Hello Stuart, I see not that I have not been entirely clear on my setup.
Traditionally I used carp on both upstream interfaces (to have a common nexthop address in BGP routing) and also on my downstream interfaces (to have a floating default gateway for my hosts). As it stands now I cannot use a carp nexthop on my upstreams, so a solution would be to have upstream BGP peering alter its meds or as-path depending on downstream carp interface state. This way I can retain symmetric routing while not setting an upstream carp nexthop address. On Fri, Jun 11, 2021 at 10:23 PM Stuart Henderson <s...@spacehopper.org> wrote: > On 2021-06-11, open...@kene.nu <open...@kene.nu> wrote: > > Hello Stuart, > > > > I do set the carp address as nexthop. This works in a "traditional" L2 > > environment as expected. However, to make a long story short, in a vxlan > > environment L2 redundancy protocols like carp that rely on gARP do not > work > > as expected. > > > > So I need to have the backup firewall tell the router in some other way > > (bgp wise) that the path via it is worse compared with the master. The > > suggestion offered by Claudio would be spot on for my use case. I would > > argue others would benefit from this too as I am running a fairly > standard > > symmetric vxlan routing clos setup. > > I'm not quite sure I get what you're trying to do then - so instead of > using something which needs carp to work, you want to use something else > which also needs carp to work? > > >
