BGP Design question.
William Herrin
bill at herrin.us
Wed Jun 22 23:42:31 UTC 2011
On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <bret at getjive.com> wrote:
> I am using OSPFv2 between the CERs and the Firewalls.
>Failover works just fine, however when I fail an OSPF link
>that has the active default route, ingress traffic still routes
>fine and dandy, but egress traffic doesn't. Both Netiron's
>OSPF are setup to advertise they are the default route.
Hi Bret,
I have a setup that is almost identical except there is a pair of
simple switches between the routers and firewalls interconnecting all
into a LAN and I'm working with Cisco 2811's instead of Netiron CERs.
Can you expand on the interface addressing and what the firewalls see
via OSPF during your failure scenario?
> What I'm wondering is, if OSPF is the right solution for
>this. How do others solve this problem?
My failover firewall also connects to the switches (inside and out)
and turns down ports which connect to the primary firewall. During a
failure, the primary can't be depended on to completely take itself
out of line. If it was in a working state that could be depended on,
it wouldn't have failed.
Regards,
Bill Herrin
--
William D. Herrin ................ herrin at dirtside.com bill at herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
More information about the NANOG
mailing list