Any recommendations on running BGP on redundant firewalls to multiple providers advertising the same network thru both links, and talking iBGP with the other firewall? Just asking because I ran into a problem with this scenario when traffic would enter 1 host, traverse the iBGP crossover link and then exit the 2nd host, and return traffic would come back in thru the 1st host. There was a mismatch of the states that seemed to cause my problems. Heres how i was set up.
Problem Scenario: box-a ---> Provider-A / | carp0 | \ box-b----->Provider-B Solution: Box-A & Box-B are my redundant firewalls running pfsync between the dedicated link. Box-C & Box-D are just T1 routers running BGP. The routers route to carp1 on the firewalls and the firewalls route to carp0 on the routers. Box-C and Box-D run iBGP between there dedicated link to share routes to external networks. The multiple providers are for both redundancy and aggregate bandwidth. Running BGP in an active/backup scenarios based on who has the carp0 interface isnt an option because of the necessity of the aggregate bandwidth.This solution works fine for us but we really wanted to run on two boxes. I believe the only problem we have now is with BGP Convergence. If anyone has any tips on how to minimize this when I reboot box-c or box-d I that would be great. If anyone has comments, recommendations, adjustments, tips on our setup please do share. box-a --------switch------------box-c-----> Provider-A / | \ | / | carp0 | carp1 | carp0 | \ | / | \ | box-b ---------switch------------box-d----->Provider-B