[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP Design question.

Subject: BGP Design question.
From: if at xip.at (Ingo Flaschberger)
Date: Thu, 23 Jun 2011 01:07:54 +0200 (CEST)
In-reply-to: <[email protected]>
References: <[email protected]>

Hi Bret,

> To keep this scenario simple, I'm multihoming to one carrier.
> I have two Netiron CERs. Each have a eBGP connection to the same peer.
> The CERs have an iBGP connection to each other.
> That works all fine and dandy. Feel free to comment, however if you think there is a better way to do this.
>
> Here comes the tricky part. I have two firewalls in an Active/Passive setup. When one fails the other is configured exactly the same
> and picks up where the other left off. (Yes, all the sessions etc. are actively mirrored between the devices)
>
> I am using OSPFv2 between the CERs and the Firewalls. Failover works 
> just fine, however when I fail an OSPF link that has the active default 
> route, ingress traffic still routes fine and dandy, but egress traffic 
> doesn't. Both Netiron's OSPF are setup to advertise they are the default 
> route.

Linux firewall?
disabled rp-filter?

> What I'm wondering is, if OSPF is the right solution for this. How do others solve this problem?

I do something similar with freebsd; you always make shure the backbone 
area 0.0.0.0 does not break into 2 parts, perhaps use an extra link 
between the 2 firewalls just because of this.

Kind regards,
 	Ingo Flaschberger

References:
- BGP Design question.
  - From: bret at getjive.com (Bret Palsson)

Prev by Date: Yup; the Internet is screwed up.
Next by Date: BGP Design question.
Previous by thread: BGP Design question.
Next by thread: BGP Design question.
Index(es):
- Date
- Thread