when i do a bgpctl show fib i see the two routes, 1 thru connected provider, 1 to other router's crossover interface - which is connected then to 2nd provider, so why would i need to redistribute my routes when its already in the fib? maybe im confused but I dont think i necessarily need ospf in my scenario. can anyone else clarify this?
if one provider fails, iBGP should update the fib and forward traffic across the crossover link, so i dont see an issue there with using static routes. i did come across that paper and set up the 2 routers 2 firewalls with ospf but the only advantage i seen in our scenario was having the firewalls themselves make the routing decision instead of the routers and just sending to the physical interface of the decided route instead of the carp interface on the routers, which we decided we dont want our firewalls to be involved in the routing decision and opted to not use ospf. im still learning this stuff myself. thanks for the input, it helps. On 5/5/07, Ivo Chutkin <[EMAIL PROTECTED]> wrote: > > Hi, > As far as I know you need OSPF to redistribute routes when you run IBGP > between your border routers inside your AS. I do not have sophisticated > explanation why but IBGP do not work without OSPF. I am still learning. > And in your case with tow upstream providers you definitely need IBGP > between routers connected to upstreams. I do not know what will happen > if you do not run IBGP between the border routers. I guess, if one > provider fails, whit static routes you will continue to send traffic to > it, not knowing that it is dead. > This is a good paper: > http://www.openbsd.org/papers/linuxtag06-network/index.html > also in pdf: > http://www.openbsd.org/papers/linuxtag06-network.pdf > > I hope it help you somehow. > Best regarsd, > Ivo > > [EMAIL PROTECTED] wrote: > > This may be a naive question but why the need for ospf? Couldnt you just > > use carp and static routes? I had configured the ospfd but didnt see the > > need for it in my enviornment. If someone can point out the benefits of > > using openbgp + ospf instead of just openbgpd + static routes -> carp0. > > What am I missing? We do not have any downstream customers so maybe it > > is just an architecture thing? > > > > On 5/4/07, *Ivo Chutkin* <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> > > wrote: > > > > Hello, > > I am also trying to achieve maximum redundancy. > > I am trying the following configuration in my test lab: > > > > http://tania.be.linux.org/zebra/msg00338.html > > <http://tania.be.linux.org/zebra/msg00338.html> > > > > I translated it to OpenBGP/OpenOSPF language ant it seems to work > fine, > > though it is only test lab, I did not try it in production > > environment yet. > > I hope it will give you some idea and we could share some > experience. > > I am beginner with OpenBSD so my opinion may be incorrect. > > Best regards, > > Ivo > > > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> wrote: > > > Any recommendations on running BGP on redundant firewalls to > > multiple > > > providers advertising the same network thru both links, and > > talking iBGP > > > with the other firewall? Just asking because I ran into a problem > > with this > > > scenario when traffic would enter 1 host, traverse the iBGP > > crossover link > > > and then exit the 2nd host, and return traffic would come back > > in thru the > > > 1st host. There was a mismatch of the states that seemed to cause > my > > > problems. Heres how i was set up. > > > > > > Problem Scenario: > > > > > > box-a ---> Provider-A > > > / | > > > carp0 | > > > \ box-b----->Provider-B > > > > > > > > > Solution: > > > Box-A & Box-B are my redundant firewalls running pfsync > > between the > > > dedicated link. Box-C & Box-D are just T1 routers running BGP. > > The routers > > > route to carp1 on the firewalls and the firewalls route to carp0 > > on the > > > routers. Box-C and Box-D run iBGP between there dedicated link to > > share > > > routes to external networks. The multiple providers are for both > > redundancy > > > and aggregate bandwidth. Running BGP in an active/backup > > scenarios based on > > > who has the carp0 interface isnt an option because of the > > necessity of the > > > aggregate bandwidth.This solution works fine for us but we really > > wanted to > > > run on two boxes. I believe the only problem we have now is with > BGP > > > Convergence. If anyone has any tips on how to minimize this when > > I reboot > > > box-c or box-d I that would be great. If anyone has comments, > > > recommendations, adjustments, tips on our setup please do share. > > > > > > box-a --------switch------------box-c-----> Provider-A > > > / | \ | / | > > > carp0 | carp1 | carp0 | > > > \ | / | \ | > > > box-b ---------switch------------box-d----->Provider-B > > > > > > > > > > > > __________ NOD32 2238 (20070503) Information __________ > > > > > > This message was checked by NOD32 antivirus system. > > > http://www.eset.com
