Can someone explain exactly what the command "set security flow route-change-timeout" does, and when it is used?
We have an issue that I believe this command may help us fix, but I'm not 100% sure.
During a routing failover of BGP with our ISP, traffic will fail over to a seconday interface.
When the primary interface BGP neighbor comes back over, routing on both our side and the ISP's side will shift back over to the primary circuit.
The problem is a bunch of destination-prefix flows of applications that use UDP stay "stuck" on the secondary circuit. How long do they stay stuck? Pretty much forever until we manually do "clear security flow session destination-prefix" on them.
This, unfortunately, causes an outage with those UDP applications.
What should we do? Will the "set security flow route-change-timeout" help us out? Or should we just put a 5 minute timeout on security flow sessions in general? Is there any way to specify the general timeout to UDP flows only?
Thanks!