[142349] in North American Network Operators' Group
Re: BGP Design question.
daemon@ATHENA.MIT.EDU (William Herrin)
Wed Jun 22 19:42:58 2011
In-Reply-To: <3A9F8592-5F60-42B9-AC3F-8A6EFDB7E294@getjive.com>
From: William Herrin <bill@herrin.us>
Date: Wed, 22 Jun 2011 19:42:31 -0400
To: Bret Palsson <bret@getjive.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <bret@getjive.com> wrote:
> I am using OSPFv2 between the CERs and the Firewalls.
>Failover works just fine, however when I fail an OSPF link
>that has the active default route, ingress traffic still routes
>fine and dandy, but egress traffic doesn't. Both Netiron's
>OSPF are setup to advertise they are the default route.
Hi Bret,
I have a setup that is almost identical except there is a pair of
simple switches between the routers and firewalls interconnecting all
into a LAN and I'm working with Cisco 2811's instead of Netiron CERs.
Can you expand on the interface addressing and what the firewalls see
via OSPF during your failure scenario?
> What I'm wondering is, if OSPF is the right solution for
>this. How do others solve this problem?
My failover firewall also connects to the switches (inside and out)
and turns down ports which connect to the primary firewall. During a
failure, the primary can't be depended on to completely take itself
out of line. If it was in a working state that could be depended on,
it wouldn't have failed.
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
