Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
0
Helpful
4
Replies

Safe values for OSPF timers on FWSM?

Go to solution
max.caines_2
Level 1
Level 1

‎09-23-2014 08:07 AM - edited ‎03-11-2019 09:48 PM

I have a pair of FWSMs running active/passive. Firmware is 4.1. I want to reduce the failover time by tuning the OSPF hello and dead timers. I'm thinking of 1 second and 3 seconds, but given this is a disruptive change, I'd like an opinion on whether these values are OK for the FWSM

Thanks

Max Caines, University of Wolverhampton

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to max.caines_2

‎10-08-2014 01:09 AM

Hi Max,

I think this might be dependent on the your network and the latency. It would be different for different cases but i have seen it working successfully with such low timers in some cases.

Thanks and Regards,

Vibhor Amrodia

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-07-2014 06:53 PM

Hi,

I think it would be better to not reduce the values too much as the Default values are 10 Sec and 40 Sec respectively.

It might cause unexpected Flaps on the OSPF.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm41/command/reference/fwsm_command_ref/no.html#wp1646737

We have an enhancement for the NSF for the Dynamic protocols on the ASA device expected in the future:-

CSCsu90386

Thanks and Regards,

Vibhor Amrodia

0 Helpful

Go to solution
max.caines_2
Level 1
Level 1
In response to Vibhor Amrodia

‎10-08-2014 01:02 AM

Hi Vibhor

OK, point taken, but there are people running sub-second timers on OSPF without problems, and while NSF may be coming for the ASA, the FWSM doesn't support it and isn't ever going to. What I was hoping was that someone might actually have tried this, but it looks like no-one has. Fortunately we are going to replace the FWSMs with a pair of Palo Altos which do support NSF, so I may leave it

Thanks

Max

0 Helpful

Go to solution
Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to max.caines_2

‎10-08-2014 01:09 AM

Hi Max,

I think this might be dependent on the your network and the latency. It would be different for different cases but i have seen it working successfully with such low timers in some cases.

Thanks and Regards,

Vibhor Amrodia

 

0 Helpful

Go to solution
max.caines_2
Level 1
Level 1
In response to Vibhor Amrodia

‎10-08-2014 01:17 AM

HI Vibhor

OK, I think you've convinced me. I shall leave them alone. As there won't be any more updates for the FWSM, it's only hardware failure that would cause a reconvergence event, so I think we'll live with that

Regards

Max

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card