Hello, So the solution would be to activate multipath on FW's, and to use ospf between BGP routers and my FW's ( I've heard somewhere that OSPF can announce multiple defaults routes, contrary to BGP ) to ensure failover if I understand properly...
Nice idea, I'm trying to setup that on my test config. -- Cordialement, Pierre BARDOU -----Message d'origine----- De : Mariusz Makowski [mailto:[EMAIL PROTECTED] Envoyi : mardi 7 octobre 2008 21:38 @ : Frans Haarman Cc : BARDOU Pierre; misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) Frans Haarman wrote: > 2008/10/7 BARDOU Pierre <[EMAIL PROTECTED]> > >> Hello, >> >> I am trying to set up a configuraion like this : >> >> +------- -+ +---------+ >> | ISP1 | | ISP2 | Cisco >> | ROUTER | | ROUTER | >> | AS3215 | | AS12670 | >> +---------+ +---------+ >> | | >> | | >> +---------+ +---------+ >> | BGP | | BGP | >> | ROUTER | | ROUTER | OpenBSD 4.3 >> | AS47818 | | AS45818 | >> +---------+ +---------+ >> | | >> | | >> +-------------------------+ >> | 217.109.108.240/28 | >> +-------------------------+ >> | | >> | | >> +--------+ +-------+ >> | FW |--------| FW | OpenBSD 4.3 >> | MASTER | pfsync | SLAVE | >> +--------+ +-------+ >> | | >> | | >> +-------------------------+ >> | PRIVATE NETWORKS | >> +-------------------------+ >> >> I'd like to load balance outgoing connections to the internet, but I >> don't know how to configure openBGPd to do this. >> I searched a lot on the Internet and I found a lot of informations on >> how to do this with cisco, but I have never found an openBGP solution. >> Some people speak about it but I have never seen it. >> >> I made a test conf where failover works like a charm (using iBGP on >> the FW's with 'set nexhop self' on BGP routers), but when both >> connections are active only one is used. >> >> Would it be possible to help me please ? >> Is setting up iBGP sessions between FW's and BGP routers a good idea ? >> Should I rather use OSPF for this ? >> And in tha case how to configure it to loadbalance/failover ? >> >> Many thanks >> >> PS : loadbalancing incoming connections too would be very nice, but I >> understood it was much more difficult. >> >> -- >> Cordialement, >> Pierre BARDOU >> > > > just wondering...... > > What happens when you load balance your traffic on your firewalls ? So > you devide the traffic over both bgp routers: > > http://www.openbsd.org/faq/pf/pools.html > > maybe you could even do the route-to > on the bgp routers ? > > something like: > > route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin from > $lan_net to any keep state #and on the other bgp router route-to { > ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin from $lan_net to > any keep state > > Beware: I have no idea if any of this is possible. > But thats what I'd try :) > > Gr. FH > > You might want to read about http://www.openbsd.org/faq/faq6.html#Multipath, although it's not bgp solution. I think with default configuration you should have multipath capability. Check if there is not localpref chosen, and check yours ISP prepends length. Regards, Mariusz Makowski [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
