    Its a bit intimidating…