BGP Design question.

George Bonser gbonser at seven.com
Thu Jun 23 12:04:41 CDT 2011


> I am using OSPFv2 between the CERs and the Firewalls. Failover works
> just fine, however when I fail an OSPF link that has the active
default
> route, ingress traffic still routes fine and dandy, but egress traffic
> doesn't. Both Netiron's OSPF are setup to advertise they are the
> default route.
> 
> What I'm wondering is, if OSPF is the right solution for this. How do
> others solve this problem?
> 
> 
> Thanks,
> 
> Bret

Man, I would have a lot of questions.  The CER's are a layer2/3 switch.
What is the topology and how are you "failing" the link?  Are the links
to the firewalls on a vlan with the interfaces being a ve on the CERs or
are the interfaces to the firewalls "route-only"?  Is that vlan trunked
across on the link between the two switches?  How are you failing it
over?  There are lots of "failover" things you could be doing (turning
off the left router, turning off the left firewall, disabling the
primary port from the left router to the left firewall).  When you say
it doesn't work are you saying that it doesn't work if you disable the
port from the left router to the left firewall or are you saying it
doesn't work with the right firewall takes over from the left or what.

There are so many subtle configuration possibilities with these units
that just given a wiring diagram without also seeing the config makes it
hard to help.

I am guessing that the connections to the firewalls are not MCT cluster
trunks because you can't run layer3 routing protocols with MCT (yet) on
the CERs.  Is it link failover or device failover that isn't working?





More information about the NANOG mailing list