Couple of questions for clarification (inline): On Wed, Jun 22, 2011 at 6:27 PM, Bret Palsson <b...@getjive.com> wrote: > Here is my current setup in ASCII art. (Please view in a fixed width font.) > Below the art I'll write out the setup. > > > +--------+ +--------+ > | Peer A | | Peer A | <-Many carriers. Using 1 carrier > +---+----+ +----+---+ for this scenario. > |eBGP | eBGP > | | > +---+----+iBGP+----+---+ > | Router +----+ Router | <-Netiron CERs Routers. > +-+------+ +------+-+ > |A `.P A.' |P <-A/P indicates Active/Passive > | `. .' | link. > | :: | > +-+------+' `+------+-+ > |Act. FW | |Pas. FW | <-Firewalls Active/Passive. > +--------+ +--------+
(Tony) What's behind this point? > > > To keep this scenario simple, I'm multihoming to one carrier. > I have two Netiron CERs. Each have a eBGP connection to the same peer. > The CERs have an iBGP connection to each other. > That works all fine and dandy. Feel free to comment, however if you think > there is a better way to do this. > > Here comes the tricky part. I have two firewalls in an Active/Passive setup. > When one fails the other is configured exactly the same > and picks up where the other left off. (Yes, all the sessions etc. are > actively mirrored between the devices) > > I am using OSPFv2 between the CERs and the Firewalls. Failover works just > fine, however when I fail an OSPF link that has the active default route, > ingress traffic still routes fine and dandy, but egress traffic doesn't. Both > Netiron's OSPF are setup to advertise they are the default route. > (Tony) (Apologies for the seemingly dumb question) but by egress, do you mean from behind the FW towards your carrier? > What I'm wondering is, if OSPF is the right solution for this. How do others > solve this problem? > > > Thanks, > > Bret > > > Note: Since lately ipv6 has been a hot topic, I'll state that after we get > the BGP all figured out and working properly, ipv6 is our next project. :) > > >
