BGP Design question.
if at xip.at
Wed Jun 22 23:07:54 UTC 2011
> To keep this scenario simple, I'm multihoming to one carrier.
> I have two Netiron CERs. Each have a eBGP connection to the same peer.
> The CERs have an iBGP connection to each other.
> That works all fine and dandy. Feel free to comment, however if you think there is a better way to do this.
> Here comes the tricky part. I have two firewalls in an Active/Passive setup. When one fails the other is configured exactly the same
> and picks up where the other left off. (Yes, all the sessions etc. are actively mirrored between the devices)
> I am using OSPFv2 between the CERs and the Firewalls. Failover works
> just fine, however when I fail an OSPF link that has the active default
> route, ingress traffic still routes fine and dandy, but egress traffic
> doesn't. Both Netiron's OSPF are setup to advertise they are the default
> What I'm wondering is, if OSPF is the right solution for this. How do others solve this problem?
I do something similar with freebsd; you always make shure the backbone
area 0.0.0.0 does not break into 2 parts, perhaps use an extra link
between the 2 firewalls just because of this.
More information about the NANOG