[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BGP Design question.

Subject: BGP Design question.
From: bill at herrin.us (William Herrin)
Date: Wed, 22 Jun 2011 19:42:31 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <bret at getjive.com> wrote:
> I am using OSPFv2 between the CERs and the Firewalls.
>Failover works just fine, however when I fail an OSPF link
>that has the active default route, ingress traffic still routes
>fine and dandy, but egress traffic doesn't. Both Netiron's
>OSPF are setup to advertise they are the default route.

Hi Bret,

I have a setup that is almost identical except there is a pair of
simple switches between the routers and firewalls interconnecting all
into a LAN and I'm working with Cisco 2811's instead of Netiron CERs.
Can you expand on the interface addressing and what the firewalls see
via OSPF during your failure scenario?

> What I'm wondering is, if OSPF is the right solution for
>this. How do others solve this problem?

My failover firewall also connects to the switches (inside and out)
and turns down ports which connect to the primary firewall. During a
failure, the primary can't be depended on to completely take itself
out of line. If it was in a working state that could be depended on,
it wouldn't have failed.

Regards,
Bill Herrin

-- 
William D. Herrin ................ herrin at dirtside.com? bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004

References:
- BGP Design question.
  - From: bret at getjive.com (Bret Palsson)

Prev by Date: BGP Design question.
Next by Date: BGP Design question.
Previous by thread: BGP Design question.
Next by thread: BGP Design question.
Index(es):
- Date
- Thread