Hello, I set up net.inet.ip.multipath to 1 I configured OSPF on the BGP routers to 'redistribute default' to FW's.
'ospfctl show rib' on FW's shows that they have two defaults routes, But 'ospfctl show fib' shows that only one is active. Besides a 'dirty' solution with ifstated which inserts multipath routes, and withdraw them when one link/router fails, I am running out of ideas... Someone has one ? Thanks -- Cordialement, Pierre BARDOU -----Message d'origine----- De : Mariusz Makowski [mailto:[EMAIL PROTECTED] Envoyé : mardi 7 octobre 2008 21:38 À : Frans Haarman Cc : BARDOU Pierre; misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) Frans Haarman wrote: > 2008/10/7 BARDOU Pierre <[EMAIL PROTECTED]> > >> Hello, >> >> I am trying to set up a configuraion like this : >> >> +------- -+ +---------+ >> | ISP1 | | ISP2 | Cisco >> | ROUTER | | ROUTER | >> | AS3215 | | AS12670 | >> +---------+ +---------+ >> | | >> | | >> +---------+ +---------+ >> | BGP | | BGP | >> | ROUTER | | ROUTER | OpenBSD 4.3 >> | AS47818 | | AS45818 | >> +---------+ +---------+ >> | | >> | | >> +-------------------------+ >> | 217.109.108.240/28 | >> +-------------------------+ >> | | >> | | >> +--------+ +-------+ >> | FW |--------| FW | OpenBSD 4.3 >> | MASTER | pfsync | SLAVE | >> +--------+ +-------+ >> | | >> | | >> +-------------------------+ >> | PRIVATE NETWORKS | >> +-------------------------+ >> >> I'd like to load balance outgoing connections to the internet, but I >> don't know how to configure openBGPd to do this. >> I searched a lot on the Internet and I found a lot of informations on >> how to do this with cisco, but I have never found an openBGP solution. >> Some people speak about it but I have never seen it. >> >> I made a test conf where failover works like a charm (using iBGP on >> the FW's with 'set nexhop self' on BGP routers), but when both >> connections are active only one is used. >> >> Would it be possible to help me please ? >> Is setting up iBGP sessions between FW's and BGP routers a good idea ? >> Should I rather use OSPF for this ? >> And in tha case how to configure it to loadbalance/failover ? >> >> Many thanks >> >> PS : loadbalancing incoming connections too would be very nice, but I >> understood it was much more difficult. >> >> -- >> Cordialement, >> Pierre BARDOU >> > > > just wondering...... > > What happens when you load balance your traffic on your firewalls ? So > you devide the traffic over both bgp routers: > > http://www.openbsd.org/faq/pf/pools.html > > maybe you could even do the route-to > on the bgp routers ? > > something like: > > route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin from > $lan_net to any keep state #and on the other bgp router route-to { > ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin from $lan_net to > any keep state > > Beware: I have no idea if any of this is possible. > But thats what I'd try :) > > Gr. FH > > You might want to read about http://www.openbsd.org/faq/faq6.html#Multipath, although it's not bgp solution. I think with default configuration you should have multipath capability. Check if there is not localpref chosen, and check yours ISP prepends length. Regards, Mariusz Makowski
BEGIN:VCARD VERSION:2.1 N:Bardou;Pierre FN:BARDOU Pierre ADR;WORK:;B011 LABEL;WORK:B011 EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20070806T072621Z END:VCARD
smime.p7s
Description: S/MIME cryptographic signature
