nanog mailing list archives
Re: BGP Design question.
From: William Herrin <bill () herrin us>
Date: Wed, 22 Jun 2011 19:42:31 -0400
On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <bret () getjive com> wrote:
I am using OSPFv2 between the CERs and the Firewalls. Failover works just fine, however when I fail an OSPF link that has the active default route, ingress traffic still routes fine and dandy, but egress traffic doesn't. Both Netiron's OSPF are setup to advertise they are the default route.
Hi Bret, I have a setup that is almost identical except there is a pair of simple switches between the routers and firewalls interconnecting all into a LAN and I'm working with Cisco 2811's instead of Netiron CERs. Can you expand on the interface addressing and what the firewalls see via OSPF during your failure scenario?
What I'm wondering is, if OSPF is the right solution for this. How do others solve this problem?
My failover firewall also connects to the switches (inside and out) and turns down ports which connect to the primary firewall. During a failure, the primary can't be depended on to completely take itself out of line. If it was in a working state that could be depended on, it wouldn't have failed. Regards, Bill Herrin -- William D. Herrin ................ herrin () dirtside comĀ bill () herrin us 3005 Crane Dr. ...................... Web: <http://bill.herrin.us/> Falls Church, VA 22042-3004
Current thread:
- Re: BGP Design question., (continued)
- Re: BGP Design question. Hank Nussbacher (Jun 22)
- Re: BGP Design question. Bret Palsson (Jun 22)
- Re: BGP Design question. -Hammer- (Jun 23)
- Re: BGP Design question. Valdis . Kletnieks (Jun 23)
- Re: BGP Design question. -Hammer- (Jun 23)
- Re: BGP Design question. Owen DeLong (Jun 23)
- Re: BGP Design question. Owen DeLong (Jun 23)
- Re: BGP Design question. -Hammer- (Jun 23)
- Re: BGP Design question. Jason Roysdon (Jun 23)
- Re: BGP Design question. PC (Jun 22)