* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-05-08 01:24]: > On 5/5/07, Henning Brauer <[EMAIL PROTECTED]> wrote: > > > > * [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2007-05-03 20:58]: > > > Any recommendations on running BGP on redundant firewalls to multiple > > > providers advertising the same network thru both links, and talking iBGP > > > with the other firewall? > > > > that is what I am doing here as well as at multiple customer sites. > > > > > Just asking because I ran into a problem with this > > > scenario when traffic would enter 1 host, traverse the iBGP crossover > > link > > > and then exit the 2nd host, and return traffic would come back in thru > > the > > > 1st host. There was a mismatch of the states that seemed to cause my > > > problems. > > > > not seen that. > > you could suffer from the carp route screwup issue I just committed a > > fix for in -current. I'll attach it, it'llapply for 4.1 too. > > in general, "bgpctl sh nexthop" is your friend to debug this. > > > can you elaborate a little more on the "carp route" issue. i had been > working with the 2 firewall/2 provider/ibgp/pf/pfsync setup about 3 months > ago and hit a wall when traffic flowed a certain direction - so i moved to > the 2 router + 2 firewall setup that cleared it up, so my memories a little > foggy about the exact issue. but I'm willing to try the 2 firewall setup > again as this will cost us so much less when we clone this configuration > from our office to our data center. thanks.
well, carp was playing fast and losing with routes, without messages on the routing socket. i included the diff, what else whould I say? -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
