O'Reilly logo

ScreenOS Cookbook by Sunil Wadhwa, Joe Kelly, Ken Draper, David Delcourt, Vik Davar, Stefan Brunner

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

18.9. Synchronize Dynamic Routes in NSRP

Problem

You are running an active-passive NRSP cluster and you want to add dynamic routing.

Solution

Configure a dynamic routing protocol and enable route synchronization:

	FWCLUSTER:FIREWALL-A(M)-> set vrouter trust-vr
	FWCLUSTER:FIREWALL-A(trust-vr)(M)-> set protocol rip
	FWCLUSTER:FIREWALL-A(trust-vr/rip)(M)-> set enable
	FWCLUSTER:FIREWALL-A(trust-vr/rip)(M)-> end
	FWCLUSTER:FIREWALL-A(M)-> set int e0/1 proto rip
	FWCLUSTER:FIREWALL-A(M)-> set int e0/1 proto rip enable
	FWCLUSTER:FIREWALL-A(M)-> set int e0/3 proto rip
	FWCLUSTER:FIREWALL-A(M)-> set int e0/3 proto rip enable
	FWCLUSTER:FIREWALL-A(M)->set nsrp rto-mirror route

Discussion

The ability to synchronize routes from primary to backup devices in an NSRP cluster was added in ScreenOS 6.0. This capability removes the problems explored in Recipe 18.6 with establishing new neighbors upon failover. The solution employed is simply to synchronize the routes from the master to the backup, and the important keyword here is routes. Although routes are synchronized, the underlying entities from which the routing table is derived, such as the link state database in OSPF, are not synchronized. You can see this in the following output taken when OSPF is the protocol running on the firewalls:

	FWCLUSTER:FIREWALL-B(B)-> get route IPv4 Dest-Routes for <untrust-vr> (0 entries) --------------------------------------------------------------------- H: Host C: Connected S: Static A: Auto-Exported I: Imported R: RIP ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required