I have two routers, Router “A” has one BGP peer and does not have the “redistribute static” enabled. Router “B” has two peers, one is commodity internet, one is I2. This router does have “redistribute static” checked in the BGP configuration for both providers. Inside of these routers I have a cluster of firewalls using ECMP routing to distribute across these two routers. Both routers have a static route for my public IP space pointing to my firewalls.
If I add the routes for “A” as the next hop on the firewall, I almost immediately see TCP sessions having problems IPSec tunnels fail etc. As soon as I take router “A” out of the mix, everything starts to work fine over router “B”. I’ve even tried to simplify it and removed ECMP and only used router “A” it still has the issue. Router “B” never seems to have a problem.
Thes are brand new CCR1072-8S-1G routers both running 6.44 and the latest firmware.
My question is, is it the redistribute static causing an issue? I would think that if it were required, I’d just see less inbound traffic on “A” where it is disabled. That is not the case, I typically see “A” passing a fair amount of traffic when it is connected and i don’t loose 100% connectivity when “A” is in the mix.
The other thought is this is a bad CCR. It is brand new, i’ve had it for a few weeks. I am going to try swapping it with a 3rd spare to see if that makes a difference. Any thoughts or troubleshooting ideas are apprecated.