Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Safe values for OSPF timers on FWSM?

I have a pair of FWSMs running active/passive. Firmware is 4.1. I want to reduce the failover time by tuning the OSPF hello and dead timers. I'm thinking of 1 second and 3 seconds, but given this is a disruptive change, I'd like an opinion on whether these values are OK for the FWSM

Thanks

Max Caines, University of Wolverhampton

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Max,I think this might be

Hi Max,

I think this might be dependent on the your network and the latency. It would be different for different cases but i have seen it working successfully with such low timers in some cases.

Thanks and Regards,

Vibhor Amrodia

 

4 REPLIES
Cisco Employee

Hi,I think it would be better

Hi,

I think it would be better to not reduce the values too much as the Default values are 10 Sec and 40 Sec respectively.

It might cause unexpected Flaps on the OSPF.

Refer:-

http://www.cisco.com/c/en/us/td/docs/security/fwsm/fwsm41/command/reference/fwsm_command_ref/no.html#wp1646737

We have an enhancement for the NSF for the Dynamic protocols on the ASA device expected in the future:-

CSCsu90386

Thanks and Regards,

Vibhor Amrodia

New Member

Hi VibhorOK, point taken, but

Hi Vibhor

OK, point taken, but there are people running sub-second timers on OSPF without problems, and while NSF may be coming for the ASA, the FWSM doesn't support it and isn't ever going to. What I was hoping was that someone might actually have tried this, but it looks like no-one has. Fortunately we are going to replace the FWSMs with a pair of Palo Altos which do support NSF, so I may leave it

Thanks

Max

Cisco Employee

Hi Max,I think this might be

Hi Max,

I think this might be dependent on the your network and the latency. It would be different for different cases but i have seen it working successfully with such low timers in some cases.

Thanks and Regards,

Vibhor Amrodia

 

New Member

HI VibhorOK, I think you've

HI Vibhor

OK, I think you've convinced me. I shall leave them alone. As there won't be any more updates for the FWSM, it's only hardware failure that would cause a reconvergence event, so I think we'll live with that

Regards

Max

64
Views
0
Helpful
4
Replies
CreatePlease to create content