OSPF ASA 5520 in failover mode

Unanswered Question
Apr 2nd, 2008

Okay guys so I'm sort of in a predicament. I currently have a set of firewalls in active standby configuration running an ospf process injecting a default route into the rest of my network.

I noticed when i was testing the failover that the asa's do not actually pass the route tables on failover, thus forcing the need to wait for routes to converge and for the default route to be advertised back into the network. This of course is not acceptable.

Is there a way around this or do I have to setup static default routes on every device in my network. I am trying to avoid setting up default routes on all of the devices because due to the setup of my network I have equal cost links configured in the event of hardware or link failure. So the devices then see an advertised default route from multiple paths.

Any help would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
umedryk Fri, 04/11/2008 - 06:04

In a failover configuration, the two units must have the same hardware configuration They must be the same model, have the same number and types of interfaces, and the same amount of RAM.

Note The two units do not have to have the same size Flash memory. If using units with different Flash memory sizes in your failover configuration, make sure the unit with the smaller Flash memory has enough space to accommodate the software image files and the configuration files. If it does not, configuration synchronization from the unit with the larger Flash memory to the unit with the smaller Flash memory will fail.

zinal.ahamed.asb Mon, 06/13/2011 - 21:47

you are right - you will have to setup static routes.

Dynamic Route tables are not stateful and OSPF will have to reconverge after Failover to the Standby node.

HTH

zinal.ahamed.asb Mon, 06/13/2011 - 21:48

EIGRP will converge faster but than OSPF and EIGRP comparison is a total different topic which might point OSPF as a better choice

trmccart Thu, 05/17/2012 - 21:58

With 8.4.1 there is a new high-availability feature for OSPF and EIGRP:

http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/intro_intro.html

Stateful Failover with Dynamic Routing Protocols:  Routes that are learned through dynamic routing protocols (such as OSPF and EIGRP) on the active unit are now maintained in a Routing Information Base (RIB) table on the standby unit. Upon a failover event, traffic on the secondary active unit now passes with minimal disruption because routes are known.

Actions

This Discussion