Query regarding BGP convergence on FTD HA pair

gavinhook · ‎04-16-2024

Hi,

I'm looking at deploying BGP on an FTD Active/Standby HA pair (FTDs are 4215 hardware running 7.2) to enable routes to be controlled by neighbouring routers rather than relying on 100s of static routes on the FTDs.

I was wondering if anyone could confirm what, if any, interruption to service would be expected in the event of an HA fail over. My understanding is that BGP peering is only to the Active FTD, and routes are dynamically synchronised to the Standby. This all sounds great and would suggest zero service impact in the event of an HA fail over.

However, in order to avoid service interruption, I believe there are requirements in terms of how quickly peering establishment & learning of BGP routes needs to happen in the event of an HA fail over.

Would anyone be able to advise on what the expectations are regarding loss of service in the event of a fail over. Also, if possible please provide tips for tuning to avoid/minimize service interruption, or links to articles etc.

For info, the FTDs would probably be peering with ~30 routers and learning ~10000 routes.

Thanks

MHM Cisco World · ‎04-16-2024

In cluster you can use NSF for fast recover' but for HA I am not so sure you can use NSF.

I will check and update you

MHM

tvotna · ‎04-16-2024

HA supports BGP NSF (aka Graceful Restart), so ideally packet forwarding should not be interrupted. Search for Enable Graceful Restart checkbox on the BGP configuration screen.

gavinhook · ‎04-18-2024

Thanks tvotna & MHM Cisco World. I'll investigate either clustering and/or NSF.