Proactive Preemption

Proactive preemption is a mechanism that enables the original active device to switch back to the active state after recovery.

When the original active FW recovers, it does not immediately preempt. Instead, it waits for a certain hold time before performing preemption. The preemption hold time is the time reserved for network route convergence and the entry backup between the two FWs. In addition, preemption hold time can prevent route flapping and consequent hot standby state flapping. By default, the proactive preemption function is enabled, and the preemption hold time is 60s.

The suggestions regarding proactive preemption are as follows:

• In active/standby networking, determine whether to enable proactive preemption based on site requirements. For example, if the egress bandwidth and egress link quality of the active FW are better than those of the standby FW, proactive preemption can be enabled on the active FW.
• In load balancing networking, proactive preemption must be enabled on both FWs. When a FW in the load balancing networking fails, service traffic on the faulty FW is switched to the normal FW for forwarding. If proactive preemption is disabled, the original active FW does not preempt and remains in the idle state after recovery. In this case, the two FWs work in active/standby mode instead of load balancing mode.
• On a network where traffic is heavy (for example, a large number of IPSec SAs) and route convergence time is long, you are advised to set the preemption hold time to a large value or disable the preemption function to prevent service anomalies caused by quick preemption.
• In hot standby networks where FWservices interfaces work on L3 and are connected to routersFW or dynamic routing protocols, such as OSPF and BGP, are running between routers, if VGMP groups are created to monitor neighbor status, transient network interruption may cause the flapping of neighbor relationship and every change in neighbor relationship triggers FW hot standby failover. To avoid frequent switchover, you are advised to disable proactive preemption.